Initial release - Web Application Firewall agent

Features:
- SQL injection detection (UNION, blind, time-based)
- Cross-Site Scripting (XSS) detection
- Path traversal detection
- Command injection detection
- Protocol attack detection
- Configurable paranoia levels (1-4)
- Detect-only mode for monitoring

Pure Rust implementation - no external dependencies.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Author: zarazinsfuss

.github/workflows/ci.yml

@@ -0,0 +1,41 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache cargo
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Build
+        run: cargo build --release
+
+      - name: Run tests
+        run: cargo test
+
+      - name: Check formatting
+        run: cargo fmt -- --check
+
+      - name: Run clippy
+        run: cargo clippy -- -D warnings

.github/workflows/release.yml

@@ -0,0 +1,44 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Publish to crates.io
+        run: cargo publish
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+
+  release:
+    needs: publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Build release binary
+        run: |
+          cargo build --release
+          strip target/release/sentinel-waf-agent
+
+      - name: Create release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            target/release/sentinel-waf-agent
+          generate_release_notes: true

.gitignore

@@ -0,0 +1,4 @@
+/target
+Cargo.lock
+*.sock
+.env

Cargo.toml

@@ -0,0 +1,48 @@
+[package]
+name = "sentinel-agent-waf"
+version = "0.1.0"
+edition = "2021"
+rust-version = "1.75"
+authors = ["Sentinel Contributors"]
+license = "MIT OR Apache-2.0"
+repository = "https://github.com/raskell-io/sentinel-agent-waf"
+homepage = "https://sentinel.raskell.io"
+documentation = "https://sentinel.raskell.io/docs/agents/waf"
+description = "Web Application Firewall agent for Sentinel reverse proxy - SQL injection, XSS, and attack detection"
+keywords = ["proxy", "reverse-proxy", "agent", "waf", "security"]
+categories = ["network-programming"]
+readme = "README.md"
+
+[[bin]]
+name = "sentinel-waf-agent"
+path = "src/main.rs"
+
+[dependencies]
+# Sentinel protocol
+sentinel-agent-protocol = "0.1"
+sentinel-common = "0.1"
+
+# Async runtime
+tokio = { version = "1.40", features = ["full"] }
+async-trait = "0.1"
+
+# Pattern matching
+regex = "1.10"
+
+# Serialization
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+
+# Logging
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
+
+# Error handling
+anyhow = "1.0"
+thiserror = "1.0"
+
+# Command line
+clap = { version = "4.5", features = ["derive", "env"] }
+
+[dev-dependencies]
+tempfile = "3.12"

README.md

@@ -0,0 +1,179 @@
+# sentinel-agent-waf
+
+Web Application Firewall agent for [Sentinel](https://github.com/raskell-io/sentinel) reverse proxy. Detects and blocks common web attacks.
+
+## Features
+
+- **SQL Injection detection** - UNION-based, blind, time-based
+- **Cross-Site Scripting (XSS)** - Script tags, event handlers, JavaScript URIs
+- **Path Traversal** - Directory traversal, encoded attacks
+- **Command Injection** - Shell commands, pipe injection
+- **Protocol Attacks** - Request smuggling, scanner detection
+- **Paranoia levels** (1-4) for tuning sensitivity
+- **Detect-only mode** for monitoring without blocking
+
+## Installation
+
+### From crates.io
+
+```bash
+cargo install sentinel-agent-waf
+```
+
+### From source
+
+```bash
+git clone https://github.com/raskell-io/sentinel-agent-waf
+cd sentinel-agent-waf
+cargo build --release
+```
+
+## Usage
+
+```bash
+sentinel-waf-agent --socket /var/run/sentinel/waf.sock --paranoia-level 1
+```
+
+### Command Line Options
+
+| Option | Environment Variable | Description | Default |
+|--------|---------------------|-------------|---------|
+| `--socket` | `AGENT_SOCKET` | Unix socket path | `/tmp/sentinel-waf.sock` |
+| `--paranoia-level` | `WAF_PARANOIA_LEVEL` | Sensitivity (1-4) | `1` |
+| `--sqli` | `WAF_SQLI` | Enable SQL injection detection | `true` |
+| `--xss` | `WAF_XSS` | Enable XSS detection | `true` |
+| `--path-traversal` | `WAF_PATH_TRAVERSAL` | Enable path traversal detection | `true` |
+| `--command-injection` | `WAF_COMMAND_INJECTION` | Enable command injection detection | `true` |
+| `--protocol` | `WAF_PROTOCOL` | Enable protocol attack detection | `true` |
+| `--block-mode` | `WAF_BLOCK_MODE` | Block (true) or detect-only (false) | `true` |
+| `--exclude-paths` | `WAF_EXCLUDE_PATHS` | Paths to exclude (comma-separated) | - |
+| `--verbose` | `WAF_VERBOSE` | Enable debug logging | `false` |
+
+## Paranoia Levels
+
+| Level | Description |
+|-------|-------------|
+| 1 | High-confidence detections only (recommended for production) |
+| 2 | Adds medium-confidence rules, more false positives possible |
+| 3 | Adds low-confidence rules, requires tuning |
+| 4 | Maximum sensitivity, expect false positives |
+
+## Detection Rules
+
+### SQL Injection (942xxx)
+- UNION-based injection
+- Tautology attacks (`OR 1=1`)
+- Comment injection (`--`, `#`, `/**/`)
+- Time-based blind injection (`SLEEP()`, `BENCHMARK()`)
+
+### Cross-Site Scripting (941xxx)
+- Script tag injection (`<script>`)
+- Event handler injection (`onclick=`, `onerror=`)
+- JavaScript URI (`javascript:`)
+- Data URI (`data:text/html`)
+
+### Path Traversal (930xxx)
+- Directory traversal (`../`, `..\\`)
+- URL-encoded traversal (`%2e%2e%2f`)
+- OS file access (`/etc/passwd`, `c:\\windows`)
+
+### Command Injection (932xxx)
+- Shell command injection (`; ls`, `| cat`)
+- Unix command execution (`$(...)`, backticks)
+- Windows command execution (`cmd.exe`, `powershell`)
+
+### Protocol Attacks (920xxx)
+- Control characters in request
+- Request smuggling patterns
+- Scanner detection (Nikto, SQLMap, etc.)
+
+## Configuration
+
+### Sentinel Proxy Configuration
+
+```kdl
+agents {
+    agent "waf" {
+        type "custom"
+        transport "unix_socket" {
+            path "/var/run/sentinel/waf.sock"
+        }
+        events ["request_headers"]
+        timeout-ms 50
+        failure-mode "open"
+    }
+}
+
+routes {
+    route "all" {
+        matches { path-prefix "/" }
+        upstream "backend"
+        agents ["waf"]
+    }
+}
+```
+
+### Docker/Kubernetes
+
+```yaml
+# Environment variables
+WAF_PARANOIA_LEVEL: "1"
+WAF_BLOCK_MODE: "true"
+WAF_EXCLUDE_PATHS: "/health,/metrics"
+```
+
+## Response Headers
+
+On blocked requests:
+- `X-WAF-Blocked: true`
+- `X-WAF-Rule: <rule_id>`
+
+In detect-only mode, the request continues but includes:
+- `X-WAF-Detected: <rule_ids>`
+
+## Excluding Paths
+
+Exclude paths from WAF inspection:
+
+```bash
+sentinel-waf-agent --exclude-paths "/health,/metrics,/static"
+```
+
+## False Positive Handling
+
+1. **Lower paranoia level** - Start with level 1 and increase gradually
+2. **Exclude paths** - Exclude known-safe endpoints
+3. **Detect-only mode** - Monitor before enabling blocking
+4. **Custom rules** - Future feature for rule customization
+
+## Comparison with ModSecurity
+
+This agent provides a subset of ModSecurity's OWASP CRS functionality:
+
+| Feature | This Agent | ModSecurity |
+|---------|------------|-------------|
+| SQL Injection | ✓ | ✓ |
+| XSS | ✓ | ✓ |
+| Path Traversal | ✓ | ✓ |
+| Command Injection | ✓ | ✓ |
+| Full CRS Ruleset | Partial | ✓ |
+| Body Inspection | - | ✓ |
+| Custom Rules | - | ✓ |
+| Dependencies | Pure Rust | libmodsecurity |
+| Installation | `cargo install` | Complex |
+
+For full OWASP CRS compatibility, consider using ModSecurity with Sentinel's external processing.
+
+## Development
+
+```bash
+# Run with debug logging
+RUST_LOG=debug cargo run -- --socket /tmp/test.sock --paranoia-level 2
+
+# Run tests
+cargo test
+```
+
+## License
+
+MIT OR Apache-2.0

sentinel-agent.toml

@@ -0,0 +1,24 @@
+# Sentinel Agent Registry Manifest
+# WAF Agent - Web Application Firewall
+
+[agent]
+name = "sentinel-agent-waf"
+version = "0.1.0"
+description = "Web Application Firewall agent for Sentinel reverse proxy - SQL injection, XSS, and attack detection"
+authors = ["Sentinel Contributors"]
+license = "MIT OR Apache-2.0"
+repository = "https://github.com/raskell-io/sentinel-agent-waf"
+
+[protocol]
+version = "0.1"
+events = ["request_headers"]
+
+[compatibility]
+sentinel-proxy = ">=0.1.0"
+sentinel-agent-protocol = "0.1"
+
+[registry]
+homepage = "https://sentinel.raskell.io/agents/waf"
+documentation = "https://sentinel.raskell.io/docs/agents/waf"
+keywords = ["sentinel", "agent", "waf", "security", "sqli", "xss"]
+categories = ["security"]