Agent
An Agent is the running code.
The actual application: a Claude Code instance, a LangChain ReAct loop, a custom Python script using the
tappass-agentSDK.The Agent is the consumer of Policy. The Sandbox is the envelope it runs inside.
At a glance
Section titled “At a glance”| Is | the running code (Claude Code, LangChain, custom Python, …) |
| Lives within | one Project |
| Inherits Policy from | org → project → its own overrides (cascade) |
| Runs in | one or more Sandboxes (one per machine / deployment) |
| Has | one or more Sessions (each = one continuous run) |
Agent vs. Sandbox — the difference
Section titled “Agent vs. Sandbox — the difference”This trips people up. Two distinct things:
| Term | What it is | Examples |
|---|---|---|
| Agent | The application logic | "claude-code", "support-emailer-bot", "refund-processor-v2" |
| Sandbox | The runtime envelope it executes within | "support-emailer-bot running on tenant-acme's host" |
One Agent can have many Sandboxes — one Sandbox per machine where the Agent is deployed. Each Sandbox enforces the same Policy (the Agent's effective Policy after cascade), via the same Compiled Policy, but as a separate isolated runtime.
Think:
- Agent = the recipe (the Docker image, the Python package, the Claude Code installation)
- Sandbox = the actual running container / process / installation
Where Agents sit in the picture
Section titled “Where Agents sit in the picture” Org │ ▼ Project (e.g. "Customer support") │ │ contains ▼ Agent (e.g. "support-emailer-bot") │ │ deployed as ▼ Sandbox (e.g. on tenant-acme's host machine) │ │ has many ▼ Sessions (each = one continuous run)What "Agent" looks like for the four v1 targets
Section titled “What "Agent" looks like for the four v1 targets”| Target | What "the Agent" actually is |
|---|---|
| Claude Code | The Claude Code installation on a developer's laptop |
| LangChain (via tappass-agent SDK) | A Python process running a LangChain ReAct loop, importing tappass_agent |
| OpenShell + Monty | These are Provider targets, not Agents — they're enforcement layers around the Agent. The Agent is whatever code runs inside the OpenShell sandbox / Monty interpreter. |
Surfaces
Section titled “Surfaces”| Persona | Surface | What you do |
|---|---|---|
| Project admin | tappass agent create / list | Register an Agent within a Project |
| Agent owner | tappass policy apply --level agent=<id> | Author per-Agent overrides |
| Agent owner | tappass-host start <sandbox-name> --agent <agent-id> | Provision a Sandbox running this Agent |