Give agents
a secure runtime

Ephemeral, isolated sandboxes designed for agent-generated code.

Start building
Get a demo
Secure
Scalable
Stateful

Run untrusted code safely

Spin up ephemeral microVMs for agent-generated code. Agents get full root inside the sandbox, so they can install packages, run Docker, and do anything else you'd do on a Linux box. Your core infrastructure and other workloads stay untouched.

MicroVM isolation

Agent code runs in a dedicated VM, isolated from yourinfrastructure and from other sandboxes.

Auth Proxy for credentials

Inject credentials into outbound API requests from the sandbox, so your agent can call external services without secrets ever touching the runtime.

Framework-agnostic SDK

Use the Python or JS SDK with Deep Agents, another framework, or no framework at all.

Sub-second starts

Spin up hundreds of sandboxes in parallel with one SDK call. Prewarming keeps p50 latency under 1.12s, so agents get an environment the moment they need one.

Burst to thousands on demand

Launch fleets of sandboxes for evals, parallel agent runs, orRL training without rate limits or queueing.

Prewarmed pools

Keep a pool of sandboxes ready to go so agents pick up anenvironment instantly instead of waiting for one to boot.

Bring your own image

Define dependencies, CPU, and memory in a Docker image, then reuse it across sandboxes.

Built for long-running, statefulwork

Sessions run over WebSockets with streamed output, and state persists across threads. Sandboxes stay alive only as long as you need.

Configurable TTLs

Set inactive TTLs so idle sandboxes shut down automatically, and set hard TTLs to cap total runtime.

Snapshot and fork

Snapshot a running sandbox to capture its full state, then restore later to resume where you left off, or fork the snapshot into multiple sandboxes so an agent can branch and explore alternatives in parallel.

Port tunneling

Open any port inside the sandbox and tunnel it to your local machine to preview a running app, hit an HTTP endpoint, orconnect to a service the agent spun up.

Resources for LangSmith Sandboxes

Two patterns for agent sandboxes
Sandboxes overview
Sandboxes for Deep Agents

FAQs for LangSmith Sandboxes

What kind of isolation do sandboxes use?

Sandboxes are isolated environments that run agent code without affecting your main infrastructure. Each one uses microVM isolation and is ephemeral by default. Learn more.

How do I configure a Sandbox?

Bring your own Docker image or start from a template. Templates let you define container images, resource limits, volumes, and Auth Proxy configuration, then reuse them across sandboxes. Learn more.

How do credentials work if code runs in an isolated environment?

The Auth Proxy injects credentials into outbound API requests from the sandbox, so your agent can call external services without secrets ever touching the runtime. Learn more.

Do I need LangChain or LangGraph to use sandboxes?

No. Sandboxes are framework agnostic. They work with the Python and TypeScript LangSmith SDKs and integrate with Deep Agents, but you can use them with any framework or none at all. Learn about LangSmith Sandbox SDK.

What languages and runtimes are supported?

Anything you can package in a Docker image runs inside a sandbox. The Python and TypeScript SDKs are available for creating and managing sandboxes from your code. Learn about LangSmith Sandbox SDK.

How much do langSmith Sandboxes cost?

See our pricing page for more information, and find a plan that works for you.

Ready to ship agents that execute code?

Give your agents an isolated runtime without exposing your infrastructure. Spin one up in a single SDK call.

Start building
Get a demo