OpenAI Updates Agents SDK, Adds Sandbox

OpenAI released a major update to the Agents SDK that introduces a model-native harness and native sandboxed execution so agents can inspect files, run commands, edit code, and complete long-horizon tasks within controlled environments. The new capabilities ship first for Python and expose primitives and orchestration tuned to OpenAI models; TypeScript support is planned. The SDK now supports sandbox clients such as UnixLocalSandboxClient and shows examples using SandboxAgent with gpt-5.4 in the documentation.

The update shifts the SDK from a minimal orchestration layer toward a harness that understands model operating patterns and provides safe runtime contexts. Key technical elements include:

• •SandboxAgent, Runner.run, and RunConfig for authoring and executing agent runs inside sandboxes
• •Manifest and LocalDir for declaring controlled workspace mounts and file-access surfaces
• •Sandbox clients like UnixLocalSandboxClient to isolate execution from host systems
• •Built-in primitives for tool use (MCP), progressive disclosure via AGENTS.md, file edits via apply_patch, and shell code execution
• •Configurable memory, durable execution primitives, and hooks for multi-agent orchestration and tracing

The docs include executable Python examples that create ephemeral datarooms, seed files, instantiate a SandboxAgent with explicit instructions, and run comparison tasks using Runner.run. The release notes and coverage indicate the SDK is generally available via the OpenAI API under standard token-and-tool pricing. Additional features, including a dedicated code mode and subagent patterns, are listed as in development.

Agents are evolving from experimental notebooks and ad-hoc orchestrators into platform-grade constructs that need predictable safety and data controls. Model-agnostic frameworks trade off alignment with frontier models, while managed agent APIs constrain where work runs and how sensitive data is accessed. By providing a model-native harness, OpenAI reduces the engineering lift required to exploit frontier model behavior while keeping agents closer to the model's latency and capability assumptions. Native sandboxing addresses a critical pain point for practitioners: executing code and shell commands safely without exposing the host or sensitive datasets. This matters for teams building legal, finance, and enterprise document workflows where agents must read evidence, mutate code, or run analyses under auditability and least-privilege constraints.

Track the TypeScript release and the SDKs integrations with cloud storage and durable execution. Pay attention to how teams adopt apply_patch and sandbox clients in production, and whether additional governance controls, logging, and RBAC primitives follow rapidly.

If you build autonomous workflows, adopt the new harness to reduce bespoke infrastructure, use the sandbox clients for any code execution, and treat Manifest-driven mounts and AGENTS.md instructions as primary controls for auditability and least privilege.