Open SWE: An Open-Source Framework for Internal Coding Agents

Over the past year, we've observed several engineering organizations building internal coding agents that operate alongside their development teams. Stripe developed Minions, Ramp built Inspect, and Coinbase created Cloudbot. These systems integrate into existing workflows (accessible through Slack, Linear, and GitHub) rather than requiring engineers to adopt new interfaces.

While these systems were developed independently, they've converged on similar architectural patterns: isolated cloud sandboxes, curated toolsets, subagent orchestration, and integration with developer workflows. This convergence suggests some common requirements for deploying AI agents in production engineering environments.

Today, we're releasing Open SWE, an open-source framework that captures these patterns in a customizable form. Built on Deep Agents and LangGraph, Open SWE provides the core architectural components we've observed across these implementations. If your organization is exploring internal coding agents, this can serve as a starting point.

Patterns from Production Deployments

Stripe, Ramp, and Coinbase have all built their own internal coding agents. Kishan Dahya wrote a great post on the different architectural decisions these coding agents made. We summarize them below and then dive into how OpenSWE compares on those dimensions.

Isolated execution environments: Tasks run in dedicated cloud sandboxes with full permissions inside strict boundaries. This isolates the blast radius of any mistake from production systems while allowing agents to execute commands without approval prompts for each action.

Curated toolsets: According to Stripe's engineering team, their agents have access to around 500 tools, but these are carefully selected and maintained rather than accumulated over time. Tool curation appears to matter more than tool quantity.

Slack-first invocation: All three systems integrate with Slack as a primary interface, meeting developers in their existing communication workflows rather than requiring context switches to new applications.

Rich context at startup: These agents pull full context from Linear issues, Slack threads, or GitHub PRs before beginning work, reducing the overhead of discovering requirements through tool calls.

Subagent orchestration: Complex tasks get decomposed and delegated to specialized child agents, each with isolated context and focused responsibilities.

These architectural choices have proven effective across multiple production deployments, though organizations will likely need to adapt specific components to their own environments and requirements.

Open SWE's Architecture

Open SWE provides an open-source implementation of similar architectural patterns. Here's how the framework maps to what we've observed:

1. Agent Harness: Composed on Deep Agents

Rather than forking an existing agent or building from scratch, Open SWE composes on the Deep Agents framework. This approach is similar to how Ramp's team built Inspect on top of OpenCode.

Composition provides two advantages:

Upgrade path: When Deep Agents improves (better context management, more efficient planning, optimized token usage), you can incorporate those improvements without rebuilding your customizations.

Customization without forking: You can maintain org-specific tools, prompts, and workflows as configuration rather than as modifications to core agent logic.

2. Sandbox: Isolated Cloud Environments

Each task runs in its own isolated cloud sandbox, a remote Linux environment with full shell access. The repository is cloned in, the agent receives complete permissions, and any errors are contained within that environment.

Open SWE supports multiple sandbox providers out of the box. You can also implement your own sandbox backend. This follows a pattern we've observed: isolate first, then grant full permissions inside the boundary.

3. Tools: Curated, Not Accumulated

Open SWE ships with a focused toolset: shell execution, URL fetching, HTTP requests, Git operations, and integrations with Linear and Slack. A smaller, curated toolset is easier to test, maintain, and reason about.

4. Context Engineering: AGENTS.md + Source Context

Open SWE gathers context from two sources: an AGENTS.md file at the root of the repository for team-specific conventions, and the full source context from the issue or thread where the agent was invoked.

5. Orchestration: Subagents + Middleware

Open SWE's orchestration combines subagent spawning for complex tasks with deterministic middleware hooks. Middleware allows for injecting follow-up messages mid-run or ensuring critical steps like opening a PR happen reliably.

6. Invocation: Slack, Linear, and GitHub

Open SWE follows the pattern of meeting developers where they are, supporting invocation via Slack mentions, Linear comments, and GitHub PR tags.