When developers shift from single‑user to multi‑user agents, the location of the agent harness becomes a security and reliability linchpin. The harness loops through prompts, tool calls, and responses until the model signals completion. Choosing whether that loop runs inside or outside a sandbox shapes credential exposure, failure modes, and scaling strategy in production environments.

Inside the sandbox, the harness shares one container with the code it manipulates, mirroring Claude’s local laptop behavior. Tool calls execute directly on the host, and all skill and memory files live on the container’s filesystem. This simplicity favors single‑user setups but ties state to a single process tree during deployment cycles and maintenance tasks therefore.

Running the harness externally detaches credential handling from the sandbox, keeping API keys and database connections in the backend loop. The sandbox is invoked only for tool execution via an API, allowing it to suspend when idle. With Blaxel, cold starts shrink to 25 ms, keeping interactive turns seamless while preserving isolation for all operations in.

State persistence across sessions moves from a local filesystem to a shared Postgres database. The harness virtualizes file paths: workspace files go to the sandbox, while skill and memory paths hit the database. This design keeps multiple engineers’ memories in sync without a distributed filesystem, eliminating conflict and ensuring consistent agent knowledge for all future.