Secure Code Execution for Agents

LangChain is introducing LangSmith Sandboxes, now available in Private Preview, offering secure, scalable environments for running untrusted code generated by AI agents. Agents become significantly more useful when they can execute code—analyzing data, calling APIs, and building applications—but running arbitrary LLM-generated code without isolation poses substantial infrastructure risks. Sandboxes provide ephemeral, locked-down execution environments with granular control over resource consumption and system access.

Core Capabilities

The initial release includes several key features:

Runtime Configuration

• Bring your own Docker images or use defaults from private registries
• Sandbox templates for reusable configurations combining images, CPU, and memory
• Shared access allowing multiple agents to access the same sandbox
• Pooling and autoscaling to eliminate cold starts and handle variable demand

Execution & State Management

• Long-running sessions supporting multi-minute or multi-hour tasks with WebSocket persistence
• Persistent state across interactions, preserving files, packages, and environment state between runs
• Port tunnels to preview agent output locally before deployment

Security & Integration

• Hardware-virtualized microVM isolation at the kernel level, not just Linux namespaces
• Authentication Proxy preventing secrets from touching sandbox runtimes
• Framework-agnostic Python and JavaScript SDKs with native integrations for Deep Agents and Open SWE
• Full tracing alongside agent runs for observability

Roadmap

LangChain plans to expand the platform with shared volumes for cross-sandbox state sharing, binary authorization to control executable restrictions, and comprehensive execution tracing covering every process and network call within the virtual machine.

Sign up for the private preview waitlist at langchain.com/langsmith-sandboxes-waitlist to get started.