Strands Agents
Open-source Python and TypeScript SDK for building model-driven AI agents with any model provider, MCP tools, streaming, multi-agent patterns, structured output, observability, hooks, guardrails, and production deployment guidance.
Open the source and read safety notes before installing.
Safety notes
- Strands agents can call custom tools, MCP tools, vended tools, model providers, HTTP APIs, file editors, shell tools, sandboxes, and multi-agent orchestrators; every tool needs explicit permission and side-effect review.
- The README says both SDKs default to Amazon Bedrock, so unattended examples may use AWS credentials and hosted model access unless the provider is changed.
- TypeScript exports include vended file-editor, HTTP request, bash, sandbox, intervention, plugin, telemetry, and session-storage surfaces; keep production credentials and filesystem scope narrow.
- Python optional extras include provider, A2A, bidirectional streaming, OpenTelemetry, Cedar, SageMaker, and other integrations; install only the extras needed for the current runtime.
- Hooks, guardrails, structured output validation, steering handlers, and traces help control behavior, but they do not replace authorization, audit logs, human approval, rollback plans, or domain-specific tests.
Privacy notes
- Prompts, chat history, system prompts, tool schemas, tool arguments, tool results, traces, hooks, model responses, streaming events, structured outputs, and errors can be sent to configured model providers or observability backends.
- MCP servers and vended tools may expose local files, shell output, HTTP responses, cloud resources, SaaS records, credentials, source code, and user data to the agent loop.
- AWS, Anthropic, OpenAI, Gemini, Ollama, LiteLLM, SageMaker, A2A, OpenTelemetry, and other integrations each have separate logging, retention, and access-control behavior.
- Do not publish AWS credentials, provider API keys, Bedrock model access details, OpenTelemetry endpoints, trace IDs containing sensitive metadata, filesystem paths, or generated run logs in public issues or PRs.
Prerequisites
- Python 3.10 or newer for the Python SDK, or Node.js 20 or newer for the TypeScript SDK.
- AWS credentials and Amazon Bedrock model access for the default provider, or configured credentials for Anthropic, OpenAI, Gemini, Ollama, LiteLLM, Mistral, Writer, SageMaker, or another selected provider.
- A reviewed tool boundary for built-in tools, custom tools, MCP servers, HTTP calls, file editing, shell execution, sandboxing, A2A, and multi-agent workflows.
- OpenTelemetry, tracing, logging, and retention decisions before using Strands for production agents.
- Version pinning and compatibility review when mixing Python SDK, TypeScript SDK, model provider packages, MCP servers, and optional extras.
Schema details
- Install type
- cli
- Troubleshooting
- No
- Scope
- Source repo
- Estimated setup
- 25 minutes
- Difficulty
- intermediate
- Website
- https://strandsagents.com/
- Pricing
- open-source
- Disclosure
- editorial
- Application category
- DeveloperApplication
- Operating system
- Cross-platform
Full copyable content
# Python
pip install strands-agents strands-agents-tools
# TypeScript
npm install @strands-agents/sdkAbout this resource
Overview
Strands Agents is an open-source SDK for building model-driven AI agents in
Python and TypeScript. The canonical strands-agents/harness-sdk monorepo
contains the Python SDK, TypeScript SDK, documentation site, WebAssembly
support, developer CLI tooling, governance docs, and supporting packages.
The project is relevant for Claude-adjacent teams because it treats the agent loop as application infrastructure: model providers, tools, MCP clients, streaming, structured output, hooks, traces, guardrails, and multi-agent patterns are first-class concerns rather than prompt-only conventions.
Install
For Python projects:
pip install strands-agents strands-agents-tools
For TypeScript projects:
npm install @strands-agents/sdk
Both SDKs default to Amazon Bedrock in the upstream quick start. Configure AWS credentials and model access first, or explicitly select another provider such as Anthropic, OpenAI, Gemini, Ollama, LiteLLM, Mistral, Writer, SageMaker, or a custom model integration.
Core Capabilities
| Area | Strands Agents Coverage |
|---|---|
| SDKs | Python package strands-agents and npm package @strands-agents/sdk |
| Model Providers | Bedrock default plus Anthropic, OpenAI, Gemini, Ollama, LiteLLM, Mistral, Writer, SageMaker, and custom providers |
| Tools | Python tools package, TypeScript Zod-typed tools, vended tools, custom tools, and MCP clients |
| MCP | Python mcp dependency and TypeScript MCP client support for attaching external MCP servers |
| Runtime Control | Agent loop, execution limits, hooks, steering handlers, guardrails, and streaming |
| Outputs | Structured output with validation, including Zod-backed TypeScript workflows |
| Multi-Agent | TypeScript graph and swarm patterns plus documented multi-agent examples |
| Observability | OpenTelemetry dependencies, telemetry exports, traces, hooks, and production guidance |
| Advanced Integrations | A2A, bidirectional streaming, Cedar policy hooks, sandbox exports, session storage, and WASM support |
MCP Fit
Strands is useful for MCP searches because MCP can be used as a tool source inside the agent runtime. A Strands app can combine local or remote MCP servers with custom application tools, provider-native model calls, structured outputs, and multi-agent orchestration.
Keep the boundary explicit. An MCP server may expose local files, browser automation, cloud infrastructure, documentation search, databases, SaaS accounts, or internal APIs. Strands provides the runtime connection; the app owner still has to define credentials, scopes, allowlists, logging, approvals, and rollback behavior.
Use Cases
- Build Python or TypeScript assistants that can swap model providers without rewriting the agent loop.
- Connect MCP servers to an agent alongside custom application tools.
- Add structured output validation to tool-using agents.
- Stream agent responses and events into a product UI or operations console.
- Coordinate multi-agent workflows with graph or swarm patterns.
- Instrument production agents with hooks, telemetry, traces, and deployment review.
- Prototype with Bedrock, then move to Anthropic, OpenAI, Gemini, Ollama, or another provider when deployment requirements change.
Source Review
Verified on 2026-06-18:
- The upstream README describes Strands Agents as a model-driven SDK for building AI agents in a few lines of code.
- The README says the monorepo contains
strands-py/,strands-ts/, WebAssembly support, developer CLI tooling, docs, and governance/process material. - The README documents Python installation with
pip install strands-agents strands-agents-toolsand TypeScript installation withnpm install @strands-agents/sdk. - The README says both SDKs default to Amazon Bedrock and that the quickstart covers Anthropic, OpenAI, Gemini, Ollama, and other providers.
- The Python SDK
pyproject.tomldeclares packagestrands-agents, Python>=3.10, Apache-2.0 licensing, AWS authorship,mcp, Pydantic, OpenTelemetry, and optional provider/A2A/bidirectional/Cedar extras. - The TypeScript package declares
@strands-agents/sdk, Node>=20.0.0, Apache-2.0 licensing, model exports, MCP client support, multi-agent exports, telemetry, vended tools, vended plugins, interventions, sandbox exports, and session storage. - PyPI resolves
strands-agentsversion1.44.0andstrands-agents-toolsversion0.8.1; npm resolves@strands-agents/sdkversion1.6.0. - GitHub reports Apache-2.0 licensing, an active default branch, and recent
activity for
strands-agents/harness-sdk.
Safety and Privacy
Strands is an application framework, so its risk profile comes from the model providers, tools, MCP servers, vended utilities, sandboxes, cloud resources, and observability systems connected to each agent. Treat each integration as a separate trust boundary with least-privilege credentials, audit logs, rate limits, timeouts, and human approval for high-impact actions.
Telemetry, traces, hooks, session stores, model calls, tool calls, MCP results, streaming events, and error logs may contain sensitive workspace or user data. Decide what is retained, who can inspect it, and which providers receive it before deploying a Strands agent to production.
Duplicate Check
Checked current content/tools/, content/mcp/, content/agents/,
content/skills/, content/guides/, open pull requests, and repository-wide
content for Strands Agents, Strands Agents SDK,
strands-agents/harness-sdk, strandsagents.com, strands-agents,
@strands-agents/sdk, strands-agents-tools, and Strands MCP. Existing
content mentions Strands only as an integration target for the AWS MCP Proxy;
no dedicated Strands Agents tools entry, exact source URL duplicate, target
file, or open duplicate PR was found.
Disclosure
Editorial listing. No paid placement or affiliate link is used.
Source citations
Add this badge to your README
Show that Strands Agents is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/tools/strands-agents)How it compares
Strands Agents side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Strands Agents Open-source Python and TypeScript SDK for building model-driven AI agents with any model provider, MCP tools, streaming, multi-agent patterns, structured output, observability, hooks, guardrails, and production deployment guidance. Open dossier | OpenAI Agents Python SDK Official Python framework for building multi-agent workflows with agents, tools, handoffs, guardrails, sessions, tracing, realtime voice agents, MCP tools, hosted tools, human-in-the-loop flows, and sandbox agents. Open dossier | OpenAI Agents JavaScript SDK Official JavaScript and TypeScript framework for building multi-agent workflows with agents, tools, handoffs, guardrails, sessions, tracing, realtime voice agents, MCP tools, hosted tools, and sandbox agents. Open dossier | AG2 Agent Framework Open-source Python AgentOS and multi-agent framework, evolved from AutoGen, for building conversable agents, group chats, swarms, human-in-the-loop workflows, tool use, RAG, code execution, and provider-backed agent systems. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | tools | tools | tools | tools |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | Strands Agents | OpenAI | OpenAI | AG2 |
| Added | 2026-06-18 | 2026-06-18 | 2026-06-18 | 2026-06-18 |
| Platforms | CLI | CLI | CLI | CLI |
| Source repo | — | — | — | — |
| Safety notes | ✓Strands agents can call custom tools, MCP tools, vended tools, model providers, HTTP APIs, file editors, shell tools, sandboxes, and multi-agent orchestrators; every tool needs explicit permission and side-effect review. The README says both SDKs default to Amazon Bedrock, so unattended examples may use AWS credentials and hosted model access unless the provider is changed. TypeScript exports include vended file-editor, HTTP request, bash, sandbox, intervention, plugin, telemetry, and session-storage surfaces; keep production credentials and filesystem scope narrow. Python optional extras include provider, A2A, bidirectional streaming, OpenTelemetry, Cedar, SageMaker, and other integrations; install only the extras needed for the current runtime. Hooks, guardrails, structured output validation, steering handlers, and traces help control behavior, but they do not replace authorization, audit logs, human approval, rollback plans, or domain-specific tests. | ✓Agents can call function tools, hosted tools, MCP tools, realtime tools, and sandbox agents; treat every tool as an API endpoint with explicit authorization, input validation, rate limits, and side-effect controls. Sandbox agents can inspect files, run commands, apply patches, and carry workspace state across longer tasks; restrict workspace scope and require human approval before destructive or high-impact actions. Guardrails are useful runtime checks, but they do not replace permission checks, least-privilege credentials, audit logs, or human review for risky operations. Handoffs and agents-as-tools can delegate work across agents; document which agent owns each tool, decision, retry, rollback, and escalation path. Realtime voice agents and human-in-the-loop flows need clear consent, interruption, recording, and operator takeover behavior. | ✓Agents can call function tools, hosted tools, MCP tools, realtime tools, and sandbox agents; treat every tool as an API endpoint with explicit authorization, input validation, rate limits, and side-effect controls. Sandbox agents can inspect files, run commands, apply patches, and carry workspace state across longer tasks; restrict workspace scope and require human approval before destructive or high-impact actions. Cloudflare Workers support is described upstream as experimental; review runtime compatibility, secrets, outbound network access, logging, request limits, and `nodejs_compat` behavior before production use. Guardrails help validate inputs and outputs, but they do not replace permission checks, least-privilege credentials, audit logs, or human review for risky operations. Handoffs and agents-as-tools can delegate work across agents; document which agent owns each tool, decision, retry, rollback, and escalation path. | ✓AG2 agents can converse, call tools, execute code, use retrieval systems, run browser workflows, and coordinate group chats; require explicit permissions and approval gates for high-impact actions. The upstream install docs and examples commonly involve provider credentials; keep API keys, config files, notebooks, and `.env` files out of commits and support tickets. Code execution, Docker, Jupyter, browser-use, and RAG extras can touch local files, network services, notebooks, databases, and external websites; scope them tightly before granting agent access. Multi-agent conversations can continue through nested chats, swarms, group chats, and custom reply handlers; define termination, escalation, retry, and human takeover behavior. Track the release roadmap before upgrading because deprecations and the v1.0 transition can change which APIs should be used for new work. |
| Privacy notes | ✓Prompts, chat history, system prompts, tool schemas, tool arguments, tool results, traces, hooks, model responses, streaming events, structured outputs, and errors can be sent to configured model providers or observability backends. MCP servers and vended tools may expose local files, shell output, HTTP responses, cloud resources, SaaS records, credentials, source code, and user data to the agent loop. AWS, Anthropic, OpenAI, Gemini, Ollama, LiteLLM, SageMaker, A2A, OpenTelemetry, and other integrations each have separate logging, retention, and access-control behavior. Do not publish AWS credentials, provider API keys, Bedrock model access details, OpenTelemetry endpoints, trace IDs containing sensitive metadata, filesystem paths, or generated run logs in public issues or PRs. | ✓Prompts, instructions, tool arguments, tool outputs, session history, traces, realtime audio events, sandbox files, logs, provider responses, and errors may contain user or workspace data. Do not expose secrets, tokens, private file paths, customer records, credentials, internal identifiers, or raw exceptions through traces, logs, prompts, tool schemas, or examples. When using MCP servers, hosted tools, Redis sessions, SQL-backed sessions, or observability systems, review each service's retention, access control, and third-party data handling separately. If sandbox agents operate on repositories or user files, define which files can be mounted, modified, committed, uploaded, logged, or returned to the model. | ✓Prompts, instructions, tool arguments, tool outputs, session history, traces, realtime audio events, sandbox files, logs, provider responses, and errors may contain user or workspace data. Do not expose secrets, tokens, private file paths, customer records, credentials, internal identifiers, raw exceptions, or voice transcripts through traces, logs, prompts, tool schemas, or examples. When using MCP servers, hosted tools, session stores, worker logs, observability systems, or deployment platforms, review each service's retention, access control, and third-party data handling separately. If sandbox agents operate on repositories or user files, define which files can be mounted, modified, committed, uploaded, logged, or returned to the model. | ✓Prompts, messages, tool arguments, tool outputs, code snippets, notebook state, retrieved documents, vector-store contents, provider responses, traces, and execution logs may contain sensitive user or workspace data. Do not expose secrets, API keys, private file paths, customer records, internal documents, database rows, or raw exceptions through agent messages, logs, notebooks, screenshots, or public examples. Provider extras and retrieval integrations can route data through OpenAI, Anthropic, Google, AWS, local model servers, databases, vector stores, browser automation, or other third-party services. If AG2 is used for code execution or browser automation, define which files, domains, credentials, downloads, screenshots, and logs can be read or retained. |
| Prerequisites |
|
|
|
|
| Install | | | | |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Featured in
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.