The two patterns by which agents connect sandboxes

As more agents require workspaces to execute code, install packages, and access files, sandboxes provide the necessary isolation to prevent unauthorized access to credentials and networks. Two primary architecture patterns for integrating agents with sandboxes are identified: running the agent within the sandbox, which offers a development-like environment with tight coupling between the agent and its environment but poses security risks and infrastructure challenges; and using the sandbox as a tool, allowing the agent to run locally or on a server while executing code remotely, facilitating easier updates and maintaining API key security while potentially incurring network latency issues. Each pattern offers unique benefits and trade-offs, depending on the specific needs of agent development, such as mirroring local development or prioritizing quick iterations and secure API management. Deepagents, an open-source agent framework, supports both approaches, enabling users to choose the best fit for their requirements.