Tags: devsed-zz/forkd
Tags
forkd-mcp v0.2.0 — branch_sandbox + v0.3 options (diff snapshots, pre… …warm)
Merge pull request deeplethe#69 from deeplethe/dev docs(readme): asciinema demo embed (deeplethe#68 → main)
Merge pull request deeplethe#93 from deeplethe/dev docs: COMPARISON.md (deeplethe#92 → main)
Merge pull request deeplethe#18 from deeplethe/dev ci(release): release workflow + v0.1.2
feat(controller): TLS support + comparison docs (v0.1.1)
Daemon
- axum-server + rustls 0.23 (aws-lc-rs provider) replace plain
axum::serve. New `--tls-cert` / `--tls-key` flags (and FORKD_TLS_*
env vars). When both are set the daemon speaks HTTPS; otherwise
it falls back to plain HTTP (unchanged loopback default).
- Graceful shutdown promoted to axum_server::Handle with a 30 s
drain deadline on SIGTERM/SIGINT, replacing the previous
serve-then-drop pattern.
- --tls-cert and --tls-key must be supplied together; mismatch is
a hard error rather than a silent downgrade.
Tests
- End-to-end integration test generates a self-signed cert via
rcgen, brings up the daemon with TLS, and verifies /healthz and
/version handshake successfully with reqwest configured to
accept invalid certs. 7 integration tests pass (was 6), 19 unit
tests pass.
Docs
- README: new "How forkd compares" section with a properties table
spanning forkd, Tencent CubeSandbox, Daytona, Alibaba OpenSandbox,
E2B, Modal, raw Firecracker, Docker, gVisor. Cited numbers come
from each project's upstream documentation.
- DESIGN.md: new "Related work" subsection with longer prose for
each project — what the primitive is, what cold-start numbers
they advertise, where forkd's niche differs.
- docs/SECURITY.md: TLS guidance (cert rotation, file permissions,
interaction with bearer-token auth).
- docs/API.md, docs/RUNBOOK.md: cross-references to the new flags.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PreviousNext