Docker-backed sandbox backend for DeepAgents
Project description
Docker sandbox backend for Deep Agents.
deepagents-docker
Run Deep Agents in an isolated Docker container without compromising your host machine.
Quickstart
Requires Docker on your machine.
Install with uv:
uv add deepagents-docker
or with pip:
pip install deepagents-docker
from deepagents import create_deep_agent
from deepagents_docker import DockerSandbox
agent = create_deep_agent(
model="openai:gpt-5.5",
backend=DockerSandbox(),
system_prompt="You are a research assistant.",
)
result = agent.invoke({"messages": "Research the latest trends in AI and write a summary."})
Configuration
Constructor options let you change the docker image of the container, shared folder path, command timeout, resource limits, outbound network access, and any extra docker run flags:
DockerSandbox(
image="python:3.12-bookworm", # default image (Debian-based, includes curl, etc.)
allow_outbound_traffic=True, # False → no network; True (default) → allow outbound traffic
shared_dir="/path/to/project", # host folder shared with the container; see note below
timeout=120, # per-command timeout (seconds)
max_output_bytes=100_000, # combined stdout/stderr cap per command
memory="256m", # default memory limit
cpus=0.5, # default CPU limit
pids_limit=128,
auto_remove=True, # remove container on close()
extra_run_args=["--env", "FOO=bar"],
)
[!NOTE] Pass an explicit
shared_dirpath to keep files after the container stops. When omitted, a temporary directory is created within the host filesystem and removed when the DockerSandbox is closed.
How it works
The creation of a DockerSandbox object results in the starting of a long-running docker container. Every shell command executed by the agent is actually run inside the container, not on your host OS. Therefore, library installations, cURL downloads, and any other filesystem changes stay inside Docker, not on your host. The only link between the container and your machine is shared_dir (if provided), a folder on disk that is mounted at /shared (with that directory as the shell working directory) so you can share files between the agent and your host.
[!NOTE] Docker does not allow bind-mounting a volume to
/(it would hide the image’s system files and break the container). File tools (read_file,write_file, …) use virtual paths under/(for example/sales.csv); shell commands run in/shared, so the same file issales.csvor/shared/sales.csvin the container.
[!NOTE] The container is stopped and removed automatically when the Python process exits (
atexit). Use a context manager (below) to tear down earlier.
Using a context manager
Use a context manager when you want the container stopped and removed as soon as you leave the block:
from deepagents import create_deep_agent
from deepagents_docker import DockerSandbox
with DockerSandbox() as backend:
agent = create_deep_agent(model="openai:gpt-5.5", backend=backend)
agent.invoke({"messages": "..."})
# Container stopped and removed here.
print("Done!")
Example
The pizza agent searches the web for a Neapolitan pizza recipe and writes it to a file in the shared folder:
from deepagents import create_deep_agent
from deepagents_docker import DockerSandbox
backend = DockerSandbox(
shared_dir="examples/data",
allow_outbound_traffic=True,
)
agent = create_deep_agent(
model="openai:gpt-5.5",
backend=backend,
system_prompt="You are a pizza chef.",
)
for step in agent.stream(
{"messages": "Find the best neapolitan pizza recipe and write it to the recipe.md file."},
stream_mode="updates",
):
for update in step.values():
if update and (messages := update.get("messages")):
for message in messages:
message.pretty_print()
From a clone of this repo (requires an OpenAI API key):
uv run python examples/pizza_agent.py
The agent writes recipe.md under examples/data/.
Development
git clone https://github.com/andybbruno/deepagents-docker.git
cd deepagents-docker
uv sync
uv run pytest
Contributing
Contributions are welcome! Please feel free to open an issue or submit a pull request.
Security
Use this for trusted workloads and development, not as a hard multi-tenant boundary. Do not put secrets in the shared folder. See Deep Agents security.
License
MIT — LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file deepagents_docker-0.1.0.tar.gz.
File metadata
- Download URL: deepagents_docker-0.1.0.tar.gz
- Upload date:
- Size: 802.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
354e3321781e6fee0be95d9a9e76ce6873cd5e9a80cc7cfbee30817c341bfaea
|
|
| MD5 |
7a985cf00184ba8b4d68a0132f01634d
|
|
| BLAKE2b-256 |
3b5ead8bd93a90ff8af27565df3db071e3ad8b6e5066de71191fee3464996c1c
|
File details
Details for the file deepagents_docker-0.1.0-py3-none-any.whl.
File metadata
- Download URL: deepagents_docker-0.1.0-py3-none-any.whl
- Upload date:
- Size: 8.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
56fa25f804046749573a0eab249b25e0f3f7aa574b817e912d2df891c95cb8d6
|
|
| MD5 |
4a389d4f554ae309ed7b9d4fede9fa4e
|
|
| BLAKE2b-256 |
749cc706cdd89552b1578981ef6886390281d58ba7436a8c42c3ecf3793e76ec
|
