Night Core Worker v39 introduces a Firecracker backend for executing WebAssembly (WASM) modules inside microVMs with full cryptographic verification and audit logging.
Each module is signed with Ed25519 and verified against its SHA-256 hash before being placed into an isolated Firecracker microVM. This provides hardware-level separation between tenants while maintaining deterministic proof records.
Architecture Overview nightcore CLI (main.rs) ↓ firecracker_adapter.rs ↓ Firecracker microVM (guest WASI) ↓ tenant.wasm → verified and executed
The Firecracker adapter:
Prepares a temporary root filesystem containing the verified module. 1.
Launches Firecracker with a minimal JSON configuration. 1.
Executes the WASM payload under WASI. 1.
Collects stdout/stderr for pro…
Night Core Worker v39 introduces a Firecracker backend for executing WebAssembly (WASM) modules inside microVMs with full cryptographic verification and audit logging.
Each module is signed with Ed25519 and verified against its SHA-256 hash before being placed into an isolated Firecracker microVM. This provides hardware-level separation between tenants while maintaining deterministic proof records.
Architecture Overview nightcore CLI (main.rs) ↓ firecracker_adapter.rs ↓ Firecracker microVM (guest WASI) ↓ tenant.wasm → verified and executed
The Firecracker adapter:
Prepares a temporary root filesystem containing the verified module. 1.
Launches Firecracker with a minimal JSON configuration. 1.
Executes the WASM payload under WASI. 1.
Collects stdout/stderr for proof logs. 1.
Destroys the VM on completion to maintain stateless isolation.
Setup git clone https://github.com/xnfinite/nightcore-worker.git cd nightcore-worker cargo +nightly build
Install Firecracker: mkdir firecracker_assets && cd firecracker_assets curl -LO https://github.com/firecracker-microvm/firecracker/releases/download/v1.9.0/firecracker-v1.9.0-x86_64.tgz tar -xzf firecracker-v1.9.0-x86_64.tgz cd ..
Minimal configuration file (firecracker_config.json): { “boot-source”: { “kernel_image_path”: “vmlinux.bin”, “boot_args”: “console=ttyS0 reboot=k panic=1 pci=off” }, “drives”: [ { “drive_id”: “rootfs”, “path_on_host”: “rootfs.ext4”, “is_root_device”: true, “is_read_only”: false } ], “machine-config”: { “vcpu_count”: 1, “mem_size_mib”: 128 } }
Example Run cargo +nightly run – run –all –backend firecracker –vm-timeout 15
Each tenant is verified, executed inside its own microVM, and logged to:
logs/nightcore_proof.html
logs/orchestration_report.json
Proof entries record:
Module signature status (Ed25519)
Integrity hash match (SHA-256)
Backend type (Firecracker v1.9.0)
Exit code and timestamp
Purpose Wasmtime handles WASI sandboxing well, but Firecracker extends it with hardware-backed isolation for verifiable multi-tenant compute. This update focuses on proving not only that code runs correctly — but that each execution can be traced, verified, and reproduced.
Repository: https://github.com/xnfinite/nightcore-worker