MCP-native · macOS & Linux
DAIMON Logo

Give AI Local Access. Safely.

DAIMON provides an OS-kernel-enforced sandbox so AI agents can run safely on your local machine with strong execution boundaries. No Docker overhead. No risk of permanent damage to your data.

Download Desktop AppFollow on XSDK Docs

The Dilemma

AI Agents Need Local Access.
But at What Cost?

Today's AI coding agents are powerful — but giving them unrestricted access to your filesystem is a gamble you can't afford.

Raw Terminal Access

Giving an AI agent a bare shell is like handing your house keys to a stranger. One hallucinated rm -rf / and your data is gone forever.

Extremely dangerous

Docker Containers

Safe, but the AI is trapped in an isolated world. It can't use your local tools, dotfiles, SSH keys, or seamlessly edit your real project files.

Safe but over-isolated

DAIMON

Runs natively on your host with OS-kernel sandbox. AI uses your real tools and edits your real files — but can only touch what you allow.

Native & secure

Under the Hood

OS-Kernel Sandbox. Not Another Container.

DAIMON leverages your operating system's built-in security mechanisms — the same primitives used by browsers and the OS itself — to enforce bulletproof boundaries.

01

Define Your Policy

Use the DAIMON GUI or write a simple YAML to declare exactly which directories the AI can read, which it can write to, and whether network access is allowed.

02

Kernel Enforces the Rules

On macOS, sandbox-exec enforces it. On Linux, Landlock + seccomplock it down. No userspace escape — it's enforced at the kernel level.

03

AI Works Natively

The agent accesses your real file system, your real toolchain, and your real project — with zero Docker overhead. It just can't cross the boundary you set.

sandbox-policy.yaml
version: 2

filesystem_policy:
  include_workdir: true

  read_only:
    - /usr
    - /bin
    - /var/log          # AI can read logs

  read_write:
    - /workspace        # AI can ONLY write here

network:
  mode: disabled        # No network. No data exfil.

linux:
  landlock:
    compatibility: hard_requirement

The Interface

Command Your Agent.
Visually.

Stop guessing with YAML configurations. DAIMON provides a polished desktop interface on macOS and Linux to manage every aspect of your agent's sandbox.

Runtime Dashboard

Get a bird's-eye view of your local MCP kernel. Start, stop, and monitor the health of the sandboxed service directly from your menu bar or main window.

DAIMON Overview Dashboard

Granular Filesystem Constraints

Specifically whitelist directories for read and write operations. The kernel prevents the agent from viewing your private SSH keys or modifying files outside your active project.

Filesystem Policy Editor

Network Isolation

Take full control of the agent's connection to the outside world. Block all access to prevent data exfiltration, or restrict it to localhost for local dev servers.

Network Isolation Policy

Features

Everything You Need. Nothing You Don't.

Granular Filesystem Control

Declare read-only and read-write paths with surgical precision. AI agents can browse your codebase but only modify the project you're working on.

Network Isolation

Cut off network access entirely, allow localhost-only for local tools, or keep it open. Your call. Prevent any chance of data exfiltration.

Kernel-Level Enforcement

Not a polite request — a hard kernel boundary. macOS sandbox-exec on Mac, Landlock + seccomp on Linux. No userspace escape possible.

Visual Policy Editor

DAIMON's desktop GUI lets you visually configure, validate, and inspect sandbox policies. No more hand-editing YAML unless you want to.

Runtime Monitoring

Launch, stop, and monitor your MCP service from the desktop app. View logs, check health via the built-in doctor diagnostics.

MCP Native

First-class Model Context Protocol support. Works seamlessly with Claude Desktop, Cursor, and any MCP-compatible AI agent.

Quick Start

Start with the Python SDK.

DAIMON manager gives your app isolated sandboxes. daimon-sdk gives your app a typed way to create and use them.

If you already have an MCP URL and token, use DaimonClient directly.

01

Launch the sandbox manager

Start processd-sandbox-manager and confirm the manager HTTP endpoint is reachable. The SDK can then create a fresh sandbox for each workflow.

02

Install the Python SDK

Use your existing Python environment and install the published SDK package. No manual MCP client wiring is needed for the happy path.

03

Create a sandbox and make one call

Point DaimonManagerClient at the manager endpoint, enter a sandbox context, and call the sandbox MCP tools through typed APIs.

Python SDK quick start
Start Manager
curl -LO https://github.com/daimon-hq/release/releases/latest/download/compose.manager.yaml
docker compose -f compose.manager.yaml up -d
curl -i http://127.0.0.1:18080/health

pip install daimon-sdk
Connect
import asyncio

from daimon_sdk import DaimonManagerClient


async def main() -> None:
    async with DaimonManagerClient("http://127.0.0.1:18080") as manager:
        async with manager.sandbox() as sandbox:
            runtime = await sandbox.runtime.get_context()
            print(runtime.base_workdir)

            result = await sandbox.exec.bash("python3 --version")
            print(result.display_text)


asyncio.run(main())
DAIMON

Ready to Run AI Agents Fearlessly?

Download DAIMON, define your sandbox policy, and let AI work on your local files — with peace of mind.

Browse ReleasesTerminal Kernel Guide

You'll land on the release page and can choose Desktop bundles (macOS DMG, Ubuntu .deb) or the standalone Linux kernel assets.

macOS 13+ (Ventura or later) · Ubuntu/Debian-style Linux · Apple Silicon & Intel/amd64