OpenAI Adds Sandboxed Execution to Its Agents SDK

OpenAI pushes agent tooling further toward production use

OpenAI has released a major update to its Agents SDK, adding native sandbox support and a broader set of built-in tools for developers building long-running AI agents. According to the supplied source text, the update gives developers building blocks for agents that can inspect files, run commands, edit code, and handle more complex tasks inside protected environments.

The change matters because it shifts the SDK from a simple orchestration layer toward something closer to a full execution framework. In the supplied report, OpenAI positions the SDK as the connective tissue between user requests, AI models, and the tools those models need to complete work. That includes Model Context Protocol support for tool usage, shell-based code execution, file editing through an apply-patch tool, and custom instructions through AGENTS.md files.

Native sandboxes are the headline feature

The most important addition in the update is native sandbox support. OpenAI says agents can now run in isolated environments with their own files, tools, and dependencies. The company says the SDK works with providers including Cloudflare, Vercel, E2B, and Modal, while also allowing developers to plug in their own sandbox implementations.

That isolation model addresses one of the central concerns around agent systems: how to let models do useful work without giving them broad, fragile, or unsafe access to production environments. The source text says OpenAI views the separation of control logic from the underlying computing environment as a way to make agents more secure, more stable, and easier to scale.

Just as important, the report says the new setup improves recovery. If something breaks, an agent can resume work in a fresh container rather than failing entirely. That kind of restartability is likely to matter for developer tools, research workflows, and automation tasks that run longer than a single request.

More structure around files and external storage

The update also introduces a manifest function that describes the workspace available to an agent. In the source text, that manifest supports local files as well as cloud storage options including AWS S3, Google Cloud Storage, and Azure Blob Storage. That suggests OpenAI is designing the SDK for work that spans both local development environments and cloud-hosted data.

For developers, that kind of explicit workspace description can make agent behavior easier to reason about. Rather than giving a model vague or overly broad access, the system can define what files and storage locations exist and how they should be used. The source text does not go into implementation detail, but it clearly frames the manifest as part of a more disciplined operating model for agents.

Tooling points to more capable software agents

The bundle of new capabilities is notable because it combines actions that are often fragmented across custom agent stacks. In the report, OpenAI highlights tool access through MCP, shell execution, file patching, and instruction files. Taken together, those are the pieces needed for agents that can inspect a codebase, decide on changes, apply edits, and continue operating across longer sessions.

The update therefore looks less like a minor SDK revision and more like an effort to standardize a pattern that many teams have been assembling on their own. By shipping these pieces together, OpenAI appears to be narrowing the gap between experimental agent demos and deployable agent systems.

• Native sandbox support isolates files, tools, and dependencies.
• MCP integration broadens how agents can call tools.
• Shell execution and apply-patch editing support practical coding workflows.
• Workspace manifests extend agent access to local and cloud storage.

Python now, TypeScript later

OpenAI says the new features are available in Python today, with TypeScript support on the way. That staggered rollout matters because Python is already a common language for AI tooling, while TypeScript is critical for web and product teams that want to integrate agents into mainstream applications. The source text does not provide a date for the TypeScript release, only that it is coming.

The company also says standard OpenAI API pricing applies. That means the SDK update expands capability without introducing a separate pricing model in the supplied report, though total cost for real-world deployments will still depend on model usage and workload design.

Why this update stands out

The larger significance of the release is that OpenAI is treating agents as operational software, not just prompting experiments. The combination of controlled execution, recoverable environments, patch-based editing, and workspace manifests points to a more disciplined model of how AI systems can act on digital environments.

That does not mean every concern is resolved. The supplied article does not claim that sandboxes eliminate all risk, only that they make agent deployments safer and more robust. But the direction is clear: OpenAI is packaging the infrastructure needed for agents that do more than answer questions. They can inspect, modify, and continue work inside bounded environments designed for that purpose.

For developers tracking the evolution of AI agents, this update is a meaningful step. It gives teams more of the plumbing they need out of the box, and it shows where the platform is headed: toward agents that can take action, recover from failure, and operate inside explicitly defined execution boundaries.

This article is based on reporting by The Decoder. Read the original article.