May 2, 2026
Sandbox soap opera
The agent harness belongs outside the sandbox
Why techies are fighting over where the AI ‘brain loop’ should live
TLDR: The company says an AI agent works best when its control loop runs outside the locked-down workspace, mainly to protect secrets and make team use easier. Commenters weren’t sold: some said that safety layer itself isn’t trustworthy yet, while others mocked the whole debate as another round of AI architecture chaos.
A surprisingly spicy fight broke out over a very nerdy question: should an AI agent’s control loop — basically the part that keeps asking questions, using tools, and deciding what to do next — live inside a locked-down work box, or outside it on a company server? The article firmly picks outside, arguing it keeps passwords and sensitive access away from the AI, lets companies pause the work box when it’s idle, and makes it easier for teams to share notes and recover when a session crashes. In plain English: keep the AI’s keys out of the room and make the room disposable.
But the comments? Absolutely not a calm agreement. One camp basically said, “You trust the control system more than the AI? Bold of you.” That was the loudest mood in the room: some readers think the so-called safety layer is evolving so fast that trusting it outside the box feels like moving the danger, not removing it. Another crowd rolled their eyes at what they saw as a fake either/or debate, with one commenter arguing you could just give the agent a full computer and isolate it properly. Others were hung up on the article’s claim that some tasks don’t need a sandbox at all, replying with a skeptical version of: if it can call outside services, it still needs boundaries.
The funniest running gag was that everyone seems to be rebuilding these systems every few months anyway. One commenter basically turned the whole industry into a meme: every company keeps rewriting the same AI plumbing while pretending it’s settled science. Translation: the hottest standard in AI right now is constant chaos.
Key Points
- •The article defines an agent harness as the control loop that prompts an LLM, executes requested tools, feeds results back, and repeats until the task is complete.
- •It compares two architectures: running the harness inside the sandboxed container or running it on a backend outside the sandbox and calling tools through an API.
- •The inside-the-sandbox approach is described as simpler and compatible with off-the-shelf harnesses because it preserves local process, filesystem, and state assumptions.
- •The outside-the-sandbox approach is presented as keeping credentials out of the sandbox, allowing sandboxes to be provisioned or suspended on demand, and enabling failed sandboxes to be replaced without ending the session.
- •The authors say they chose the outside model and identified durable execution as a core requirement, using Inngest because agent sessions can run for hours and must survive deploys and failures.