Unikernel Platform Runner and Hypervisor daemon for executing secure multi-tenant microVM containers.
Part of the Drover parallel orchestration platform.
- Local Sandbox Verification: Integrates with local
kraftCLI to run unikernel targets offline. - Firecracker Orchestration: Spawns isolated multi-tenant guest OS slices using Firecracker microVMs on KVM hosts.
- Virtual Isolation: Configures isolated virtual bridge networks (TAP/TUN) and secure overlay disks with dynamic memory cleanup on completion.
🚧 Early development. Foundational components for secure unikernel execution environments.
Work items, epics, and tasks are tracked locally in JSON Lines format inside .beads/issues.jsonl following the platform's Beads convention.
See the main drover repository for the coordinator, architecture, and cross-cutting concerns.
The fastest way to start hacking on unikernels with drover-runner is via the dvr CLI:
# Build the CLI
go build -o bin/dvr ./cmd/dvr
# See available commands (powered by the official kraft engine)
./bin/dvr --help
./bin/dvr unikernel --help
./bin/dvr unikernel build --help
# Build a unikernel project that contains a Kraftfile
./bin/dvr unikernel build ./path/to/my-unikernel
# Run it locally (QEMU by default)
./bin/dvr unikernel run ./path/to/my-unikernelSee the detailed design and next steps in docs/drun-001-kraft-integration-design.md.
This is early-stage infrastructure. Roadmap items are captured in the Beads backlog. Contributions and discussions welcome via issues and PRs once the core daemon stabilizes.