> ## Documentation Index > Fetch the complete documentation index at: https://docs.langchain.com/llms.txt > Use this file to discover all available pages before exploring further. # Backends > Choose and configure filesystem backends for Deep Agents. You can specify routes to different backends, implement virtual filesystems, and enforce policies. Deep Agents expose a filesystem surface to the agent via tools like `ls`, `read_file`, `write_file`, `edit_file`, `glob`, and `grep`. These tools operate through a pluggable backend. The `read_file` tool natively supports image files (`.png`, `.jpg`, `.jpeg`, `.gif`, `.webp`) across all backends, returning them as multimodal content blocks. The `read_file` tool natively supports binary files (images, PDFs, audio, video) across all backends, returning a `ReadResult` with typed `content` and `mimeType`. Sandboxes and the [`LocalShellBackend`](https://reference.langchain.com/javascript/deepagents/backends/LocalShellBackend) also provide an `execute` tool. This page explains how to: * [choose a backend](#specify-a-backend), * [route different paths to different backends](#route-to-different-backends), * [implement your own virtual filesystem](#use-a-virtual-filesystem) (e.g., S3 or Postgres), * [set permissions](#permissions) on filesystem access, * [add policy hooks](#add-policy-hooks), [work with binary and multimodal files](#multimodal-and-binary-files), * [comply with the backend protocol](#protocol-reference), * and [update existing backends to v2](#update-existing-backends-to-v2). ## Quickstart Here are a few prebuilt filesystem backends that you can quickly use with your deep agent: | Built-in backend | Description | | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [Default](#statebackend) | `agent = create_deep_agent(model="google_genai:gemini-3.1-pro-preview")`
Thread-scoped. The default filesystem backend for an agent is stored in `langgraph` state. Files persist across turns within a thread (via your checkpointer) and are not shared across threads. | | [Local filesystem persistence](#filesystembackend-local-disk) | `agent = create_deep_agent(model="google_genai:gemini-3.1-pro-preview", backend=FilesystemBackend(root_dir="/Users/nh/Desktop/"))`
This gives the deep agent access to your local machine's filesystem. You can specify the root directory that the agent has access to. Note that any provided `root_dir` must be an absolute path. | | [Durable store (LangGraph store)](#storebackend-langgraph-store) | `agent = create_deep_agent(model="google_genai:gemini-3.1-pro-preview", backend=StoreBackend())`
This gives the agent access to long-term storage that is *persisted across threads*. This is great for storing longer term memories or instructions that are applicable to the agent over multiple executions. | | [Sandbox](/oss/javascript/deepagents/sandboxes) | `agent = create_deep_agent(model="google_genai:gemini-3.1-pro-preview", backend=sandbox)`
Execute code in isolated environments. Sandboxes provide filesystem tools plus the `execute` tool for running shell commands. Choose from Modal, Daytona, Deno, or local VFS. | | [Local shell](#localshellbackend-local-shell) | `agent = create_deep_agent(model="google_genai:gemini-3.1-pro-preview", backend=LocalShellBackend(root_dir=".", env={"PATH": "/usr/bin:/bin"}))`
Filesystem and shell execution directly on the host. No isolation—use only in controlled development environments. See [security considerations](#localshellbackend-local-shell) below. | | [Composite](#compositebackend-router) | Thread-scoped by default, `/memories/` persisted across threads. The Composite backend is maximally flexible. You can specify different routes in the filesystem to point towards different backends. See Composite routing below for a ready-to-paste example. | ```mermaid theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} graph TB Tools[Filesystem Tools] --> Backend[Backend] Backend --> State[State] Backend --> Disk[Filesystem] Backend --> Store[Store] Backend --> Sandbox[Sandbox] Backend --> LocalShell[Local Shell] Backend --> Composite[Composite] Backend --> Custom[Custom] Composite --> Router{Routes} Router --> State Router --> Disk Router --> Store Sandbox --> Execute["#43; execute tool"] LocalShell --> Execute["#43; execute tool"] classDef trigger fill:#F6FFDB,stroke:#6E8900,stroke-width:2px,color:#2E3900 classDef process fill:#E5F4FF,stroke:#006DDD,stroke-width:2px,color:#030710 classDef decision fill:#FDF3FF,stroke:#7E65AE,stroke-width:2px,color:#504B5F classDef output fill:#EBD0F0,stroke:#885270,stroke-width:2px,color:#441E33 class Tools trigger class Backend,State,Disk,Store,Sandbox,LocalShell,Composite,Custom process class Router decision class Execute output ``` ## Built-in backends ### StateBackend ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { createDeepAgent, StateBackend } from "deepagents"; // By default we provide a StateBackend const agent = createDeepAgent(); // Under the hood, it looks like const agent2 = createDeepAgent({ backend: new StateBackend(), }); ``` **How it works:** * Stores files in LangGraph agent state for the current thread via [`StateBackend`](https://reference.langchain.com/javascript/deepagents/backends/StateBackend). * Persists across multiple agent turns on the same thread via checkpoints. Files are not shared across threads. Designed to be used from within a graph. Calling backend methods (e.g., `state_backend.upload_files(...)`) outside of a graph run won't take effect until the graph executes. **Best for:** * A scratch pad for the agent to write intermediate results. * Automatic eviction of large tool outputs which the agent can then read back in piece by piece. Note that this backend is shared between the supervisor agent and subagents, and any files a subagent writes will remain in the LangGraph agent state even after that subagent's execution is complete. Those files will continue to be available to the supervisor agent and other subagents. ### FilesystemBackend (local disk) [`FilesystemBackend`](https://reference.langchain.com/javascript/deepagents/backends/FilesystemBackend) reads and writes real files under a configurable root directory. This backend grants agents direct filesystem read/write access. Use with caution and only in appropriate environments. **Appropriate use cases:** * Local development CLIs (coding assistants, development tools) * CI/CD pipelines (see security considerations below) **Inappropriate use cases:** * Web servers or HTTP APIs - use `StateBackend`, `StoreBackend`, or a [sandbox backend](/oss/javascript/deepagents/sandboxes) instead **Security risks:** * Agents can read any accessible file, including secrets (API keys, credentials, `.env` files) * Combined with network tools, secrets may be exfiltrated via SSRF attacks * File modifications are permanent and irreversible **Recommended safeguards:** 1. Enable [Human-in-the-Loop (HITL) middleware](/oss/javascript/deepagents/human-in-the-loop) to review sensitive operations. 2. Exclude secrets from accessible filesystem paths (especially in CI/CD). 3. Use a [sandbox backend](/oss/javascript/deepagents/sandboxes) for production environments requiring filesystem interaction. 4. **Always** use `virtual_mode=True` with `root_dir` to enable path-based access restrictions (blocks `..`, `~`, and absolute paths outside root). Note that the default (`virtual_mode=False`) provides no security even with `root_dir` set. ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { createDeepAgent, FilesystemBackend } from "deepagents"; const agent = createDeepAgent({ backend: new FilesystemBackend({ rootDir: ".", virtualMode: true }), }); ``` **How it works:** * Reads/writes real files under a configurable `root_dir`. * You can optionally set `virtual_mode=True` to sandbox and normalize paths under `root_dir`. * Uses secure path resolution, prevents unsafe symlink traversal when possible, can use ripgrep for fast `grep`. **Best for:** * Local projects on your machine * CI sandboxes * Mounted persistent volumes ### LocalShellBackend (local shell) This backend grants agents direct filesystem read/write access **and** unrestricted shell execution on your host. Use with extreme caution and only in appropriate environments. **Appropriate use cases:** * Local development CLIs (coding assistants, development tools) * Personal development environments where you trust the agent's code * CI/CD pipelines with proper secret management **Inappropriate use cases:** * Production environments (such as web servers, APIs, multi-tenant systems) * Processing untrusted user input or executing untrusted code **Security risks:** * Agents can execute **arbitrary shell commands** with your user's permissions * Agents can read any accessible file, including secrets (API keys, credentials, `.env` files) * Secrets may be exposed * File modifications and command execution are **permanent and irreversible** * Commands run directly on your host system * Commands can consume unlimited CPU, memory, disk **Recommended safeguards:** 1. Enable [Human-in-the-Loop (HITL) middleware](/oss/javascript/deepagents/human-in-the-loop) to review and approve operations before execution. This is **strongly recommended**. 2. Run in dedicated development environments only. Never use on shared or production systems. 3. Use a [sandbox backend](/oss/javascript/deepagents/sandboxes) for production environments requiring shell execution. **Note:** `virtual_mode=True` provides no security with shell access enabled, since commands can access any path on the system. ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { createDeepAgent, LocalShellBackend } from "deepagents"; const backend = new LocalShellBackend({ workingDirectory: "." }); const agent = createDeepAgent({ backend }); ``` **How it works:** * Extends `FilesystemBackend` with the `execute` tool for running shell commands on the host. * Commands run directly on your machine using `subprocess.run(shell=True)` with no sandboxing. * Supports `timeout` (default 120s), `max_output_bytes` (default 100,000), `env`, and `inherit_env` for environment variables. * Shell commands use `root_dir` as the working directory but can access any path on the system. **Best for:** * Local coding assistants and development tools * Quick iteration during development when you trust the agent ### StoreBackend (LangGraph store) ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { createDeepAgent, StoreBackend } from "deepagents"; import { InMemoryStore } from "@langchain/langgraph"; const store = new InMemoryStore(); // Good for local dev; omit for LangSmith Deployment const agent = createDeepAgent({ backend: new StoreBackend({ namespace: (ctx) => [ctx.runtime.context.userId], }), store }); ``` When deploying to [LangSmith Deployment](/langsmith/deployment), omit the `store` parameter. The platform automatically provisions a store for your agent. The `namespace` parameter controls data isolation. For multi-user deployments, always set a [namespace factory](/oss/javascript/deepagents/backends#namespace-factories) to isolate data per user or tenant. **How it works:** * [`StoreBackend`](https://reference.langchain.com/javascript/deepagents/backends/StoreBackend) stores files in a LangGraph [`BaseStore`](https://reference.langchain.com/javascript/langchain-core/stores/BaseStore) provided by the runtime, enabling cross‑thread durable storage. **Best for:** * When you already run with a configured LangGraph store (for example, Redis, Postgres, or cloud implementations behind [`BaseStore`](https://reference.langchain.com/javascript/langchain-core/stores/BaseStore)). * When you're deploying your agent through [LangSmith Deployment](/langsmith/deployment) (a store is automatically provisioned for your agent). #### Namespace factories A namespace factory controls where `StoreBackend` reads and writes data. It receives a LangGraph [`Runtime`](https://reference.langchain.com/javascript/langchain/index/Runtime) and returns a tuple of strings used as the store namespace. Use namespace factories to isolate data between users, tenants, or assistants. Pass the namespace factory to the `namespace` parameter when constructing a `StoreBackend`: ```python theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} NamespaceFactory = Callable[[Runtime], tuple[str, ...]] ``` The `Runtime` provides: * `rt.context` — User-supplied context passed via LangGraph's [context schema](https://langchain-ai.github.io/langgraph/concepts/runtime/) (for example, `user_id`) * `rt.serverInfo` — Server-specific metadata when running on LangGraph Server (assistant ID, graph ID, authenticated user) * `rt.executionInfo` — Execution identity information (thread ID, run ID, checkpoint ID) The `Runtime` argument is available in `deepagents>=1.9.1`. Earlier 1.9.x releases passed a `BackendContext` instead — see [migrating from `BackendContext`](#migrating-from-backendcontext) below. `rt.serverInfo` and `rt.executionInfo` require `deepagents>=1.9.0`. **Common namespace patterns:** ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { StoreBackend } from "deepagents"; // Per-user: each user gets their own isolated storage const backend = new StoreBackend({ namespace: (rt) => [rt.serverInfo.user.identity], // [!code highlight] }); // Per-assistant: all users of the same assistant share storage const backend = new StoreBackend({ namespace: (rt) => [rt.serverInfo.assistantId], // [!code highlight] }); // Per-thread: storage scoped to a single conversation const backend = new StoreBackend({ namespace: (rt) => [rt.executionInfo.threadId], // [!code highlight] }); ``` You can combine multiple components to create more specific scopes — for example, `(user_id, thread_id)` for per-user per-conversation isolation, or append a suffix like `"filesystem"` to disambiguate when the same scope uses multiple store namespaces. Namespace components must contain only alphanumeric characters, hyphens, underscores, dots, `@`, `+`, colons, and tildes. Wildcards (`*`, `?`) are rejected to prevent glob injection. The `namespace` parameter will be **required** in v1.9.0. Always set it explicitly for new code. When no namespace factory is provided, the legacy default uses the `assistant_id` from LangGraph config metadata. This means all users of the same [assistant](/langsmith/assistants) share the same storage. For multi-user [going to production](/oss/javascript/deepagents/going-to-production), always provide a namespace factory. ### CompositeBackend (router) ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { createDeepAgent, CompositeBackend, StateBackend, StoreBackend } from "deepagents"; import { InMemoryStore } from "@langchain/langgraph"; const store = new InMemoryStore(); const agent = createDeepAgent({ backend: new CompositeBackend( new StateBackend(), { "/memories/": new StoreBackend(), } ), store, }); ``` **How it works:** * [`CompositeBackend`](https://reference.langchain.com/javascript/deepagents/backends/CompositeBackend) routes file operations to different backends based on path prefix. * Preserves the original path prefixes in listings and search results. **Best for:** * When you want to give your agent both thread-scoped and cross-thread storage, a `CompositeBackend` allows you provide both a `StateBackend` and `StoreBackend` * When you have multiple sources of information that you want to provide to your agent as part of a single filesystem. * e.g. You have long-term memories stored under `/memories/` in one Store and you also have a custom backend that has documentation accessible at /docs/. ## Specify a backend * Pass a backend instance to `createDeepAgent({ backend: ... })`. The filesystem middleware uses it for all tooling. * The backend must implement `AnyBackendProtocol` (`BackendProtocolV1` or `BackendProtocolV2`) — for example, `new StateBackend()`, `new FilesystemBackend({ rootDir: "." })`, `new StoreBackend()`. * If omitted, the default is `new StateBackend()`. Before version 1.9.0, only `BackendProtocol` was supported which is now `BackendProtocolV1`. V1 backends are automatically adapted to V2 at runtime via `adaptBackendProtocol()`. No code changes are required to keep using existing V1 backends. To update to v2, see [update existing backends to v2](#update-existing-backends-to-v2). ## Route to different backends Route parts of the namespace to different backends. Commonly used to persist `/memories/*` across threads and keep everything else thread-scoped. ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { createDeepAgent, CompositeBackend, FilesystemBackend, StateBackend } from "deepagents"; const agent = createDeepAgent({ backend: new CompositeBackend( new StateBackend(), { "/memories/": new FilesystemBackend({ rootDir: "/deepagents/myagent", virtualMode: true }), }, ), }); ``` Behavior: * `/workspace/plan.md` → `StateBackend` (thread-scoped) * `/memories/agent.md` → `FilesystemBackend` under `/deepagents/myagent` * `ls`, `glob`, `grep` aggregate results and show original path prefixes. Notes: * Longer prefixes win (for example, route `"/memories/projects/"` can override `"/memories/"`). * For StoreBackend routing, ensure a store is provided via `create_deep_agent(model=..., store=...)` or provisioned by the platform. ## Use a virtual filesystem Build a custom backend to project a remote or database filesystem (e.g., S3 or Postgres) into the tools namespace. Design guidelines: * Paths are absolute (`/x/y.txt`). Decide how to map them to your storage keys/rows. * Implement `ls` and `glob` efficiently (server-side filtering where available, otherwise local filter). * For external persistence (S3, Postgres, etc.), return `files_update=None` (Python) or omit `filesUpdate` (JS) in write/edit results — only in-memory state backends need to return a files update dict. * Use `ls` and `glob` as the method names. * All query methods (`ls`, `read`, `readRaw`, `grep`, `glob`) must return structured Result objects (e.g., `LsResult`, `ReadResult`) with an optional `error` field. * Support binary files in `read()` by returning `Uint8Array` content with the appropriate `mimeType`. S3-style outline: ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { type BackendProtocolV2, type LsResult, type ReadResult, type ReadRawResult, type GrepResult, type GlobResult, type WriteResult, type EditResult, } from "deepagents"; class S3Backend implements BackendProtocolV2 { constructor(private bucket: string, private prefix: string = "") { this.prefix = prefix.replace(/\/$/, ""); } private key(path: string): string { return `${this.prefix}${path}`; } async ls(path: string): Promise { // List objects under key(path); return { files: [...] } ... } async read(filePath: string, offset?: number, limit?: number): Promise { // Fetch object; return { content, mimeType } // For binary files, return Uint8Array content ... } async readRaw(filePath: string): Promise { // Return { data: FileData } ... } async grep(pattern: string, path?: string | null, glob?: string | null): Promise { // Search text files; skip binary; return { matches: [...] } ... } async glob(pattern: string, path = "/"): Promise { // Apply glob relative to path; return { files: [...] } ... } async write(filePath: string, content: string): Promise { // Enforce create-only semantics; return { path: filePath, filesUpdate: null } ... } async edit(filePath: string, oldString: string, newString: string, replaceAll?: boolean): Promise { // Read → replace → write → return { path, occurrences } ... } } ``` Postgres-style outline: * Table `files(path text primary key, content text, mime_type text, created_at timestamptz, modified_at timestamptz)` * Map tool operations onto SQL: * `ls` uses `WHERE path LIKE $1 || '%'` → return `LsResult` * `glob` filter in SQL or fetch then apply glob locally → return `GlobResult` * `grep` can fetch candidate rows by extension or last modified time, then scan lines (skip rows where `mime_type` is binary) → return `GrepResult` ## Permissions Use [permissions](/oss/javascript/deepagents/permissions) to declaratively control which files and directories the agent can read or write. Permissions apply to the built-in filesystem tools and are evaluated before the backend is called. For the full set of options including rule ordering, subagent permissions, and composite backend interactions, see the [permissions guide](/oss/javascript/deepagents/permissions). ## Add policy hooks For custom validation logic beyond path-based allow/deny rules (rate limiting, audit logging, content inspection), enforce enterprise rules by subclassing or wrapping a backend. Block writes/edits under selected prefixes (subclass): ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { FilesystemBackend, type WriteResult, type EditResult } from "deepagents"; class GuardedBackend extends FilesystemBackend { private denyPrefixes: string[]; constructor({ denyPrefixes, ...options }: { denyPrefixes: string[]; rootDir?: string }) { super(options); this.denyPrefixes = denyPrefixes.map(p => p.endsWith("/") ? p : p + "/"); } async write(filePath: string, content: string): Promise { if (this.denyPrefixes.some(p => filePath.startsWith(p))) { return { error: `Writes are not allowed under ${filePath}` }; } return super.write(filePath, content); } async edit(filePath: string, oldString: string, newString: string, replaceAll = false): Promise { if (this.denyPrefixes.some(p => filePath.startsWith(p))) { return { error: `Edits are not allowed under ${filePath}` }; } return super.edit(filePath, oldString, newString, replaceAll); } } ``` Generic wrapper (works with any backend): ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { type BackendProtocolV2, type LsResult, type ReadResult, type ReadRawResult, type GrepResult, type GlobResult, type WriteResult, type EditResult, } from "deepagents"; class PolicyWrapper implements BackendProtocolV2 { private denyPrefixes: string[]; constructor(private inner: BackendProtocolV2, denyPrefixes: string[] = []) { this.denyPrefixes = denyPrefixes.map(p => p.endsWith("/") ? p : p + "/"); } private isDenied(path: string): boolean { return this.denyPrefixes.some(p => path.startsWith(p)); } ls(path: string): Promise { return this.inner.ls(path); } read(filePath: string, offset?: number, limit?: number): Promise { return this.inner.read(filePath, offset, limit); } readRaw(filePath: string): Promise { return this.inner.readRaw(filePath); } grep(pattern: string, path?: string | null, glob?: string | null): Promise { return this.inner.grep(pattern, path, glob); } glob(pattern: string, path?: string): Promise { return this.inner.glob(pattern, path); } async write(filePath: string, content: string): Promise { if (this.isDenied(filePath)) return { error: `Writes are not allowed under ${filePath}` }; return this.inner.write(filePath, content); } async edit(filePath: string, oldString: string, newString: string, replaceAll = false): Promise { if (this.isDenied(filePath)) return { error: `Edits are not allowed under ${filePath}` }; return this.inner.edit(filePath, oldString, newString, replaceAll); } } ``` ## Multimodal and binary files Multi-modal file support (PDFs, audio, video) requires `deepagents>=1.9.0`. V2 backends support binary files natively. When `read()` encounters a binary file (determined by MIME type from the file extension), it returns a `ReadResult` with `Uint8Array` content and the corresponding `mimeType`. Text files return `string` content. ### Supported MIME types | Category | Extensions | MIME types | | --------- | ------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- | | Images | `.png`, `.jpg`/`.jpeg`, `.gif`, `.webp`, `.svg`, `.heic`, `.heif` | `image/png`, `image/jpeg`, `image/gif`, `image/webp`, `image/svg+xml`, `image/heic`, `image/heif` | | Audio | `.mp3`, `.wav`, `.aiff`, `.aac`, `.ogg`, `.flac` | `audio/mpeg`, `audio/wav`, `audio/aiff`, `audio/aac`, `audio/ogg`, `audio/flac` | | Video | `.mp4`, `.webm`, `.mpeg`/`.mpg`, `.mov`, `.avi`, `.flv`, `.wmv`, `.3gpp` | `video/mp4`, `video/webm`, `video/mpeg`, `video/quicktime`, `video/x-msvideo`, `video/x-flv`, `video/x-ms-wmv`, `video/3gpp` | | Documents | `.pdf`, `.ppt`, `.pptx` | `application/pdf`, `application/vnd.ms-powerpoint`, `application/vnd.openxmlformats-officedocument.presentationml.presentation` | | Text | `.txt`, `.html`, `.json`, `.js`, `.ts`, `.py`, etc. | `text/plain`, `text/html`, `application/json`, etc. | ### Read binary files ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} const result = await backend.read("/workspace/screenshot.png"); if (result.error) { console.error(result.error); } else if (result.content instanceof Uint8Array) { // Binary file — content is Uint8Array, mimeType is set console.log(`Binary file: ${result.mimeType}`); // "image/png" } else { // Text file — content is string console.log(`Text file: ${result.mimeType}`); // "text/plain" } ``` ### FileData format `FileData` is the type used to store file content in state and store backends. ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} type FileData = // Current format (v2) | { content: string | Uint8Array; // string for text, Uint8Array for binary mimeType: string; // e.g. "text/plain", "image/png" created_at: string; // ISO 8601 timestamp modified_at: string; // ISO 8601 timestamp } // Legacy format (v1) | { content: string[]; // array of lines created_at: string; // ISO 8601 timestamp modified_at: string; // ISO 8601 timestamp }; ``` Backends may encounter either format when reading from state or store. The framework handles both transparently. New writes default to the v2 format. During rolling deployments where older readers need the legacy format, pass `fileFormat: "v1"` to the backend constructor (e.g., `new StoreBackend({ fileFormat: "v1" })`). ## Migrate from backend factories The backend factory pattern is **deprecated** as of `deepagents` 1.9.0. Pass pre-constructed backend instances directly instead of factory functions. Previously, backends like `StateBackend` and `StoreBackend` required a factory function that received a runtime object, because they needed runtime context (state, store) to operate. Backends now resolve this context internally via LangGraph's `get_config()`, `get_store()`, and `get_runtime()` helpers, so you can pass instances directly. ### What changed | Before (deprecated) | After | | -------------------------------------------------------------------- | ------------------------------------------------------- | | `backend=lambda rt: StateBackend(rt)` | `backend=StateBackend()` | | `backend=lambda rt: StoreBackend(rt)` | `backend=StoreBackend()` | | `backend=lambda rt: CompositeBackend(default=StateBackend(rt), ...)` | `backend=CompositeBackend(default=StateBackend(), ...)` | | `backend: (config) => new StateBackend(config)` | `backend: new StateBackend()` | | `backend: (config) => new StoreBackend(config)` | `backend: new StoreBackend()` | ### Deprecated APIs | Deprecated | Replacement | | ------------------------------------------------------------ | ------------------------------------------------------ | | `BackendFactory` type | Pass a backend instance directly | | `BackendRuntime` interface | Backends resolve context internally | | `StateBackend(runtime, options?)` constructor overload | `new StateBackend(options?)` | | `StoreBackend(stateAndStore, options?)` constructor overload | `new StoreBackend(options?)` | | `filesUpdate` field on `WriteResult` and `EditResult` | State writes are now handled internally by the backend | The factory pattern still works at runtime and emits a deprecation warning. Update your code to use direct instances before the next major version. ### Migration example ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} // Before (deprecated) import { createDeepAgent, CompositeBackend, StateBackend, StoreBackend } from "deepagents"; const agent = createDeepAgent({ backend: (config) => new CompositeBackend( new StateBackend(config), { "/memories/": new StoreBackend(config, { namespace: (rt) => [rt.serverInfo.user.identity], }) }, ), }); // After const agent = createDeepAgent({ backend: new CompositeBackend( new StateBackend(), { "/memories/": new StoreBackend({ namespace: (rt) => [rt.serverInfo.user.identity], }) }, ), }); ``` ### Migrating from `BackendContext` In `deepagents>=0.5.2` (Python) and `deepagents>=1.9.1` (TypeScript), namespace factories receive a LangGraph [`Runtime`](https://reference.langchain.com/javascript/langchain/index/Runtime) directly instead of a `BackendContext` wrapper. The old `BackendContext` form still works via backwards-compatible `.runtime` and `.state` accessors, but those accessors emit a deprecation warning and will be removed in `deepagents>=0.7`. **What changed:** * The factory argument is now a `Runtime`, not a `BackendContext`. * Drop the `.runtime` accessor — for example, `ctx.runtime.context.user_id` becomes `rt.server_info.user.identity`. * There is no direct replacement for `ctx.state`. Namespace info should be read-only and stable for the lifetime of a run, whereas state is mutable and changes step-to-step—deriving a namespace from it risks data ending up under inconsistent keys. If you have a use case that requires reading agent state, please [open an issue](https://github.com/langchain-ai/deepagents/issues). ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} // Before (deprecated, removed in v0.7) new StoreBackend({ namespace: (ctx) => [ctx.runtime.context.userId], // [!code --] }); // After new StoreBackend({ namespace: (rt) => [rt.serverInfo.user.identity], // [!code ++] }); ``` ## Protocol reference Backends must implement [`BackendProtocol`](https://reference.langchain.com/javascript/deepagents/backends/BackendProtocol). Required methods: * `ls(path: str) -> LsResult` * Return entries with at least `path`. Include `is_dir`, `size`, `modified_at` when available. Sort by `path` for deterministic output. * `read(file_path: str, offset: int = 0, limit: int = 2000) -> ReadResult` * Return file data on success. On missing file, return `ReadResult(error="Error: File '/x' not found")`. * `grep(pattern: str, path: Optional[str] = None, glob: Optional[str] = None) -> GrepResult` * Return structured matches. On error, return `GrepResult(error="...")` (do not raise). * `glob(pattern: str, path: str = "/") -> GlobResult` * Return matched files as `FileInfo` entries (empty list if none). * `write(file_path: str, content: str) -> WriteResult` * Create-only. On conflict, return `WriteResult(error=...)`. On success, set `path` and for state backends set `files_update={...}`; external backends should use `files_update=None`. * `edit(file_path: str, old_string: str, new_string: str, replace_all: bool = False) -> EditResult` * Enforce uniqueness of `old_string` unless `replace_all=True`. If not found, return error. Include `occurrences` on success. Supporting types: * `LsResult(error, entries)` — `entries` is a `list[FileInfo]` on success, `None` on failure. * `ReadResult(error, file_data)` — `file_data` is a `FileData` dict on success, `None` on failure. * `GrepResult(error, matches)` — `matches` is a `list[GrepMatch]` on success, `None` on failure. * `GlobResult(error, matches)` — `matches` is a `list[FileInfo]` on success, `None` on failure. * `WriteResult(error, path, files_update)` * `EditResult(error, path, files_update, occurrences)` * `FileInfo` with fields: `path` (required), optionally `is_dir`, `size`, `modified_at`. * `GrepMatch` with fields: `path`, `line`, `text`. * `FileData` with fields: `content` (str), `encoding` (`"utf-8"` or `"base64"`), `created_at`, `modified_at`. ::: Backends implement `BackendProtocolV2`. All query methods return structured Result objects with `{ error?: string, ...data }`. ### Required methods * **`ls(path: string) → LsResult`** * List files and directories in the specified directory (non-recursive). Directories have a trailing `/` in their path and `is_dir=true`. Include `is_dir`, `size`, `modified_at` when available. * **`read(filePath: string, offset?: number, limit?: number) → ReadResult`** * Read file content. For text files, content is paginated by line offset/limit (default offset 0, limit 500). For binary files, the full raw `Uint8Array` content is returned with the `mimeType` field set. On missing file, return `{ error: "File '/x' not found" }`. * **`readRaw(filePath: string) → ReadRawResult`** * Read file content as raw `FileData`. Returns the full file data including timestamps. * **`grep(pattern: string, path?: string | null, glob?: string | null) → GrepResult`** * Search file contents for a literal text pattern. Binary files (determined by MIME type) are skipped. On failure, return `{ error: "..." }`. * **`glob(pattern: string, path?: string) → GlobResult`** * Return files matching a glob pattern as `FileInfo` entries. * **`write(filePath: string, content: string) → WriteResult`** * Create-only semantics. On conflict, return `{ error: "..." }`. On success, set `path` and for state backends set `filesUpdate={...}`; external backends should use `filesUpdate=null`. * **`edit(filePath: string, oldString: string, newString: string, replaceAll?: boolean) → EditResult`** * Enforce uniqueness of `oldString` unless `replaceAll=true`. If not found, return error. Include `occurrences` on success. ### Optional methods * **`uploadFiles(files: Array<[string, Uint8Array]>) → FileUploadResponse[]`** — Upload multiple files (for sandbox backends). * **`downloadFiles(paths: string[]) → FileDownloadResponse[]`** — Download multiple files (for sandbox backends). ### Result types | Type | Success fields | Error field | | --------------- | ----------------------------------------------------- | ----------- | | `ReadResult` | `content?: string \| Uint8Array`, `mimeType?: string` | `error` | | `ReadRawResult` | `data?: FileData` | `error` | | `LsResult` | `files?: FileInfo[]` | `error` | | `GlobResult` | `files?: FileInfo[]` | `error` | | `GrepResult` | `matches?: GrepMatch[]` | `error` | | `WriteResult` | `path?: string` | `error` | | `EditResult` | `path?: string`, `occurrences?: number` | `error` | ### Supporting types * **`FileInfo`** — `path` (required), optionally `is_dir`, `size`, `modified_at`. * **`GrepMatch`** — `path`, `line` (1-indexed), `text`. * **`FileData`** — File content with timestamps. See [FileData format](#filedata-format). ### Sandbox extension `SandboxBackendProtocolV2` extends `BackendProtocolV2` with: * **`execute(command: string) → ExecuteResponse`** — Run a shell command in the sandbox. * **`readonly id: string`** — Unique identifier for the sandbox instance. ## Update existing backends to V2 ### Method renames | V1 method | V2 method | Return type change | | ------------------------------- | ------------------------------- | -------------------------------------- | | `lsInfo(path)` | `ls(path)` | `FileInfo[]` → `LsResult` | | `read(filePath, offset, limit)` | `read(filePath, offset, limit)` | `string` → `ReadResult` | | `readRaw(filePath)` | `readRaw(filePath)` | `FileData` → `ReadRawResult` | | `grepRaw(pattern, path, glob)` | `grep(pattern, path, glob)` | `GrepMatch[] \| string` → `GrepResult` | | `globInfo(pattern, path)` | `glob(pattern, path)` | `FileInfo[]` → `GlobResult` | | `write(...)` | `write(...)` | Unchanged (`WriteResult`) | | `edit(...)` | `edit(...)` | Unchanged (`EditResult`) | ### Type renames | V1 type | V2 type | | ------------------------ | -------------------------- | | `BackendProtocol` | `BackendProtocolV2` | | `SandboxBackendProtocol` | `SandboxBackendProtocolV2` | ### Adaptation utilities If you have existing V1 backends that you need to use with V2-only code, use the adaptation functions: ```typescript theme={"theme":{"light":"catppuccin-latte","dark":"catppuccin-mocha"}} import { adaptBackendProtocol, adaptSandboxProtocol } from "deepagents"; // Adapt a V1 backend to V2 const v2Backend = adaptBackendProtocol(v1Backend); // Adapt a V1 sandbox to V2 const v2Sandbox = adaptSandboxProtocol(v1Sandbox); ``` The framework auto-adapts V1 backends passed to `createDeepAgent()`. Manual adaptation is only needed when calling protocol methods directly. ***
[Connect these docs](/use-these-docs) to Claude, VSCode, and more via MCP for real-time answers. [Edit this page on GitHub](https://github.com/langchain-ai/docs/edit/main/src/oss/deepagents/backends.mdx) or [file an issue](https://github.com/langchain-ai/docs/issues/new/choose).