background-agents
agent
Fail
Health Pass
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 32 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in packages/agent-configuration/package.json
- rm -rf — Recursive force deletion command in packages/agents/package.json
- process.env — Environment variable access in packages/agents/scripts/generate-jsonl-references.ts
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides an SDK and a web interface for running AI coding agents inside isolated Daytona sandboxes. It connects to GitHub repositories, allowing autonomous agents to securely read and modify code.
Security Assessment
The overall risk is Medium. The tool requires access to environment variables to manage credentials, GitHub connections, and sandbox deployments. By design, it executes shell commands, runs code, and makes network requests to the Daytona API, GitHub, and Claude. There are no hardcoded secrets. However, the automated scanner flagged recursive force deletion commands (`rm -rf`) inside the `package.json` files of two packages (`agents` and `agent-configuration`). While this is a common practice for cleaning build directories during local development rather than a malicious payload, you should verify the exact file paths targeted by these scripts before deploying.
Quality Assessment
The project has an explicit Apache-2.0 license and is clearly maintained (the last push was less than a day ago). It is a newer tool with 32 GitHub stars, meaning it has a small but growing user base. The repository is well-organized, featuring modular packages, standalone apps, and dedicated documentation for development and testing.
Verdict
Use with caution: the architecture is transparent and the project is actively maintained, but you should review the build scripts to ensure the `rm -rf` commands only delete safe local directories before integrating it into your workflow.
This tool provides an SDK and a web interface for running AI coding agents inside isolated Daytona sandboxes. It connects to GitHub repositories, allowing autonomous agents to securely read and modify code.
Security Assessment
The overall risk is Medium. The tool requires access to environment variables to manage credentials, GitHub connections, and sandbox deployments. By design, it executes shell commands, runs code, and makes network requests to the Daytona API, GitHub, and Claude. There are no hardcoded secrets. However, the automated scanner flagged recursive force deletion commands (`rm -rf`) inside the `package.json` files of two packages (`agents` and `agent-configuration`). While this is a common practice for cleaning build directories during local development rather than a malicious payload, you should verify the exact file paths targeted by these scripts before deploying.
Quality Assessment
The project has an explicit Apache-2.0 license and is clearly maintained (the last push was less than a day ago). It is a newer tool with 32 GitHub stars, meaning it has a small but growing user base. The repository is well-organized, featuring modular packages, standalone apps, and dedicated documentation for development and testing.
Verdict
Use with caution: the architecture is transparent and the project is actively maintained, but you should review the build scripts to ensure the `rm -rf` commands only delete safe local directories before integrating it into your workflow.
Run AI coding agents in isolated sandboxes connected to your GitHub repositories
README.md
Daytona Background Agents
Building blocks for building applications with AI coding agents running in isolated Daytona sandboxes.
Packages
| Package | Description |
|---|---|
web |
Standalone chat app for AI coding agents |
agents |
TypeScript SDK for running AI coding agents in Daytona sandboxes |
agent-configuration |
Agent configuration and policy rules for blocking dangerous operations |
claude-credentials |
Claude Code OAuth credential generation via ccauth and Daytona |
common |
Shared utilities and types |
terminal |
WebSocket-based PTY terminal for Daytona sandboxes |
Quick Start
npm install
npm run dev
Opens the web app at http://localhost:4000.
Development
See DEVELOPMENT.md for local setup (database, environment variables) and TESTING.md for tests.
Deployment
The web package deploys to Vercel. See packages/web/README.md for configuration.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found