OpenAI Codex Arrives on Windows with the First Native Agent Sandbox

OpenAI announced that the Codex desktop application is officially supported on Windows and can be installed directly from the Microsoft Store on Windows 10 version 19041.0 or later.

The app is positioned as a "command center for agentic software development" and provides several core capabilities:

Multi‑Agent Parallelism : run multiple coding agents organized by project and thread.

Long‑Task Management : background execution without disrupting other work.

Diff Review : clear change visualization with comment support before merging.

Reusable Skills : package tools, scripts, and team conventions for repeated use.

Automation Workflows : schedule and repeat tasks.

Crucially, the Windows version runs natively and supports PowerShell directly, eliminating the need for WSL or a virtual machine—a significant benefit for teams that rely on native Windows development environments such as .NET, Unity, or game development.

The first Windows‑native agent sandbox.

OpenAI created a dedicated Windows‑native sandbox to isolate AI agents that execute code, read/write files, and run commands, preventing unrestricted system access. The sandbox is implemented in Rust and consists of three security layers:

Restricted Tokens : creates limited tokens with specific SIDs, offering read‑only and workspace‑write modes, and launches agents via CreateProcessAsUserW so they start confined.

File‑System ACLs : dynamically applies deny‑write rules to sensitive directories (system folders, user profiles), which are rolled back after the agent finishes.

Dedicated Sandbox User : runs agents under a hidden shadow account with its own profile, fully isolated from the primary user.

The overall execution flow is: parse security policy → create restricted token → set file ACLs → create I/O pipes → launch restricted process → monitor timeout → clean up and roll back.

The entire sandbox implementation is completely open source. The relevant code resides in the openai/codex repository under codex‑rs/windows‑sandbox‑rs, with build scripts, Windows manifest files, and smoke tests all available on GitHub.