Sandstorm

Sandstorm is a self‑hosted web productivity suite that abstracts the deployment of individual web applications into a single, secure, and highly modular platform. At its core, Sandstorm functions as a security‑hardened package manager for web apps, allowing developers to install, update, and isolate applications with minimal operational overhead. Every user‑generated object—documents, spreadsheets, blogs, or git repositories—is represented as a grain, which Sandstorm encapsulates in an isolated sandbox. Grains communicate only through well‑defined interfaces, ensuring that a compromised app cannot affect the rest of the system.

Architecture & Technical Stack

Sandstorm is written in Rust for its core runtime, which provides strong memory safety guarantees and efficient concurrency. The server exposes a RESTful API over HTTPS, with authentication handled via OAuth2 and optional two‑factor mechanisms. Sandstorm’s package format (a lightweight container image with metadata) is built on top of the Flatpak/OCI specification, enabling reproducible builds and versioned deployments. The platform relies on SQLite for its internal metadata store, while application data is stored in per‑grain directories that can be backed by any POSIX file system or mounted NFS/SMB shares. The UI is a single‑page application written in React and served via the same Rust backend, allowing developers to customize themes or add plug‑ins without touching the core code.

Core Capabilities & APIs

• Grain Lifecycle API – Create, start, stop, and delete grains programmatically.
• Access Control Lists (ACLs) – Fine‑grained permissions per grain, integrated with the platform’s unified identity system.
• Webhook & Event System – Subscribe to grain events (e.g., file upload, user join) and trigger external services.
• Package Registry API – Publish, search, and version packages; supports signed manifests to guarantee provenance.
• Inter‑Grain IPC – Expose REST endpoints or WebSocket streams that other grains can consume, enabling composable workflows.

These APIs are documented in the developer hub (docs.sandstorm.io/en/latest/developing/) and come with example clients in multiple languages.

Deployment & Infrastructure

Sandstorm targets x86‑64 Linux and can be deployed on bare metal, VMs, or cloud instances. The runtime is single‑process but internally spawns sandboxed firejail or seccomp profiles for each grain, ensuring isolation without the overhead of full virtual machines. The system is fully container‑friendly: a Docker image (sandstorm/sandstorm) bundles the runtime and can be orchestrated with Kubernetes or Docker Compose. Horizontal scaling is achieved by running multiple Sandstorm instances behind a load balancer, sharing the same SQLite metadata store via a networked file system or migrating to PostgreSQL for larger deployments.

Integration & Extensibility

Developers can extend Sandstorm by:

• Packaging custom apps using the sandstorm-make tool, which compiles a directory of web assets into an OCI‑compatible package.
• Creating plug‑ins that hook into the grain lifecycle or UI via the App API, allowing for custom dashboards or integrations.
• Exposing internal services (e.g., a private GitLab instance) as grains that other users can share securely.
• Leveraging webhooks to integrate with CI/CD pipelines, Slack, or custom monitoring tools.

The platform also supports OAuth2 providers and can act as an SSO gateway for other services, making it a natural fit for internal toolchains.

Developer Experience

Sandstorm’s documentation is structured into quick‑start guides, API references, and a dedicated developer hub. The community maintains an active Google Group (sandstorm-dev) and a GitHub discussion board, where contributors report bugs or propose new features. Configuration is largely declarative: a single config.toml file controls network ports, storage paths, and authentication backends. The open‑source license (MIT) removes vendor lock‑in concerns, while the modular architecture allows developers to replace or fork individual components without affecting the overall system.

Use Cases

• Distributed teams needing a self‑hosted suite for documents, chats, and project management without relying on SaaS.
• Educational institutions that require isolated sandboxes for each student while sharing a common backend.
• Enterprise internal tooling where data residency and compliance mandate on‑prem deployment, yet developers want the convenience of app marketplaces.
• Open‑source projects that wish to bundle a set of collaborative tools (e.g., Git, issue tracker, CI) into a single, secure deployment.

Advantages Over Alternatives

• Security by design: grain isolation via sandboxing, automatic updates, and a unified ACL system reduce attack surface.
• Developer‑friendly packaging: the sandstorm-make tool turns any web app into a deployable grain with minimal effort.
• Performance: Rust runtime and lightweight sandboxes provide low latency compared to container‑based SaaS solutions.
• Licensing & Flexibility: MIT license and open‑source code allow full customization, including replacing the SQLite backend or adding new authentication providers.
• Unified Experience: All apps share a single identity and access control layer, simplifying user onboarding compared to disparate SaaS products.

In sum, Sandstorm offers a robust, secure, and extensible platform for developers who want to ship web productivity tools on their own infrastructure without sacrificing the convenience of app marketplaces or the security guarantees of isolated sandboxes.