Rank #2222h ago

DeepAgents releases deepagents-sandbox Linux backend

NHV

3 top authors

DeepAgents released deepagents-sandbox, a lightweight native Linux backend for isolating LLM and agent-generated code. The tool operates without Docker, VMs, or cloud dependencies, using bubblewrap for timeout enforcement and cgroups v2 for memory and PID limits. It enforces default network blocking and provides a writable /workspace directory, delivering a secure local execution environment with strict resource controls on standard Linux systems.

First post

nu_b_kh@nu_b_kh·22hOriginal post

I built deepagents-sandbox — a native Linux sandbox backend for Deep Agents. No Docker. No VM. Agents get a writable /workspace, blocked network by default, memory/PID limits, and timeout enforcement. It uses bubblewrap + cgroups v2 to isolate agent code execution with resource limits, blocked network by default, writable /workspace, timeouts, and adversarial tests. Video timestamps: 00:00 - 02:23 → Overview 02:24 - 04:28 → Sandbox internals 04:29 - 06:30 → Code walkthrough 06:30 - 11:03 → Demo GitHub: https://github.com/john221wick/deepagents-sandbox

View on

Why it matters

Bhushan Bharat (GitHub user john221wick) proposed deepagents-sandbox in GitHub issue 2882 on langchain-ai's official deepagents repository.

Default settings in deepagents-sandbox restrict each execution to 512 megabytes memory, 256 PIDs, 60 seconds runtime, and 256 kilobytes output.

Deepagents-sandbox passed adversarial tests against fork bombs, memory bombs, symlink escapes, and privilege escalation attempts.

Harrison Chase (LangChain founder) reposted the deepagents-sandbox announcement from the student engineer who built it.

5 more posts

Retweeted by Harrison Chase·20hView on
Retweeted by Harrison Chase·20hView on