Quickstart - Agentix

This quickstart walks the shortest end-to-end Agentix flow:

Declare deps in a normal Python project.
agentix build packages the project + every transitive dep into a self-contained bundle — no FROM, no pip install at run time, just a Nix closure under /nix/store/....
Deploy a sandbox: the bundle is overlaid onto a task base image with --volumes-from. Different task images, same runtime.
Call a remote function with RuntimeClient.remote(fn, …).

Prerequisites

Python 3.11 or newer
Docker (Engine 20.10+; 25.0+ recommended once --mount type=image stabilizes)
Nix on the build host (the framework vendors a pinned Nixpkgs revision)
uv for dependency locking (uv.lock is mandatory — uv2nix reads it to build the Python closure)

One project, two images

The two-image model is the heart of Agentix:

bundle — the bundle from agentix build. Generic and reusable. Holds Python, agentixx, every plugin, your code, all transitive deps under /nix/store/... with libc vendored.
image — the task-specific base the workload runs in (a SWE-bench task image, a customer environment, plain Ubuntu, …).

DockerDeployment mounts the runtime’s /nix into the task container at sandbox-create time. The Python interpreter, agentix-server, your code, and the plugin binaries (bash, coreutils, …) all live under /nix/runtime/bin/ and resolve regardless of the task image’s distribution.

Layout

hello-agentix/
├── pyproject.toml
├── uv.lock                       # run `uv lock`
├── run.py                        # host orchestrator
└── src/
    └── hello_agentix/
        └── __init__.py           # sandbox-side module (placeholder here)

pyproject.toml
src/hello_agentix/__init__.py
uv.lock

[project]
name = "hello-agentix"
version = "0.1.0"
requires-python = ">=3.11"
dependencies = [
    "agentixx>=0.1.5",
    "agentix-runtime-basic>=0.1.4",      # bash + files namespaces
    "agentix-deployment-docker>=0.1.4",  # local-docker backend
]

[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"

[tool.hatch.build.targets.wheel]
packages = ["src/hello_agentix"]

# Pure placeholder for this quickstart — bash.run from
# agentix-runtime-basic does all the work.
#
# Add your own functions when you outgrow bash:
#
#     async def greet(name: str) -> str:
#         return f"hello {name} from inside the sandbox"

Run once and commit:

uv lock

agentix build refuses to run without it — uv2nix reads the lock to construct a deterministic Python closure.

Install + build

cd hello-agentix
uv sync
uv run agentix build . --name hello-agentix
# → docker images now has hello-agentix:0.1.0 and hello-agentix:latest

agentix build does, in order:

Stages your project + every plugin’s default.nix (each plugin ships its system deps next to its Python module).
Runs nix build against the vendored Nixpkgs pin: uv2nix produces a derivation for every entry in uv.lock, symlinkJoin merges them with the plugin trees.
Streams the resulting dockerTools.streamLayeredImage tarball into docker load and also applies a :latest alias for convenience.

The bundle declares VOLUME /nix so the deployment can share it via --volumes-from (see below). No base image, no FROM directive, no runtime pip install.

Call it

run.py

import asyncio

from agentix import RuntimeClient, SandboxConfig, session
from agentix.bash import run
from agentix.deployment.docker import DockerDeployment


async def main() -> None:
    deployment = DockerDeployment()
    config = SandboxConfig(
        # Task base image — workload environment.
        image="python:3.13-slim",
        # Bundle overlay from `agentix build`.
        bundle="hello-agentix:0.1.0",
    )
    async with session(deployment, config) as sandbox:
        print(f"sandbox up at {sandbox.runtime_url}")
        async with RuntimeClient(sandbox.runtime_url) as client:
            result = await client.remote(run, command="echo hello from $(uname -a)")
            print(f"exit={result.exit_code} stdout={result.stdout!r}")


asyncio.run(main())

uv run python run.py

Expected output:

sandbox up at http://localhost:33803
exit=0 stdout='hello from Linux <kernel> ... GNU/Linux\n'

How the overlay works

Under the hood, DockerDeployment.create does:

# Once per distinct bundle — stopped container holds its /nix.
docker create --name agentix-runtime-<hash> hello-agentix:0.1.0

# Per sandbox — task image plus the runtime's /nix as a shared volume.
docker run -d --name <sid> -p 127.0.0.1:<port>:<port> \
    -e AGENTIX_BIND_PORT=<port> \
    --volumes-from agentix-runtime-<hash>:ro \
    --entrypoint /nix/runtime/bin/agentix-server \
    python:3.13-slim

The task container sees /nix/store/... and /nix/runtime/bin/... at their canonical paths. Python’s RPATH (baked at Nix build time) finds its libs under /nix/store/... because that’s exactly where the mounted volume puts them. (--mount type=image,subpath=nix will let us skip the carrier when that combination lands in stable Docker — both paths use the same entrypoint, so the swap is transparent.)

Cookbook: hello-agentix

The complete project files used here.

Cookbook: eval-cc-swe

Larger example: Claude Code on SWE-bench Verified.

Architecture

Bundles, workers, and transports.

CLI Reference

Every agentix build option.

​Prerequisites

​One project, two images

​Layout

​Install + build

​Call it

​How the overlay works

​Next