File storage and sandbox backends for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for kacperwlodarczyk-vstorm from gravatar.com kacperwlodarczyk-vstorm

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: VStorm
  • Requires: Python >=3.10
  • Provides-Extra: console , dev , docker
Classifiers
Report project as malware

Project description

pydantic-ai-backend

PyPI version Python 3.10+ License: MIT Coverage Status

File storage, sandbox backends, and console toolset for pydantic-ai agents.

Looking for a complete agent framework? Check out pydantic-deep - a full-featured deep agent framework with planning, subagents, and skills system.

Need task planning? Check out pydantic-ai-todo - standalone task planning toolset for any pydantic-ai agent.

Documentation

Full Documentation - Installation, concepts, examples, and API reference.

Architecture

Architecture

Installation

# Core library
pip install pydantic-ai-backend

# With console toolset (requires pydantic-ai)
pip install pydantic-ai-backend[console]

# With Docker sandbox support
pip install pydantic-ai-backend[docker]

# Everything
pip install pydantic-ai-backend[console,docker]

Quick Start

Console Toolset with pydantic-ai

The easiest way to add file operations to your agent:

from dataclasses import dataclass
from pydantic_ai import Agent
from pydantic_ai_backends import LocalBackend, create_console_toolset

@dataclass
class Deps:
    backend: LocalBackend

# Create agent with console tools
agent = Agent(
    "openai:gpt-4o",
    deps_type=Deps,
    toolsets=[create_console_toolset()],
    system_prompt="You are a coding assistant. Use the tools to read, write, and execute code.",
)

# Run agent
backend = LocalBackend(root_dir="./workspace")
result = agent.run_sync(
    "Create a Python script that calculates fibonacci numbers and run it",
    deps=Deps(backend=backend),
)
print(result.output)

Docker Sandbox for Safe Execution

For untrusted code or multi-user applications:

from dataclasses import dataclass
from pydantic_ai import Agent
from pydantic_ai_backends import DockerSandbox, create_console_toolset

@dataclass
class Deps:
    backend: DockerSandbox

# Create isolated sandbox
sandbox = DockerSandbox(runtime="python-datascience")
sandbox.start()

# Create agent
agent = Agent(
    "openai:gpt-4o",
    deps_type=Deps,
    toolsets=[create_console_toolset()],
    system_prompt="You are a data analysis assistant.",
)

result = agent.run_sync(
    "Write a script that generates random data and plots a histogram",
    deps=Deps(backend=sandbox),
)

sandbox.stop()

In-Memory Backend for Testing

Perfect for unit tests and ephemeral sessions:

from dataclasses import dataclass
from pydantic_ai import Agent
from pydantic_ai_backends import StateBackend, create_console_toolset

@dataclass
class Deps:
    backend: StateBackend

# In-memory storage - no files on disk
backend = StateBackend()

agent = Agent(
    "openai:gpt-4o",
    deps_type=Deps,
    toolsets=[create_console_toolset(include_execute=False)],  # No shell in StateBackend
)

result = agent.run_sync(
    "Create a config.json file with database settings",
    deps=Deps(backend=backend),
)

# Access files programmatically
print(backend.files)  # {'/config.json': {...}}

Multi-User Web Application

Session manager for web apps with isolated user environments:

from dataclasses import dataclass
from fastapi import FastAPI
from pydantic_ai import Agent
from pydantic_ai_backends import SessionManager, DockerSandbox, create_console_toolset

app = FastAPI()

# Session manager with persistent storage
manager = SessionManager(
    default_runtime="python-datascience",
    workspace_root="/app/user_workspaces",  # Files persist here
)

@dataclass
class Deps:
    backend: DockerSandbox

agent = Agent(
    "openai:gpt-4o",
    deps_type=Deps,
    toolsets=[create_console_toolset()],
)

@app.post("/run/{user_id}")
async def run_code(user_id: str, prompt: str):
    # Each user gets their own isolated sandbox
    sandbox = await manager.get_or_create(user_id)

    result = await agent.run(prompt, deps=Deps(backend=sandbox))
    return {"output": result.output}

@app.on_event("shutdown")
async def shutdown():
    await manager.shutdown()

Composite Backend for Complex Routing

Route different paths to different backends:

from dataclasses import dataclass
from pydantic_ai import Agent
from pydantic_ai_backends import (
    CompositeBackend,
    LocalBackend,
    StateBackend,
    create_console_toolset,
)

@dataclass
class Deps:
    backend: CompositeBackend

# Different backends for different purposes
backend = CompositeBackend(
    default=StateBackend(),  # Temp files in memory
    routes={
        "/project/": LocalBackend("/home/user/myproject"),
        "/data/": LocalBackend("/shared/datasets", enable_execute=False),
    },
)

agent = Agent(
    "openai:gpt-4o",
    deps_type=Deps,
    toolsets=[create_console_toolset()],
)

result = agent.run_sync(
    "Read the CSV from /data/sales.csv, analyze it, and save results to /project/report.md",
    deps=Deps(backend=backend),
)

Console Toolset Configuration

from pydantic_ai_backends import create_console_toolset

# Default: all tools, execute requires approval
toolset = create_console_toolset()

# Without shell execution
toolset = create_console_toolset(include_execute=False)

# Require approval for write operations
toolset = create_console_toolset(
    require_write_approval=True,
    require_execute_approval=True,
)

# Custom toolset ID
toolset = create_console_toolset(id="file-tools")

# Include hidden files by default when using grep
toolset = create_console_toolset(default_ignore_hidden=False)

Available tools: ls, read_file, write_file, edit_file, glob, grep, execute

Permission System

Fine-grained access control for file operations and shell commands:

from pydantic_ai_backends import LocalBackend, create_console_toolset
from pydantic_ai_backends.permissions import (
    DEFAULT_RULESET,
    READONLY_RULESET,
    PermissionRuleset,
    OperationPermissions,
    PermissionRule,
)

# Use pre-configured presets
backend = LocalBackend(root_dir="/workspace", permissions=DEFAULT_RULESET)

# Read-only mode
backend = LocalBackend(root_dir="/workspace", permissions=READONLY_RULESET)

# Custom rules
custom_permissions = PermissionRuleset(
    default="ask",
    read=OperationPermissions(
        default="allow",
        rules=[
            PermissionRule(pattern="**/.env*", action="deny"),
            PermissionRule(pattern="**/secrets/**", action="deny"),
        ],
    ),
    write=OperationPermissions(
        default="ask",
        rules=[
            PermissionRule(pattern="**/*.py", action="allow"),
        ],
    ),
    execute=OperationPermissions(
        default="deny",
        rules=[
            PermissionRule(pattern="git *", action="allow"),
            PermissionRule(pattern="python *", action="allow"),
        ],
    ),
)

backend = LocalBackend(root_dir="/workspace", permissions=custom_permissions)

# With console toolset
toolset = create_console_toolset(permissions=DEFAULT_RULESET)

Available presets:

Preset Description
DEFAULT_RULESET Allow reads (except secrets), ask for writes/executes
PERMISSIVE_RULESET Allow most operations, deny dangerous commands
READONLY_RULESET Allow reads only, deny all writes and executes
STRICT_RULESET Everything requires approval

Built-in Docker Runtimes

from pydantic_ai_backends import DockerSandbox

# Pre-configured environments
sandbox = DockerSandbox(runtime="python-datascience")
Runtime Base Image Packages
python-minimal python:3.12-slim (none)
python-datascience python:3.12-slim pandas, numpy, matplotlib, scikit-learn, seaborn
python-web python:3.12-slim fastapi, uvicorn, sqlalchemy, httpx
node-minimal node:20-slim (none)
node-react node:20-slim typescript, vite, react, react-dom

Custom runtime:

from pydantic_ai_backends import DockerSandbox, RuntimeConfig

runtime = RuntimeConfig(
    name="ml-env",
    base_image="python:3.12-slim",
    packages=["torch", "transformers", "accelerate"],
    env_vars={"PYTHONUNBUFFERED": "1"},
)

sandbox = DockerSandbox(runtime=runtime)

Backend Protocol

All backends implement BackendProtocol:

class BackendProtocol(Protocol):
    def ls_info(self, path: str) -> list[FileInfo]: ...
    def read(self, path: str, offset: int = 0, limit: int = 2000) -> str: ...
    def write(self, path: str, content: str | bytes) -> WriteResult: ...
    def edit(self, path: str, old: str, new: str, replace_all: bool = False) -> EditResult: ...
    def glob_info(self, pattern: str, path: str = "/") -> list[FileInfo]: ...
    def grep_raw(
        self,
        pattern: str,
        path: str | None = None,
        glob: str | None = None,
        ignore_hidden: bool = True,
    ) -> list[GrepMatch] | str: ...

LocalBackend and DockerSandbox also provide shell execution:

def execute(self, command: str, timeout: int | None = None) -> ExecuteResponse: ...

Examples

Full working examples in examples/:

Example Description Backend
local_cli CLI coding assistant LocalBackend
web_production Multi-user web app with UI DockerSandbox + SessionManager

Development

git clone https://github.com/vstorm-co/pydantic-ai-backend.git
cd pydantic-ai-backend
make install
make test

Related Projects

License

MIT License - see LICENSE for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for kacperwlodarczyk-vstorm from gravatar.com kacperwlodarczyk-vstorm

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: VStorm
  • Requires: Python >=3.10
  • Provides-Extra: console , dev , docker
Classifiers

Release history Release notifications | RSS feed

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.14

0.1.13

0.1.12

0.1.11

0.1.10

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

0.0.4

0.0.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pydantic_ai_backend-0.1.2.tar.gz (6.7 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pydantic_ai_backend-0.1.2-py3-none-any.whl (43.2 kB view details)

Uploaded Python 3

File details

Details for the file pydantic_ai_backend-0.1.2.tar.gz.

File metadata

  • Download URL: pydantic_ai_backend-0.1.2.tar.gz
  • Upload date:
  • Size: 6.7 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pydantic_ai_backend-0.1.2.tar.gz
Algorithm Hash digest
SHA256 13bcc5ad5de86511972cc665dff394592e5f197b15211fcc13fabcc41903a082
MD5 4865377cea7f5d1963ad96a0c1e1b6b2
BLAKE2b-256 27c924c63d414e26a8404a8e25f1c51ccf7019a64f9c09e23481cdceee51d334

See more details on using hashes here.

Provenance

The following attestation bundles were made for pydantic_ai_backend-0.1.2.tar.gz:

Publisher: publish.yml on vstorm-co/pydantic-ai-backend

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pydantic_ai_backend-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for pydantic_ai_backend-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 f4c590b336a52d8dbf9d7ae711b1c2e2c19ee0e1eb5843f44b38137d2e0f6ccc
MD5 806fc531241e642811a21ad786a76a68
BLAKE2b-256 f0dea56dcfebfec1a77d3fe408ef2bea1e06f9970b1dee374cb79b4f77ad6d7b

See more details on using hashes here.

Provenance

The following attestation bundles were made for pydantic_ai_backend-0.1.2-py3-none-any.whl:

Publisher: publish.yml on vstorm-co/pydantic-ai-backend

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page