Test New Windows CLI Sandbox For Enhanced Security

Hi there, Windows enthusiasts and command-line wizards! We've got some exciting experimental features rolling out for the Windows CLI, and your help in testing them would be absolutely fantastic. If you're someone who frequently uses the command-line interface (CLI) on native Windows, we've got a special treat for you. We're looking for brave testers to dive into a highly experimental filesystem and network sandbox. The goal here is to pave the way for a future where our Codex agent mode runs with significantly enhanced security and safety, requiring far fewer user approvals for its operations. Imagine a smoother, more secure workflow where the agent can operate with greater autonomy because it's running in a much more controlled environment. This sandbox is designed to isolate potentially risky operations, providing a robust layer of protection. As we refine this technology, it will unlock more advanced capabilities for the agent, making it even more powerful and reliable for your development tasks. We believe this is a crucial step towards a more secure and efficient AI-assisted development experience on Windows.

Now, let's talk about the current biggest caveat, and this is important for you to be aware of. At this early stage, the sandbox does not prevent file writes, deletions, or creations in any directory where the 'Everyone' SID already has write permissions. Think of it as 'world-writable folders'. This means that if a folder is already set up to allow anyone to modify its contents, the sandbox won't add an extra layer of protection within that specific, broadly permissive directory. This is a known limitation we're actively working on, and it’s precisely why your testing is so invaluable. We need to understand how this limitation impacts real-world usage and identify any scenarios where this might pose a security concern that we haven't fully anticipated. Reporting these edge cases will directly contribute to strengthening the sandbox's capabilities. We're committed to addressing this as a priority, and your feedback will be instrumental in guiding our efforts to make the sandbox as secure as possible across all directory types.

In practice, this means that various commands you might expect to succeed could potentially fail when running within this experimental sandbox. This is part of the testing process – identifying these friction points and rough edges. Don't be alarmed if a command doesn't work as expected; instead, consider it an opportunity to contribute to the project's improvement. We are eager to hear about these instances. Your reports will help us pinpoint bugs, performance issues, and areas where the sandbox's interaction with the Windows file system or network stack isn't as seamless as it should be. Whether it's a command failing unexpectedly, an error message that's unclear, or a performance degradation, please share it with us. The more detailed information you can provide – like the command you ran, the expected outcome, the actual outcome, and any error messages – the better we can diagnose and fix the issues. This collaborative approach is key to developing robust and reliable tools. We're not just asking you to test; we're inviting you to become a partner in shaping the future of secure CLI operations on Windows.

To get started with this exciting, albeit experimental, feature, you can run the following command in PowerShell. This setup will enable the experimental Windows sandbox, configure it to allow workspace writes, and set it to ask for approval on demand, which is a great way to monitor its behavior initially. We've included the command here for your convenience:

codex \
--enable enable_experimental_windows_sandbox \
--sandbox workspace-write \
--ask-for-approval on-request

This command is your gateway to exploring the sandbox. By enabling enable_experimental_windows_sandbox, you're activating the core functionality. The --sandbox workspace-write flag specifically configures the sandbox to allow write operations within your workspace, which is essential for development tasks. Finally, --ask-for-approval on-request means the agent will prompt you before performing certain actions, giving you visibility and control, especially during this testing phase. It’s a good intermediate step before potentially moving to a more automated approval process once the sandbox is more stable. Remember, this is cutting-edge technology, and your interaction with it is highly valued.

For those who like to dive deeper into the technical details, we have some minimal documentation available. You can find it on our GitHub repository at: https://github.com/com/openai/codex/blob/main/docs/sandbox.md#platform-sandboxing-details. While it's still a work in progress, this document provides essential information about the platform sandboxing details. It outlines the architecture, the current limitations, and the intended behavior of the sandbox. We encourage you to read through it to gain a better understanding of what you're testing and how it functions. Even though the documentation is minimal, it serves as a starting point for your exploration. We plan to expand it significantly as the feature matures, but for now, it’s the best resource to understand the technical underpinnings of the experimental sandbox. Your feedback on the documentation itself is also welcome – is it clear? Is anything missing? Let us know!

So, please, dive in, experiment, and happy testing! We genuinely appreciate your willingness to help us identify bugs, suggest improvements, and generally push the boundaries of what's possible. Your contributions are vital to making this experimental Windows CLI sandbox a robust, secure, and indispensable tool for everyone. Thank you in advance for your time, effort, and valuable insights. We're excited to see what you discover and to work together to build a more secure future for AI-assisted development on Windows. Don't hesitate to report any findings, big or small, through the usual channels. We're listening!

_Originally posted by @ae-openai in https://github.com/openai/codex/discussions/6065_

For more information on Windows security best practices, you can visit the official Microsoft Security website: Microsoft Security. For deeper dives into command-line tools and scripting, TechNet offers a wealth of resources: Microsoft TechNet.