惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
V2EX
爱范儿
爱范儿
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
B
Blog RSS Feed
博客园 - 聂微东
G
GRAHAM CLULEY
Engineering at Meta
Engineering at Meta
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
Scott Helme
Scott Helme
AI
AI
S
Security Affairs
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
AWS News Blog
AWS News Blog
T
Threatpost
Cyberwarzone
Cyberwarzone
www.infosecurity-magazine.com
www.infosecurity-magazine.com
U
Unit 42
V
Vulnerabilities – Threatpost
J
Java Code Geeks
博客园 - Franky
月光博客
月光博客
Blog — PlanetScale
Blog — PlanetScale
NISL@THU
NISL@THU
D
Docker
小众软件
小众软件
N
News and Events Feed by Topic
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
A
Arctic Wolf
D
DataBreaches.Net
云风的 BLOG
云风的 BLOG
Forbes - Security
Forbes - Security
量子位
PCI Perspectives
PCI Perspectives
美团技术团队
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
I
InfoQ
Security Archives - TechRepublic
Security Archives - TechRepublic
有赞技术团队
有赞技术团队
腾讯CDC
P
Proofpoint News Feed
S
Security @ Cisco Blogs
G
Google Developers Blog
C
Cisco Blogs

TanStack Blog

TanStack Start and TanStack AI Win 2026 Open Source Awards | TanStack Blog How an Underrated Refactor Saved 90% Memory Usage | TanStack Blog TypeScript Performance in TanStack Table V9 | TanStack Blog TanStack AI Beta: The Switzerland of AI Tooling Grows Up | TanStack Blog TanStack Table V9: Taking Form | TanStack Blog TanStack AI: Your MCP, your way | TanStack Blog TanStack Start Adds First-Class Rsbuild Support | TanStack Blog Introducing Experimental Workflows and Orchestrators in TanStack AI | TanStack Blog Chat UIs Are Lists Until They Aren't | TanStack Blog Structured Output That Remembers Across Turns | TanStack Blog TanStack Virtual just got a lot faster, and finally handles iOS | TanStack Blog TanStack AI now fully speaks AG-UI | TanStack Blog Stop Waiting on JSON: Stream Structured Output with One Schema | TanStack Blog Hardening TanStack After the npm Compromise | TanStack Blog Postmortem: TanStack npm supply-chain compromise | TanStack Blog Who Owns the Tree? RSC as a Protocol, Not an Architecture | TanStack Blog TanStack AI Just Learned to Compose Music | TanStack Blog Your AI Tool Calls Should Fail at Compile Time, Not in Production | TanStack Blog One Flag, Every Chunk: Debug Logging Lands in TanStack AI | TanStack Blog How We Test TanStack AI Across 7 Providers on Every PR | TanStack Blog React Server Components Your Way | TanStack Blog Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog Solid 2.0 Beta Support in TanStack Router, Start, and Query | TanStack Blog TanStack Router's New Reactive Core: A Signal Graph | TanStack Blog TanStack DB 0.6 Now Includes Persistence, Offline Support, and Hierarchical Data | TanStack Blog We Removed 3rd Party Ads from TanStack.com | TanStack Blog 5x SSR Throughput: Profiling SSR Hot Paths in TanStack Start | TanStack Blog Lazy Tool Discovery: Scaling AI Tool Systems Without Drowning in Tokens | TanStack Blog TanStack AI Just Got Middleware — And It Changes Everything | TanStack Blog Talk to Your AI: Realtime Voice Chat in TanStack AI | TanStack Blog Generation Hooks: Type-Safe AI Beyond Chat | TanStack Blog TanStack + OpenRouter Partnership | TanStack Blog Introducing TanStack Intent: Ship Agent Skills with your npm Packages | TanStack Blog TanStack AI: Why We Split the Adapters | TanStack Blog The ai() Function That Almost Was | TanStack Blog TanStack AI Alpha 2: Every Modality, Better APIs, Smaller Bundles | TanStack Blog TanStack AI Alpha: Your AI, Your Way | TanStack Blog How We Track Billions of Downloads: The NPM Stats API Deep Dive | TanStack Blog The State of TanStack, Two Years of Full-Time OSS | TanStack Blog How we accidentally made route matching more performant by aiming for correctness | TanStack Blog TanStack DB 0.5 . Query-Driven Sync | TanStack Blog Directives and the Platform Boundary | TanStack Blog TanStack Start v1 Release Candidate | TanStack Blog Stop Re-Rendering. TanStack DB, the Embedded Client Database for TanStack Query | TanStack Blog Search Params Are State | TanStack Blog The Power in Pragmatism | TanStack Blog TanStack + Netlify Partnership | TanStack Blog Announcing TanStack Form v1 | TanStack Blog Why choose TanStack Start and Router? | TanStack Blog Why TanStack Start is Ditching Adapters | TanStack Blog A milestone for TypeScript Performance in TanStack Router | TanStack Blog Announcing TanStack Query v5 | TanStack Blog Announcing TanStack Query v4 | TanStack Blog TanStack Table + Ag-Grid Partnership | TanStack Blog
Run Any Coding Agent in a Sandbox, With One chat() Call | TanStack Blog
Alem Tuzlak · 2026-06-30 · via TanStack Blog

by Alem Tuzlak on Jun 30, 2026.

Run coding agents in a sandbox

Wiring a coding agent into your own app sounds simple until you actually do it. Then you hit two walls at once: every agent CLI speaks its own protocol, and every one of them wants to run somewhere it can touch a real filesystem and a shell.

So you write a bespoke adapter for Claude Code. A different one for Codex. A third for whatever ships next quarter. And then you still have to answer the scary question: where does this thing run, and what can it reach while it runs?

TanStack AI's new sandbox layer collapses both walls into one pattern. A coding agent runs inside an isolated sandbox, and its work streams straight back through the same chat() you already use. This post walks through how it fits together, and the part that has no equivalent anywhere else: plugging in any agent that speaks the Agent Client Protocol, with no dedicated package.

A "coding agent in your app" is really two independent decisions:

  • Which agent runs - Claude Code, Codex, OpenCode, Grok Build, or something newer.

  • Where it runs - your laptop for dev, a container for isolation, a cloud VM or the edge for production.

    Most setups hard-couple those two decisions. The agent's SDK assumes a runtime, the runtime assumes an agent, and swapping either one means rewriting the integration. You end up maintaining a matrix of glue you never wanted to own.

    The fix is to make both decisions independent and swappable, behind one interface. That is exactly what the sandbox layer does.

Here is a complete, runnable shape. An agent clones a repo into a Docker sandbox, fixes a bug, and streams its work back:

The harness adapter (grokBuildText) declares it needs a sandbox, withSandbox() provides one, and the agent's tool calls, file edits, and reasoning come back as the same AG-UI stream chunks any other adapter produces. Your UI does not need to know a coding agent is on the other end.

Everything below is a variation on this one snippet.

The provider owns isolation - where the agent actually runs. Every provider implements the same SandboxHandle contract, so swapping one is a one-line change to your sandbox definition:

There is also a Cloudflare provider for running the agent and a live preview at the edge. The workspace, secrets, and policy you attach do not change when you swap providers - only the isolation, auth, and snapshot behavior do.

The harness decides what runs. The first-class adapters cover the agents most people reach for:

  • @tanstack/ai-grok-build - grokBuildText

  • @tanstack/ai-claude-code - claudeCodeText

  • @tanstack/ai-codex - codexText

  • @tanstack/ai-opencode - opencodeText

    Switching agents is the other one-line change:

Same sandbox, same wiring, different agent. The two axes really are independent.

The part nobody else has: acpCompatible

First-class adapters are great until the agent you want does not have one. This is where most stacks stop and you go back to writing glue.

TanStack AI does not. The Agent Client Protocol (ACP) is a shared JSON-RPC protocol that a growing list of coding agents already speak. acpCompatible turns any of them into a chat() adapter, with no dedicated package. Think of it as the openaiCompatible of coding agents.

That is the whole integration. You describe how to launch the agent's ACP server, and acpCompatible handles the session, permissions, tool bridging, and translation into the same AG-UI stream as every other adapter.

The payoff is breadth. The ACP agents list already includes gemini --acp, Cursor, Goose, Cline, OpenHands, Qwen Code, Kimi CLI, Pi, and dozens more. Any of them drops into a sandbox with the snippet above. Like openaiCompatible, you can declare typed models and per-call modelOptions so the whole thing stays type-checked.

Because every harness runs through the same sandbox layer, capabilities are shared rather than re-implemented per agent:

  • Secrets - createSecrets() injects values into the agent's environment at create time. They are never written to snapshots or the event log.

  • Provisioning - clone a repo, run setup commands, and project workspace skills (files, instructions, MCP servers) into the harness's native conventions.

  • Streaming - text, reasoning, and tool activity come back as standard AG-UI chunks, so existing chat UIs render an in-sandbox agent with no changes.

  • Session resume - thread a session id back through modelOptions.sessionId to continue where the agent left off.

  • Guardrails - permission modes (and defineSandboxPolicy) decide what the agent may do without prompting.

The middleware ensures the sandbox exists, the adapter spawns the agent inside it, and the agent's protocol (ACP for the compatible path, native streams for the first-class ones) is translated back into the chunks your UI already speaks.

If you have ever wanted an agent to actually act on a real codebase - clone it, run the tests, edit files, hand back a diff - this is the shortest path there. Pick a provider, pick an agent (or bring your own ACP agent), and drive it with the chat() you already know.

Read the sandbox docs to get an agent fixing a bug in a sandbox on your laptop in a few minutes, then swap the provider when you are ready to ship.

One import. Any agent. Any sandbox.