Back to OpenAI briefs

OpenAI Agents SDK: Sandboxes, Tools, and Long-Horizon Loops

OpenAI engineers demonstrate how the Agents SDK separates orchestration from compute, rehydrates ephemeral sandboxes, runs async shell loops, and adds human approvals to long-running agents.

Processed May 30, 2026
Infographic showing the OpenAI Agents SDK harness connected to ephemeral sandboxes, hosted shell tools, snapshots, and approval gates.

Executive Summary

OpenAI engineers demonstrate the new open-source Agents SDK featuring a model-native Codex-like harness, ephemeral sandbox execution environments, and deep Cloudflare R2 file system snapshot state management.

The Agents SDK decouples orchestration logic from the underlying compute, converting active runtime environments into entirely ephemeral, state-rehydrated sandboxes.

First-class platform abstractions allow immediate deployment across cloud runtimes like Modal, Cloudflare, Vercel, and local Docker instances.

A built-in async shell tool loop allows long-horizon multi-step trajectory monitoring across multiple days without locking developer system dependencies.

Key Takeaways

  • Frontier models are showing sharp upward trajectories in their capacity to sustain long-horizon execution paths autonomously over days or weeks.
  • Internal security agents leverage Codex infrastructure to continuously analyze and patch deep legacy software codebase vulnerabilities.
  • The orchestration complexity of manual loop tracking is replaced by automated native tool compaction and contextual rolling windows.
  • First-class sandbox capabilities support parallel isolated container execution with domain-restricted egress and ingress network filters.
  • The standard capability bundle includes automated file system patch generation, inline diff applications, and async shell command handling.
  • A new TypeScript framework implementation matches the core features of the original Python release to expand multi-tenant app support.
  • External block storage systems can be natively mounted as network file structures using API-compatible S3 or Cloudflare R2 strategies.

Builder Implications

  • Stop spending engineering time writing custom agent loops and switch directly to model-native harnesses optimized for distribution.
  • Remove sensitive operational secrets and credentials from runtime containers to eliminate the risks of prompt injection and exfiltration attacks.
  • Store conversational rollouts and compressed file snapshots as clean JSON database records to support multi-node pause and resume states.
  • Integrate human-in-the-loop function decorators to explicitly intercept critical runtime operations like deployment status toggles.
  • Deploy a hierarchical multi-agent supervisor system that leverages messaging layers to track independent specialized worker containers.

Things to Verify

  • Test the precise container spin-up and snapshot rehydration latencies when fetching massive file tarballs from R2 buckets.
  • Verify how the context compaction algorithm impacts downstream semantic preservation during 50+ turn tool loops.
  • Measure the runtime execution performance delta between natively copied sandbox file assets and network-mounted storage paths.
  • Confirm the network boundary isolation consistency when applying strict domain allow-lists to hosted responses containers.