1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
//! `monocore` is a secure MicroVM provisioning system for running untrusted code in isolated environments.
//!
//! # Overview
//!
//! monocore provides a robust foundation for running AI workloads in isolated microVMs. It handles:
//! - VM lifecycle management
//! - OCI image distribution
//! - Service orchestration
//! - Network isolation
//! - Resource constraints
//!
//! # Key Features
//!
//! - **Secure Isolation**: True VM-level isolation through microVMs
//! - **Container Experience**: Works with standard OCI/Docker images
//! - **Fast Startup**: Millisecond-level VM provisioning
//! - **Resource Control**: Fine-grained CPU, memory and network limits
//! - **Simple API**: RESTful interface for service management
//!
//! # Architecture
//!
//! monocore consists of several key components:
//!
//! - **VM**: Low-level microVM management using libkrun
//! - **OCI**: Image pulling and layer management
//! - **Orchestration**: Service lifecycle and coordination
//! - **Runtime**: Process supervision and monitoring
//! - **Server**: REST API for remote management
//!
//! # Usage Example
//!
//! ```rust,no_run
//! use monocore::{
//! config::{Group, Monocore, Service},
//! orchestration::Orchestrator,
//! };
//!
//! #[tokio::main]
//! async fn main() -> anyhow::Result<()> {
//! // Configure a service
//! let service = Service::builder()
//! .name("ai-agent")
//! .base("alpine:latest")
//! .ram(512)
//! .build();
//!
//! // Create monocore config
//! let config = Monocore::builder()
//! .services(vec![service])
//! .groups(vec![Group::builder().name("agents").build()])
//! .build()?;
//!
//! // Start orchestrator
//! let mut orchestrator = Orchestrator::new("/path/to/home_dir", "/path/to/supervisor").await?;
//! orchestrator.up(config).await?;
//!
//! Ok(())
//! }
//! ```
//!
//! # Feature Flags
//!
//! - `overlayfs` - Enables experimental overlayfs support on Linux
//! - Not recommended for production use
//! - Does not support OCI whiteout files
//! - May have permission issues
//! - Falls back to copy-based merge on failure
//! - Will be replaced by monofs in the future for a more robust solution
//!
//! # Modules
//!
//! - [`cli`] - Command-line interface and argument parsing
//! - [`config`] - Configuration types and validation
//! - [`oci`] - OCI image handling and distribution
//! - [`orchestration`] - Service lifecycle management
//! - [`runtime`] - Process supervision and monitoring
//! - [`server`] - REST API server implementation
//! - [`utils`] - Common utilities and helpers
//! - [`vm`] - MicroVM configuration and control
//!
//! # Platform Support
//!
//! - Linux: Full support with optional overlayfs (experimental)
//! - macOS: Full support with copy-based layer merging
//! - Windows: Not currently supported
//!
//! # Future Improvements
//!
//! The current experimental overlayfs support will be replaced by monofs,
//! a more robust distributed filesystem designed specifically for container workloads.
//! monofs will provide:
//!
//! - Content-addressed storage
//! - Immutable data structures
//! - Copy-on-write semantics
//! - Proper whiteout handling
//! - Cross-platform support
//--------------------------------------------------------------------------------------------------
// Exports
//--------------------------------------------------------------------------------------------------
pub use *;