--- id: wiki-2026-0508-artifacts-and-infrastructure title: Artifacts & Infrastructure (Agentic Systems) category: 10_Wiki/Topics status: verified canonical_id: self aliases: [agent artifacts, sandbox, microVM, container isolation, agent infrastructure, artifact store] duplicate_of: none source_trust_level: B confidence_score: 0.88 verification_status: applied tags: [agent, infrastructure, sandbox, docker, microvm, artifacts, e2b, modal, fly-machines, agent-harness] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: TypeScript / Python framework: Docker / Firecracker / E2B / Modal / Fly Machines --- # Artifacts & Infrastructure ## 📌 한 줄 통찰 > **"매 agent 의 physical body"**. 매 produced output (code, doc, image) 의 store + index + version. 매 execution 의 sandbox (container / microVM). 매 modern agent system 의 backbone — 매 E2B / Modal / Fly Machines. ## 📖 핵심 ### 매 artifact 의 종류 1. **Code**: file, snippet, PR. 2. **Document**: markdown, JSON, structured. 3. **Media**: image, video, audio. 4. **Data**: dataset, embedding. 5. **Trace**: thought process log. ### 매 artifact store 의 component - **Storage**: S3 / Minio / FS. - **Metadata**: id, type, parent, hash, timestamp. - **Index**: search (Elasticsearch / SQLite FTS). - **Versioning**: content-addressed (Git-like) or sequential. - **Access control**: per-user / per-agent. ### 매 reference vs full - 매 model context 의 limit → 매 reference id + summary 만 의 inject. - 매 full content 의 explicit fetch. - 매 attention budget 의 conserve. ### 매 execution infrastructure #### Container (Docker) - 매 standardized environment. - 매 image immutable. - 매 namespace isolation (PID, network, mount). - 매 cgroups resource limit. - ✅ 매 fast. - ❌ 매 kernel share (security weak). #### MicroVM (Firecracker) - 매 lightweight VM. - 매 hardware-virtualized. - 매 boot < 125 ms. - ✅ 매 strong isolation. - ❌ 매 slightly slower. - 매 AWS Lambda / Fly Machines 사용. #### gVisor (Google) - 매 user-space kernel. - 매 syscall intercept. - 매 between container + VM. #### WebAssembly (Wasm) - 매 sandbox by design. - 매 fast startup. - 매 language-agnostic. - 매 limited syscall. ### 매 modern agent infra - **E2B**: 매 Firecracker-based, 매 agent-focused. - **Modal**: 매 Python serverless + GPU. - **Fly Machines**: 매 microVM, 매 global. - **CodeSandbox**: 매 sandbox dev env. - **Replit Agent**: 매 in-IDE. - **Daytona**: 매 dev environment. ### 매 artifact lifecycle 1. **Create**: 매 agent 가 produce. 2. **Store**: 매 artifact store. 3. **Index**: 매 metadata + content search. 4. **Reference**: 매 future agent 의 cite. 5. **Version**: 매 update / rollback. 6. **Garbage collect**: 매 unused / TTL. ### 매 visualization - **HTML preview**: React, plain. - **Mermaid**: diagram. - **Markdown**: doc. - **CSV / Table**: data. - **Image / Video**: media. - **3D**: glb / gltf. → 매 user 의 immediate verification. ### 매 trade-off - **Storage cost**: 매 retention policy. - **Indexing latency**: 매 fast write 의 lazy index. - **Isolation strength**: 매 security ↑ → 매 perf ↓. - **Cold start**: 매 sandbox 의 fast boot. - **Secret management**: 매 leak 방지. ### 매 security - **Network egress**: 매 whitelist. - **Filesystem**: 매 read-only base + writable scratch. - **Resource limit** (CPU, memory, disk, time). - **Syscall filter** (seccomp). - **Secret injection**: 매 env var, 매 vault. - **Output scanning**: 매 secret leak detect. ## 💻 패턴 ### Artifact store (FS-based) ```ts import { createHash } from 'crypto'; import * as fs from 'fs/promises'; class ArtifactStore { async write(content: string | Buffer, metadata: Record) { const hash = createHash('sha256').update(content).digest('hex'); const path = `./artifacts/${hash.slice(0, 2)}/${hash}`; await fs.mkdir(path.split('/').slice(0, -1).join('/'), { recursive: true }); await fs.writeFile(path, content); await this.indexMetadata(hash, metadata); return { id: hash, path }; } async read(id: string): Promise<{ content: Buffer; metadata: any }> { const path = `./artifacts/${id.slice(0, 2)}/${id}`; const [content, metadata] = await Promise.all([ fs.readFile(path), this.fetchMetadata(id), ]); return { content, metadata }; } async indexMetadata(id: string, metadata: any) { // 매 SQLite / Elasticsearch await db.insert('artifacts', { id, ...metadata, ts: Date.now() }); } } ``` ### E2B sandbox (Python) ```python from e2b import Sandbox sandbox = Sandbox.create('python3') result = sandbox.run_code(""" import pandas as pd df = pd.DataFrame({'a': [1, 2, 3]}) print(df.sum()) """) print(result.text) # 매 stdout print(result.results) # 매 plotted image, table sandbox.close() ``` ### Modal (serverless GPU) ```python import modal app = modal.App('my-agent') image = modal.Image.debian_slim().pip_install('transformers', 'torch') @app.function(image=image, gpu='A10G', timeout=600) def run_inference(prompt: str) -> str: from transformers import pipeline pipe = pipeline('text-generation', model='meta-llama/Llama-3-8B') return pipe(prompt)[0]['generated_text'] @app.local_entrypoint() def main(): result = run_inference.remote('Hello') print(result) ``` ### Docker sandbox (limited) ```python import docker client = docker.from_env() def run_in_sandbox(code: str, language: str = 'python', timeout: int = 30): container = client.containers.run( f'sandbox-{language}', f'python -c "{code}"', mem_limit='512m', cpu_quota=50000, # 매 0.5 CPU network_disabled=True, read_only=True, tmpfs={'/tmp': 'size=64m'}, security_opt=['no-new-privileges'], cap_drop=['ALL'], detach=True, ) try: container.wait(timeout=timeout) return container.logs().decode() finally: container.remove(force=True) ``` ### Fly Machines (microVM) ```bash fly machine run python:3.11 \ --region sfo \ --vm-cpus 2 \ --vm-memory 1024 \ --env API_KEY=$API_KEY \ -- python /app/agent.py ``` ### Mermaid artifact preview ```ts function renderMermaidArtifact(diagram: string): string { return ` 
${escapeHtml(diagram)}
`; } ``` ### Secret leak detector ```python import re SECRET_PATTERNS = [ re.compile(r'AKIA[0-9A-Z]{16}'), # AWS re.compile(r'sk-[a-zA-Z0-9]{32,}'), # OpenAI re.compile(r'github_pat_[a-zA-Z0-9_]{82}'), re.compile(r'-----BEGIN (RSA |EC )?PRIVATE KEY-----'), ] def scan_for_secrets(artifact_content: str) -> list[str]: findings = [] for pattern in SECRET_PATTERNS: for match in pattern.findall(artifact_content): findings.append(redact(match)) return findings ``` ## 🤔 결정 기준 | 요구 | Infra | |---|---| | Untrusted code | E2B / Firecracker | | Trusted Python | Modal | | Long-running | Fly Machines | | Light isolation | Docker + seccomp | | Browser-side | Wasm | | Code preview | HTML iframe sandbox | | Permanent artifact | S3 + content-addressed | | Ephemeral | tmpfs + TTL | **기본값**: E2B (untrusted) + Modal (trusted) + S3 artifact store + content-hash dedup. ## 🔗 Graph - 부모: [[Agent-Architecture]] · [[Cloud-Infrastructure]] - 변형: [[Sandbox]] · [[Container]] · [[MicroVM]] · [[Wasm]] - 응용: [[E2B]] · [[Modal]] · [[Firecracker]] · [[gVisor]] - Adjacent: [[Tool-Use]] · [[Code-Execution]] ## 🤖 LLM 활용 **언제**: 매 agent system design. 매 sandbox selection. 매 artifact store schema. 매 security review. **언제 X**: 매 single trusted user (over-engineering). ## ❌ 안티패턴 - **Run untrusted in host**: 매 RCE. - **No resource limit**: 매 fork bomb. - **Network unrestricted**: 매 data exfil. - **Secret in env (logged)**: 매 leak. - **No TTL**: 매 storage bloat. - **Full content in context**: 매 attention waste. - **Container 의 security 의 over-trust**: 매 kernel CVE. ## 🧪 검증 / 중복 - Verified (E2B, Modal, Firecracker, AWS Lambda papers). - 신뢰도 B. - Related: [[Agent-Harness]] · [[Sandbox]] · [[E2B]] · [[Modal]] · [[Code-Execution]]. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — sandbox spectrum + lifecycle + 매 E2B / Modal / Docker / Fly code |