Roadmap
Completed
Section titled “Completed”Core Features
Section titled “Core Features”- ✅ Process supervision with auto-restart
- ✅ Hibernation - Scale to zero, wake on request
- ✅ Exponential backoff restarts
- ✅ Unix socket proxy - Full request routing to backends
- ✅ Subdomain routing (
prod.api.example.com→api:prod)
Isolation & Security
Section titled “Isolation & Security”- ✅ Namespace isolation - Zero-overhead
/procprotection (Linux) - ✅ Sandbox isolation (gVisor) - Syscall filtering for untrusted code
- ✅ Resource limits - Memory and CPU limits via cgroups v2
- ✅ Auth middleware - Bearer token authentication
Production Setup
Section titled “Production Setup”- ✅
ten install- Install as systemd service with security hardening - ✅
ten uninstall- Clean removal of systemd service - ✅
ten caddy- Generate Caddyfile with automatic HTTPS via Let’s Encrypt - ✅
ten serve --tls- Built-in TLS with Let’s Encrypt certificates - ✅ DNS-01 challenge support for wildcard certificates
Storage & Persistence
Section titled “Storage & Persistence”- ✅ Storage quotas per instance (
storage_quota_mb,storage_persist) - ✅ Storage API endpoint (
GET /api/instances/:id/storage) - ✅ Prometheus metrics for storage monitoring
- ✅ Dashboard storage display with color-coded usage
Instance Management
Section titled “Instance Management”- ✅ Instance auto-start - Declare instances in
[instances]section - ✅ Weighted routing for canary/blue-green deployments
- ✅
ten weightcommand for traffic distribution - ✅
ten deploy- Deploy new version and wait for health - ✅
ten route- Atomic traffic swap for blue/green deployments
Observability
Section titled “Observability”- ✅ Dashboard - Svelte web UI for instance management
- ✅ Prometheus metrics at
/metrics - ✅ Log capture with full-text search
Testing
Section titled “Testing”- ✅ Comprehensive test suite (340+ tests + 8 benchmarks)
- ✅ E2E integration tests
- ✅ Fleet mode (slum) - Multi-server orchestration
In Progress
Section titled “In Progress”- 🔄 Slum health check loop
Planned (Next)
Section titled “Planned (Next)”WASM Runtime
Section titled “WASM Runtime”- Lightweight compute sandbox using wasmtime
- ~5-10MB overhead per instance
- Fast startup (<50ms)
- Useful for user plugins, functions-as-a-service
Enhanced Monitoring
Section titled “Enhanced Monitoring”- OpenTelemetry integration
- Distributed tracing
- Custom metrics API
- Alert webhooks
Advanced Networking
Section titled “Advanced Networking”- Custom network namespaces (full network isolation)
- Service discovery (DNS-based)
Persistence & Snapshots
Section titled “Persistence & Snapshots”- Checkpoint/restore (CRIU)
- Instance snapshots for faster spawn
- State migration between servers
Firecracker Support
Section titled “Firecracker Support”- MicroVM isolation (128MB overhead)
- Custom kernel support
- Compliance-grade isolation
Long-term Vision
Section titled “Long-term Vision”Isolation Spectrum
Section titled “Isolation Spectrum”Bare Process ──→ Namespace ──→ Sandbox ──→ MicroVM0ms, 0MB 0ms, 0MB 100ms,20MB 125ms,128MBSupport all isolation levels seamlessly:
- Same API and CLI
- Configuration-driven isolation selection
- Automatic fallback if unavailable
Multi-cloud Orchestration
Section titled “Multi-cloud Orchestration”- Orchestrate across cloud providers (AWS, GCP, Fly.io, etc.)
- Cost optimization across clouds
Edge Computing
Section titled “Edge Computing”- Deploy to edge locations
- Coordinate workloads across distributed edge
Contributing
Section titled “Contributing”Want to help? Check out:
Feedback
Section titled “Feedback”Share ideas and feedback on GitHub. We’re building in the open!