// the find
kubernetes-sigs/agent-sandbox
agent-sandbox enables easy management of isolated, stateful, singleton workloads, ideal for use cases like AI agent runtimes.
A Kubernetes SIG-Apps project adding a `Sandbox` CRD that manages single, stateful, singleton pods with stable identity and persistent storage — filling the gap between Deployments (stateless) and StatefulSets (numbered sets). Primary target is AI agent code execution environments, dev sandboxes, and Jupyter-style persistent sessions. Still v1beta1 / early-stage.
- Clean layered architecture: core Sandbox CRD handles the basics, then SandboxTemplate/SandboxClaim/SandboxWarmPool extensions add pooling and templating without muddying the core API surface.
- WarmPool pre-warming is genuinely useful for AI agent use cases where cold-start latency matters — this is a concrete operational feature, not just a conceptual abstraction.
- Both Go and Python client SDKs ship with the repo, including async variants in Python, which is the right call given the async-heavy nature of LLM frameworks that would consume this.
- Living under kubernetes-sigs with KEP docs and a proper CLA/CI pipeline means API design follows k8s conventions and has a realistic path toward GA stability, unlike most vendor-backed CRD projects.
- v1beta1 API with no stated GA timeline means adopters are signing up for breaking changes; the hibernation/resume features advertised in the README are still roadmap items, so the current feature set is basically a wrapper around a single-pod StatefulSet.
- The Python SDK has a gke_extensions/snapshots package that hardcodes GKE-specific CRDs — the project claims vendor-neutral runtime support but the SDK already has GKE tentacles, which will be a footgun for anyone running on EKS or bare-metal.
- No multi-tenancy or RBAC guidance: in a multi-tenant AI agent scenario (the primary advertised use case) you need strong namespace isolation and admission controls, none of which are addressed.
- The 'memory sharing across sandboxes' and 'automatic resume on network connection' features listed as desired characteristics have no implementation or even design docs yet, so the gap between the pitch and what's actually shipped is significant.