microvm-runtime 0.2.0-alpha.1

Firecracker microVM driver for decentralized Tangle operators — pure-Rust primitive, no service, no auth, no business logic.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

# Roadmap

This crate ships in alpha-cadence releases until the production hardening list
is complete. Each phase below is a release boundary.

## 0.1.x — Extraction (current)

Lifecycle: create / start / stop / snapshot (create only) / destroy. Direct
unix-socket HTTP to the Firecracker API. No SDK dep. Process management with
kill-on-error rollback. In-memory test adapter for downstream blueprint tests.

What works for an operator today: provision a VM, boot it, capture a snapshot
of its memory, tear it down. Not yet useful for sandboxing — the VM has no
network and no guest↔host channel.

## 0.2.x — Make it useful

The minimum for any operator to actually run workloads inside a VM.

- **Network setup**: TAP device creation, bridge attachment, IP allocation,
  `PUT /network-interfaces`, host iptables NAT.
- **Vsock**: CID allocation, `PUT /vsock`, parent dir mkdir before
  `/snapshot/load` (FC v1.6 race fix).
- **Snapshot restore**: `PUT /snapshot/load` + UFFD handler coordination.
  Pairs with 0.1 snapshot-create for fast warm boot.
- **Console capture**: stderr ring buffer (200-line tail per VM) so kernel
  panics and init failures are debuggable post-mortem instead of `Stdio::null`.
- **Graceful shutdown**: SIGTERM → poll → SIGKILL on timeout.
- **Per-VM config override**: kernel, rootfs, vCPU, memory, boot args — today
  these are workspace-level, which prevents sizing VMs to workload.

## 0.3.x — Production hardening

Required before a security-conscious operator should run this in production.

- **Jailer wrapper**: chroot + cgroup v2 + seccomp + UID-GID mapping.
- **Rate limiters**: bandwidth + ops quota on drives + NICs, plumbed to the FC
  API rather than the current hardcoded `None`.
- **Egress firewall**: per-session iptables FORWARD chain with cleanup on
  destroy. Operator can scope what each VM can reach.
- **Metrics polling**: periodic `GET /vm` for CPU, memory, network counters.
- **VM rename**: FC 1.10+ identifier swap for warm-pool handoff without
  re-snapshotting.

## 0.4.x — Optional surfaces

Per use case, not blocking either consumer.

- MMDS (instance metadata service).
- Balloon device (pre-snapshot memory reclaim).
- CPU templates (cross-host migration compatibility).
- Multi-drive support: workspace, sidecar, nix store as separate drives with
  separate rate limits.
- Metrics fifo for in-VM observability tools.