Version: 0.0.0-dev
License: AGPL-3.0
Last Updated: December 2025
- Executive Summary
- Repository Setup & Development
- Architecture Overview
- Core Applications Deep Dive
- Libraries & SDKs
- Infrastructure & Deployment
- Data Flow & Communication
- Configuration & Environment
- Development Workflow
- API Reference
Daytona is a Secure and Elastic Infrastructure for Running AI-Generated Code. It provides isolated, sandboxed environments ("Sandboxes") where AI-generated code can be executed safely without risk to your infrastructure.
┌─────────────────────────────────────────────────────────────────┐
│ DAYTONA PLATFORM │
├─────────────────────────────────────────────────────────────────┤
│ 🚀 Lightning-Fast Infrastructure │ Sub-90ms Sandbox creation │
│ 🔒 Isolated Runtime │ Zero risk code execution │
│ ⚡ Massive Parallelization │ Concurrent AI workflows │
│ 🎛️ Programmatic Control │ File, Git, LSP, Execute │
│ 💾 Unlimited Persistence │ Sandboxes live forever │
│ 🐳 OCI/Docker Compatibility │ Any container image │
└─────────────────────────────────────────────────────────────────┘
- AI Developers - Building AI agents that generate and execute code
- DevOps Engineers - Setting up secure code execution environments
- Platform Teams - Integrating sandboxed execution into their products
| Tool | Version | Purpose |
|---|---|---|
| Node.js | 18+ | TypeScript/JavaScript applications |
| Go | 1.25+ | Go applications (CLI, Runner, Proxy, SSH Gateway) |
| Python | 3.9+ | Python SDK development |
| Yarn | 4.6.0 | Package manager (required, not npm) |
| Docker | Latest | Container runtime for sandboxes |
| PostgreSQL | 18+ | Database (via Docker) |
| Redis | Latest | Caching and rate limiting |
# Clone the repository
git clone https://github.com/daytonaio/daytona.git
cd daytona
# Install Node.js dependencies (uses Yarn 4.6.0)
yarn install
# Go modules are managed via go.work
# They will be downloaded automatically on first build# Copy example environment files
cp apps/api/.env.example apps/api/.env
cp apps/runner/.env.example apps/runner/.env
cp apps/proxy/.env.example apps/proxy/.env
# Key environment variables to configure:
# - DATABASE_HOST, DATABASE_PORT, DATABASE_USER, DATABASE_PASSWORD
# - REDIS_HOST, REDIS_PORT
# - API_KEY (for runner authentication)# Start all supporting services
cd docker
docker-compose up -d
# This starts:
# - PostgreSQL (port 5432)
# - Redis
# - Docker Registry (port 6000)
# - Dex (OIDC provider, port 5556)
# - MinIO (Object storage, port 9001)
# - Jaeger (Tracing, port 16686)
# - PgAdmin (port 5050)
# - MailDev (port 1080)# Development build
yarn build
# Production build
yarn build:production# Start all services in development mode
yarn serve
# Or start individual services
yarn nx serve api
yarn nx serve dashboard
yarn nx serve runner
yarn nx serve proxyThis is an Nx Monorepo managing multiple applications and libraries:
daytona/
├── apps/ # Applications
│ ├── api/ # NestJS API Server (TypeScript)
│ ├── cli/ # CLI Tool (Go)
│ ├── daemon/ # Sandbox Daemon (Go)
│ ├── dashboard/ # Web Dashboard (React + Vite)
│ ├── docs/ # Documentation Site (Astro)
│ ├── proxy/ # Network Proxy (Go)
│ ├── runner/ # Sandbox Runner (Go)
│ └── ssh-gateway/ # SSH Gateway (Go)
│
├── libs/ # Shared Libraries
│ ├── api-client/ # Generated TypeScript API Client
│ ├── api-client-go/ # Generated Go API Client
│ ├── api-client-python/ # Generated Python API Client (sync)
│ ├── api-client-python-async/ # Generated Python API Client (async)
│ ├── common-go/ # Shared Go utilities
│ ├── computer-use/ # Computer Use Plugin (Go)
│ ├── runner-api-client/ # Runner-specific API Client
│ ├── sdk-python/ # Python SDK
│ ├── sdk-typescript/ # TypeScript SDK
│ ├── toolbox-api-client/ # Toolbox API Client
│ └── toolbox-api-client-python*/ # Python Toolbox clients
│
├── docker/ # Docker Compose configurations
├── examples/ # Usage examples
├── guides/ # Development guides
├── hack/ # Development scripts
└── scripts/ # Build and deployment scripts
# Linting
yarn lint # Lint all TypeScript/Python
yarn lint:fix # Auto-fix lint issues
# Formatting
yarn format # Format all code
# Testing
yarn nx test api # Test specific project
yarn nx run-many --target=test --all # Test all
# Building
yarn build # Build all projects
yarn nx build api # Build specific project
# Generate API Clients
yarn generate:api-client
# Database Migrations
yarn migration:generate # Generate new migration
yarn migration:run # Run migrations
yarn migration:revert # Revert last migration
# Docker
yarn docker:production # Build production Docker images┌─────────────────────────────────────────────────────────────────────────────────┐
│ DAYTONA ARCHITECTURE │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ TypeScript │ │ Python │ │ CLI │ │
│ │ SDK │ │ SDK │ │ (daytona) │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
│ └────────────────────┼────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────────┐ │
│ │ API SERVER (NestJS) │ │
│ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌────────┐ │ │
│ │ │ Sandbox │ │ Snapshot│ │ Volume │ │ User │ │ Org │ │ Auth │ │ │
│ │ │ Module │ │ Module │ │ Module │ │ Module │ │ Module │ │ Module │ │ │
│ │ └────┬────┘ └────┬────┘ └────┬────┘ └────┬────┘ └────┬────┘ └────┬───┘ │ │
│ └───────┼───────────┼───────────┼───────────┼───────────┼───────────┼─────┘ │
│ │ │ │ │ │ │ │
│ └───────────┴───────────┼───────────┴───────────┴───────────┘ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────────────┐ │
│ │ RUNNER (Per Region) │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ Docker │ │ SSH Gate │ │ Net Rules │ │ Sandbox │ │ │
│ │ │ Client │ │ way │ │ Manager │ │ Service │ │ │
│ │ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ │
│ └─────────┼────────────────┼────────────────┼────────────────┼──────────┘ │
│ │ │ │ │ │
│ └────────────────┼────────────────┴────────────────┘ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────────────────┐ │
│ │ SANDBOX (Container) │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ DAEMON │ │ Toolbox │ │ SSH │ │ Terminal │ │ │
│ │ │ Process │ │ Server │ │ Server │ │ Server │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │ │
│ └───────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ PROXY │ │ SSH-GATEWAY │ │ PostgreSQL │ │ Redis │ │
│ │ (Go) │ │ (Go) │ │ (Database) │ │ (Cache) │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘
| Component | Language | Port | Responsibility |
|---|---|---|---|
| API | TypeScript/NestJS | 3000 | Central orchestration, REST API, WebSocket |
| Dashboard | React/Vite | - | Web UI for management |
| CLI | Go | - | Command-line interface |
| Runner | Go | 3003 | Container orchestration on compute nodes |
| Daemon | Go | - | In-container agent (toolbox, SSH, terminal) |
| Proxy | Go | 4000 | Network proxy for sandbox access |
| SSH Gateway | Go | 2222 | SSH connection routing |
| Store | Purpose |
|---|---|
| PostgreSQL | Primary database (sandboxes, users, organizations, etc.) |
| Redis | Caching, rate limiting, session storage, TypeORM cache |
| MinIO/S3 | Object storage for snapshots and artifacts |
| Docker Registry | Container image storage |
The API Server is the heart of Daytona, built with NestJS.
apps/api/src/
├── main.ts # Application entry point
├── app.module.ts # Root module
├── data-source.ts # TypeORM configuration
├── tracing.ts # OpenTelemetry setup
│
├── sandbox/ # Sandbox management
│ ├── controllers/ # REST endpoints
│ ├── services/ # Business logic
│ ├── managers/ # Sandbox lifecycle
│ ├── entities/ # TypeORM entities
│ ├── dto/ # Data transfer objects
│ ├── enums/ # State enums
│ ├── repositories/ # Custom repositories
│ ├── subscribers/ # TypeORM event handlers
│ └── runner-adapter/ # Runner communication
│
├── auth/ # Authentication (JWT, API Keys)
├── user/ # User management
├── organization/ # Multi-tenancy
├── api-key/ # API key management
├── docker-registry/ # Registry management
├── usage/ # Usage tracking
├── analytics/ # PostHog analytics
├── email/ # Email notifications
├── webhook/ # Webhook delivery
├── audit/ # Audit logging
├── health/ # Health checks
└── region/ # Multi-region support
// Core entities and their relationships
@Module({
entities: [
Sandbox, // Main sandbox entity
Runner, // Compute node runner
Snapshot, // Sandbox snapshots
Volume, // Persistent volumes
BuildInfo, // Image build metadata
WarmPool, // Pre-warmed sandboxes
SshAccess, // SSH access tokens
],
controllers: [
SandboxController, // CRUD operations
RunnerController, // Runner management
SnapshotController, // Snapshot operations
VolumeController, // Volume operations
PreviewController, // Port previews
],
services: [
SandboxService, // Sandbox CRUD
RunnerService, // Runner registration
SnapshotService, // Snapshot management
VolumeService, // Volume management
SandboxWarmPoolService, // Pool management
]
})@Entity()
export class Sandbox {
@PrimaryGeneratedColumn('uuid')
id: string
@Column()
name: string
@Column()
region: string
@Column({ type: 'enum', enum: SandboxState })
state: SandboxState // CREATING, STARTED, STOPPED, ARCHIVED, etc.
@Column({ type: 'enum', enum: SandboxClass })
class: SandboxClass // SMALL, MEDIUM, LARGE
// Resources
@Column({ type: 'int', default: 2 })
cpu: number
@Column({ type: 'int', default: 4 })
mem: number // GiB
@Column({ type: 'int', default: 10 })
disk: number // GiB
// Auto-management
@Column({ default: 15 })
autoStopInterval?: number // minutes
@Column({ default: 7 * 24 * 60 })
autoArchiveInterval?: number // 7 days
@Column({ default: -1 })
autoDeleteInterval?: number // disabled by default
} ┌─────────────┐
│ UNKNOWN │
└──────┬──────┘
│ create
▼
┌─────────────────┐ ┌─────────────────┐
│ PENDING_BUILD │◄─────────────│ CREATING │
└────────┬────────┘ └─────────────────┘
│ │
│ build │ pull snapshot
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│BUILDING_SNAPSHOT│ │PULLING_SNAPSHOT │
└────────┬────────┘ └────────┬────────┘
│ │
│ success │ success
└────────────────┬───────────────┘
▼
┌─────────────────┐
│ STARTING │
└────────┬────────┘
│ started
▼
┌─────────────────┐
stop │ STARTED │◄────────┐
┌─────────────┤ ├─────────┤ start
│ └─────────────────┘ │
▼ │
┌─────────────────┐ ┌───────────┴─────┐
│ STOPPING │ │ RESTORING │
└────────┬────────┘ └────────┬────────┘
│ stopped │
▼ │
┌─────────────────┐ │
│ STOPPED │───────────────────────┘
└────────┬────────┘
│ archive
▼
┌─────────────────┐
│ ARCHIVING │
└────────┬────────┘
│ archived
▼
┌─────────────────┐ ┌─────────────────┐
│ ARCHIVED │──────────────│ DESTROYING │
└─────────────────┘ delete └────────┬────────┘
│
▼
┌─────────────────┐
│ DESTROYED │
└─────────────────┘
The Runner is the compute node agent that manages Docker containers.
func main() {
// 1. Initialize Docker client
cli, _ := client.NewClientWithOpts(client.FromEnv)
// 2. Set up network rules manager (iptables)
netRulesManager, _ := netrules.NewNetRulesManager(persistent)
netRulesManager.Start()
// 3. Start Docker events monitor
monitor := docker.NewDockerMonitor(cli, netRulesManager)
go monitor.Start()
// 4. Initialize Docker client wrapper
dockerClient := docker.NewDockerClient(docker.DockerClientConfig{
ApiClient: cli,
DaemonPath: daemonPath, // Path to daemon binary
ComputerUsePluginPath: pluginPath, // Computer use plugin
NetRulesManager: netRulesManager,
})
// 5. Initialize services
sandboxService := services.NewSandboxService(statesCache, dockerClient)
metricsService := services.NewMetricsService(...)
sandboxSyncService := services.NewSandboxSyncService(...)
// 6. Start SSH Gateway (optional)
if sshgateway.IsSSHGatewayEnabled() {
sshGatewayService = sshgateway.NewService(dockerClient)
go sshGatewayService.Start(ctx)
}
// 7. Start API server
apiServer.Start()
}apps/runner/pkg/
├── api/ # HTTP API handlers
├── apiclient/ # API client for central server
├── cache/ # State caching
├── daemon/ # Daemon binary management
├── docker/ # Docker operations
│ ├── client.go # Docker client wrapper
│ ├── monitor.go # Container event monitoring
│ └── operations.go # Container lifecycle
├── models/ # Data models
├── netrules/ # Network firewall rules (iptables)
├── runner/ # Runner instance
├── services/ # Business logic
│ ├── sandbox.go # Sandbox operations
│ ├── metrics.go # Metrics collection
│ └── sync.go # State synchronization
├── sshgateway/ # SSH gateway service
└── storage/ # Local storage management
The Daemon runs inside each sandbox container, providing:
- Toolbox API (file operations, code execution)
- SSH Server
- Terminal Server
func main() {
// Execute entrypoint commands if provided
if len(args) > 0 {
entrypointCmd = exec.Command(args[0], args[1:]...)
entrypointCmd.Start()
go entrypointCmd.Wait()
}
// Start Toolbox Server (HTTP API)
toolBoxServer := &toolbox.Server{WorkDir: workDir}
go toolBoxServer.Start()
// Start Terminal Server (WebSocket)
go terminal.StartTerminalServer(22222)
// Start SSH Server
sshServer := &ssh.Server{WorkDir: workDir}
go sshServer.Start()
// Wait for shutdown signal
<-sigChan
gracefulShutdown()
}apps/daemon/pkg/
├── common/ # Shared utilities
├── git/ # Git operations
├── gitprovider/ # Git provider integrations
├── ssh/ # SSH server implementation
├── terminal/ # PTY terminal server
└── toolbox/ # Toolbox API server
├── server.go # HTTP server
├── file.go # File operations
├── process.go # Process execution
├── git.go # Git operations
└── lsp.go # Language Server Protocol
| Endpoint | Method | Description |
|---|---|---|
/files/* |
GET/PUT/DELETE | File operations |
/process/execute |
POST | Execute commands |
/process/code |
POST | Run code snippets |
/git/clone |
POST | Clone repository |
/git/status |
GET | Git status |
/lsp/* |
Various | LSP operations |
The Proxy routes HTTP traffic to sandbox containers.
func StartProxy(ctx context.Context, config *Config) error {
// Create reverse proxy for each sandbox
// Route requests based on subdomain or path
// Handle WebSocket upgrades
// Manage authentication
}The SSH Gateway routes SSH connections to sandbox containers.
type SSHGateway struct {
port int
apiClient *apiclient.APIClient
hostKey ssh.Signer
privateKey ssh.Signer
}
func (g *SSHGateway) handleConnection(conn net.Conn) {
// 1. Accept SSH connection
serverConn, chans, _, _ := ssh.NewServerConn(conn, serverConfig)
// 2. Extract and validate token from username
token := serverConn.User()
validation, _ := g.apiClient.ValidateSshAccess(token)
// 3. Check sandbox state
sandbox, _ := g.apiClient.GetSandbox(sandboxId)
if sandbox.State != "started" {
return // Reject connection
}
// 4. Connect to runner's SSH gateway
runnerConn := g.connectToRunner(sandboxId, runnerDomain)
// 5. Proxy SSH channel
for newChannel := range chans {
go g.handleChannel(newChannel, runnerConn)
}
}A React + Vite web application.
| Page | Path | Purpose |
|---|---|---|
Sandboxes.tsx |
/sandboxes |
List/manage sandboxes |
Snapshots.tsx |
/snapshots |
Manage snapshots |
Volumes.tsx |
/volumes |
Manage volumes |
Keys.tsx |
/keys |
API key management |
OrganizationMembers.tsx |
/organization/members |
Team management |
Spending.tsx |
/spending |
Usage and billing |
Registries.tsx |
/registries |
Docker registry config |
AuditLogs.tsx |
/audit-logs |
Audit trail |
A Go command-line tool using Cobra.
daytona
├── login # Authenticate with Daytona
├── logout # Clear authentication
├── sandbox # Sandbox management
│ ├── create # Create new sandbox
│ ├── list # List sandboxes
│ ├── start # Start sandbox
│ ├── stop # Stop sandbox
│ ├── delete # Delete sandbox
│ ├── ssh # SSH into sandbox
│ └── exec # Execute command in sandbox
├── snapshot # Snapshot management
│ ├── list # List snapshots
│ ├── create # Create snapshot
│ └── delete # Delete snapshot
├── volume # Volume management
│ ├── list # List volumes
│ ├── create # Create volume
│ └── delete # Delete volume
├── organization # Organization management
├── mcp # Model Context Protocol server
├── docs # Open documentation
├── version # Show version
└── autocomplete # Shell completion
npm install @daytonaio/sdk// Main entry point
class Daytona {
volume: VolumeService
snapshot: SnapshotService
create(params?: CreateSandboxParams): Promise<Sandbox>
get(sandboxIdOrName: string): Promise<Sandbox>
list(labels?, page?, limit?): Promise<PaginatedSandboxes>
start(sandbox: Sandbox, timeout?: number): Promise<void>
stop(sandbox: Sandbox): Promise<void>
delete(sandbox: Sandbox, timeout?): Promise<void>
}
// Sandbox instance
class Sandbox {
readonly id: string
readonly name: string
readonly state: SandboxState
// Sub-services
readonly process: Process // Code execution
readonly fs: FileSystem // File operations
readonly git: Git // Git operations
readonly lsp: LspServer // Language Server
readonly pty: PtyHandle // Terminal sessions
readonly storage: ObjectStorage
// Lifecycle
start(timeout?: number): Promise<void>
stop(): Promise<void>
delete(timeout?: number): Promise<void>
createSnapshot(name: string): Promise<SnapshotInfo>
}import { Daytona } from '@daytonaio/sdk'
const daytona = new Daytona({ apiKey: 'YOUR_API_KEY' })
// Create sandbox
const sandbox = await daytona.create({
language: 'python',
envVars: { DEBUG: 'true' },
autoStopInterval: 30,
})
// Execute code
const result = await sandbox.process.codeRun('print("Hello World")')
console.log(result.result)
// File operations
await sandbox.fs.writeFile('/app/hello.py', 'print("Hello")')
const content = await sandbox.fs.readFile('/app/hello.py')
// Git operations
await sandbox.git.clone('https://github.com/user/repo.git', '/app/repo')
// Clean up
await daytona.delete(sandbox)pip install daytonafrom daytona import Daytona, DaytonaConfig, CreateSandboxBaseParams
# Initialize client
daytona = Daytona(DaytonaConfig(api_key="YOUR_API_KEY"))
# Create sandbox
sandbox = daytona.create(CreateSandboxBaseParams(language="python"))
# Run code
response = sandbox.process.code_run('print("Sum:", 3 + 4)')
print(response.result)
# File operations
sandbox.fs.write_file("/app/script.py", "print('hello')")
content = sandbox.fs.read_file("/app/script.py")
# Clean up
daytona.delete(sandbox)API clients are auto-generated from OpenAPI specs:
| Library | Language | Purpose |
|---|---|---|
api-client |
TypeScript | Browser/Node API client |
api-client-go |
Go | Go API client |
api-client-python |
Python | Sync Python client |
api-client-python-async |
Python | Async Python client |
runner-api-client |
TypeScript | Runner-specific API |
toolbox-api-client |
TypeScript | Toolbox API client |
# Generate OpenAPI specs
yarn generate:openapi
# Generate all clients
yarn generate:api-client# docker/docker-compose.yaml
services:
api:
image: daytonaio/daytona-api
ports: ["3000:3000"]
depends_on: [db, runner, redis, dex, registry]
proxy:
image: daytonaio/daytona-proxy
ports: ["4000:4000"]
runner:
image: daytonaio/daytona-runner
ports: ["3003:3003"]
privileged: true # Required for Docker-in-Docker
ssh-gateway:
image: daytonaio/daytona-ssh-gateway
ports: ["2222:2222"]
db:
image: postgres:18
environment:
POSTGRES_PASSWORD: pass
POSTGRES_USER: user
POSTGRES_DB: daytona
redis:
image: redis:latest
dex:
image: dexidp/dex:v2.42.0
ports: ["5556:5556"] # OIDC provider
registry:
image: registry:2.8.2
ports: ["6000:6000"] # Docker registry
minio:
image: minio/minio:latest
ports: ["9001:9001"] # Object storage# Set version
export VERSION=1.0.0
# Build all images
yarn docker:production
# Build specific image
nx run api:docker --configuration=production
nx run runner:docker --configuration=production
# Push multi-platform manifests
yarn push-manifestFor production, deploy to Kubernetes with:
- API Server as a Deployment with HPA
- Runners as a DaemonSet on compute nodes
- PostgreSQL and Redis as managed services (RDS, ElastiCache)
- Ingress for API and Dashboard
- SSH Gateway as a LoadBalancer service
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Client │ │ API │ │ Runner │ │ Docker │
│ (SDK) │ │ Server │ │ │ │ │
└──────┬──────┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │ │
│ POST /sandbox │ │ │
│─────────────────>│ │ │
│ │ │ │
│ │ Select Runner │ │
│ │ (least loaded) │ │
│ │ │ │
│ │ Create Sandbox │ │
│ │─────────────────>│ │
│ │ │ │
│ │ │ Pull Image │
│ │ │─────────────────>│
│ │ │ │
│ │ │ Create Container│
│ │ │─────────────────>│
│ │ │ │
│ │ │ Start Container │
│ │ │─────────────────>│
│ │ │ │
│ │ │ Inject Daemon │
│ │ │─────────────────>│
│ │ │ │
│ │ Status: Started │ │
│ │<─────────────────│ │
│ │ │ │
│ Sandbox Ready │ │ │
│<─────────────────│ │ │
│ │ │ │
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Client │ │ API │ │ Runner │ │ Daemon │
│ (SDK) │ │ Server │ │ (Proxy) │ │ (Container) │
└──────┬──────┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │ │
│ process.codeRun │ │ │
│─────────────────>│ │ │
│ │ │ │
│ │ POST /toolbox │ │
│ │ /process/code │ │
│ │─────────────────>│ │
│ │ │ │
│ │ │ Forward Request │
│ │ │─────────────────>│
│ │ │ │
│ │ │ │ Execute
│ │ │ │ Python/JS
│ │ │ │
│ │ │ Result │
│ │ │<─────────────────│
│ │ │ │
│ │ Result │ │
│ │<─────────────────│ │
│ │ │ │
│ Result │ │ │
│<─────────────────│ │ │
│ │ │ │
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ User │ │ SSH Gateway │ │ Runner │ │ Daemon │
│ Terminal │ │ (Port 2222)│ │ SSH Gateway │ │ SSH Server │
└──────┬──────┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │ │
│ ssh token@host │ │ │
│─────────────────>│ │ │
│ │ │ │
│ │ Validate Token │ │
│ │ (API Call) │ │
│ │ │ │
│ │ Connect to Runner│ │
│ │─────────────────>│ │
│ │ │ │
│ │ │ Forward to Daemon│
│ │ │─────────────────>│
│ │ │ │
│◄─────────────────┼──────────────────┼─────────────────>│
│ Bidirectional SSH Tunnel │
│ │ │ │
# apps/api/.env
# Database
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_USER=user
DATABASE_PASSWORD=pass
DATABASE_NAME=daytona
# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
# Authentication
AUTH0_DOMAIN=
AUTH0_CLIENT_ID=
AUTH0_CLIENT_SECRET=
# Object Storage (S3/MinIO)
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_ENDPOINT_URL=http://localhost:9000
# Docker Registry
DOCKER_REGISTRY_URL=http://localhost:6000
# Observability
OTEL_ENABLED=true
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
# Feature Flags
POSTHOG_HOST=
POSTHOG_API_KEY=# apps/runner/.env
# API Connection
API_URL=http://localhost:3000
API_KEY=runner-api-key
# Runner Settings
RUNNER_ID=runner-1
RUNNER_REGION=us-east-1
API_PORT=3003
# AWS (for S3 snapshots)
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
# SSH Gateway
SSH_GATEWAY_ENABLE=true
# Resource Limits
RESOURCE_LIMITS_DISABLED=false// Configured in API via environment/config
rateLimit: {
anonymous: { ttl: 60, limit: 100 }, // Per minute
authenticated: { ttl: 60, limit: 1000 },
failedAuth: { ttl: 60, limit: 5 },
sandboxCreate: { ttl: 60, limit: 10 },
sandboxLifecycle: { ttl: 60, limit: 100 },
}# Terminal 1: Start infrastructure
cd docker && docker-compose up -d
# Terminal 2: Start all services
yarn serve
# Terminal 3: Watch for changes (optional)
yarn nx watch --all -- yarn nx build# All tests
yarn nx run-many --target=test --all
# Specific project
yarn nx test api
yarn nx test sdk-typescript
# With coverage
yarn nx test api --coverage# 1. Make changes to API endpoints
# 2. Regenerate OpenAPI spec
yarn generate:openapi
# 3. Regenerate all API clients
yarn generate:api-client
# 4. Update SDK if needed
# libs/sdk-typescript/src/
# libs/sdk-python/src/# Generate migration after entity changes
yarn migration:generate
# Run pending migrations
yarn migration:run
# Revert last migration
yarn migration:revert# Lint
yarn lint
# Format
yarn format
# Fix lint issues
yarn lint:fix| Method | Path | Description |
|---|---|---|
| POST | /api/sandbox |
Create sandbox |
| GET | /api/sandbox |
List sandboxes |
| GET | /api/sandbox/:id |
Get sandbox |
| DELETE | /api/sandbox/:id |
Delete sandbox |
| POST | /api/sandbox/:id/start |
Start sandbox |
| POST | /api/sandbox/:id/stop |
Stop sandbox |
| POST | /api/sandbox/:id/archive |
Archive sandbox |
| Method | Path | Description |
|---|---|---|
| GET | /api/snapshot |
List snapshots |
| POST | /api/snapshot |
Create snapshot |
| DELETE | /api/snapshot/:name |
Delete snapshot |
| Method | Path | Description |
|---|---|---|
| GET | /api/volume |
List volumes |
| POST | /api/volume |
Create volume |
| DELETE | /api/volume/:id |
Delete volume |
| Method | Path | Description |
|---|---|---|
| GET | /files/*path |
Read file |
| PUT | /files/*path |
Write file |
| DELETE | /files/*path |
Delete file |
| POST | /process/execute |
Execute command |
| POST | /process/code |
Run code |
| GET | /git/status |
Git status |
| POST | /git/clone |
Clone repository |
┌─────────────────────────────────────────┐
│ DAYTONA CLOUD │
│ │
Users │ ┌──────────────────────────────────┐ │
│ │ │ API SERVER │ │
│ │ │ ┌────────┐ ┌────────┐ │ │
▼ │ │ │ Sandbox│ │Snapshot│ │ │
┌───────────┐ │ │ │ Module │ │ Module │ │ │
│ SDK │ │ │ └───┬────┘ └───┬────┘ │ │
│(TS/Python)│◄───────────────►│ │ │ │ │ │
└───────────┘ REST/WS │ └──────┼──────────┼────────────────┘ │
│ │ │ │
┌───────────┐ │ ▼ ▼ │
│ CLI │◄───────────────►│ ┌──────────────────────────────────┐ │
└───────────┘ │ │ RUNNER CLUSTER │ │
│ │ ┌─────────┐ ┌─────────┐ │ │
┌───────────┐ │ │ │ Runner 1│ │ Runner 2│ ... │ │
│ Dashboard │◄───────────────►│ │ │ (Docker)│ │ (Docker)│ │ │
└───────────┘ HTTP │ │ └────┬────┘ └────┬────┘ │ │
│ │ │ │ │ │
│ │ ▼ ▼ │ │
│ │ ┌─────────────────────────────┐ │ │
│ │ │ SANDBOXES │ │ │
│ │ │ ┌─────┐ ┌─────┐ ┌─────┐ │ │ │
│ │ │ │ SB1 │ │ SB2 │ │ SB3 │ │ │ │
│ │ │ │Daemon│ │Daemon│ │Daemon│ │ │ │
│ │ │ └─────┘ └─────┘ └─────┘ │ │ │
│ │ └─────────────────────────────┘ │ │
│ └──────────────────────────────────┘ │
│ │
│ ┌──────────┐ ┌──────────┐ ┌─────────┐ │
│ │PostgreSQL│ │ Redis │ │ MinIO │ │
│ └──────────┘ └──────────┘ └─────────┘ │
└─────────────────────────────────────────┘
Daytona is a sophisticated platform for running AI-generated code securely. Key takeaways:
- Nx Monorepo - Multiple apps and libraries in one repo
- Polyglot - TypeScript (API, Dashboard, SDK) + Go (Runner, CLI, Proxy)
- Container-based - Each sandbox is a Docker container
- Multi-tenant - Organizations, teams, API keys
- Observable - OpenTelemetry, PostHog analytics
- Scalable - Runners can be distributed across regions
For questions or contributions, visit:
- Docs: https://www.daytona.io/docs
- GitHub: https://github.com/daytonaio/daytona
- Slack: https://go.daytona.io/slack