Sandboxed Code Execution for AI Agents

1.4.0 · active · verified Thu Apr 09

SWE-ReX (SWE-agent Remote Execution Framework) is a Python library designed for sandboxed code execution for AI agents. It provides a flexible runtime interface for interacting with shell environments, supporting execution locally or remotely across various platforms like Docker containers, AWS Fargate, Modal, and Daytona. This enables massively parallel agent runs and disentangles agent logic from infrastructure concerns, making it a core component for projects like SWE-agent. Currently at version 1.4.0, SWE-ReX maintains an active development cycle with regular updates enhancing backend support and overall stability.

Warnings

gotcha When using `LocalDeployment`, commands are executed directly on your host machine without any sandboxing. Exercise extreme caution, especially with administrative commands.
Fix: For sandboxed execution, use `DockerDeployment`, `ModalDeployment`, `FargateDeployment`, or `DaytonaDeployment`. Review commands thoroughly before execution in local mode.
gotcha Versions prior to v1.2.1 could experience `TemporaryDirectory` cleanup issues on Windows, potentially leaving temporary files or directories behind.
Fix: Upgrade to `swe-rex` version 1.2.1 or newer.
gotcha In some Docker environments, particularly when integrating with tools like SWE-agent, the `swe-rex` server installed via `pipx` might not be correctly added to the system's `PATH` variable.
Fix: Ensure that the `PATH` environment variable inside your Docker container explicitly includes the `pipx` installation directory (e.g., `ENV PATH="$PATH:/root/.local/bin/"`) after running `pipx ensurepath`.
gotcha Older versions (prior to v1.4.0) had a hardcoded Python runtime value which could lead to Docker build failures when running in default configurations or with specific projects like SWE-agent.
Fix: Upgrade to `swe-rex` v1.4.0 or newer. This version includes a fix for the hardcoded Python runtime value, improving Docker build stability.
gotcha Users might encounter 'Runtime did not start within timeout' errors, especially in CI/CD environments like GitHub Actions. This often indicates issues with port allocation or insufficient startup time.
Fix: Check for available ports, increase `startup_timeout` in your deployment configuration (e.g., `DockerDeploymentConfig(startup_timeout=300.0)`), and ensure Docker/container runtime is properly configured and accessible within the environment.

Install

pip install swe-rex Base installation
pip install 'swe-rex[modal]' With Modal support
pip install 'swe-rex[fargate]' With AWS Fargate support
pip install 'swe-rex[daytona]' With Daytona support
pip install 'swe-rex[dev]' All optional dependencies for development

Imports

LocalDeployment

from swerex.deployment.local import LocalDeployment

DockerDeployment

from swerex.deployment.docker import DockerDeployment

CreateBashSessionRequest

from swerex.runtime.abstract import CreateBashSessionRequest

BashAction

from swerex.runtime.abstract import BashAction

Command

from swerex.runtime.abstract import Command

Quickstart

This quickstart demonstrates how to set up `swe-rex` with both local and Docker deployments. It shows how to execute single commands and interact with a persistent bash session. Remember that `LocalDeployment` executes commands directly on your machine without sandboxing. For sandboxed environments, `DockerDeployment` (or cloud deployments like Modal/Fargate/Daytona) are recommended.

import asyncio
from swerex.deployment.local import LocalDeployment
from swerex.deployment.docker import DockerDeployment
from swerex.runtime.abstract import CreateBashSessionRequest, BashAction, Command
import os

async def run_code_with_deployment(deployment_type: str):
    if deployment_type == "local":
        # LocalDeployment runs on your machine WITHOUT sandboxing. Be cautious.
        deployment = LocalDeployment()
        print("Running locally (no sandboxing by default). Be careful with commands!")
    elif deployment_type == "docker":
        # DockerDeployment provides sandboxing
        # Ensure Docker is running. You might need to pull the image first if not cached.
        deployment = DockerDeployment(image="python:3.12")
        print("Running in a Docker sandbox...")
    else:
        raise ValueError("Invalid deployment type")

    try:
        await deployment.start()
        runtime = deployment.runtime

        # Execute one-off commands
        print(f"Executing: echo Hello, world! from {deployment_type}")
        result = await runtime.execute(Command(command=["echo", f"Hello, world! from {deployment_type}"]))
        print(f"Output: {result.stdout.strip()}\n")

        # Create a bash session for persistent state
        await runtime.create_session(CreateBashSessionRequest())

        print(f"Running in session: export MYVAR='test_{deployment_type}'")
        await runtime.run_in_session(BashAction(command=f"export MYVAR='test_{deployment_type}'"))

        print(f"Running in session: echo $MYVAR")
        result_session = await runtime.run_in_session(BashAction(command="echo $MYVAR"))
        print(f"Output from session: {result_session.stdout.strip()}\n")

    finally:
        await deployment.stop()

async def main():
    print("--- Local Deployment Example ---")
    await run_code_with_deployment("local")

    print("\n--- Docker Deployment Example ---")
    await run_code_with_deployment("docker")

if __name__ == "__main__":
    # os.environ['MODAL_TOKEN_ID'] = os.environ.get('MODAL_TOKEN_ID', '') # For ModalDeployment
    # os.environ['MODAL_TOKEN_SECRET'] = os.environ.get('MODAL_TOKEN_SECRET', '') # For ModalDeployment
    # ... similarly for AWS or Daytona credentials if used ...
    asyncio.run(main())

view raw JSON →