云环境设置
为你的会话自定义云容器。
环境定义了 Agent 运行所在的容器配置。你创建一次环境,然后在每次启动会话时引用其 ID。多个会话可以共享同一个环境,但每个会话会获得自己独立的容器实例。
本页介绍 type: cloud 环境。要在你自己的基础设施上运行沙箱,请参见自托管沙箱。
Note
所有 Managed Agents API 请求都需要 managed-agents-2026-04-01 beta header。SDK 会自动设置该 beta header。
创建环境
environment=$(curl -fsS https://api.anthropic.com/v1/environments \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "anthropic-beta: managed-agents-2026-04-01" \
-H "content-type: application/json" \
--data @- <<'EOF'
{
"name": "python-dev",
"config": {
"type": "cloud",
"networking": {"type": "unrestricted"}
}
}
EOF
)
environment_id=$(jq -r '.id' <<< "$environment")
echo "Environment ID: $environment_id"
ant beta:environments create \
--name "python-dev" \
--config '{type: cloud, networking: {type: unrestricted}}'
environment = client.beta.environments.create(
name="python-dev",
config={
"type": "cloud",
"networking": {"type": "unrestricted"},
},
)
print(f"Environment ID: {environment.id}")
const environment = await client.beta.environments.create({
name: "python-dev",
config: {
type: "cloud",
networking: { type: "unrestricted" },
},
});
console.log(`Environment ID: ${environment.id}`);
var environment = await client.Beta.Environments.Create(new()
{
Name = "python-dev",
Config = new BetaCloudConfigParams
{
Networking = new BetaUnrestrictedNetwork(),
},
});
Console.WriteLine({{CONTENT}}quot;Environment ID: {environment.ID}");
environment, err := client.Beta.Environments.New(ctx, anthropic.BetaEnvironmentNewParams{
Name: "python-dev",
Config: anthropic.BetaEnvironmentNewParamsConfigUnion{
OfCloud: &anthropic.BetaCloudConfigParams{
Networking: anthropic.BetaCloudConfigParamsNetworkingUnion{
OfUnrestricted: &anthropic.BetaUnrestrictedNetworkParam{},
},
},
},
})
if err != nil {
panic(err)
}
fmt.Printf("Environment ID: %s\n", environment.ID)
var environment = client.beta().environments().create(EnvironmentCreateParams.builder()
.name("python-dev")
.config(BetaCloudConfigParams.builder()
.networking(BetaUnrestrictedNetwork.builder().build())
.build())
.build());
IO.println("Environment ID: " + environment.id());
$environment = $client->beta->environments->create(
name: 'python-dev',
config: ['type' => 'cloud', 'networking' => ['type' => 'unrestricted']],
);
echo "Environment ID: {$environment->id}\n";
environment = client.beta.environments.create(
name: "python-dev",
config: {
type: "cloud",
networking: {type: "unrestricted"}
}
)
puts "Environment ID: #{environment.id}"
name 必须在你的组织和工作区中唯一。
在会话中使用环境
创建会话时将环境 ID 作为字符串传递。
session=$(curl -fsS https://api.anthropic.com/v1/sessions \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "anthropic-beta: managed-agents-2026-04-01" \
-H "content-type: application/json" \
--data @- <<EOF
{
"agent": "$agent_id",
"environment_id": "$environment_id"
}
EOF
)
session = client.beta.sessions.create(
agent=agent.id,
environment_id=environment.id,
)
const session = await client.beta.sessions.create({
agent: agent.id,
environment_id: environment.id,
});
var session = await client.Beta.Sessions.Create(new()
{
Agent = agent.ID,
EnvironmentID = environment.ID,
});
session, err := client.Beta.Sessions.New(ctx, anthropic.BetaSessionNewParams{
Agent: anthropic.BetaSessionNewParamsAgentUnion{
OfString: anthropic.String(agent.ID),
},
EnvironmentID: environment.ID,
})
if err != nil {
panic(err)
}
var session = client.beta().sessions().create(SessionCreateParams.builder()
.agent(agent.id())
.environmentId(environment.id())
.build());
$session = $client->beta->sessions->create(
agent: $agent->id,
environmentID: $environment->id,
);
session = client.beta.sessions.create(
agent: agent.id,
environment_id: environment.id
)
配置选项
包
packages 字段在 Agent 启动前将包预安装到容器中。包由各自的包管理器安装,并在共享同一环境的会话间缓存。当指定多个包管理器时,它们按字母顺序运行(apt、cargo、gem、go、npm、pip)。你可以选择性地固定特定版本;默认为最新版本。
environment=$(curl -fsS https://api.anthropic.com/v1/environments \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "anthropic-beta: managed-agents-2026-04-01" \
-H "content-type: application/json" \
--data @- <<'EOF'
{
"name": "data-analysis",
"config": {
"type": "cloud",
"packages": {
"pip": ["pandas", "numpy", "scikit-learn"],
"npm": ["express"]
},
"networking": {"type": "unrestricted"}
}
}
EOF
)
ant beta:environments create <<'YAML'
name: data-analysis
config:
type: cloud
packages:
pip:
- pandas
- numpy
- scikit-learn
npm:
- express
networking:
type: unrestricted
YAML
environment = client.beta.environments.create(
name="data-analysis",
config={
"type": "cloud",
"packages": {
"pip": ["pandas", "numpy", "scikit-learn"],
"npm": ["express"],
},
"networking": {"type": "unrestricted"},
},
)
const environment = await client.beta.environments.create({
name: "data-analysis",
config: {
type: "cloud",
packages: {
pip: ["pandas", "numpy", "scikit-learn"],
npm: ["express"]
},
networking: { type: "unrestricted" }
}
});
var environment = await client.Beta.Environments.Create(new()
{
Name = "data-analysis",
Config = new BetaCloudConfigParams
{
Packages = new()
{
Pip = ["pandas", "numpy", "scikit-learn"],
Npm = ["express"],
},
Networking = new BetaUnrestrictedNetwork(),
},
});
environment, err := client.Beta.Environments.New(ctx, anthropic.BetaEnvironmentNewParams{
Name: "data-analysis",
Config: anthropic.BetaEnvironmentNewParamsConfigUnion{
OfCloud: &anthropic.BetaCloudConfigParams{
Packages: anthropic.BetaPackagesParams{
Pip: []string{"pandas", "numpy", "scikit-learn"},
Npm: []string{"express"},
},
Networking: anthropic.BetaCloudConfigParamsNetworkingUnion{
OfUnrestricted: &anthropic.BetaUnrestrictedNetworkParam{},
},
},
},
})
if err != nil {
panic(err)
}
_ = environment
var environment = client.beta().environments().create(EnvironmentCreateParams.builder()
.name("data-analysis")
.config(BetaCloudConfigParams.builder()
.packages(BetaPackagesParams.builder()
.pip(List.of("pandas", "numpy", "scikit-learn"))
.npm(List.of("express"))
.build())
.networking(BetaUnrestrictedNetwork.builder().build())
.build())
.build());
$environment = $client->beta->environments->create(
name: 'data-analysis',
config: [
'type' => 'cloud',
'packages' => [
'pip' => ['pandas', 'numpy', 'scikit-learn'],
'npm' => ['express'],
],
'networking' => ['type' => 'unrestricted'],
],
);
environment = client.beta.environments.create(
name: "data-analysis",
config: {
type: "cloud",
packages: {
pip: %w[pandas numpy scikit-learn],
npm: %w[express]
},
networking: {type: "unrestricted"}
}
)
支持的包管理器:
| 字段 | 包管理器 | 示例 |
|---|---|---|
apt | 系统包(apt-get) | "ffmpeg" |
cargo | Rust(cargo) | "ripgrep@14.0.0" |
gem | Ruby(gem) | "rails:7.1.0" |
go | Go modules | "golang.org/x/tools/cmd/goimports@latest" |
npm | Node.js(npm) | "express@4.18.0" |
pip | Python(pip) | "pandas==2.2.0" |
网络
networking 字段控制容器的出站网络访问。它不影响 web_search 或 web_fetch 工具的允许域名。
| 模式 | 描述 |
|---|---|
unrestricted | 完整的出站网络访问,通用安全阻止列表除外。这是默认值。 |
limited | 将容器网络访问限制为 allowed_hosts 列表。通过 allow_package_managers 和 allow_mcp_servers 布尔值启用进一步访问。 |
config=$(cat <<'EOF'
{
"type": "cloud",
"networking": {
"type": "limited",
"allowed_hosts": ["api.example.com"],
"allow_mcp_servers": true,
"allow_package_managers": true
}
}
EOF
)
config = {
"type": "cloud",
"networking": {
"type": "limited",
"allowed_hosts": ["api.example.com"],
"allow_mcp_servers": True,
"allow_package_managers": True,
},
}
const config = {
type: "cloud",
networking: {
type: "limited",
allowed_hosts: ["api.example.com"],
allow_mcp_servers: true,
allow_package_managers: true
}
};
var config = new BetaCloudConfigParams
{
Networking = new BetaLimitedNetworkParams
{
AllowedHosts = ["api.example.com"],
AllowMcpServers = true,
AllowPackageManagers = true,
},
};
config := anthropic.BetaCloudConfigParams{
Networking: anthropic.BetaCloudConfigParamsNetworkingUnion{
OfLimited: &anthropic.BetaLimitedNetworkParams{
AllowedHosts: []string{"api.example.com"},
AllowMCPServers: anthropic.Bool(true),
AllowPackageManagers: anthropic.Bool(true),
},
},
}
_ = config
var config = BetaCloudConfigParams.builder()
.networking(BetaLimitedNetworkParams.builder()
.allowedHosts(List.of("api.example.com"))
.allowMcpServers(true)
.allowPackageManagers(true)
.build())
.build();
$config = [
'type' => 'cloud',
'networking' => [
'type' => 'limited',
'allowed_hosts' => ['api.example.com'],
'allow_mcp_servers' => true,
'allow_package_managers' => true,
],
];
config = {
type: "cloud",
networking: {
type: "limited",
allowed_hosts: %w[api.example.com],
allow_mcp_servers: true,
allow_package_managers: true
}
}
Info
对于生产部署,使用 limited 网络模式并明确设置 allowed_hosts 列表。遵循最小权限原则,仅授予 Agent 所需的最低网络访问权限,并定期审计允许的域名。
使用 limited 网络时:
allowed_hosts指定容器可以访问的域名。这些必须以 HTTPS 为前缀。allow_mcp_servers允许出站访问在 Agent 上配置的 MCP 服务器端点,超出allowed_hosts数组中列出的范围。默认为false。allow_package_managers允许出站访问公共包注册中心(PyPI、npm 等),超出allowed_hosts数组中列出的范围。默认为false。
环境生命周期
- 环境会持续存在,直到被显式归档或删除。
- 多个会话可以引用同一个环境。
- 每个会话获得自己的容器实例。会话不共享文件系统状态。
- 环境没有版本管理。如果你频繁更新环境,你可能需要在自己这边记录这些更新,以便将环境状态与会话关联。
管理环境
# List environments
environments=$(curl -fsS https://api.anthropic.com/v1/environments \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "anthropic-beta: managed-agents-2026-04-01")
# Retrieve a specific environment
env=$(curl -fsS "https://api.anthropic.com/v1/environments/$environment_id" \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "anthropic-beta: managed-agents-2026-04-01")
# Archive an environment (read-only, existing sessions continue)
curl -fsS -X POST "https://api.anthropic.com/v1/environments/$environment_id/archive" \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "anthropic-beta: managed-agents-2026-04-01"
# Delete an environment (only if no sessions reference it)
curl -fsS -X DELETE "https://api.anthropic.com/v1/environments/$environment_id" \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "anthropic-beta: managed-agents-2026-04-01"
# List environments
ant beta:environments list
# Retrieve a specific environment
ant beta:environments retrieve --environment-id "$ENVIRONMENT_ID"
# Archive an environment (read-only, existing sessions continue)
ant beta:environments archive --environment-id "$ENVIRONMENT_ID"
# Delete an environment (only if no sessions reference it)
ant beta:environments delete --environment-id "$ENVIRONMENT_ID"
# List environments
environments = client.beta.environments.list()
# Retrieve a specific environment
env = client.beta.environments.retrieve(environment.id)
# Archive an environment (read-only, existing sessions continue)
client.beta.environments.archive(environment.id)
# Delete an environment (only if no sessions reference it)
client.beta.environments.delete(environment.id)
// List environments
const environments = await client.beta.environments.list();
// Retrieve a specific environment
const env = await client.beta.environments.retrieve(environment.id);
// Archive an environment (read-only, existing sessions continue)
await client.beta.environments.archive(environment.id);
// Delete an environment (only if no sessions reference it)
await client.beta.environments.delete(environment.id);
// List environments
var environments = await client.Beta.Environments.List();
// Retrieve a specific environment
var env = await client.Beta.Environments.Retrieve(environment.ID);
// Archive an environment (read-only, existing sessions continue)
await client.Beta.Environments.Archive(environment.ID);
// Delete an environment (only if no sessions reference it)
await client.Beta.Environments.Delete(environment.ID);
// List environments
environments, err := client.Beta.Environments.List(ctx, anthropic.BetaEnvironmentListParams{})
if err != nil {
panic(err)
}
// Retrieve a specific environment
env, err := client.Beta.Environments.Get(ctx, environment.ID, anthropic.BetaEnvironmentGetParams{})
if err != nil {
panic(err)
}
// Archive an environment (read-only, existing sessions continue)
_, err = client.Beta.Environments.Archive(ctx, environment.ID, anthropic.BetaEnvironmentArchiveParams{})
if err != nil {
panic(err)
}
// Delete an environment (only if no sessions reference it)
_, err = client.Beta.Environments.Delete(ctx, environment.ID, anthropic.BetaEnvironmentDeleteParams{})
if err != nil {
panic(err)
}
// List environments
var environments = client.beta().environments().list();
// Retrieve a specific environment
var env = client.beta().environments().retrieve(environment.id());
// Archive an environment (read-only, existing sessions continue)
client.beta().environments().archive(environment.id());
// Delete an environment (only if no sessions reference it)
client.beta().environments().delete(environment.id());
// List environments
$environments = $client->beta->environments->list();
// Retrieve a specific environment
$env = $client->beta->environments->retrieve($environment->id);
// Archive an environment (read-only, existing sessions continue)
$client->beta->environments->archive($environment->id);
// Delete an environment (only if no sessions reference it)
$client->beta->environments->delete($environment->id);
# List environments
environments = client.beta.environments.list
# Retrieve a specific environment
env = client.beta.environments.retrieve(environment.id)
# Archive an environment (read-only, existing sessions continue)
client.beta.environments.archive(environment.id)
# Delete an environment (only if no sessions reference it)
client.beta.environments.delete(environment.id)
预装运行时
云容器包含开箱即用的常用运行时。完整的预装语言、数据库和工具列表请参见容器参考。