DigiNews

Summary

The article argues that an agent harness should run outside the sandbox in multi-user environments due to security, durability, and flexibility. It outlines two architectures—inside vs outside the sandbox— and explains why the outside model allows credentials to remain secure, enables suspend-resume behavior, and supports a dual-backend filesystem that routes workspace data to the sandbox and memories/skills to a Postgres database. It also discusses tradeoffs, the challenge of staying compatible with evolving LLM capabilities, and notes practical considerations such as Bash bypass risks and the need for durable execution via tools like Inngest.