Documentation Index
Fetch the complete documentation index at: https://docs.litellm-agent-platform.ai/llms.txt
Use this file to discover all available pages before exploring further.
Components
| Component | Where it runs | What it does |
|---|---|---|
| Web | Next.js app (Render / EKS) | UI, REST API, session orchestration |
| Worker | Background process | Reconciler for session lifecycle, idle reaping |
| Sandbox controller | Kubernetes (kind / EKS) | Manages Sandbox custom resources from kubernetes-sigs/agent-sandbox |
| Harness pod | Inside the sandbox | Runs the agent — Claude Code, Codex, opencode, claude-agent-sdk |
| Vault sidecar | Inside the sandbox | HTTPS proxy; swaps stub credentials for real keys at the wire |
Request flow
- Client (UI / CLI / API) hits the web service.
- Web creates a
SandboxCR; the controller schedules a pod. - Pod boots with vault sidecar + harness container. Stubs are injected into the harness env.
- Harness clones the repo, installs deps, listens on its protocol — JSON (
/message) or PTY (/tty). - Client streams messages or attaches a terminal.
- Outbound HTTPS from the harness flows through the vault sidecar, which swaps stubs for real credentials.
Why Kubernetes
- Portable: kind locally, EKS / GKE / AKS / on-prem in production.
- Pod-level isolation, RBAC, network policies — off-the-shelf.
- gVisor / Kata runtimes available via the CRD’s
runtimeClass. - No cloud-provider lock-in for the sandbox runtime path.