Proxelar 0.2.0: A Complete Rewrite

2026-02-21

I'm happy to release Proxelar 0.2.0, a major milestone that completely reimagines the project from the ground up. What started as a Tauri desktop application is now a lean, modular CLI tool with three interface modes, a new proxy engine built on hyper 1.x, and both forward and reverse proxy support.

This release touches virtually every part of the codebase — 96 commits spanning architecture, networking, TLS, CI/CD, and testing. Having Claude Opus 4.6 as a pair-programming partner made tackling a rewrite of this scale much more manageable. Let's walk through what's new.

New Architecture: Three Crates, Three Interfaces

The single Tauri application has been replaced with a clean 3-crate workspace:

• proxelar-cli — the CLI binary, providing the entry point and interface layer
• proxyapi — the core proxy engine with the HttpHandler trait, connection handling, and TLS interception
• proxyapi_models — shared request/response models and serialization

This separation makes the proxy engine reusable as a library, independent of any specific frontend. On the interface side, Proxelar now ships with three modes you can switch between at launch:

proxelar                 # interactive TUI (default)
proxelar -i terminal     # plain terminal output
proxelar -i gui          # web GUI at localhost:8081

The TUI is built with ratatui and supports navigation, request/response inspection, filtering, and keyboard shortcuts. The web GUI runs on axum with WebSocket streaming. All three interfaces are fed by a unified event pipeline — a bounded mpsc channel of ProxyEvent values — so they all see the same traffic in real time.

Hyper 1.x and Modern TLS

The core proxy engine has been migrated from hyper 0.14 to hyper 1.x, along with rustls 0.23 and tokio-rustls 0.26. This meant rewriting connection handling, body types (ProxyBody), and the entire TLS interception layer.

The new stack brings better performance, improved HTTP compliance, and alignment with the current Rust async ecosystem. Certificate generation now uses per-host caching, so repeated connections to the same host reuse previously minted certificates instead of generating new ones on every request.

Forward and Reverse Proxy

Proxelar 0.2.0 introduces proper forward proxy mode with CONNECT tunneling and HTTPS man-in-the-middle interception, as well as a new reverse proxy mode:

# Forward proxy (default) — configure your system proxy to 127.0.0.1:8080
proxelar

# Reverse proxy — forward all traffic to an upstream target
proxelar -m reverse --target http://localhost:3000

Forward mode handles both HTTP and HTTPS via CONNECT, transparently intercepting encrypted traffic by minting per-host certificates signed by the local CA. Reverse mode rewrites incoming requests to the specified upstream target — useful for debugging APIs and local services.

Easy CA Certificate Installation

Getting the CA certificate installed is often the most annoying part of setting up a MITM proxy. Proxelar now includes a built-in certificate download server that intercepts requests to the proxel.ar hostname. Just configure your browser to use the proxy and visit:

http://proxel.ar

You'll get a page with direct PEM and DER downloads and installation instructions for your platform. No more hunting for certificate files in hidden directories (though ~/.proxelar/proxelar-ca.pem is still there if you prefer).

Testing and CI/CD

This release adds integration tests covering the certificate authority, the cert download server, forward proxy, reverse proxy, and model serialization. Previously, the project had minimal test coverage — now the critical paths are exercised automatically.

The CI/CD pipeline has been overhauled as well:

• Cargo caching for faster builds
• MSRV 1.88 verification to ensure compatibility
• cargo-deny policy checks for license and vulnerability auditing
• Cross-platform release workflow producing binaries for multiple targets
• Dependabot for automated dependency updates

Breaking Changes

This is a major release, and the public API has changed significantly:

• The binary is now proxelar (CLI) — the Tauri desktop app has been removed entirely

• proxyapi has been redesigned around the HttpHandler trait, ProxyBody, and ProxyEvent

• proxyapi_models now uses http 1.x and http-serde 2.x, which changes the serialization format

• License changed to MIT-only — the previous dual license has been simplified

If you were using proxyapi as a library, you'll need to update your code to the new API.

Getting Started

Install Proxelar with Cargo:

cargo install proxelar

Then run it:

proxelar

Configure your system or browser proxy to 127.0.0.1:8080, visit http://proxel.ar to install the CA certificate, and you're ready to inspect traffic.

For all CLI options, check the README or run proxelar --help.

Acknowledgments

Proxelar is heavily inspired by mitmproxy, a project I had the opportunity to contribute to. Working on mitmproxy gave me a deep understanding of how MITM proxies work and shaped many of the design decisions behind Proxelar. The full changelog is available on GitHub.