sandboxd  by tastyeffectco

Self-hosted dev sandboxes with integrated AI coding agents and live previews

Created 1 month ago
707 stars

Top 47.6% on SourcePulse

GitHubView on GitHub
Project Summary

Provides a self-hosted, single-command solution for creating isolated cloud development environments ("sandboxes") with live preview URLs and integrated AI coding agents. It targets developers building AI app-builder products, agent platforms, or coding playgrounds, offering a cost-effective and manageable infrastructure backend for multi-tenant applications, enabling users to see their code live within seconds.

How It Works

The system utilizes Docker to spin up isolated Linux containers for each sandbox, ensuring multi-tenant isolation. An AI coding agent (pre-installed with OpenCode and Claude Code CLIs) operates within the sandbox, generating code based on user prompts. Traefik dynamically routes traffic, providing each sandbox with a unique, shareable preview URL. A key architectural choice is its "stop-on-idle" and "wake-on-request" mechanism: sandboxes automatically sleep to conserve resources and instantly wake when accessed, with files persisting on disk. The control plane is a single Go binary interacting with the Docker CLI, simplifying deployment without Kubernetes or separate database servers, using SQLite for state management.

Quick Start & Requirements

  • Primary install / run command: Clone the repository, navigate to the directory, and run ./install.sh install.sh.
  • Non-default prerequisites and dependencies: Docker Engine and the Compose plugin, running on Linux.
  • Estimated setup time or resource footprint: Described as a "one-command install" and "easy to understand," suggesting a minimal setup time.
  • Links: The project repository serves as the primary documentation source.

Highlighted Details

  • One-command installation and uninstallation process.
  • Built-in support for AI coding agents (OpenCode, Claude Code) for automated code generation.
  • Significant cost savings through automatic resource reclamation (stop-on-idle, wake-on-request).
  • Fully self-hosted with MIT licensing, allowing for ownership of data and margins.
  • Minimalist architecture: single Go binary, Docker, Traefik, and SQLite.
  • Automatic preview URL generation with routing and TLS capabilities for production.

Maintenance & Community

The provided README does not detail specific contributors, sponsorships, community channels (e.g., Discord, Slack), or a public roadmap. It does reference a CONTRIBUTING.md file for potential community involvement.

Licensing & Compatibility

  • License type: MIT.
  • Compatibility notes: The permissive MIT license allows for commercial use, integration into proprietary applications, and modification without significant restrictions.

Limitations & Caveats

The default container isolation relies on hardened Docker, which may not be sufficient for running highly untrusted code; stronger isolation (e.g., VM-per-tenant) is recommended in such cases. API authentication is disabled by default, requiring explicit configuration for secure production deployments. Preview links are public by default, and the system is initially designed for a single Docker host, necessitating planning for multi-host sharding and potential network egress controls when scaling.

Health Check
Last Commit

2 days ago

Responsiveness

Inactive

Pull Requests (30d)
20
Issues (30d)
13
Star History
276 stars in the last 30 days

Explore Similar Projects

Feedback? Help us improve.