{"id":47540644,"url":"https://github.com/us/den","last_synced_at":"2026-04-01T18:01:11.090Z","repository":{"id":341873234,"uuid":"1171851717","full_name":"us/den","owner":"us","description":"Secure sandbox runtime for AI   agents","archived":false,"fork":false,"pushed_at":"2026-03-14T12:59:57.000Z","size":370,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-14T19:49:13.775Z","etag":null,"topics":["ai-agents","claude","code-execution","container","devtools","docker","golang","isolation","mcp","open-source","sandbox","self-hosted"],"latest_commit_sha":null,"homepage":"https://us.github.io/den","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/us.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-03T17:17:54.000Z","updated_at":"2026-03-14T12:59:59.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/us/den","commit_stats":null,"previous_names":["us/den"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/us/den","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/us%2Fden","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/us%2Fden/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/us%2Fden/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/us%2Fden/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/us","download_url":"https://codeload.github.com/us/den/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/us%2Fden/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290740,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","claude","code-execution","container","devtools","docker","golang","isolation","mcp","open-source","sandbox","self-hosted"],"created_at":"2026-03-28T14:00:25.171Z","updated_at":"2026-04-01T18:01:11.080Z","avatar_url":"https://github.com/us.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003ch1 align=\"center\"\u003eDen\u003c/h1\u003e\n  \u003cp align=\"center\"\u003eSelf-hosted sandbox runtime for AI agents\u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"docs/docs/quick-start.md\"\u003eGetting Started\u003c/a\u003e \u0026bull;\n    \u003ca href=\"docs/api-reference.md\"\u003eAPI Reference\u003c/a\u003e \u0026bull;\n    \u003ca href=\"docs/docs/sdks.md\"\u003eSDKs\u003c/a\u003e \u0026bull;\n    \u003ca href=\"docs/docs/mcp.md\"\u003eMCP Integration\u003c/a\u003e \u0026bull;\n    \u003ca href=\"docs/docs/configuration.md\"\u003eConfiguration\u003c/a\u003e\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cb\u003eEnglish\u003c/b\u003e | \u003ca href=\"README.zh-CN.md\"\u003e中文\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n---\n\nDen gives AI agents secure, isolated sandbox environments to execute code. It's the open-source, self-hosted alternative to E2B and similar cloud sandbox services.\n\n**Single binary. Zero config. Works with any AI framework.**\n\n\u003e **100 sandboxes on E2B = ~$600/hour. 100 sandboxes on Den = one $5/month server.**\n\n```\ncurl -sSL https://get.den.dev | sh\nden serve\n```\n\n## What's New\n\n### Shared Resource Management (v0.0.6)\n\n- **Memory pressure monitoring** — Real-time 5-level pressure system (Normal → Warning → High → Critical → Emergency) with hysteresis\n- **Dynamic memory throttling** — Automatic per-container cgroup v2 `memory.high` adjustment based on host pressure\n- **Pressure-aware scheduling** — New sandboxes rejected at Critical/Emergency (HTTP 503)\n- **Resource status API** — `GET /api/v1/resources` for host memory, pressure level, and sandbox metrics\n- **Platform support** — Linux (direct cgroup v2, `/proc/meminfo`) and macOS (Docker API fallback)\n- **Auto-recovery** — Memory limits automatically removed when pressure drops\n\n### Storage Layer (v0.0.5)\n\n- **Persistent \u0026 shared volumes** — Docker named volumes, cross-sandbox mounting (RW/RO)\n- **S3 integration** — Hooks sync, on-demand import/export, FUSE mount\n- **Go, TypeScript (`@us4/den`), Python (`den-sdk`) SDKs** — Full storage type support\n\nSee [CHANGELOG.md](CHANGELOG.md) for the full release history.\n\n## Why Den?\n\nAI agents need to run code, but running untrusted code on your machine is dangerous. Den solves this by providing:\n\n- **Isolated containers** — Each sandbox runs in its own Docker container with dropped capabilities, read-only rootfs, PID limits, and resource constraints\n- **Shared resource model** — Containers share host memory intelligently instead of fixed allocation. Dynamic pressure monitoring with auto-throttle (Google Borg / AWS Firecracker approach). 10x overcommit = 10x more sandboxes per dollar\n- **Simple REST API** — Create sandboxes, execute commands, read/write files, manage snapshots — all via HTTP\n- **WebSocket streaming** — Real-time command output for interactive use cases\n- **MCP server** — Native Model Context Protocol support for Claude, Cursor, and other AI tools\n- **Snapshot/Restore** — Save sandbox state and restore it later for reproducible environments\n- **Storage** — Persistent volumes, shared volumes, configurable tmpfs, and S3 integration\n- **Go + TypeScript + Python SDKs** — First-class client libraries\n\n## Installation\n\n```bash\n# Go\ngo get github.com/us/den@latest\n\n# TypeScript\nbun add @us4/den\n# or: npm install @us4/den\n\n# Python\npip install den-sdk\n# or: uv add den-sdk\n```\n\n## Quick Start\n\n### Prerequisites\n\n- Docker running locally\n- Go 1.21+ (to build from source)\n\n### Run the Server\n\n```bash\n# Build and run\ngo build -o den ./cmd/den\n./den serve\n\n# Or with custom config\n./den serve --config den.yaml\n```\n\n### Create a Sandbox and Run Code\n\n```bash\n# Create a sandbox\ncurl -X POST http://localhost:8080/api/v1/sandboxes \\\n  -H 'Content-Type: application/json' \\\n  -d '{\"image\": \"ubuntu:22.04\"}'\n# → {\"id\":\"abc123\",\"status\":\"running\",...}\n\n# Execute a command\ncurl -X POST http://localhost:8080/api/v1/sandboxes/abc123/exec \\\n  -H 'Content-Type: application/json' \\\n  -d '{\"cmd\": [\"python3\", \"-c\", \"print(2+2)\"]}'\n# → {\"exit_code\":0,\"stdout\":\"4\\n\",\"stderr\":\"\"}\n\n# Write a file\ncurl -X PUT 'http://localhost:8080/api/v1/sandboxes/abc123/files?path=/tmp/hello.py' \\\n  -d 'print(\"Hello from sandbox!\")'\n\n# Read a file\ncurl 'http://localhost:8080/api/v1/sandboxes/abc123/files?path=/tmp/hello.py'\n\n# Destroy the sandbox\ncurl -X DELETE http://localhost:8080/api/v1/sandboxes/abc123\n```\n\n### Use with Go SDK\n\n```go\npackage main\n\nimport (\n    \"context\"\n    \"fmt\"\n\n    client \"github.com/us/den/pkg/client\"\n)\n\nfunc main() {\n    c := client.New(\"http://localhost:8080\", client.WithAPIKey(\"your-key\"))\n    ctx := context.Background()\n\n    // Create sandbox\n    sb, _ := c.CreateSandbox(ctx, client.SandboxConfig{\n        Image: \"ubuntu:22.04\",\n    })\n\n    // Run code\n    result, _ := c.Exec(ctx, sb.ID, client.ExecOpts{\n        Cmd: []string{\"echo\", \"Hello from Go SDK!\"},\n    })\n    fmt.Println(result.Stdout)\n\n    // Clean up\n    c.DestroySandbox(ctx, sb.ID)\n}\n```\n\n### Use with MCP (Claude Code, Cursor)\n\n```bash\n# Start the MCP server (stdio mode)\nden mcp\n```\n\nAdd to your Claude Code config (`~/.claude/claude_desktop_config.json`):\n\n```json\n{\n  \"mcpServers\": {\n    \"den\": {\n      \"command\": \"den\",\n      \"args\": [\"mcp\"]\n    }\n  }\n}\n```\n\nNow Claude can create sandboxes, run code, and manage files directly.\n\n## Features\n\n| Feature | Description |\n|---------|-------------|\n| **Sandbox CRUD** | Create, list, get, stop, destroy containers |\n| **Command Execution** | Sync exec with exit code, stdout, stderr |\n| **Streaming Exec** | WebSocket-based real-time output |\n| **File Operations** | Read, write, list, mkdir, delete files inside sandboxes |\n| **File Upload/Download** | Multipart upload and direct download |\n| **Snapshots** | Save and restore sandbox state via `docker commit` |\n| **Persistent Volumes** | Docker named volumes that survive sandbox destruction |\n| **Shared Volumes** | Mount the same volume across sandboxes (RW or RO) |\n| **Configurable Tmpfs** | Per-sandbox tmpfs size and option overrides |\n| **S3 Sync** | Import/export files via hooks, on-demand API, or FUSE mount |\n| **Port Forwarding** | Expose sandbox ports to host (bound to 127.0.0.1) |\n| **Resource Limits** | CPU, memory, PID limits per sandbox |\n| **Pressure Monitoring** | Host memory pressure detection with dynamic throttling |\n| **Auto-Expiry** | Sandboxes auto-destroy after configurable timeout |\n| **Rate Limiting** | Per-key rate limiting on all API endpoints |\n| **API Key Auth** | Header-based authentication with constant-time comparison |\n| **MCP Server** | stdio-based Model Context Protocol for AI tool integration |\n| **Dashboard** | Embedded web UI for monitoring and management |\n\n## Security\n\nDen takes security seriously. Every sandbox runs with:\n\n- **Dropped capabilities** — `ALL` capabilities dropped, minimal set added back\n- **Read-only root filesystem** — Only tmpfs mounts and explicit volumes are writable\n- **PID limits** — Default 256 processes per container\n- **No new privileges** — `no-new-privileges` security option\n- **Network isolation** — Containers on internal Docker network\n- **Port binding** — Forwarded ports bind to `127.0.0.1` only\n- **Path validation** — Null byte and traversal protection on all file operations\n- **Dynamic memory throttling** — cgroup v2 `memory.high` based throttling instead of hard kills; 5-level pressure system with auto-recovery\n- **Constant-time auth** — API key comparison resistant to timing attacks\n- **No error leaking** — Internal errors are logged, generic messages returned to clients\n\n## Architecture\n\n```\n┌──────────────────────────────────────────────────────┐\n│                    Clients                           │\n│  CLI  │  Go SDK  │  TS SDK  │  Python SDK  │  MCP   │\n└───────┴──────────┴──────────┴──────────────┴────────┘\n                          │\n                    ┌─────┴─────┐\n                    │  HTTP API  │  chi router + middleware\n                    │  WebSocket │  gorilla/websocket\n                    └─────┬─────┘\n                          │\n                    ┌─────┴─────┐\n                    │  Engine   │  Lifecycle, reaper, pressure\n                    └──┬────┬──┘\n                       │    │\n          ┌────────────┘    └────────────┐\n  ┌───────┴───────┐           ┌──────────┴─────────┐\n  │ Docker Runtime│           │  Storage Layer     │\n  │  Docker SDK   │           │  Volumes, S3, Tmpfs│\n  └───────┬───────┘           └──────────┬─────────┘\n          │                              │\n  ┌───────┴───────┐           ┌──────────┴─────────┐\n  │   Containers  │           │  S3 / MinIO        │\n  │  (sandboxes)  │           │  Docker Volumes    │\n  └───────────────┘           └────────────────────┘\n```\n\n## Performance\n\nBenchmarked on Apple Silicon (M-series):\n\n| Operation | Latency | Notes |\n|-----------|---------|-------|\n| API health check | \u003c 1ms | Near-zero overhead |\n| Create sandbox | ~100ms | Cold start; warm pool brings this to ~5ms |\n| Execute command | ~20-30ms | Including Docker exec round-trip |\n| Read file | ~28-30ms | Exec-based file I/O |\n| Write file | ~56-70ms | Exec-based with auto-mkdir |\n| Destroy sandbox | ~1s | SIGTERM + cleanup |\n| Parallel create (5x) | ~42ms/each | Concurrent container creation |\n| Parallel exec (10x) | ~7ms/each | Concurrent command execution |\n\n### vs. Alternatives\n\n| | **Den** | E2B | Daytona | Modal |\n|---|---|---|---|---|\n| Sandbox create | **~100ms** | ~150ms | ~90ms | 2-5s |\n| Pricing | **Free** | $0.10/min+ | Free (complex) | $0.10/min+ |\n| Max sandboxes/server | **100+ (shared resources)** | ~10 (dedicated) | ~10 (K8s pods) | N/A (cloud) |\n| Setup | **`curl \\| sh`** | SDK + API key | Docker + K8s | SDK + API key |\n| Self-hosted | **Easy (single binary)** | Hard (Firecracker+Nomad) | Heavy (K8s) | No |\n| Offline | **Yes** | No | Partial | No |\n| License | AGPL-3.0 | Apache-2.0 | Apache-2.0 | Proprietary |\n\n## Documentation\n\n- [Getting Started](docs/docs/quick-start.md) — Installation, first sandbox, basic usage\n- [API Reference](docs/api-reference.md) — Complete REST API documentation\n- [Configuration](docs/docs/configuration.md) — All config options explained\n- [SDK Guide](docs/docs/sdks.md) — Go, TypeScript, and Python client libraries\n- [MCP Integration](docs/docs/mcp.md) — Using Den with AI tools\n- [Architecture](docs/docs/architecture.md) — Internal design and security model\n- [CLI Reference](docs/cli.md) — Command-line interface\n\n## CLI\n\n```\nden serve                         # Start API server\nden create --image ubuntu:22.04   # Create sandbox\nden ls                            # List sandboxes\nden exec \u003cid\u003e -- echo hello       # Execute command\nden rm \u003cid\u003e                       # Destroy sandbox\nden snapshot create \u003cid\u003e          # Create snapshot\nden snapshot restore \u003csnap-id\u003e    # Restore snapshot\nden stats                         # System stats\nden mcp                           # Start MCP server\nden version                       # Version info\n```\n\n## Configuration\n\n```yaml\nserver:\n  host: \"0.0.0.0\"\n  port: 8080\n  rate_limit_rps: 10\n  rate_limit_burst: 20\n\nsandbox:\n  default_image: \"ubuntu:22.04\"\n  default_timeout: \"30m\"\n  max_sandboxes: 50\n  default_memory: 536870912  # 512MB\n  allow_volumes: true\n  allow_s3: true\n  max_volumes_per_sandbox: 5\n\ns3:\n  endpoint: \"http://localhost:9000\"  # MinIO or S3-compatible\n  region: \"us-east-1\"\n  access_key: \"minioadmin\"\n  secret_key: \"minioadmin\"\n\nauth:\n  enabled: true\n  api_keys:\n    - \"your-secret-key\"\n\nresource:\n  overcommit_ratio: 10.0\n  monitor_interval: \"5s\"\n  enable_auto_throttle: true\n```\n\nSee [Configuration Guide](docs/docs/configuration.md) for all options.\n\n## Contributing\n\n```bash\n# Clone and build\ngit clone https://github.com/us/den\ncd den\ngo build ./cmd/den\n\n# Run tests\ngo test ./internal/... -race\n\n# Run with race detector\ngo test ./internal/... -count=1 -race -v\n```\n\n## License\n\nAGPL-3.0 — See [LICENSE](LICENSE) for details.\n","funding_links":[],"categories":["Runtimes \u0026 Platforms","Software Packages","Go Tools","Container Operations"],"sub_categories":["DevOps Tools","Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fus%2Fden","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fus%2Fden","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fus%2Fden/lists"}