The agent harness belongs outside the sandbox
The article discusses two architectural approaches for running agent harnesses—inside versus outside a sandbox—and the tradeoffs involved. Running the harness outside the sandbox enhances security, enables resource efficiency, and supports multi-user environments by isolating credentials and allowing sandbox suspension. The authors chose the outside model and detail solutions for durable execution, shared state, and filesystem abstraction.
- ▪An agent harness manages the loop that drives an LLM by sending prompts, executing tool calls, and iterating until completion.
- ▪Running the harness inside the sandbox uses a single container with local filesystem access but limits security and scalability.
- ▪Running the harness outside keeps credentials secure, allows sandbox suspension, and supports multi-user setups through shared databases.
- ▪With the harness outside, durable execution must be managed across deploys and failures, as the loop can't rely on in-memory state.
- ▪Moving the harness out breaks off-the-shelf local harnesses that assume direct filesystem access.
Opening excerpt (first ~120 words) tap to expand
BlogThe Agent Harness Belongs Outside the SandboxAndrea Luzzardi·Apr 10, 2026·7 min read{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Agent Harness Belongs Outside the Sandbox","description":"Two architectures for running agent harnesses, the tradeoffs between them, and how we make skills and memories work when the harness isn't local.","url":"https://mendral.com/blog/agent-harness-belongs-outside-sandbox","mainEntityOfPage":"https://mendral.com/blog/agent-harness-belongs-outside-sandbox","datePublished":"2026-04-10","author":{"@type":"Person","name":"Andrea Luzzardi"}}An agent harness is the loop that drives an LLM. It sends a prompt, gets a response, executes the tool calls the model requested, feeds the results back, and repeats until the model says it's done.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Hacker News: Front Page.
Discussion
0 commentsMore from Hacker News: Front Page
