Hey HN,
I built Sonic — an open-source platform to run programmable logic over any network data. Transparent L7 proxy, eBPF-accelerated, multi-language, multi-protocol.
The core idea: instead of sending traffic to a cloud provider to execute edge logic, you run it yourself — on your VPS, Raspberry Pi, Docker, or bare metal. No vendor. No cold starts. No per-request billing.
What it supports:
- Languages: JavaScript and WebAssembly (Rust, Go, C)
- Protocols: HTTP, TCP, UDP, DNS, WebSocket, gRPC, QUIC
- eBPF Sockmap acceleration — kernel-level performance
- Dynamic TLS MITM — intercept and modify HTTPS transparently
- Cloudflare Workers-compatible API — existing CF Workers code runs unmodified
- Embeddable as a Go library
- Deploy anywhere: Linux, Docker, Raspberry Pi, macOS (dev)
Example worker:
function onTraffic(request) {
request.headers.set("X-Edge", "sonic");
return request;
}
Architecture:
Client -> Transparent Proxy
|- eBPF Sockmap (kernel bypass)
|- TLS MITM termination
|- JS/WASM onTraffic worker
|- Re-encrypt to real server
`- JS/WASM onResponse worker
What makes it different:
- Not just HTTP — TCP, UDP, DNS, gRPC, QUIC are all first-class
- Not just JS — WASM workers let you write logic in Rust or Go
- No external state dependencies — KV store is embedded (bbolt)
- You own everything: the certs, the data, the runtime
It's early (6 commits, honest). But the foundation — eBPF layer, TLS MITM, JS engine pool, CLI, Docker — is working.
Happy to go deep on the eBPF internals, WASM runtime integration, or the multi-protocol approach.
Top comments (0)