Documentation/docs/managed-agents/environments

#Environments

An environment describes the runtime surface for sessions: package configuration and networking policy.

Official reference: Claude Managed Agents environments.

Create An Environment#

typescript
const environment = await client.beta.environments.create({
    name: "node-test-env",
    config: {
        type: "cloud",
        networking: {
            type: "limited",
            allowed_hosts: ["api.example.com"],
            allow_package_managers: true,
            allow_mcp_servers: true,
        },
        packages: {
            type: "packages",
            npm: ["typescript", "tsx"],
            pip: ["pytest==8.3.4"],
        },
    },
});

Supported Configuration#

Only type: cloud environments are accepted today.

AreaSupported values
Networkingunrestricted or limited
Package managersapt, cargo, gem, go, npm, pip

unrestricted maps to a Sandbox0 allow-all network policy. limited maps to a block-all policy with explicit allowed domains.

Package Dependencies#

Put repeatable project dependencies in config.packages instead of installing them from inside every session. For example, declare Node.js tools such as tsx, Python test dependencies such as pytest==8.3.4, or system packages that every session should have available.

Package CLIs are exposed through the normal language toolchain entry points, so declared tools can be invoked by command name when the package manager installs a binary. For example, an environment with npm: ["tsx"] can run tsx, and an environment with pip: ["pytest==8.3.4"] can run pytest.

Best practices:

  • Pin versions for packages that affect builds or tests.
  • Keep interactive or task-specific installs in the session workspace, not in the reusable environment.
  • For limited networking, set allow_package_managers: true when the environment needs to fetch packages during setup.
  • Update the environment when shared dependencies change, then create new sessions from the updated environment.

Sessions created from an environment have the declared packages available at startup. A session keeps using the package set it was created with, so later environment updates do not change already-running sessions.

Limited Networking#

For limited environments, Sandbox0 builds allowed domains from:

  • networking.allowed_hosts
  • Package manager registries when allow_package_managers is enabled
  • MCP server hosts when allow_mcp_servers is enabled
  • Sandbox0 runtime callback and platform domains
  • Credential vault target domains

The final policy is enforced by Sandbox0 network policy and credential projection, not by application code inside the agent.

Sandbox0 Notes#

  • Reserved sandbox0.managed_agents.* metadata keys are not accepted on environments.
  • Updating an environment does not retroactively rebuild already pinned session artifacts.

Next Steps#

Sessions

Create sessions that bind an agent snapshot to an environment and vaults.

Events

Append user input, stream agent output, and interpret retry lifecycle events.