AgentScope 2.0: Alibaba’s production agent framework

Alibaba’s Tongyi Lab published AgentScope 2.0 and made the new documentation available on docs.agentscope.io on May 26, 2026, marking a public push for production‑grade agent tooling.

AgentScope 2.0 is presented as a major, breaking update to the open framework that powers multi‑agent applications, with an emphasis on safer execution, clearer observability and hosting features aimed at operators and platform engineers.

The 2.0 documentation highlights four production capabilities prominently: execution security and sandboxes, a fine‑grained permission system, streaming telemetry for live traces and metrics, and a multi‑tenant Agent Service for hosting agents at scale. Those items form the core pitch to developers who need predictable, auditable agent behavior in production.

The Permission System in AgentScope 2.0 intercepts every tool call and can ALLOW, DENY or ASK for human confirmation, combining static rules, runtime checks and configurable modes such as DEFAULT, EXPLORE and BYPASS. The docs show examples for pattern rules, dangerous‑path protection and recipes for unattended automation or read‑only exploration.

Execution security is tighter in 2.0: the framework can run untrusted code inside isolated sandboxes, block dangerous filesystem targets, and hold or offload high‑risk actions to backends for review. The documentation says these checks are bypass‑immune for certain classes of operations.

Observability in AgentScope 2.0 is built on OpenTelemetry and exports traces, token usage and event streams so teams can monitor LLM calls, tool invocations and agent replies in real time or export them to OTLP backends. The docs point to both a built‑in Studio UI and third‑party backends for analysis.

AgentScope’s Agent Service turns agents into a multi‑tenant, multi‑session HTTP host with REST + SSE streaming, per‑user ownership of credentials and sessions, session replay, background task offloading and pluggable workspace isolation strategies. The service is designed to sit behind an organization’s auth gateway and scale a single deployment across many users.

The release is explicitly aimed at developers and platform teams deploying agents in production. The coverage notes AgentScope 2.0 is available in Python and TypeScript today, with Java support announced as forthcoming, and recommends migration planning because 2.0 contains breaking changes from 1.0.

AgentScope Runtime messaging and tooling—including a typed event stream for every step an agent takes—make it easier to build responsive UIs, attach human‑in‑the‑loop checkpoints, and replay runs for debugging or compliance purposes. Those capabilities are part of the framework’s effort to make agent behavior observable and repeatable.

The timing of AgentScope 2.0 reflects a broader maturation of open agent runtimes: labs and vendors are increasingly publishing containment, observability and permission strategies as standard features rather than ad‑hoc add‑ons. Industry posts and roundups that covered multiple agent announcements on May 25–26 place AgentScope’s release alongside similar moves by other major labs.

For teams evaluating AgentScope 2.0, the immediate tradeoffs are familiar: richer safety and observability come with integration work to wire your identity, OTLP backend and workspace isolation into the service, and migration from 1.x will require code and config updates. The documentation includes a changelog and migration guidance to help plan that work.