Secure Code Execution for Agents

LangSmith Sandboxes provide ephemeral, hardware-isolated environments where agents can safely run untrusted code without risking your infrastructure. Unlike traditional containers designed for vetted application code, these sandboxes handle the unpredictability of agent-generated code with full kernel-level isolation through microVMs.

Key Capabilities

Runtime Configuration:

• Bring your own Docker image from any registry or use LangSmith defaults
• Define reusable sandbox templates with image, CPU, and memory specs
• Pre-provision warm sandbox pools to eliminate cold starts with automatic autoscaling
• Share sandbox access across multiple agents without transferring artifacts

Execution & Integration:

• Long-running sessions with persistent WebSocket connections and real-time output streaming
• Maintain state across multiple agent interactions—files, packages, and environment persist
• Framework-agnostic design works with LangChain OSS, other frameworks, or standalone
• Native integrations with Deep Agents and Open SWE, plus Python and JavaScript SDKs
• Local tunneling to preview sandbox output before deployment

Security & Monitoring

Sandboxes isolate credentials through an Authentication Proxy so secrets never reach the runtime environment. Hardware-level microVM isolation provides kernel-separation between sandboxes. Sandbox execution is traced alongside agent runs for visibility into what's happening.

What's Next

LangSmith is actively developing shared volumes for cross-sandbox state transfer, binary authorization to restrict which programs can execute, and full execution tracing of all processes and network calls within sandboxes.