Where to Run the LLM Agent Harness: Sandbox vs. Local Architecture Tradeoffs

Andrea Luzzardi

29d ago· 11 min readenInsight

100/100

Golden Brown

Bagelometer↗

Fresh out the oven, still warm. Top of the tray.

Score100TypeanalysisSentimentneutral

Summary

This article explores the architectural decision of where to run an LLM agent harness — the core loop that drives an agent by sending prompts, executing tool calls, and feeding results back. It compares two approaches: running the harness inside the sandbox (alongside the LLM) versus outside the sandbox (on the user's local machine or server). The piece details the security implications, failure modes, and capability tradeoffs of each architecture, particularly contrasting single-user and multi-user agent scenarios. It also discusses how skills and memories work when the harness runs outside the sandbox, offering practical guidance for engineers building production agent systems.

Key quotes

· 3 pulled

An agent harness is the loop that drives an LLM. It sends a prompt, gets a response, executes the tool calls the model requested, feeds the results back, and repeats until the model says it's done.

There are two answers. They have different security properties, different failure modes, and different implications for what the agent can do.

The tradeoffs also look different depending on whether you're building a single-user agent (one engineer on a laptop) or a multi-user one (dozens of engineers in the same organization sharing the...)

Snippet from the RSS feed

Two architectures for running agent harnesses, the tradeoffs between them, and how we make skills and memories work when the harness isn't local.