Architecture AI Updates: June 7, 2026

1. Composing OS Primitives to Sandbox Coding Agents on Windows

Leela Kumili on InfoQ. Coverage of OpenAI’s Codex sandbox on Windows details an architecture that isolates autonomous coding agents using native operating-system security primitives rather than heavier virtualization. The design offers two implementations: an unelevated sandbox that combines security identifiers, access control lists, and write-restricted tokens to expose only designated writable locations while protecting sensitive directories like Git metadata, and an elevated sandbox that runs commands under dedicated local accounts with isolated restricted tokens and configurable firewall rules spanning filesystem and network boundaries. The architectural takeaway is that existing OS primitives can be recombined to give agents meaningful isolation without sacrificing the usability developers expect in real-world environments. Source