展示 HN：沙盒代理 SDK – 用于自动化编码代理的统一 API

展示 HN：沙盒代理 SDK – 用于自动化编码代理的统一 API
Show HN: Sandbox Agent SDK – unified API for automating coding agents

原始链接: https://github.com/rivet-dev/sandbox-agent

## 沙盒代理：编码代理的远程控制沙盒代理简化了远程和安全地运行和控制编码代理（如 Claude Code、Codex、OpenCode 和 Amp）的过程。它解决了隔离执行、不同的代理 API 和临时会话等挑战。其核心是一个用 Rust 构建的服务器，它*在*沙盒环境中运行，并暴露一个统一的 HTTP/SSE API。这允许您的应用程序与任何受支持的代理交互，而无需代理特定的代码或直接 SSH 访问。 **主要特性：** * **通用 API：** 通过单个、一致的接口控制所有受支持的代理。 * **流式事件：** 以标准化格式接收代理操作（工具调用、编辑等）的实时更新。 * **持久会话：** 将代理记录流式传输到外部存储（Postgres、ClickHouse、Rivet），用于审计和重放。 * **灵活部署：** 作为 HTTP 服务器运行，或通过 TypeScript SDK 直接嵌入到您的应用程序中。 * **易于安装：** 通过 `curl` 或 npm 进行简单安装，并可按需安装代理。沙盒代理非常适合需要安全、可靠地控制编码代理的生产环境，为直接使用 SDK 或基于 SSH 的解决方案提供了一个强大的替代方案。它补充了专注于聊天界面的现有 AI SDK，从而实现强大的自主编码能力。

## 沙盒代理SDK：简化编码代理自动化 NathanFlurry已开源沙盒代理SDK，旨在解决使用各种且通常标准化程度低的编码代理时遇到的挑战。该SDK为与*任何*编码代理交互提供了一个**统一的API**，无论其底层实现如何。主要功能包括一个充当API HTTP服务器的**Rust二进制文件**，无需处理未记录的接口，以及用于可靠的对话历史记录持久化的**通用会话模式**。该SDK支持Daytona、E2B和Vercel等流行的沙盒提供商，并且可以使用单个`curl`命令进行部署。它提供服务器模式和TypeScript SDK模式，并拥有完善的OpenAPI规范。开发者正在积极寻求反馈，并计划在未来几周内添加更多功能。该工具旨在简化自动化编码代理的开发和部署。

原文

Run Coding Agents in Sandboxes. Control Them Over HTTP.

A server that runs inside your sandbox. Your app connects remotely to control Claude Code, Codex, OpenCode, or Amp — streaming events, handling permissions, managing sessions.

Documentation — API Reference — Discord

Running coding agents remotely is hard. Existing SDKs assume local execution, SSH breaks TTY handling and streaming, and every agent has a different API. Building from scratch means reimplementing everything for each coding agent.

Sandbox Agent solves three problems:

Coding agents need sandboxes — You can't let AI execute arbitrary code on your production servers. Coding agents need isolated environments, but existing SDKs assume local execution. Sandbox Agent is a server that runs inside the sandbox and exposes HTTP/SSE.
Every coding agent is different — Claude Code, Codex, OpenCode, and Amp each have proprietary APIs, event formats, and behaviors. Swapping agents means rewriting your integration. Sandbox Agent provides one HTTP API — write your code once, swap agents with a config change.
Sessions are ephemeral — Agent transcripts live in the sandbox. When the process ends, you lose everything. Sandbox Agent streams events in a universal schema to your storage. Persist to Postgres, ClickHouse, or Rivet. Replay later, audit everything.

Universal Agent API: Single interface to control Claude Code, Codex, OpenCode, and Amp with full feature coverage
Streaming Events: Real-time SSE stream of everything the agent does — tool calls, permission requests, file edits, and more
Universal Session Schema: Standardized schema that normalizes all agent event formats for storage and replay
Human-in-the-Loop: Approve or deny tool executions and answer agent questions remotely over HTTP
Automatic Agent Installation: Agents are installed on-demand when first used — no setup required
Runs Inside Any Sandbox: Lightweight static Rust binary. One curl command to install inside E2B, Daytona, Vercel Sandboxes, or Docker
Server or SDK Mode: Run as an HTTP server or embed with the TypeScript SDK
OpenAPI Spec: Well documented and easy to integrate from any language

The Sandbox Agent acts as a universal adapter between your client application and various coding agents. Each agent has its own adapter that handles the translation between the universal API and the agent-specific interface.

Embedded Mode: Runs agents locally as subprocesses
Server Mode: Runs as HTTP server from any sandbox provider

Architecture documentation

Component	Description
Server	Rust daemon (`sandbox-agent server`) exposing the HTTP + SSE API
SDK	TypeScript client with embedded and server modes
Inspector	inspect.sandboxagent.dev for browsing sessions and events
CLI	`sandbox-agent` (same binary, plus npm wrapper) mirrors the HTTP endpoints

Choose the installation method that works best for your use case.

Install skill with:

npx skills add rivet-dev/skills -s sandbox-agent

Import the SDK directly into your Node or browser application. Full type safety and streaming support.

Install

npm install sandbox-agent

Setup

Local (embedded mode):

import { SandboxAgent } from "sandbox-agent";

const client = await SandboxAgent.start();

Remote (server mode):

import { SandboxAgent } from "sandbox-agent";

const client = await SandboxAgent.connect({
  baseUrl: "http://127.0.0.1:2468",
  token: process.env.SANDBOX_TOKEN,
});

API Overview

const agents = await client.listAgents();

await client.createSession("demo", {
  agent: "codex",
  agentMode: "default",
  permissionMode: "plan",
});

await client.postMessage("demo", { message: "Hello from the SDK." });

for await (const event of client.streamEvents("demo", { offset: 0 })) {
  console.log(event.type, event.data);
}

SDK documentation — Building a Chat UI — Managing Sessions

Run as an HTTP server and connect from any language. Deploy to E2B, Daytona, Vercel, or your own infrastructure.

# Install it
curl -fsSL https://releases.rivet.dev/sandbox-agent/latest/install.sh | sh
# Run it
sandbox-agent server --token "$SANDBOX_TOKEN" --host 127.0.0.1 --port 2468

Optional: preinstall agent binaries (no server required; they will be installed lazily on first use if you skip this):

sandbox-agent install-agent claude
sandbox-agent install-agent codex
sandbox-agent install-agent opencode
sandbox-agent install-agent amp

To disable auth locally:

sandbox-agent server --no-token --host 127.0.0.1 --port 2468

Quickstart — Deployment guides

Install the CLI wrapper (optional but convenient):

npm install -g @sandbox-agent/cli

Create a session and send a message:

sandbox-agent api sessions create my-session --agent codex --endpoint http://127.0.0.1:2468 --token "$SANDBOX_TOKEN"
sandbox-agent api sessions send-message my-session --message "Hello" --endpoint http://127.0.0.1:2468 --token "$SANDBOX_TOKEN"
sandbox-agent api sessions send-message-stream my-session --message "Hello" --endpoint http://127.0.0.1:2468 --token "$SANDBOX_TOKEN"

You can also use npx like:

CLI documentation

Debug sessions and events with the Inspector UI.

Inspector documentation

Explore API — View Specification

Session Transcript Schema

All events follow a session transcript schema that normalizes differences between agents.

Often you need to use your personal API tokens to test agents on sandboxes:

sandbox-agent credentials extract-env --export

This prints environment variables for your OpenAI/Anthropic/etc API keys to test with Sandbox Agent SDK.

Works with your stack:

Want support for another agent or sandbox provider? Open an issue to request it.

Does this replace the Vercel AI SDK?

No, they're complementary. AI SDK is for building chat interfaces and calling LLMs. This SDK is for controlling autonomous coding agents that write code and run commands. Use AI SDK for your UI, use this when you need an agent to actually code.

Which coding agents are supported?

Claude Code, Codex, OpenCode, and Amp. The SDK normalizes their APIs so you can swap between them without changing your code.

How is session data persisted?

This SDK does not handle persisting session data. Events stream in a universal JSON schema that you can persist anywhere. See Managing Sessions for patterns using Postgres or Rivet Actors.

Can I run this locally or does it require a sandbox provider?

Both. Run locally for development, deploy to E2B, Daytona, or Vercel Sandboxes for production.

Does it support [platform]?

The server is a single Rust binary that runs anywhere with a curl install. If your platform can run Linux binaries (Docker, VMs, etc.), it works. See the deployment guides for E2B, Daytona, and Vercel Sandboxes.

Can I use this with my personal API keys?

Yes. Use sandbox-agent credentials extract-env to extract API keys from your local agent configs (Claude Code, Codex, OpenCode, Amp) and pass them to the sandbox environment.

Why Rust and not [language]?

Rust gives us a single static binary, fast startup, and predictable memory usage. That makes it easy to run inside sandboxes or in CI without shipping a large runtime, such as Node.js.

Why can't I just run coding agents locally?

You can for development. But in production, you need isolation. Coding agents execute arbitrary code — that can't happen on your servers. Sandboxes provide the isolation; this SDK provides the HTTP API to control coding agents remotely.

How is this different from the agent's official SDK?

Official SDKs assume local execution. They spawn processes and expect interactive terminals. This SDK runs a server inside a sandbox that you connect to over HTTP — designed for remote control from the start.

Why not just SSH into the sandbox?

Coding agents expect interactive terminals with proper TTY handling. SSH with piped commands breaks tool confirmations, streaming output, and human-in-the-loop flows. The SDK handles all of this over a clean HTTP API.

Storage of sessions on disk: Sessions are already stored by the respective coding agents on disk. It's assumed that the consumer is streaming data from this machine to an external storage, such as Postgres, ClickHouse, or Rivet.
Direct LLM wrappers: Use the Vercel AI SDK if you want to implement your own agent from scratch.
Git Repo Management: Just use git commands or the features provided by your sandbox provider of choice.
Sandbox Provider API: Sandbox providers have many nuanced differences in their API, it does not make sense for us to try to provide a custom layer. Instead, we opt to provide guides that let you integrate this project with sandbox providers.