A pragmatic rewrite path for sing-box in Rust. Focused on good taste, never break userspace, and boring clarity.
🚀 Production Ready: 100% Protocol Parity with upstream sing-box 1.12.12. See Project Status for detailed feature matrix and milestones.
PROJECT_STRUCTURE_NAVIGATION.md.
- 📋 Authoritative: This document is the sole source of truth for project structure.
- 🔄 Update Responsibility: Any developer modifying the project structure MUST sync this document.
- ✅ Verification: New developers or AI assistants must verify this document's accuracy before work.
- 📍 Navigation First: All development activities should trace paths based on this document.
Visit our comprehensive documentation portal at docs/:
- Quick Start Guide - Get up and running in 5 minutes
- Basic Configuration - Understand the config file
- Your First Proxy - Connect to an upstream server
- Configuration Reference - Full config schema
- Protocol Support - Inbound/Outbound protocols (Shadowsocks, Trojan, VMess, VLESS, Hysteria, etc.)
- Routing - Smart routing by domain, IP, process
- TLS & Anti-Censorship - REALITY, ECH, Standard TLS
🛠️ Operations
- Deployment - Systemd, Docker, Kubernetes
- Monitoring - Prometheus metrics & Grafana
- Troubleshooting - Common issues & fixes
- Architecture - System design & modules
- Contribution Guide - How to contribute
- Migration Guide - Go to Rust migration details
Build the full-featured binary:
cargo +1.90 build -p app --features "acceptance,manpage" --release
./target/release/app versionRun with a config:
./target/release/app run -c config.jsonSee Getting Started for detailed instructions.
- Native Process Matching: 149x faster on macOS than Go implementation
- Zero-Copy Parsing: Minimal allocations in hot paths
- Memory Safe: No GC pauses, predictable footprint
- REALITY Protocol: Anti-censorship TLS fingerprinting
- ECH (Encrypted Client Hello): SNI encryption
- uTLS Fingerprinting: 27+ browser fingerprints (Chrome, Firefox, Safari, Edge)
- ACME Auto-Renewal: Let's Encrypt/ZeroSSL with HTTP-01/DNS-01 challenges
| Inbound | Outbound | Transport |
|---|---|---|
| SOCKS (4/5), HTTP | Shadowsocks, VMess | WebSocket, gRPC |
| Shadowsocks, Trojan | VLESS, Trojan | HTTP Upgrade |
| VMess, VLESS | Hysteria2, TUIC | QUIC, TCP, UDP |
| Hysteria2, TUIC | WireGuard, SSH | REALITY, ECH |
| WireGuard, TUN | Direct, Block | simple-obfs |
- Prometheus Metrics: Connection counts, latency histograms
- Clash/V2Ray API: Traffic stats and rule management
- Circuit Breaker: Automatic failure detection and recovery
- Smart Routing: 38 rule types (domain, GeoIP, process, user, etc.)
- DERP Mesh: Tailscale relay for cross-region connectivity
- Hot Reload: Live config updates via Admin API
📖 Rust-Only Enhancements - Features beyond Go parity
- Project Status: Check current version and roadmap.
- Issues: Report bugs.
- Discussions: Ask questions and share configs.
For detailed navigation of the project structure, see PROJECT_STRUCTURE_NAVIGATION.md.