Mullgate
Architecture

Architecture Overview

High-level design goals, traffic flow, and trust boundaries for Mullgate.

Mullgate is a gateway-oriented proxy system. It presents route-specific or selector-driven proxy entrypoints while keeping the operator in control of how traffic is exposed, validated, and observed.

Design goals

Mullgate's documented design goals include:

  • CLI-first operation
  • truthful exposure and routing semantics
  • support for SOCKS5, HTTP, and HTTPS-capable proxy surfaces
  • standalone proxy behavior without taking over host routing
  • explicit runtime and diagnostic visibility
  • operator surfaces that are easy to inspect and verify

Conceptual flow

At a high level, traffic moves through the system like this:

Client
  |
  v
Route-specific local entrypoint
  |
  v
Mullgate routing layer
  |
  v
Selected upstream backend
  |
  v
Destination / observed exit

That flow matters because Mullgate is not trying to hide routing. It is trying to make routing legible.

Why exposure and access semantics matter

A major architectural point in Mullgate is that route selection follows the configured access mode. In published-routes, route selection is tied to destination bind IPs or published ports. In inline-selector, the selector in the proxy username chooses the backend.

In practice, that means the DNS or /etc/hosts mapping is part of the route contract in published-routes, while selector syntax is part of the route contract in inline-selector.

Operational surfaces

The architecture is not just a runtime. It also includes operator-facing truth surfaces such as:

  • mullgate proxy status
  • mullgate proxy doctor
  • mullgate proxy access
  • runtime manifests and validation metadata

Those surfaces are part of the product, not just debugging tools.

Architecture pages

There are two important architecture stories in this documentation:

  • the current runtime model, which uses one shared WireGuard entry device plus many logical Mullvad exits
  • the multi-exit architecture page, which explains why the redesign happened and what the live proof showed

Read Current Runtime Model first, then Multi-exit Architecture.

See also

Troubleshooting

Practical checks for configuration drift, hostname issues, and runtime validation.

Current Runtime Model

Summary of the shared-entry multi-exit runtime that Mullgate ships today.

On this page

Design goalsConceptual flowWhy exposure and access semantics matterOperational surfacesArchitecture pagesSee also