Docker-backed sandbox backend for DeepAgents
Project description
Docker sandbox backend for Deep Agents.
deepagents-docker
Run Deep Agents in an isolated Docker container without compromising your host machine.
Quickstart
Requires Docker on your machine.
Install with uv:
uv add deepagents-docker
or with pip:
pip install deepagents-docker
from deepagents import create_deep_agent
from deepagents_docker import DockerSandbox
agent = create_deep_agent(
model="openai:gpt-5.5",
backend=DockerSandbox(),
system_prompt="You are a research assistant.",
)
result = agent.invoke({"messages": "Research the latest trends in AI and write a summary."})
Configuration
Constructor options let you change the image, workspace path, command timeout, resource limits, outbound network access, and any extra docker run flags:
DockerSandbox(
image="python:3.12-bookworm", # default image (Debian-based, includes curl, etc.)
allow_outbound_traffic=True, # False → no network; True (default) → allow outbound traffic
workspace_dir="/path/to/project", # host dir for agent files; see note below
timeout=120, # per-command timeout (seconds)
max_output_bytes=100_000, # combined stdout/stderr cap per command
memory="512m",
cpus=1.0,
pids_limit=128,
auto_remove=True, # remove container on close()
extra_run_args=["--env", "FOO=bar"],
)
[!NOTE] When
workspace_diris omitted, a temporary directory is created under the host temp folder and removed onclose()when the sandbox owns it. Pass an explicit path to keep files after the container stops.
How it works
DockerSandbox implements the Deep Agents backend protocol by splitting work across the host and a container:
- File tools (
read,write,edit,grep,glob,ls) run against a workspace directory on your machine. executeruns shell commands in a long-lived Docker container. The same directory is bind-mounted at/workspace, so files stay in sync between tools and commands.
On startup, the sandbox creates a container with conservative defaults:
python:3.12-bookwormas the default image- Outbound traffic allowed by default
- No elevated Linux privileges
- Read-only root filesystem (with small
tmpfsmounts for/tmpand/var/tmp) - Memory, CPU, and PID limits
[!NOTE] The container is stopped and removed automatically when the Python process exits (
atexit). Use a context manager (below) to tear down earlier.
Using a context manager
Use a context manager when you want the container stopped and removed as soon as you leave the block:
from deepagents import create_deep_agent
from deepagents_docker import DockerSandbox
with DockerSandbox() as backend:
agent = create_deep_agent(model="openai:gpt-5.5", backend=backend)
agent.invoke({"messages": "..."})
# Container stopped and removed here.
print("Done!")
Example
The pizza agent searches the web for a Neapolitan pizza recipe and writes it to a file in the workspace:
from deepagents import create_deep_agent
from deepagents_docker import DockerSandbox
backend = DockerSandbox(
workspace_dir="examples/data",
allow_outbound_traffic=True,
)
agent = create_deep_agent(
model="openai:gpt-5.5",
backend=backend,
system_prompt="You are a pizza chef.",
)
for step in agent.stream(
{"messages": "Find the best neapolitan pizza recipe and write it to the recipe.md file."},
stream_mode="updates",
):
for update in step.values():
if update and (messages := update.get("messages")):
for message in messages:
message.pretty_print()
From a clone of this repo (requires an OpenAI API key):
uv run python examples/pizza_agent.py
The agent writes recipe.md under examples/data/.
Development
git clone https://github.com/andybbruno/deepagents-docker.git
cd deepagents-docker
uv sync
uv run pytest
Contributing
Contributions are welcome! Please feel free to open an issue or submit a pull request.
Security
Use this for trusted workloads and development, not as a hard multi-tenant boundary. Do not put secrets in the workspace. See Deep Agents security.
License
MIT — LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file deepagents_docker-0.0.3.tar.gz.
File metadata
- Download URL: deepagents_docker-0.0.3.tar.gz
- Upload date:
- Size: 801.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
32e67cc7d84e408fd372b16263f07a9ca8ffbee891670fc419a6eb38edf88cd6
|
|
| MD5 |
cb7dee7de50feabdaaf9ec43a34c9d94
|
|
| BLAKE2b-256 |
255706c99496c76e8b85d877a6ad8d4bd8b9bb323e984f484b3f56d2a5e0f259
|
File details
Details for the file deepagents_docker-0.0.3-py3-none-any.whl.
File metadata
- Download URL: deepagents_docker-0.0.3-py3-none-any.whl
- Upload date:
- Size: 8.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bdb8470e833ce4c1e553ea1dbf8944b79d7dc4bf34d212901eb816d62316798a
|
|
| MD5 |
0a834195782ed9574eec31ff882f9b8d
|
|
| BLAKE2b-256 |
7367371f900cca106c43459a5386e6f02df6f50a108e0c31fa534e30d4f880ed
|
