Lore

A timeline of how this codebase got here. Dates derived from CHANGELOG.md, git log, and tag history.

Origin (Mar 2024)

Pingora was open-sourced on 2024-02 with the original blog post "Pingora — open source". The first public commit is 2023-05-08 but the real activity starts in Feb 2024 with 9 commits, then jumps to 45 in March 2024 as Cloudflare's Content Delivery team migrated their internal documentation, examples, and CI workflows into the public repository.

The repository was already production-grade: the README's "battle tested" claim refers to several years of internal Cloudflare use predating the open-source release. The architecture document at docs/user_guide/internals.md (written by external contributor James Munns) is one of the few "outsider" perspectives on the codebase.

Eras

Bringing the framework outside (Feb–Aug 2024)

The first six months were focused on the umbrella pingora crate, the proxy framework (pingora-proxy), the cache machine (pingora-cache), and getting the load-balancer example documented. The 0.1 → 0.3 series (Mar–Aug 2024) added BoringSSL support, the Peer abstraction, the modules system (compression first), and a much larger user guide.

Notable events:

• Feb 2024 — initial public release, 0.1.0
• Mar 2024 — quick-start guide, BoringSSL feature, 45 commits
• Apr–Jun 2024 — peak community-PR activity (~30 commits/month from outside contributors)

TLS pluralism (Aug 2024 – Mar 2025)

pingora-rustls and pingora-s2n joined the workspace as alternative TLS backends in this window. The cargo features rustls and s2n became selectable on the umbrella crate. The s2n integration was driven by AWS's s2n-tls library; rustls was added experimentally with a strong "don't rely on it yet" warning still in pingora/Cargo.toml.

The 0.4 / 0.5 releases (late 2024) also brought:

• connection_filter cargo feature for pre-TLS connection rejection
• adjust_upstream_modules phase
• An h2 client/server overhaul

Cache and observability hardening (Mar 2025 – Feb 2026)

The 0.6 and 0.7 releases focused on the cache layer and observability:

• Cache lock improvements, LockStatus awareness on filters
• mTLS support (new_mtls on HttpProxy)
• SSLKEYLOGFILE for rustls
• Body-bytes tracking across H1/H2
• A virtual L4 stream abstraction (0.7.0, 2026-01-30)
• The Custom HTTP session for encapsulated protocols

Activity dropped through Q3 2025 (8–16 commits/month) but recovered in late 2025 and through Q1 2026 (25–32 commits/month).

Service dependency graph and operational polish (Feb–Apr 2026)

The 0.8.0 release on 2026-03-02 introduced service-level dependencies, a builder for the proxy service, the pipe_subrequest utility, an upload-diagnostics counter, and a fix for ketama configuration not persisting across updates. The most recent CI improvements (Semgrep on 2026-04-23) round out the era.

Pingora-prometheus split (Apr 2026)

A small but notable shape change: pingora-prometheus was split out of pingora-core into its own crate on 2026-04-01 (commit 842ddd9) so consumers don't have to pull the prometheus dependency unless they want metrics.

Longest-standing features

• ProxyHttp trait — present from the first public release. Has accumulated optional callbacks (notably early_request_filter, proxy_upstream_filter, error_while_proxy) but the core upstream_peer/request_filter/response_filter shape has been stable since 2024.
• Server / Service model — the bootstrap → run → graceful-upgrade lifecycle has been stable. The ExecutionPhase enum was added later as observability sugar but the underlying state machine matches the 2024 design.
• YAML config schema — keys like threads, pid_file, upgrade_sock, error_log are unchanged from the open-source debut. New keys have only been added.
• Ketama — the consistent-hashing crate is largely unchanged from the original drop, though it received a configurable runtime upgrade in 0.7.0 to reduce CPU/memory.

Major rewrites and significant changes

• TLS backend shim refactor (mid-2024) — when rustls and s2n were added, pingora-core/src/tls and protocols/tls and connectors/tls and listeners/tls were rewired to dispatch through a thin abstraction. Each backend lives in its own crate (pingora-openssl, pingora-boringssl, pingora-rustls, pingora-s2n) and the core picks one at compile time.
• Service dependency DAG (early 2026) — services can now declare ordering constraints. Previously they all started in parallel.
• Pingora-prometheus extraction (Apr 2026) — see above.
• Custom HTTP session / virtual L4 stream (late 2025 / early 2026) — added to support encapsulated protocols beyond plain TCP/TLS.

Deprecated / removed

• CacheKey::default — removed in 0.8.0. Users must now implement cache_key_callback themselves.
• atty — dependency removed in 0.7.0 for security reasons (RUSTSEC).
• CONNECT method proxying — disabled by default in 0.8.0 (still available behind a server option). Unsupported requests are now rejected automatically.

Growth trajectory

• ~95 unique authors have committed
• Top author is Edward Wang (135 commits), followed by Yuchen Wu (98), Kevin Guthrie (55), Andrew Hauck (54), and Matthew Gumport (50). All five are Cloudflare engineers based on git email domains.
• External contribution is steady but secondary — the CONTRIBUTING file is explicit that "internal contributions take priority."