We are looking at the specifically for its sandbox capabilities. How does the UnixLocalSandboxClient handle file persistence across different agent runs? We need to ensure that code execution is isolated but allows for workspace state to be carried over for multi-step engineering tasks.
3 answers
The sandbox environment in the SDK uses a Manifest abstraction to define the agent's workspace. This allows you to mount local directories or cloud storage like AWS S3 or Google Cloud. The UnixLocalSandboxClient provides a controlled Unix-like environment where the agent can install dependencies and run code safely. For persistence, the SDK supports snapshotting and rehydration. This means if a container fails or a session expires, you can restore the agent's state in a fresh container and continue exactly where it left off, which is vital for long tasks.
How do you manage the permissions for these sandboxes to prevent the agent from accessing the host machine's sensitive files?
Using the sandbox feature is a game-changer for building AI-driven coding assistants that need a real terminal to verify their work.
Sandra is right; the ability to run 'pip install' within the sandbox makes it incredibly useful for testing technical blog snippets or fixing bugs in real-time.
Jason, the SDK uses a strict isolation model. You define exactly which "entries" are available in the Manifest. The agent only sees what you explicitly mount. By default, it has no access to the rest of the host system. You can even set specific permissions for the filesystem and shell access within the configuration, giving you granular control over what the agent can and cannot do during execution.