Name: cordium
Author: octelium

Cordium is a free and open source, self-hosted, identity-based sandbox platform built on Kubernetes and Octelium. It provides isolated, reproducible general-purpose sandboxes for developers, AI agents, and automated workloads that are accessible through web terminals, SSH, CLI, and gRPC APIs.

What sets Cordium apart is how sandboxes access infrastructure. Instead of injecting credentials into the sandbox, every sandbox runs with a dedicated Octelium identity. Authorized databases, SSH servers, HTTP APIs, Kubernetes clusters, and internal services are accessed through Octelium’s identity-aware, secretless access platform, so API tokens, passwords, SSH private keys, kubeconfigs, and other long-lived credentials do not need to be placed inside the sandbox.

Main Features
Core Concepts
Workspace Configuration
Access Methods
CLI Usage
Install CLI
Install your First Cluster
Comparison with Other Platforms
License

Main Features

Unified platform for humans and AI agents. Every sandbox (i.e. Workspace) is an isolated, rootless container sandbox running on standard Kubernetes, accessible via browser terminal, SSH, CLI, and gRPC API. Workspaces can be persistent (filesystem preserved across restarts) or ephemeral and can stop automatically when their tasks complete. The same platform can be used for long-lived coding sessions (e.g. via VSCode, Zed, etc.) and short-lived automated workloads (e.g. AI agent tasks, CI/CD, etc.).
Declarative, reproducible environments. Workspace environments are defined in YAML specs covering the container image, repository cloning, lifecycle tasks, environment variables, resource limits (i.e. CPU, memory, storage), variable substitution, and application ports. Templates allow a single configuration to be reused across many Workspaces. Pre-built Templates capture a fully initialized filesystem as a Kubernetes VolumeSnapshot, reducing cold startup from minutes to seconds.
Secretless access to infrastructure. Workspaces access databases, SSH servers, HTTP APIs, Kubernetes clusters, and mTLS-protected services without credentials ever reaching the Workspace. API keys, passwords, SSH private keys, and kubeconfigs are held at the Octelium identity-aware proxy and injected at the protocol layer if the Workspace identity is authorized. The Workspace itself does not hold credentials, eliminating credential sprawl for both developers and AI agents.
Identity-based access control and observability. Every Workspace has an Octelium Session that represents its identity. Infrastructure access is governed by per-request, L7-aware attribute-based access control (ABAC) with policy-as-code using CEL and OPA, enforcing zero standing privileges by default. Authentication supports any OIDC or SAML 2.0 identity provider (IdP), GitHub OAuth2, workload OIDC assertions, and native FIDO2, WebAuthn, and TOTP.
OpenTelemetry-native auditing and visibility. Real-time, identity-based, L7-aware visibility and access logging. Every request is logged and exported to your OpenTelemetry OTLP receivers for integration with log management and SIEM providers.
Purpose-built for AI agents. Every agent run gets a dedicated Octelium identity and a clean, isolated Workspace with enforced resource limits and no state bleed between runs. Agents access databases, APIs, and internal services through their Workspace identity with no credential injection, so a compromised or misbehaving agent cannot exfiltrate credentials that were never present. Ephemeral storage and auto-stop on task completion require no manual cleanup. Pre-built Templates with agent frameworks pre-installed start in seconds via snapshot restoration.
Open source and self-hosted. Cordium is fully open source under Apache-2.0. It runs on any Kubernetes cluster, from a single-node VM to production multi-node installations, cloud or on-premises. There is no proprietary control plane, no tiered feature set, and no vendor lock-in.

Concepts

Space is the top-level namespace in Cordium. It groups Templates, Workspaces, Secrets, and GitProviders under a single organizational unit.
Workspace (synonymous with sandbox) is the fundamental execution unit in Cordium. It is an isolated, rootless container-based environment that can be used interactively or programmatically via web-based console, cordium CLI, standard SSH, and gRPC-based APIs.
Template defines a reusable Workspace configuration within a Space. When a Workspace is created, it is initialized from the selected Template's spec. Every Space has a default Template created automatically. A Template's spec shares most of Workspace spec (image, runtime, etc.) as well as an optional GitProvider association. Templates support pre-builds via Kubernetes VolumeSnapshot to reduce startup time from minutes to seconds for dependency-heavy Templates.
Secrets represents a sensitive value (API keys, tokens, passwords, certificates) stored within a Space. Secrets are referenced by name in Template specs.

Workspace Configuration

Workspace and Template specs are defined in YAML and applied via cordium run --file spec.yaml or cordium create template --file spec.yaml. Here is a minimal example:

spec:
  image:
    registry:
      url: python:3.12-bookworm

  repository:
    url: https://github.com/myorg/my-project

  runtime:
    tasks:
      - name: install
        type: ON_CREATE
        workingDir: /workspace/repo
        run: pip install -r requirements.txt
        onFailure: ON_FAILURE_ABORT

Here is a more comprehensive example:

spec:
  image:
    dockerfile:
      inline: |
        FROM node:22-bookworm

        ENV DEBIAN_FRONTEND=noninteractive

        RUN apt-get update -qq && \
            apt-get install -y --no-install-recommends \
              podman \
              postgresql-client \
              curl \
              git \
            && rm -rf /var/lib/apt/lists/*

        RUN npm install -g @anthropic-ai/claude-code

  repository:
    url: https://github.com/myorg/api-service
    cloneOptions:
      branch: ${{ vars.BRANCH }}
      depth: 1

  vars:
    - name: BRANCH
      value: main
    - name: TASK
      value: "Review the codebase and fix any failing tests."

  runtime:
    autoStop: true
    envVars:
      - key: NODE_ENV
        value: test
      - key: SENTRY_DSN
        fromSecret: sentry-dsn

    tasks:
      - name: install-dependencies
        type: ON_CREATE
        workingDir: /workspace/repo
        run: npm ci
        onFailure: ON_FAILURE_ABORT

      - name: start-postgres
        type: POST_START
        runAsRoot: true
        run: |
          podman rm -f workspace-postgres 2>/dev/null || true
          podman run \
            --name workspace-postgres \
            --net host \
            -e POSTGRES_PASSWORD=password \
            -e POSTGRES_DB=app \
            -d docker.io/postgres:16

          for i in $(seq 1 30); do
            pg_isready -h localhost -p 5432 -U postgres && break
            sleep 2
          done

      - name: run-tests
        type: POST_START
        workingDir: /workspace/repo
        run: npm test
        onFailure: ON_FAILURE_CONTINUE

      - name: run-agent
        type: POST_START
        workingDir: /workspace/repo
        run: claude "${{ vars.TASK }}"

  limit:
    cpu:
      millicores: 4000
    memory:
      megabytes: 8192
    storage:
      megabytes: 20480

Access Methods

Web Portal

The Cordium web portal is a browser-based interface for managing and interacting with Workspaces without installing any software. It is the primary interface for users and teams who want clientless access to their Workspaces. The Octelium web portal authenticates users through Octelium's IdentityProviders, including GitHub OAuth2 or any OpenID Connect or SAML 2.0 IdP (read more here) or directly via Passkeys (read more here).

[!NOTE]
You can a watch a short demo video for the Cordium web portal here.

CLI Usage

The cordium CLI provides full command-line access to Workspace management. Here are some examples:

export OCTELIUM_DOMAIN=example.com
# Create from the default Template and attach a terminal
cordium run

# Attach to an existing Workspace (starts it if stopped)
cordium run abc

# Create from a specific Template
cordium run --template ml-env.my-project

# Create from a YAML configuration file
cordium run --file workspace.yaml

# Create from a container image
cordium run --image python:3.11-slim

# Create from a Dockerfile
cordium run --dockerfile ./Dockerfile

# Create from a git repository, cloning a specific branch
cordium run --repository https://github.com/myorg/my-project --branch develop

# Create in a specific Space using that Space's default Template
cordium run --space my-project

# Create an ephemeral Workspace
cordium run --ephemeral

# Create an ephemeral Workspace that is deleted when the terminal session ends
cordium run --ephemeral --rm

# Ephemeral AI agent sandbox with resource limits and a secret
cordium run --ephemeral --rm \
  --image python:3.11-slim \
  --env-from-secret ANTHROPIC_API_KEY=anthropic-key \
  --cpu 2000 --memory 4096

# Set environment variables
cordium run --image node:20 -e NODE_ENV=development -e PORT=3000

# Source a variable from a Space Secret
cordium run --template backend.my-project \
  --env-from-secret DATABASE_URL=staging-db-url

# Clone the primary repository and an additional repository with vars
cordium run --repository https://github.com/myorg/api-service \
  --additional-repo shared-lib=https://github.com/myorg/shared-lib \
  --var SERVICE=services/payments \
  --var BRANCH=main


# Open a Workspace terminal
cordium terminal abc
cordium term abc          # short alias

# Run a command and propagate exit code
cordium exec abc -- make test

# Run in a specific working directory
cordium exec abc -w /workspace/repo -- go build ./...

# Run as root
cordium exec abc --root -- apt-get install -y ripgrep

# Set per-command environment variables
cordium exec abc -e GOOS=linux -e GOARCH=amd64 -- go build ./...

# Capture remote output locally
cordium exec abc -- cat /workspace/repo/output.json > local.json

# Interactive SSH session via an embedded SSH client in the cordium CLI
cordium ssh abc

# Run a remote command via SSH
cordium ssh abc -- uptime

# Local port forwarding
cordium ssh abc -L 5432:localhost:5432

# Multiple port forwards without a shell
cordium ssh abc -N -L 5432:localhost:5432 -L 6379:localhost:6379

# Dynamic SOCKS5 proxy
cordium ssh abc -D 1080 -N

# Connect to the Octelium Cluster for native SSH
octelium connect -d

# Generate an SSH config block for use with VS Code, JetBrains, Zed, rsync
cordium ssh abc --print-config >> ~/.ssh/config

# Then use VS Code Remote SSH
code --remote ssh-remote+cordium-abc /workspace/repo

# You can also use other tools such as rsync
rsync -avz ./dist/ cordium-abc:/workspace/repo/dist/

# Copy a local file to a Workspace
cordium cp ./config.json abc:/workspace/repo/config.json

# Copy a file from a Workspace to local
cordium cp abc:/workspace/repo/output.csv ./output.csv

# Copy directories recursively
cordium cp -r ./src/ abc:/workspace/repo/src/

# Copy between two Workspaces
cordium cp abc:/workspace/repo/model.pt def:/workspace/repo/model.pt


# Stream Workspace logs
cordium logs abc

# Start a Workspace
cordium start abc

# Stop a Workspace
cordium stop abc
cordium delete workspace abc

# Create a Space
cordium create space my-project

# Create a Template with inline configuration
cordium create template ml-env.my-project \
  --image python:3.11 \
  --repository https://github.com/myorg/ml-project \
  --env-from-secret WANDB_API_KEY=wandb-secret \
  --cpu 8000 --memory 16384

# Build a Template pre-build snapshot
cordium build ml-env.my-project

# Create a Workspace from a Template with variable overrides
cordium run --template go-build.my-project \
  --var SERVICE=services/payments \
  --var BRANCH=main \
  --ephemeral

Install your First Cluster

Read this quick guide here to install a single-node Cordium Cluster on top of any cheap cloud VM/VPS instance (e.g. DigitalOcean Droplet, Hetzner server, AWS EC2, Vultr, etc...) or a local Linux machine/Linux VM inside a MacOS/Windows machine with at least 4GB of RAM and 20GB of disk storage running a recent Linux distribution (Ubuntu 24.04 LTS or later, Debian 12+, etc...), which is good enough for most development, personal or undemanding production use cases that do not require highly available multi-node Clusters. Once you SSH into your VPS/VM as root, you can install the Cluster as follows:

curl -o install-cluster.sh https://octelium.com/install-cluster.sh
chmod +x install-cluster.sh

# Replace <DOMAIN> with your actual domain
./install-cluster.sh --domain <DOMAIN> --cordium

Once the Cluster is installed. You can run your first Workspace as follows:

cordium run

Install CLI

Install the cordium CLI as follows:

For Linux and MacOS

curl -fsSL https://octelium.com/install.sh | bash
curl -fsSL https://octelium.com/install-cordium.sh | bash

For Windows in Powershell

iwr https://octelium.com/install.ps1 -useb | iex
iwr https://octelium.com/install-cordium.ps1 -useb | iex

You can also install the CLIs via Homebrew as follows:

brew install octelium/tap/octelium
brew install octelium/tap/cordium

Comparison with Other Platforms

Capability / Property	Cordium	Daytona	E2B	GitHub Codespaces	Coder	DevPod
Primary workloads	Developers, AI agents, automation workloads	Developers, AI agents	AI agents	Developers	Developers, AI-assisted development	Developers
License	Apache 2.0	AGPLv3	Mixed / managed-first	Proprietary	AGPLv3	MPL 2.0
Self-hosted	Yes	Yes	Limited	No	Yes	Local/client-side
Managed SaaS offering	No	Yes	Yes	Yes	Yes	No
Kubernetes-native architecture	Yes	Partial	No	No	Yes	No
Horizontal scalability	Yes, over Kubernetes	Distributed sandbox runtime	Managed proprietary infrastructure	GitHub-managed	Kubernetes/provider-dependent	Local/provider-dependent
Isolation model	Rootless nested containers	Containers / gVisor-style isolation	Firecracker microVMs	VMs/containers	Containers/VMs	Provider-dependent
Root-equivalent access inside sandbox	Yes	Yes	Limited	Yes	Configurable	Provider-dependent
Nested container support	Supported	Docker/container support	Limited	Supported	Supported	Provider-dependent
Persistent stateful environments	Yes	Yes	Limited/session-oriented	Yes	Yes	Provider-dependent
Ephemeral execution support	Yes	Yes	Yes	Limited	Limited	Limited
Devcontainer support	Yes	Yes	Partial	Yes	Yes	Yes
Template-based provisioning	Yes	Yes	Limited	Limited	Yes	Yes
Secretless infrastructure access	Yes	No	No	No	No	No
Built-in infrastructure access	Yes	Limited / external VPN integration	No	No	Limited / external	No
Credential-sprawl reduction for infrastructure access	First-class design goal	No, typically relies on sandbox/app credentials or external network integration	No, API-key-driven sandbox access	Limited to GitHub ecosystem integrations	External secret management / platform integrations	No centralized model
Workspace identity model	Dedicated Octelium Session identity per Workspace	Sandbox/user/org identity model	API-key / sandbox identity model	GitHub user/org identity	Coder user/workspace identity	Local user/provider identity
L7-aware access control to infrastructure	Yes, via Octelium Policies	No	No	No	No / external only	No
Policy-as-code access control	Yes, CEL and OPA	Limited / platform policy model	Limited	GitHub/org policies	RBAC/templates/external policy patterns	No
OIDC human authentication	Yes	Yes / Auth0-backed	Not primary user model	Enterprise SSO via GitHub org/enterprise	Yes	Provider-dependent / external
SAML human authentication	Yes	Enterprise option / contact Daytona	Not primary user model	Enterprise SSO via GitHub org/enterprise	Yes / enterprise-oriented	Provider-dependent / external
GitHub identity provider	Yes	Yes	Not primary user model	Native	Yes	Provider-dependent / external
Native Passkeys / WebAuthn / FIDO2	Yes	Not primary documented OSS feature	Not primary model	Via GitHub account security	External IdP / deployment-dependent	External
Workload OIDC assertion authentication	Yes	No / not primary documented feature	No	GitHub Actions OIDC for GitHub workflows, not sandbox identity	External IdP / deployment-dependent	No
OAuth2 client credentials support	Yes, through Octelium workload / IdP patterns where configured	API/JWT/token model, not primary OAuth2 client-credentials infrastructure access model	No, API-key/access-token model	GitHub Apps/OAuth ecosystem	External IdP / deployment-dependent	No
Bearer/API-token authentication for platform API	Yes	Yes, API keys/JWT	Yes, `E2B_API_KEY` / access token	Yes, GitHub tokens/API	Yes	Limited/provider-dependent
SSH access	Yes	Yes, token-based SSH access	Limited	Yes	Yes	Provider-dependent
OpenTelemetry-native auditing	Yes	Partial / SDK tracing	Limited	Platform-managed	External integrations	No
CLI-first workflows	Yes	Yes	Yes	Partial	Yes	Yes
Multi-user platform	Yes	Yes	Limited	Yes	Yes	No
Public API / SDK access	Yes	Yes	Yes	Yes	Yes	Limited
Web terminal support	Yes	Yes	Limited	Yes	Yes	IDE/provider-dependent
GitOps declarative management	Yes	Partial	No	No	Partial	No
AI-agent-oriented SDK usage	Yes	Yes	First-class	Limited	Emerging	Limited
Long-running background workloads	Yes	Yes	Session-oriented	Limited	Yes	Provider-dependent
CI/CD-oriented execution	Yes	Possible	Possible	Limited	Possible	No
No proprietary control plane required	Yes	No for managed, yes for OSS deployment	No for managed E2B	No	Yes for self-hosted Coder	Yes
Primary differentiation	Identity-centric sandbox platform with integrated secure infrastructure access	Fast stateful AI/dev sandboxes	Ephemeral AI code execution	Managed GitHub-native development	Enterprise remote development	Portable devcontainer orchestration

License

Cordium-owned source code is licensed under the Apache License 2.0.

Cordium is built on top of Octelium. Some Cordium components or complete deployments may include Octelium Cluster components, which are publicly licensed under AGPLv3. Octelium Labs, LLC owns the relevant copyrights for both projects.

cordium

Table of Contents