32 releases (8 breaking)

Uses new Rust 2024

new 0.19.1	Apr 15, 2026
0.18.6	Apr 8, 2026
0.18.2	Mar 31, 2026

#2500 in HTTP server

Used in zeph

MIT license

120KB
2K SLoC

zeph-gateway

HTTP gateway for webhook ingestion with bearer auth for Zeph.

Overview

Exposes an axum 0.8 HTTP server that accepts incoming webhooks, validates bearer tokens, and forwards payloads into the agent loop. Includes a /health endpoint for liveness probes. Feature-gated behind gateway.

Key Modules

server — GatewayServer startup and graceful shutdown
handlers — request handlers for webhook and health routes
router — axum router construction with auth middleware
error — GatewayError error types

Activation

GatewayServer starts automatically in daemon mode when the gateway feature is enabled and [gateway] is configured:

[gateway]
bind = "0.0.0.0:8090"
auth_token = "your-secret-token"   # optional, see authentication below

cargo run --features gateway -- --daemon   # starts agent + gateway server

The gateway is wired via src/gateway_spawn.rs into both daemon.rs and runner.rs. A background drain task logs incoming webhook payloads; agent loopback forwarding is a planned follow-up.

Authentication

GatewayServer supports bearer token authentication via the with_auth() builder method. When auth_token is None, the server emits a tracing::warn! at startup indicating that the endpoint is unauthenticated.

GatewayServer::new(addr, sender)
    .with_auth(Some("secret-token".to_string()))
    .serve()
    .await?;

Token comparison uses subtle::ConstantTimeEq to prevent timing attacks.

Installation

cargo add zeph-gateway

Enabled via the gateway feature flag on the root zeph crate.

Documentation

Full documentation: https://bug-ops.github.io/zeph/

License

MIT

Dependencies

~11–18MB
~262K SLoC