Plans

Great stuff. Im doing something similar on the storage front, and have forked your work. Working on expanding it to solve the shortfalls. Love to work togeather. Have already got a plan, and executing on it. Here's my first pass. Will define it a bit better after get thru it. As I need to merge it with my storage concept, and kube integration as well. Phase 1 — Security & Correctness [CRITICAL] Add seccomp-bpf filter to VMM host process Small · 2–3 days | tags: security, rust Inject CSPRNG reseed before every fork (kernel + userspace numpy/OpenSSL) Small · 2–3 days | tags: rust Audit vmstate parser for unsafe memory reads; add bounds checks Small · 2–3 days | tags: rust Replace hardcoded demo API key with proper key issuance + scoping system Small · 3–5 days | tags: ops, security Add per-key rate limiting and usage tracking in the API server Small · 3–5 days | tags: rust, ops Phase 2 — Observability & Operability [HIGH] Integrate OpenTelemetry tracing across fork lifecycle (spawn → run → teardown) Small · 2–3 days | tags: rust, ops Add structured per-fork metrics (RSS, CoW page faults, wall-clock, exit code) Small · 2–3 days | tags: rust, ops Wire up Prometheus /metrics endpoint with dashboard (Grafana template) Small · 2–3 days | tags: ops Add streaming stdout via SSE or WebSocket (Axum native) Medium · 3–5 days | tags: rust, ux Implement hard CPU wall-clock timeout with SIGKILL fallback per fork Small · 2–3 days | tags: rust Phase 3 — Resource Isolation [...