The agent architecture is clever. Crash isolation for WAF/auth means a buggy plugin cant take down the proxy, which has bitten me with nginx modules before.
raskelll•Feb 4, 2026
Appreciate that! That exact failure mode is why I went with out-of-process agents. A bit like Envoy's ext_proc filter. Sentinel treats agents like separate services (timeouts, circuit-break-ish behavior, w/ explicit fail-open/fail-closed choice), so a crash/hang in WAF/auth shouldn’t take the data plane with it.
Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?
wasuli_official•Feb 4, 2026
Memory leaks mostly. Ran ModSecurity and memory would creep up over days until we hit OOM. Ended up with scheduled restarts as a band-aid which felt wrong.
erdemkoca•Feb 4, 2026
I’m building a multi-tenant business app (auth, roles, invoicing, time tracking).
Curious whether you see Sentinel agents as a good place for tenant-aware auth / RBAC enforcement (e.g. fail-closed auth agent, fail-open observability agent), or if you’d still keep that strictly in-app.
raskelll•Feb 4, 2026
Good fit for coarse auth at the edge (who is this? what tenant? basic scopes, and so on). I’d still keep object-level/domain rules in-app. Fail-closed for auth, fail-open for observability is the right mental model. Biggest multi-tenant footguns are header spoofing + tenant-unaware caching. The proxy should own identity headers and include tenant in any cache key.
2 Comments
Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?