Skip to main content
The Agent Server package (openhands.agent_server) provides an HTTP API server for remote agent execution. It enables building multi-user systems, SaaS products, and distributed agent platforms. Source: openhands/agent_server/

Purpose

The Agent Server enables:
  • Remote execution: Clients interact with agents via HTTP API
  • Multi-user isolation: Each user gets isolated workspace
  • Container orchestration: Manages Docker containers for workspaces
  • Centralized management: Monitor and control all agents
  • Scalability: Horizontal scaling with multiple servers

Architecture Overview

Key Components

1. FastAPI Server
  • HTTP REST API endpoints
  • Authentication and authorization
  • Request validation
  • WebSocket support for streaming
2. Workspace Manager
  • Creates and manages Docker containers
  • Isolates workspaces per user
  • Handles container lifecycle
  • Manages resource limits
3. Conversation Handler
  • Routes requests to appropriate workspace
  • Manages conversation state
  • Handles concurrent requests
  • Supports streaming responses
4. Docker Manager
  • Interfaces with Docker daemon
  • Builds and pulls images
  • Creates and destroys containers
  • Monitors container health

Design Decisions

Why HTTP API?

Alternative approaches considered:
  • gRPC: More efficient but harder for web clients
  • WebSockets only: Good for streaming but not RESTful
  • HTTP + WebSockets: Best of both worlds
Decision: HTTP REST for operations, WebSockets for streaming
  • ✅ Works from any client (web, mobile, CLI)
  • ✅ Easy to debug (curl, Postman)
  • ✅ Standard authentication (API keys, OAuth)
  • ✅ Streaming where needed

Why Container Per User?

Alternative approaches:
  • Shared container: Multiple users in one container
  • Container per session: New container each conversation
  • Container per user: One container per user (chosen)
Decision: Container per user
  • ✅ Strong isolation between users
  • ✅ Persistent workspace across sessions
  • ✅ Better resource management
  • ⚠️ More containers, but worth it for isolation

Why FastAPI?

Alternative frameworks:
  • Flask: Simpler but less type-safe
  • Django: Too heavyweight
  • FastAPI: Modern, fast, type-safe (chosen)
Decision: FastAPI
  • ✅ Automatic API documentation (OpenAPI)
  • ✅ Type validation with Pydantic
  • ✅ Async support for performance
  • ✅ WebSocket support built-in

API Design

Key Endpoints

Workspace Management
Conversation Management
Health & Monitoring

Authentication

API Key Authentication
Per-user workspace isolation
  • API key → user ID mapping
  • Each user gets separate workspace
  • Users can’t access each other’s workspaces

Streaming Responses

WebSocket for real-time updates
Why streaming?
  • Real-time feedback to users
  • Show agent thinking process
  • Better UX for long-running tasks

Deployment Models

1. Local Development

Run server locally for testing:
Use case: Development and testing

2. Single-Server Deployment

Deploy on one server (VPS, EC2, etc.):
Use case: Small deployments, prototypes, MVPs

3. Multi-Server Deployment

Scale horizontally with load balancer:
Use case: Production SaaS, high traffic, need redundancy

4. Kubernetes Deployment

Container orchestration with Kubernetes:
Use case: Enterprise deployments, auto-scaling, high availability

Resource Management

Container Limits

Set per-workspace resource limits:
Why limit resources?
  • Prevent one user from consuming all resources
  • Fair usage across users
  • Protect server from runaway processes
  • Cost control

Cleanup & Garbage Collection

Container lifecycle:
  • Containers created on first use
  • Kept alive between requests (warm)
  • Cleaned up after inactivity timeout
  • Force cleanup on server shutdown
Storage management:
  • Old workspaces deleted automatically
  • Disk usage monitored
  • Alerts when approaching limits

Security Considerations

Multi-Tenant Isolation

Container isolation:
  • Each user gets separate container
  • Containers can’t communicate
  • Network isolation (optional)
  • File system isolation
API isolation:
  • API keys mapped to users
  • Users can only access their workspaces
  • Server validates all permissions

Input Validation

Server validates:
  • API request schemas
  • Command injection attempts
  • Path traversal attempts
  • File size limits
Defense in depth:
  • API validation
  • Container validation
  • Docker security features
  • OS-level security

Network Security

Best practices:
  • HTTPS only (TLS certificates)
  • Firewall rules (only port 443/8000)
  • Rate limiting
  • DDoS protection
Container networking:

Monitoring & Observability

Health Checks

Metrics

Prometheus metrics:
  • Request count and latency
  • Active workspaces
  • Container resource usage
  • Error rates
Logging:
  • Structured JSON logs
  • Per-request tracing
  • Workspace events
  • Error tracking

Alerting

Alert on:
  • Server down
  • High error rate
  • Resource exhaustion
  • Container failures

Client Integration Architecture

The SDK implements a workspace-based dispatch pattern for connecting to agent servers. The Conversation factory inspects the workspace type and returns the appropriate conversation implementation.

Workspace Types

RemoteConversation Responsibilities

The RemoteConversation implementation handles all client-server concerns:
  • Session management: Authenticates and maintains connection to agent server
  • Event streaming: WebSocket connection for real-time agent events
  • Request routing: HTTP calls for conversation lifecycle operations
  • Reconnection: Automatic retry logic for transient failures

Usage Examples

For complete working examples with all required setup:

Cost Considerations

Server Costs

Compute: CPU and memory for containers
  • Each active workspace = 1 container
  • Typically 1-2 GB RAM per workspace
  • 0.5-1 CPU core per workspace
Storage: Workspace files and conversation state
  • ~1-10 GB per workspace (depends on usage)
  • Conversation history in database
Network: API requests and responses
  • Minimal (mostly text)
  • Streaming adds bandwidth

Cost Optimization

1. Idle timeout: Shutdown containers after inactivity
2. Resource limits: Don’t over-provision
3. Shared resources: Use single server for multiple low-traffic apps 4. Auto-scaling: Scale servers based on demand

When to Use Agent Server

Use Agent Server When:

Multi-user system: Web app with many users
Remote clients: Mobile app, web frontend
Centralized management: Need to monitor all agents
Workspace isolation: Users shouldn’t interfere
SaaS product: Building agent-as-a-service
Scaling: Need to handle concurrent users
Examples:
  • Chatbot platforms
  • Code assistant web apps
  • Agent marketplaces
  • Enterprise agent deployments

Use Standalone SDK When:

Single-user: Personal tool or script
Local execution: Running on your machine
Full control: Need programmatic access
Simpler deployment: No server management
Lower latency: No network overhead
Examples:
  • CLI tools
  • Automation scripts
  • Local development
  • Desktop applications

Hybrid Approach

Use SDK locally but RemoteAPIWorkspace for execution:
  • Agent logic in your Python code
  • Execution happens on remote server
  • Best of both worlds

Building Custom Agent Server

The server is extensible for custom needs: Custom authentication:
Custom workspace configuration:
Custom middleware:

Next Steps

For Usage Examples

For Implementation Details