List view
## MicroVM Isolation **Goal:** Safe testing environment for risky eBPF programs. ### New Capabilities - **MicroVM isolation** - Test programs that might crash the kernel - **Full kernel control** - Safe to panic, corrupt state - **Multi-kernel** - Test on different kernel versions ### Demo Workflow ``` User: "Test this XDP program that might crash the network stack" AI: 1. ebpf_compile(source="risky_xdp.c") 2. ebpf_load(path="risky_xdp.o", isolate=true) ← MicroVM 3. ebpf_attach(id=1, target="eth0") # In VM, not host! 4. ebpf_trigger(category="net", operation="flood") 5. [VM crashes, host unaffected] 6. "Program caused kernel panic - here's the stack trace" ``` ### Issues - #5 - MicroVM Isolation ### Dependencies - v0.3.0 complete (core functionality stable) - #10 Research (informs design) ### Success Criteria - Can safely test programs that would crash host kernel - VM boots in <5 seconds - Transparent file sharing with host
No due date•12/12 issues closed## Stable Release **Goal:** Production-ready 1.0 with all features battle-tested. ### What's Included Everything from v0.2.0, v0.3.0, and v0.4.0: - Complete AI workflow (compile, load, attach, trigger, trace) - BPF map read/write - Policy engine for security - CI/CD and releases - MicroVM isolation ### Additional for 1.0 - Stability testing - Documentation polish - Performance optimization - Bug fixes from real-world usage ### Issues - #10 - Research prior art (informs polish) ### Success Criteria - No known critical bugs - Documentation complete - Used in production by at least one project
No due date•0/1 issues closed## Production-Ready **Goal:** Ready for daily use with proper security and infrastructure. ### New Capabilities - **BPF map access** - Read/write program data structures - **Policy engine** - Fine-grained security controls - **Systemd** - Auto-start, proper service management - **CI/CD** - Automated builds and releases ### Demo Workflow (Data Access) ``` User: "Show me the top 10 source IPs making connections" AI: 1. Load tcp_counter.o (has a BPF_MAP_TYPE_HASH) 2. Attach to tcp_v4_connect 3. Generate traffic with ebpf_trigger 4. ebpf_map_read(program_id=1, map="ip_counts") ← NEW 5. Parse and display sorted results ``` ### Issues in this Milestone - #12 - BPF Map Read/Write (MEDIUM) - #13 - Policy Engine (MEDIUM) - depends on #8 - #8 - Design: Program Types (MEDIUM) - must decide first - #14 - Systemd Integration (LOW) - #19 - CI/CD Pipeline (MEDIUM) ### Dependencies ``` #8 (Design) → #13 (Policy Engine) #12 (Maps) → enables advanced programs #19 (CI/CD) → enables releases ``` ### Success Criteria - Programs can communicate data via maps - Security policies restrict dangerous operations - Releases are automated
No due date•2/5 issues closed