feat(langchain): add LangChain DeepAgents backend adapter

[johannhartmann]

What This Does

This adds a LangChain DeepAgents backend implementation that uses agent-sandbox for isolated code execution. It lets LangChain agents spin up Sandboxes on the fly to run code, read/write files, and clean up after themselves.

We've been using this at Mayflower to run LangChain agents on our clusters and wanted to contribute it back upstream.

Changes

1. SandboxClient enhancements (clients/python/agentic-sandbox-client/)

• claim_name parameter for SandboxClaim-based provisioning (warm pool support)
• delete_on_exit parameter for automatic cleanup
• connect() classmethod for reconnecting to existing sandboxes
• delete() method and was_reconnected property

2. New langchain-agent-sandbox package (clients/python/langchain-agent-sandbox/)

• Implements BackendProtocol from langchain-deepagents
• Factory pattern via SandboxBackendFactory for multi-agent use
• Configurable cleanup policies (delete on exit, keep on error, etc.)
• Warm pool support via SandboxClaim integration
• Unit tests covering backend lifecycle, file operations, and policies

3. Example application (examples/langchain-deepagents/)

• Working example with skills, sandbox template, and a kind cluster test script

4. E2E test (test/e2e/clients/python/)

• End-to-end test for the backend running against a kind cluster

How to Test

# Unit tests
uv pip install -e clients/python/agentic-sandbox-client
uv pip install -e clients/python/langchain-agent-sandbox[test]
uv run pytest clients/python/langchain-agent-sandbox/tests/test_backend.py -v

# E2E (requires kind cluster with extensions)
make deploy-kind EXTENSIONS=true
uv run pytest test/e2e/clients/python/test_e2e_langchain_backend.py -v

Notes

• This depends on the langchain-deepagents package from LangChain
• Happy to split this into smaller PRs if that's easier to review
• Any feedback on the approach or API design is very welcome!

[netlify]

✅ Deploy Preview for agent-sandbox canceled.

Name	Link
🔨 Latest commit	daeb330
🔍 Latest deploy log	https://app.netlify.com/projects/agent-sandbox/deploys/69a30ede19a47c00087269ba

[linux-foundation-easycla]

• ❌ - login: @johannhartmann / name: Johann-Peter Hartmann . The commit (2665dee, 35462c3, 3aa91a8, 58d4bc4, 8ae2861, 9fbff0f, d82588f, daeb330, e71a4d4, e83e461, f308788, f7f6921) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.

[k8s-ci-robot]

Welcome @johannhartmann!

It looks like this is your first PR to kubernetes-sigs/agent-sandbox 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/agent-sandbox has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @johannhartmann. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[janetkuo]

/ok-to-test

[janetkuo]

FYI - in case you find it cumbersome to maintain this diagram, GitHub supports mermaid diagrams via ```mermaid: https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-mermaid-diagrams

[janetkuo]

nit: 2026 (and other places too!)

Suggested change

	# Copyright 2025 The Kubernetes Authors.
	# Copyright 2026 The Kubernetes Authors.

[janetkuo]

The API group for SandboxTemplate should be:

Suggested change

	apiVersion: agents.x-k8s.io/v1alpha1
	apiVersion: extensions.agents.x-k8s.io/v1alpha1

[janetkuo]

Before reconnecting, should it verify that the existing claim was created from the same template_name? Otherwise, it might be surprising.

[janetkuo]

Perhaps this needs to be renamed, given that it supports reconnecting as well (something like _setup_claim perhaps?) Reminder to update trace_span as well.

[janetkuo]

We should clear self.claim_name as well, so that we don't attempt to delete the same claim again (will result in 404)

[janetkuo]

This can be bypassed by variations like rm -r -f or using aliases. Suggest adding a warning in the doc that this is a best-effort guardrail and not a substitute for kernel-level isolation (like gVisor).

[janetkuo]

A malicious agent could bypass /etc using a path like /app/../etc. Does SandboxPolicyWrapper use something like os.path.abspath() or os.path.realpath()?

[janetkuo]

@johannhartmann thanks for the PR! Reminder to sign the CLA following #310 (comment)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: johannhartmann
Once this PR has been reviewed and has the lgtm label, please ask for approval from janetkuo. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[janetkuo]

From the test failure test/e2e/clients/python/test_e2e_langchain_backend.py: ModuleNotFoundError: No module named 'langchain_agent_sandbox' the langchain-agent-sandbox package needs to be installed first

[k8s-ci-robot]

@johannhartmann: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
presubmit-agent-sandbox-e2e-test	daeb330	link	true	/test presubmit-agent-sandbox-e2e-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.