v0.2.0stable
AI/LLM gateway agent with provider routing, token rate limiting, prompt inspection, and cost tracking for OpenAI, Anthropic, and other LLM APIs.
Cargo
Agent Registry
26 agents to extend Zentinel with security, API protection, scripting, and more.
v0.4.0stable
API lifecycle management agent with RFC 8594 Sunset headers, usage tracking, automatic redirects, and migration support for graceful API deprecation.
Cargo
v0.4.0stable
Structured audit logging agent with PII redaction, multiple formats (JSON, CEF, LEEF), and compliance templates for SOC2, HIPAA, PCI, and GDPR.
Cargo
v0.2.0stable
Authentication and authorization agent supporting JWT validation, OAuth 2.0 token introspection, API key management, and RBAC policies.
Cargo
v0.4.0stable
Comprehensive bot detection with multi-signal analysis, known bot verification, and behavioral tracking.
Cargo
v0.4.0stable
Controlled fault injection for resilience testing: latency, errors, timeouts, and more with flexible targeting and safety controls.
Cargo
v0.4.0stable
Malware scanning agent using ClamAV daemon for file upload protection.
Cargo
v0.5.4stable
Real-time data masking and tokenization for PII, credentials, and sensitive fields in request and response bodies.
Cargo
v0.3.0stable
Block requests based on IP addresses, CIDR ranges, or custom patterns with real-time updates.
Cargo
v0.4.0stable
GraphQL-specific security controls including query depth limiting, complexity analysis, introspection control, and field-level authorization.
Cargo
v0.4.0stable
Comprehensive security controls for gRPC services: method authorization, rate limiting, metadata inspection, and reflection control.
Cargo
v0.4.0stable
IP threat intelligence with AbuseIPDB integration, file-based blocklists, and Tor exit node detection.
Cargo
v0.3.0stable
Write custom request/response processing logic in JavaScript using the QuickJS engine.
Cargo
v0.3.0stable
Embed custom Lua scripts for flexible request/response processing and header manipulation.
Cargo
v0.4.0stable
A mock server agent that intercepts requests and returns configurable stub responses with support for templating, latency simulation, and fault injection.
Cargo
v0.3.0stable
Full OWASP Core Rule Set (CRS) support via libmodsecurity with 800+ detection rules.
Cargo
v0.4.0stable
IoT protocol security for MQTT: topic-based ACLs, client authentication, payload inspection, rate limiting, and QoS enforcement.
Cargo
v0.1.0beta
Policy engine agent with a Haskell-based DSL for expressing complex access control, routing, and transformation policies.
Cargo
v0.3.0deprecated
Token bucket rate limiting with configurable windows and limits per route, IP, or custom keys.
Cargo
v0.4.0stable
SOAP-specific security controls including envelope validation, WS-Security verification, operation control, and XXE prevention.
Cargo
v0.3.0stable
SPIFFE/SPIRE workload identity authentication agent for zero-trust service-to-service communication.
Cargo
v0.4.0stable
Advanced request and response transformation with URL rewriting, header manipulation, and JSON body transforms.
Cargo
v0.3.0stable
Pure Rust WAF with 285 detection rules, anomaly scoring, and API security.
Cargo
v0.3.0stable
Execute custom Wasm modules for high-performance request/response processing in any language.
Cargo
v0.4.0stable
Security analysis for WebSocket frames: content filtering, schema validation, and attack detection for real-time connections.
Cargo
v0.3.0stable
Pure Rust ModSecurity-compatible WAF with full OWASP CRS support - no C dependencies required.
Cargo
Submit Your Agent
Built something useful? Share it with the community and get it listed here.
Get ListedNo agents found matching your search.
Why Agents?
Zentinel's core philosophy is simple: the dataplane should be boring. Stable, bounded, predictable. No 3 AM wake-ups. No memory explosions. No cascading failures from a misbehaving script.
But the real world demands more than routing packets. You need WAF rules, authentication flows, rate limiting, bot detection, content filtering, ML-based threat scoring, custom business logic—the list grows with every new attack vector and compliance requirement.
Agents are where innovation lives. By moving complex logic to external processes behind a stable contract, we get the best of both worlds: a rock-solid dataplane that never crashes, and unlimited extensibility for security policies. A broken agent cannot crash Zentinel. It gets circuit-broken, falls back to a safe default, and life goes on.
We believe the future of reverse proxies lies in custom policy enforcement through external processing. Not embedded scripting runtimes. Not monolithic rule engines. But modular, isolated, language-agnostic agents that anyone can build, deploy, and evolve independently.
This is how we keep the internet safe: by enabling everyone—from solo developers to enterprise security teams—to implement their own policies without compromising the stability of the underlying infrastructure. Your WAF rules, your auth logic, your rate limits, your threat models. Zentinel just makes sure the traffic flows reliably while your agents make the decisions.
IsolationAgent crashes don't crash Zentinel
BoundedHard timeouts and circuit breakers everywhere
ExtensibleBuild agents in any language you want
ModularDeploy and upgrade agents independently
How Agents Work
Agents are external processes that extend Zentinel's capabilities. They communicate via Unix domain sockets (for local agents) or gRPC (for remote/distributed agents), using the protocol defined in the agent-protocol crate. This allows you to implement custom security logic in any language.
Architecture
Process IsolationEach agent runs as a separate OS process with its own memory space, providing security boundaries and crash isolation
Unix Socket & gRPCTwo transport options: Unix domain sockets for local agents (4-byte length prefix + JSON), or gRPC for remote/distributed agents
Connection PoolingZentinel maintains persistent connections to agents, eliminating connection overhead per request
Language AgnosticWrite agents in Rust, Go, Python, TypeScript, or any language that can read/write Unix sockets
Request Lifecycle
Event HooksSubscribe to
request_headers, request_body, response_headers, and response_body eventsDecision TypesReturn
Allow, Deny, Redirect, or Challenge decisions with optional modificationsHeader ManipulationAdd, modify, or remove request/response headers. Inject correlation IDs, auth tokens, or security headers
Audit MetadataAttach structured tags and metadata to requests for logging, metrics, and downstream processing
Failure Handling
Fail-Open ModeConfigure agents to allow traffic when unavailable, ensuring availability over strict enforcement
Timeout ControlPer-agent timeout configuration (default 100ms) prevents slow agents from blocking the request path
Auto-ReconnectZentinel automatically reconnects to agents after crashes with exponential backoff
Health MetricsPrometheus metrics for agent latency, error rates, and connection status via
/metrics endpointProtocol Documentation
Quick Install
Get started with the most popular agents in one command
WAF
SecurityOWASP-compatible web application firewall with SQL injection, XSS, and path traversal protection.
cargo install zentinel-agent-wafBot Management
SecurityAdvanced bot detection with browser fingerprinting, behavioral analysis, and CAPTCHA challenges.
cargo install zentinel-agent-bot-managementRate Limiter
TrafficToken bucket rate limiting with configurable limits per IP, user, or custom key.
cargo install zentinel-agent-ratelimitAI Gateway
API SecuritySecure AI/LLM API endpoints with prompt injection detection, token budgets, and model routing.
cargo install zentinel-agent-ai-gatewayAuth
IdentityJWT validation, OAuth 2.0 token introspection, and RBAC enforcement at the edge.
cargo install zentinel-agent-authGraphQL Security
API SecurityQuery depth limiting, cost analysis, and introspection control for GraphQL APIs.
cargo install zentinel-agent-graphql-securityMissing an agent?
Can't find the agent you need? You have options:
Create Your Own Agent
Extend Zentinel with custom security logic, authentication, rate limiting, or any HTTP processing you need. Use one of our official SDKs or implement the protocol directly.
Official SDKs
Choose the SDK for your preferred language. Each provides a simple, idiomatic API for building agents.
Rust SDKzentinel-agent-sdk
Native performance with zero-cost abstractions. Uses the same protocol crate as Zentinel itself.
Go SDKzentinel-agent-sdk
Idiomatic Go with goroutine-per-connection model. Simple, fast, and production-ready.
Kotlin SDKzentinel-agent-sdk
Coroutine-based async agents with excellent Java interop. Ideal for JVM environments.
Python SDKzentinel-agent-sdk
Async-first design with asyncio. Fluent Decision builder and typed configuration support.
TypeScript SDK@zentinel-proxy/agent-sdk
Full type safety with TypeScript. Works with Node.js, Deno, and Bun runtimes.
Elixir SDKzentinel_agent_sdk
Fault-tolerant agents with OTP supervision. Perfect for distributed, resilient systems.
Haskell SDKzentinel-agent-protocol
Type-safe agents with ReaderT pattern and unliftio. GHC2021 with full protocol v2 support.
Quick Start
1
Install an SDKChoose your preferred language and install the SDK using your package manager
2
Implement your agentCreate an agent class that handles
on_request and returns a decision (allow, block, redirect)3
Configure ZentinelAdd your agent to the Zentinel config with a Unix socket path and attach it to routes via filters
4
Run and testStart your agent, reload Zentinel, and verify your logic with test requests
Example: Block Admin Paths
use zentinel_agent_sdk::{Agent, Decision, Request};
struct MyAgent;
impl Agent for MyAgent {
async fn on_request(&self, req: &Request) -> Decision {
if req.path().starts_with("/admin") {
Decision::deny()
.with_body("Access denied")
.with_tag("blocked")
} else {
Decision::allow()
}
}
}package main
import "github.com/zentinelproxy/zentinel-agent-go-sdk/agent"
type MyAgent struct{}
func (a *MyAgent) OnRequest(req *agent.Request) *agent.Decision {
if strings.HasPrefix(req.Path(), "/admin") {
return agent.Deny().
WithBody("Access denied").
WithTag("blocked")
}
return agent.Allow()
}import io.raskell.zentinel.agent.*
class MyAgent : Agent {
override val name = "my-agent"
override suspend fun onRequest(request: Request): Decision {
return if (request.path.startsWith("/admin")) {
Decision.deny()
.withBody("Access denied")
.withTag("blocked")
} else {
Decision.allow()
}
}
}from zentinel_agent_sdk import Agent, Decision, Request
class MyAgent(Agent):
@property
def name(self) -> str:
return "my-agent"
async def on_request(self, request: Request) -> Decision:
if request.path_starts_with("/admin"):
return Decision.deny().with_body("Access denied").with_tag("blocked")
return Decision.allow()import { Agent, Decision, Request } from '@zentinel-proxy/agent-sdk';
class MyAgent extends Agent {
name = 'my-agent';
async onRequest(request: Request): Promise<Decision> {
if (request.path.startsWith('/admin')) {
return Decision.deny()
.withBody('Access denied')
.withTag('blocked');
}
return Decision.allow();
}
}defmodule MyAgent do
use ZentinelAgentSdk.Agent
@impl true
def name, do: "my-agent"
@impl true
def on_request(request) do
if String.starts_with?(request.path, "/admin") do
Decision.deny()
|> Decision.with_body("Access denied")
|> Decision.with_tag("blocked")
else
Decision.allow()
end
end
endimport Zentinel.Agent.Protocol
import Data.Text qualified as T
instance AgentHandler IO where
capabilities = pure $ defaultCapabilities "my-agent"
onRequestHeaders event =
if "/admin" `T.isPrefixOf` reqHdrUri event
then pure $ block 403 "Access denied"
`withAudit` AuditMetadata ["blocked"] [] Nothing [] mempty
else pure allow
main :: IO ()
main = runAgent defaultConfig idZentinel Configuration
Configure Zentinel to connect to your agent:
agents {
agent "my-agent" type="custom" {
unix-socket path="/tmp/my-agent.sock"
events "request_headers"
timeout-ms 100
failure-mode "open"
}
}
filters {
filter "my-filter" {
type "agent"
agent "my-agent"
}
}
routes {
route "api" {
matches { path-prefix "/api/" }
upstream "backend"
filters "my-filter"
}
}