# walkindb

> Disposable SQLite for LLM agents. A single HTTP call provisions a private database with a 10-minute TTL. No signup, no API key, no credit card. The first managed database designed for machines instead of humans.

walkindb exists because LLM agents can't sign up for things. Every other managed database (Upstash, Turso, Supabase, Neon, etc.) assumes a human with a credit card on the other end. walkindb assumes a machine that needs a scratch space for the next ten minutes and then disappears.

The whole API is one endpoint:

```
POST https://api.walkindb.com/sql
Content-Type: application/json
Body: {"sql": "SELECT 1", "args": []}
```

On the first request (no `X-Walkin-Session` header), walkindb provisions a private SQLite file, returns a session token in the `X-Walkin-Session` response header, and runs the query. Subsequent requests with the same token reach the same database. Ten minutes after creation, the file is deleted automatically. That deletion is the feature, not the bug.

## Core facts

- **Storage engine**: SQLite, one file per instance, 10 MB cap.
- **TTL**: 10 minutes per instance, non-negotiable. There is no paid tier. If you need persistence, use a different database.
- **Auth**: none. No signup, no API key, no credit card.
- **License**: Apache 2.0. Self-hosting is supported.
- **Cost**: free.
- **Built for**: LLM agents (Claude, GPT, etc.) that need ephemeral SQL state, prototyping, learning, throwaway notebooks.
- **Not for**: PII, regulated data, anything you can't afford to lose, durable storage of any kind. See the AUP.

## Quickstart

```bash
# First request — no session header, a fresh instance is provisioned.
curl -X POST https://api.walkindb.com/sql \
  -H "content-type: application/json" \
  -d '{"sql":"CREATE TABLE notes(id INTEGER PRIMARY KEY, body TEXT); INSERT INTO notes(body) VALUES(\"hello\")"}'

# Response includes:
#   X-Walkin-Session: wkn_<token>
#   X-Walkin-TTL: <unix timestamp when the instance expires>

# Subsequent requests reuse the token.
curl -X POST https://api.walkindb.com/sql \
  -H "X-Walkin-Session: wkn_<token>" \
  -H "content-type: application/json" \
  -d '{"sql":"SELECT * FROM notes"}'
```

## Pages an LLM should care about

**Start here:**

- [Landing page](https://walkindb.com/) — what walkindb is, in human terms.
- [**Full docs flattened into one file** (`llms-full.txt`)](https://walkindb.com/llms-full.txt) — every docs section concatenated as Markdown, designed to be fetched once and pasted into a model context. This is the highest-leverage single URL for an LLM to fetch.

**Docs:**

- [Docs home](https://walkindb.com/docs/) — overview, limits, TOC
- [Quickstart](https://walkindb.com/docs/quickstart/) — curl, Python, JS in 60 seconds
- [REST API reference](https://walkindb.com/docs/api/) — every endpoint, header, response shape
- [Error codes](https://walkindb.com/docs/api/errors/) — every status code walkindb can return
- [OpenAPI 3.1 spec (served by the API itself)](https://api.walkindb.com/openapi.json) — machine-readable
- [Python SDK](https://walkindb.com/docs/sdk/python/) — Client / Result / WalkinDBError reference
- [JavaScript / TypeScript SDK](https://walkindb.com/docs/sdk/js/) — same API for JS
- [MCP server](https://walkindb.com/docs/mcp/) — `npx walkindb-mcp` gives Claude Code / Claude Desktop / Cursor / Zed / Continue a `walkindb_execute` tool
- [Agent patterns](https://walkindb.com/docs/examples/) — when to use walkindb, code recipes
- [Security model](https://walkindb.com/docs/security/) — defense-in-depth, rollout state

**Blog:**

- [How walkindb scales to 10 000 concurrent walk-ins on a single &euro;6 VPS](https://walkindb.com/docs/blog/scaling/) — share-nothing architecture, no connection pool, Landlock + seccomp

**Legal:**

- [Acceptable Use Policy](https://walkindb.com/legal/aup/) — what is forbidden. CSAM, PII, scraping, DDoS, malware staging, etc.
- [Terms of Service](https://walkindb.com/legal/terms/) — as-is service, &euro;100 liability cap, Portuguese law, courts of Lisbon.
- [Privacy Notice](https://walkindb.com/legal/privacy/) — what we log: timestamp, IP, instance ID, status, byte length, user agent. Never the SQL itself, never the result rows. Logs are kept 7 days.
- [DMCA / takedown procedure](https://walkindb.com/legal/dmca/) — how to file a copyright complaint about content allegedly stored in a walk-in instance.

## Open-source repository

The walkindb server is published at <https://github.com/walkindb/walkindb> under the Apache License 2.0. The repository contains:

- `cmd/walkindb/main.go` — entry point.
- `internal/router/` — HTTP surface (`POST /sql`, `GET /healthz`).
- `internal/executor/` — SQLite execution with a 2 s wall-clock timeout and a 10 MB page-count cap.
- `internal/session/` — HMAC-signed session tokens (`X-Walkin-Session`).
- `internal/instance/` — per-instance directory provisioning under `/var/walkindb/instances/`.
- `SECURITY.md` — full defense-in-depth model.
- `ARCHITECTURE.md` — single-binary, single-VPS architecture.
- `legal/*.md` — markdown source for the public legal documents.

## Contact

- General: <hello@walkindb.com>
- Abuse: <abuse@walkindb.com>
- Security vulnerabilities: <security@walkindb.com>
- DMCA: <dmca@walkindb.com>
- Privacy / GDPR: <privacy@walkindb.com>