Skip to content
Datanode
Home
Security without mystery

Your account has a key.
Your project has a boundary.

Identity checks protect account changes while sandbox controls keep project commands scoped. Each layer has one clear job and a visible recovery path.

datanode / securityLIVE
Protected
TelegramIdentity bound
AuthenticatorCode verified

Implementation, not promises

What the sandbox actually does.

These statements describe the current Beta implementation. Limits are explicit, including the protections Datanode does not yet provide.

Isolation

Bubblewrap namespaces

Commands run through Bubblewrap with separate namespaces. System binaries and certificate directories are mounted read-only.

Privileges

No host root

The terminal runs as the service account and does not grant root access to the host operating system.

Writable data

Workspace and runtime only

Project files are writable in /workspace. Temporary files and tool caches use isolated runtime directories.

Network

Outbound network is shared

The current sandbox keeps network access available. It is not a separate VM network boundary, so abuse controls and command limits still apply.

Command records

No persistent command history

Terminal commands and output exist only in the active browser view. Datanode does not persist them in local browser storage or an application command-history table.

Backups

No automatic snapshots yet

Datanode does not currently offer user-restorable snapshots or backup guarantees. Important files must be exported and backed up independently.

Deletion

Clear removes active project data

Clearing storage recursively removes non-protected project contents from the active workspace. There is currently no self-service restore screen.

Execution limits

Constrained commands

Terminal execution applies time, output, file-size and account storage limits. Persistent background workers are not supported yet.

Current architecture

A short, inspectable path.

Telegram establishes identity. The panel authorizes the account. Commands enter a Bubblewrap sandbox, while project files stay in the account workspace.

Architecture and project details →
TelegramidentityGatewayroutingPanelauthorizationSandboxBubblewrapStorageworkspace
1:1Telegram binding
6digit confirmation
1sandbox boundary

Security in detail

Four controls. No vague promises.

Inspect each layer to understand what it protects and what state confirms it is working.

identity linked

Telegram binding

One Datanode account remains attached to one Telegram identity.

Selected
TOTP ready

Authenticator

Use time-based codes as the primary second confirmation method.

Available
backup method

Telegram code

Request a six-digit code in the bot when you need another confirmation path.

Available
boundary active

Sandbox isolation

Runtime commands and files remain inside the scope assigned to the account.

Available

Continue exploring

See how the pieces connect.

The four product pages describe one system. Move to the next layer or open the real console.

Next: WorkspaceOpen console