gen0sec · krichard1212 · Jan 27, 2026 · Jan 27, 2026 · Jan 27, 2026 · Jan 27, 2026
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -5,6 +5,19 @@ on:
         - main
 
 jobs:
+  build-agent-only:
+    name: Build agent-only (no proxy)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+      - name: Build agent-only
+        shell: bash
+        run: |
+          set -euxo pipefail
+          cargo build --locked --no-default-features --features agent-only
+
   build-amd64:
     name: Build amd64
     runs-on: ubuntu-latest

diff --git a/Cargo.toml b/Cargo.toml
@@ -15,6 +15,7 @@ vmlinux = { git = "https://github.com/libbpf/vmlinux.h.git", rev = "83a228cf37fc
 
 [dependencies]
 tokio = { version = "1", features = [
+  "fs",
   "rt-multi-thread",
   "macros",
   "net",
@@ -45,7 +46,7 @@ rustls = { version = "0.23.36", default-features = false, features = [
   "ring",
   "logging",
 ] }
-rustls-pemfile = "2.1.2"
+rustls-pemfile = { version = "2.1.2", optional = true }
 webpki-roots = "1.0"
 base64 = "0.22"
 async-trait = "0.1.81"
@@ -71,7 +72,7 @@ uuid = { version = "1.19", features = ["v4", "serde"] }
 url = "2.5"
 clamav-tcp = "0.2"
 multer = "3.0"
-proxy-protocol = { git = "https://github.com/gen0sec/proxy-protocol", rev = "ac28b27d317088f0e9e89805ada3b9f5cfbf5673"}
+proxy-protocol = { git = "https://github.com/gen0sec/proxy-protocol", rev = "ac28b27d317088f0e9e89805ada3b9f5cfbf5673", optional = true }
 rand = "0.9"
 regex = "1.0"
 daemonize = "0.5.0"
@@ -87,42 +88,64 @@ libbpf-rs = { version = "0.25.0", optional = true }
 # pingora-memory-cache = { path = "../pingora/pingora-memory-cache" }
 
 wirefilter-engine = { git = "https://github.com/gen0sec/wirefilter" , rev = "ab901470a24aad789cb9c03dd214d6c7d4cab589" }
-pingora = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81", features = ["lb", "openssl", "proxy"] }
-pingora-core = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81"}
-pingora-proxy = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81"}
-pingora-limits = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81"}
-pingora-http = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81"}
-pingora-memory-cache = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81"}
+pingora = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81", features = ["lb", "openssl", "proxy"], optional = true }
+pingora-core = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81", optional = true }
+pingora-proxy = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81", optional = true }
+pingora-limits = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81", optional = true }
+pingora-http = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81", optional = true }
+pingora-memory-cache = { git = "https://github.com/gen0sec/pingora", rev = "c92146d621542303dd9b93a4cb5252e1eef46c81", optional = true }
 
 mimalloc = { version = "0.1.48", default-features = false }
 dashmap = "7.0.0-rc2"
 ctrlc = "3.5.0"
 arc-swap = "1.7.1"
-prometheus = "0.14.0"
+prometheus = { version = "0.14.0", optional = true }
 once_cell = "1.21.3"
 maxminddb = "0.27"
 memmap2 = "0.9"
-axum-server = { version = "0.8.0", features = ["tls-openssl"] }
-axum = { version = "0.8.8" }
-tower-http = { version = "0.6.8", features = ["fs"] }
-tonic = "0.14.2"
-port_check = "0.3.0"
+axum-server = { version = "0.8.0", features = ["tls-openssl"], optional = true }
+axum = { version = "0.8.8", optional = true }
+tower-http = { version = "0.6.8", features = ["fs"], optional = true }
+tonic = { version = "0.14.2", optional = true }
+port_check = { version = "0.3.0", optional = true }
 notify = "8.2.0"
-privdrop = "0.5.6"
+privdrop = { version = "0.5.6", optional = true }
 base16ct = { version = "0.3.0", features = ["alloc"] }
 nftables = "0.6"
 iptables = "0.5"
-actix-web = "4.12"
-actix-files = "0.6"
-instant-acme = "0.8"
-trust-dns-resolver = "0.23.2"
+actix-web = { version = "4.12", optional = true }
+actix-files = { version = "0.6", optional = true }
+instant-acme = { version = "0.8", optional = true }
+trust-dns-resolver = { version = "0.23.2", optional = true }
 tracing = "0.1"
 tracing-subscriber = "0.3"
 
 [dev-dependencies]
 serial_test = "3.3"
 
 [features]
-default = ["bpf"]
+default = ["bpf", "proxy"]
+proxy = [
+  "dep:actix-files",
+  "dep:actix-web",
+  "dep:axum",
+  "dep:axum-server",
+  "dep:instant-acme",
+  "dep:pingora",
+  "dep:pingora-core",
+  "dep:pingora-http",
+  "dep:pingora-limits",
+  "dep:pingora-memory-cache",
+  "dep:pingora-proxy",
+  "dep:port_check",
+  "dep:privdrop",
+  "dep:prometheus",
+  "dep:proxy-protocol",
+  "dep:rustls-pemfile",
+  "dep:tonic",
+  "dep:tower-http",
+  "dep:trust-dns-resolver",
+]
+agent-only = []
 bpf = ["dep:libbpf-rs", "dep:libbpf-cargo", "dep:vmlinux"]
 disable-bpf = []
diff --git a/build.rs b/build.rs
@@ -1,11 +1,6 @@
 // build.rs
 use std::env;
 
-#[cfg(unix)]
-use std::ffi::OsStr;
-#[cfg(unix)]
-use std::path::{Path, PathBuf};
-
 #[cfg(all(unix, feature = "bpf"))]
 use libbpf_cargo::SkeletonBuilder;
 
@@ -37,6 +32,9 @@ fn main() {
 
     #[cfg(all(unix, feature = "bpf"))]
     {
+        use std::ffi::OsStr;
+        use std::path::{Path, PathBuf};
+
         let arch = env::var("CARGO_CFG_TARGET_ARCH").expect("CARGO_CFG_TARGET_ARCH must be set");
 
         let vmlinux_include = vmlinux::include_path_root().join(arch);

diff --git a/docs/ENVIRONMNET_VARS.md b/docs/ENVIRONMNET_VARS.md
@@ -2,6 +2,16 @@
 # Application mode
 export AX_MODE="proxy"
 
+# Agent identity (status/heartbeat events)
+# Use a unique AGENT_ID per instance when running multiple agents on the same host.
+export AGENT_ID="hostA-agent-1"
+export AGENT_NAME="edge firewall 1"
+export AGENT_SERVICE="synapse"
+export AGENT_INSTANCE_ID="1"
+export AGENT_TAGS="edge,prod"
+export AGENT_IPS="203.0.113.10,2001:db8::10"
+export AGENT_HEARTBEAT_SECS="30"
+
 # Redis configuration
 export AX_REDIS_URL="redis://127.0.0.1/0"
 export AX_REDIS_PREFIX="ax:synapse"