Conduit v1.1.2

What's Changed

• ci(release): wire standard feature bundle into release/CI pipeline by @lopatnov in #83
• refactor(proxy): split service.rs into phase modules by @lopatnov in #82
• chore(deps): bump hmac to 0.13 and sha2 to 0.11 together by @lopatnov in #84
• chore(deps): bump opentelemetry trio to 0.32 together by @lopatnov in #85
• chore(deps): bump kube/k8s-openapi/schemars to 3.1/0.27/1.2 together by @lopatnov in #86
• fix(config): warning labels + wiki sync workflow + security audit fixes by @lopatnov in #87
• Formatted index.html by @lopatnov in #89
• perf(proxy): zero-allocation logging_phase.rs::logging() hot path by @lopatnov in #90
• refactor(proxy): extract helpers from phase orchestrators (rust:S3776) by @lopatnov in #91
• refactor(proxy): share one config snapshot across post-route helpers by @lopatnov in #92
• test(cache): cover stale-if-error on retry exhaustion + connection error (#48) by @lopatnov in #93
• chore(release): bump version to 1.1.2 by @lopatnov in #94

Full Changelog: v1.1.1...v1.1.2

Conduit v1.1.1

What's Changed

• ci: fix Trivy CLI version to 0.71.0 by @lopatnov in #70
• chore: bump version to 1.1.1 by @lopatnov in #71
• ci: turn lone RISC-V job into an extensible cross-compile matrix by @lopatnov in #72
• feat: add 'standard' feature profile bundling the typical gateway stack by @lopatnov in #73

Full Changelog: v1.1.0...v1.1.1

Conduit v1.1.0

What's Changed

• feat(reliability): v1.1.0 stabilization — security hardening, observability, reliability backlog by @lopatnov in #67
• chore(ci): bump the all-actions group across 1 directory with 2 updates by @dependabot[bot] in #68
• refactor: split high-complexity functions (SonarCloud CC) by @lopatnov in #69

Full Changelog: v1.0.0...v1.1.0

Conduit v1.0.0

Conduit v1.0.0 — production-ready Rust reverse proxy and API gateway built on Cloudflare Pingora.

Highlights

• API Gateway: JWT auth, consumer model, ForwardAuth, rate limiting, request/response transformation
• Production resilience: circuit breaker, outlier detection, retry with jitter, traffic mirroring
• Observable: Prometheus metrics (per-route + per-upstream), OpenTelemetry OTLP, structured JSON logs
• Flexible caching: in-memory, disk, Redis backends; stale-while-revalidate; thundering herd prevention
• Extensible: Rhai scripting + WASM plugins with request and response phase hooks
• Modular: 14 optional feature flags — build only what you need

---

Core Proxy

• HTTP/1.1 and HTTP/2 reverse proxy via Cloudflare Pingora
• Static file serving with MIME detection and directory index
• TCP passthrough proxy (type: tcp) with round-robin and random strategies
• File upload handler (type: upload) with MIME allowlist and size limits
• Health check endpoint (/__health__) with optional upstream status (includeUpstreams)
• Prometheus metrics endpoint (/metrics)
• Admin API on loopback port 2019 (hot reload, upstream management, cert rotation, IP deny list)
• Hot reload via ArcSwap — zero-downtime config updates without restarting

Load Balancing (8 strategies)

• Round Robin, Weighted Round Robin
• Least Connections
• IP Hash, Consistent Hash (ketama)
• Random
• Power of Two Choices (P2C) with Peak EWMA latency
• Sticky sessions (cookie-based consistent hashing)
• Service failover — automatic failover to backup upstreams when primaries are unhealthy
• Outlier detection — consecutive 5xx ejection with exponential backoff and max ejection %
• Circuit breaker — maxConnectionsPerUpstream prevents overload; returns 503 gracefully
• Slow start — gradual traffic ramp-up for recovered upstreams (slowStartSecs)
• Upstream connection pool warmup (prewarmConnections)

Authentication & Authorization

• Basic Auth — htpasswd-compatible
• API Key — header or query param, configurable header name
• JWT — HS256, RS256/ES256; JWKS URL with TTL cache; audience + issuer validation (--features jwt)
• Consumer model — per-consumer credentials (API key / Basic / JWT), rate limits, header injection (--features consumers)
• ForwardAuth — delegate auth to external HTTP service; inject response headers (--features forward-auth)
• mTLS — client certificate verification with CA bundle; optional mode
• IP filter — CIDR allowlist/blocklist applied before auth; dry-run mode
• Dynamic IP deny list — POST /admin/ip-deny adds CIDRs without reload
• X-Request-ID — inject UUID v4 or forward existing; first in filter chain

Rate Limiting

• Token bucket with configurable burst
• Per-site, per-route, per-consumer granularity
• Redis-backed distributed rate limiting (--features redis)
• Dry-run mode for testing without enforcement

Caching (--features cache)

• In-memory caching via Pingora native cache with custom key (host + scheme + path + query)
• Disk cache backend — cache.store: "disk:/path" with atomic write and structured binary format (--features disk-cache)
• Redis cache backend — cache.store: "redis://..." with TLS support; fail-open (--features redis)
• Stale-while-revalidate + stale-if-error with configurable seconds
• Cache thundering herd prevention via Pingora CacheLock (16 shards, 10s timeout)
• Cache purge API — DELETE /admin/cache?url=https://...
• Respects Cache-Control, s-maxage, Vary headers

Resilience

• Retry on upstream errors — configurable status codes, methods, retry count
• Exponential backoff with ±50% jitter (retry.backoffJitter)
• Retry budget — soft cap on retry ratio to prevent cascade (retry.budgetPercent)
• Per-try timeout (timeout.perTryMs)
• Request body buffering for retry — up to limits.maxBodyBufferBytes (linkerd ReplayBody pattern)
• Traffic mirroring — fire-and-forget mirror to secondary URL (proxy.*.mirror)
• Inflight request limit — limits.maxInflightRequests → 503 when exceeded
• Priority-based load shedding — low-priority routes shed traffic when inflight threshold reached
• Half-open circuit breaker — single probe request after ejection period; re-ejects on failure

Observability

Prometheus metrics:

• conduit_requests_total{site, status} — request counter
• conduit_request_duration_seconds{site} — latency histogram
• conduit_active_connections — current in-flight gauge
• conduit_upstream_active_connections{upstream} — per-upstream gauge
• conduit_upstream_requests_total{upstream, status} — per-upstream counter
• conduit_upstream_latency_seconds{upstream} — per-upstream histogram
• conduit_rate_limit_rejected_total{site} — rate limit counter
• conduit_upstream_errors_total{route, status} — upstream error counter
• conduit_retry_attempts_total{route, condition} — retry counter
• conduit_cache_hits_total / conduit_cache_misses_total — cache counters

Distributed tracing (--features otlp):

• OpenTelemetry OTLP via gRPC (Grafana Tempo, Jaeger, Honeycomb, Collector)
• Spans include: method, path, status, duration, upstream URL, request_id
• 5xx responses → span status ERROR; configurable sample rate

Access logging:

• JSON and dev (pretty) formats
• Fields: timestamp, method, path, status, duration_ms, request_id, upstream, ip
• logging.skipPaths — suppress health/metrics noise
• logging.stripQuery — omit query string from logs

Middleware & Extensibility

• Rhai scripting — type: "script" in middleware[]; request and response phases; set/remove headers, abort, redirect (--features rhai)
• WASM plugins — type: "wasm" in middleware[]; Wasmtime Cranelift JIT; 17 host functions (headers, body, redirect, request_id, log); module cache; fail-open (--features wasm)
• Fault injection — abort N% + delay N%; chaos testing only (--features fault-injection)

Request/Response Transformation

• requestTransform.setHeaders with {{ jwt.<claim> }} template expansion
• requestTransform.removeHeaders
• responseTransform.setHeaders / removeHeaders
• Path transforms: strip_prefix, rewrite
• X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host injection
• X-Response-Time header

Security Headers

• CORS — configurable origins, methods, headers, credentials, max-age
• Security headers bundle: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, CSP
• allowedHosts — reject requests with unexpected Host headers
• CRLF injection protection — strip CR/LF from upstream response headers
• Error masking — replace 5xx responses with generic JSON body (maskErrors: true)
• Upstream TLS verification — upstreamTls.verify, serverName, CA bundle

TLS

• rustls backend (no OpenSSL dependency)
• TLS 1.2/1.3 with configurable cipher suites (rustls names)
• mTLS — tls.clientAuth: { ca, optional } via WebPKI client verifier
• ACME / Let's Encrypt automatic certificate provisioning (--features acme)
• SNI support for multi-domain deployments
• Certificate rotation API — POST /admin/certs/reload with PEM validation

Routing

• Header-based routing with regex matching (routes[].match.headers)
• Cookie-based routing (routes[].match.cookies)
• Query parameter routing (routes[].match.query)
• Priority routing — proxy.*.priority: u8 (0–100) with X-Priority header override
• Redirect rules — permanent and temporary, path/query rewriting

Configuration

• YAML and JSON formats with auto-discovery (conduit.yaml, conduit.yml)
• Environment variable interpolation — $VAR and ${VAR} in config values
• Hot reload — conduit reload or POST /admin/reload
• File provider — auto-reload on file change via notify
• Kubernetes provider — ConduitSite CRD; list+watch; --kubernetes-namespace flag (--features kubernetes)
• serde_path_to_error — precise error locations in config validation
• 14 optional feature flags: jwt, consumers, forward-auth, rhai, wasm, tcp, upload, redis, cache, disk-cache, acme, fault-injection, otlp, kubernetes
• full feature bundle — all features enabled

CLI

conduit start          # start the server
conduit validate       # validate config without starting
conduit init           # interactive config wizard
conduit probe          # check upstream health (parallel)
conduit reload         # hot reload running instance
conduit status         # show server status via Admin API
conduit upstreams add/remove/weight   # dynamic upstream management
conduit completion     # shell completions (bash, zsh, fish, PowerShell)
conduit man            # generate man pages

Binary Variants

Binary	Features
conduit-<target>	Standard: core proxy + static files + basic/apikey auth + rate limit + CORS + compression + TLS + health + Prometheus + hot reload
conduit-<target>-full	All 14 optional features enabled

Platforms

• Linux x86_64 (glibc), Linux x86_64 (musl/static), Linux ARM64, Linux RISC-V 64
• macOS x86_64, macOS ARM64 (Apple Silicon)
• Windows x86_64

---

Full Changelog: v0.3.0...v1.0.0

Conduit v0.3.0

What's New in v0.3.0

Auto-TLS (Let's Encrypt)

Conduit now obtains and renews TLS certificates automatically via ACME — no manual certificate management needed. Just add an email address:

{ "port": 443, "tls": { "acme": { "email": "admin@example.com" } } }

Hot Config Reload

Apply configuration changes without restarting the server. Update your conduit.json and run conduit reload — routes, headers, rate limits, auth, and proxy settings take effect immediately.

File Uploads

Accept multipart/form-data uploads with size limits, MIME type filtering, and UUID-based storage — served through a dedicated Axum loopback server:

{ "upload": { "path": "/upload", "dir": "./uploads", "maxFileSizeBytes": 10485760 } }

Browser Hot Reload

Frontend development gets automatic browser refresh when source files change — no build tool or extension needed. Add <script src="/__hot-reload__/client.js"></script> and start editing.

Rhai Middleware Scripting

Write custom request/response logic in Rhai scripts — enforce API keys, rewrite headers, or reject requests based on any condition:

{ "middleware": [{ "type": "script", "path": "./scripts/custom-auth.rhai" }] }

Redis Rate Limiting

Share rate-limit state across multiple Conduit instances using Redis as the token-bucket backend. Falls back to in-memory if Redis is unavailable:

{ "rateLimit": { "windowSecs": 60, "limit": 100, "store": "redis://localhost:6379" } }

Advanced Routing

The new routes array supports matching on path glob, HTTP method, request headers, and query parameters — with separate upstreams per match:

{ "routes": [
  { "match": { "path": "/api/**", "method": ["POST","PUT"] }, "proxy": "http://write:4000" },
  { "match": { "path": "/api/**" }, "proxy": "http://read:4000" }
]}

Path Rewrite

Regex-based URL rewriting applied before forwarding to upstream — strip version prefixes, remap legacy paths, capture groups:

{ "rewrite": [{ "from": "^/v[0-9]+/(.+)$", "to": "/$1" }] }

Upstream Groups

Two-level load balancing: an outer strategy selects a server group (e.g. by region using IP-hash), and an inner strategy distributes within the group (e.g. least-conn).

Pre-compressed Static Files

Serve .br / .gz sidecar files directly without on-the-fly compression — zero CPU overhead for cached assets:

{ "staticOptions": { "preCompressed": true } }

Docker Image on GHCR

Official multi-arch image published to GitHub Container Registry on every release:

docker pull ghcr.io/lopatnov/conduit:latest
docker pull ghcr.io/lopatnov/conduit:0.3.0

Shell Completions & Man Page

conduit completions bash >> ~/.bashrc
conduit man | man -l -

---

Full Changelog: v0.2.0...v0.3.0

Conduit v0.2.0

What's Changed

• Add rust-clippy analysis workflow by @lopatnov in #2
• Init by @lopatnov in #1
• feat: Phase 2.5c + 2.6 — dynamic upstreams, proxy cache, release fix by @lopatnov in #11

New Contributors

• @lopatnov made their first contribution in #2

Full Changelog: https://github.com/lopatnov/conduit/commits/v0.2.0