Agents SDK gains sandboxed execution, approval workflows and tracing for safer OpenAI agents

OpenAI said on April 15 that its Agents SDK now includes native sandbox execution and a model-native harness for longer-running agent tasks. (openai.com) In plain terms, the harness is the control layer around the model, and the sandbox is the locked-down computer where the agent does work. OpenAI’s docs say the harness handles tool routing, approvals, tracing, recovery and run state, while the sandbox handles files, commands, packages, ports and snapshots. (developers.openai.com) That split is meant to keep sensitive controls outside the container that runs model-directed code. OpenAI says the harness can stay on a company’s own infrastructure while the sandbox runs with narrower mounts and credentials. (developers.openai.com) The practical problem is that many agents need more than a prompt window. OpenAI says tasks like inspecting document folders, writing artifacts, running scripts, previewing reports on exposed ports, and resuming paused work all need a persistent workspace. (developers.openai.com) The updated SDK adds approval gates to those workflows. OpenAI’s broader agent security docs say approval policies can force an agent to stop and ask before actions like leaving a sandbox, using the network, or calling tools with side effects. (developers.openai.com 1) (developers.openai.com 2) Tracing is the other control OpenAI is emphasizing. The Agents SDK docs describe tracing as the debugging and observability layer for agent runs, and the main guide tells developers to use traces to inspect and improve workflows before moving into evaluation loops. (github.com) (developers.openai.com) OpenAI is positioning the release as infrastructure for “long-horizon” work, not just single replies. TechCrunch reported product lead Karan Sharma said the goal is to let developers build those agents with OpenAI’s harness on top of whatever infrastructure they already use. (techcrunch.com) The first release is in the Python Agents SDK. OpenAI’s product post shows installation with `openai-agents>=0.14.0`, and its documentation says sandbox agents are currently available only in Python, with TypeScript support planned later. (openai.com) (developers.openai.com) (techcrunch.com) The pitch is straightforward: keep the agent’s computer work inside an isolated workspace, keep approvals and audit trails in the control plane, and let the run resume when a human signs off. That is the shape OpenAI is now standardizing in its SDK. (developers.openai.com) (openai.com)