Running the agent harness outside the sandbox keeps credentials isolated, enables sandbox suspension, and turns multi-user memory into a database problem instead of a distributed filesystem problem.
Key Takeaways
Two architectures exist: harness inside the sandbox (simple, local filesystem, off-the-shelf Claude Code SDK) vs. harness outside (API calls into sandbox, credentials never enter sandbox).
Outside model enables 25ms sandbox resume via Blaxel and suspension during LLM calls, thinking, and CI waits, cutting idle compute significantly.
Durable execution runs on Inngest: each agent turn is a checkpointed step, surviving deploys and instance failures across hour-long sessions.
Skills and memories are virtualized: the harness routes reads/writes by path prefix, sending workspace paths to the sandbox and .claude/skills/ and .claude/memory/ paths to Postgres.
Adding memory_read/memory_write tools hurts model quality; keeping the trained API surface (read, write, edit) and virtualizing on the backend preserves RL-trained behavior.
