explaingit

sandstorm-io/sandstorm

7,025JavaScriptAudience · ops devopsComplexity · 4/5Setup · hard

TLDR

Sandstorm is an open-source self-hosted platform that lets you install productivity web apps on your own server, each app runs in strict isolation so a misbehaving app cannot access data from any other app or the host.

Mindmap

mindmap
  root((sandstorm))
    What it does
      Browse app catalog
      One-click install
      App isolation
    Tech
      JavaScript
      Linux x86-64
      Capability controls
    Use cases
      Document editing
      Git hosting
      Task management
    Audience
      Self-hosters
      Privacy-focused teams
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run a private document editor on your own server instead of relying on Google Docs or Office 365.

USE CASE 2

Host a self-managed Git repository without depending on GitHub or a cloud service.

USE CASE 3

Set up a self-hosted task list or blog where each app is automatically sandboxed from the others.

USE CASE 4

Replace cloud productivity subscriptions with self-hosted apps you fully control and keep on your own infrastructure.

Tech stack

JavaScriptLinuxx86-64

Getting it running

Difficulty · hard Time to first run · 1h+

Requires an x86-64 Linux server, does not run on Windows, macOS, or ARM systems.

In plain English

Sandstorm is an open source platform for running productivity web apps on your own server. The basic idea is similar to installing apps on a phone: once Sandstorm is running on your machine, you browse a catalog and install apps like document editors, spreadsheets, blogs, Git repositories, and task lists with a few clicks. Each app runs in its own isolated environment. The security angle is central to how Sandstorm works. Rather than running apps as ordinary processes that share access to the system, Sandstorm packages each app with strict containment rules. This means a compromised or misbehaving app cannot access data from other apps or from the host system. The project describes itself as a security-hardened package manager, and the underlying implementation uses technologies designed to enforce fine-grained capability controls. Sandstorm is designed for people who want the convenience of cloud productivity tools but prefer to keep their data on their own infrastructure instead of a third-party service. You get a personal or team server where your documents, notes, and project files live under your control, without depending on external subscription services. Installation is limited to x86-64 Linux systems. The project provides documentation covering installation, general usage, security practices, and how to package new apps for the platform. A public demo is available for trying the interface before committing to installing it. The README for this repository is sparse and points mostly to external documentation for details on setup, configuration, and development. The project is open source and accepts community contributions.

Copy-paste prompts

Prompt 1
Help me install Sandstorm on an x86-64 Linux server and browse the app catalog to install a document editor for my team.
Prompt 2
Walk me through packaging an existing web app to run inside Sandstorm with proper app-isolation and containment rules.
Prompt 3
Explain how Sandstorm's app containment works and why it is more secure than running web apps as normal server processes.
Prompt 4
I want to set up a small team server with Sandstorm, show me the installation steps and how user accounts work.
Open on GitHub → Explain another repo

← sandstorm-io on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.