Descriptions:
OpenAI’s Codex agent is now available as a native Windows application, and NetworkChuck uses the launch as a hook to explore what “Windows native” actually means under the hood — specifically, how OpenAI engineered an agent sandbox to safely confine autonomous code execution on a general-purpose desktop operating system.
The video walks through installing Codex from the Windows App Store and connecting it to a ChatGPT subscription, then digs into the security architecture. Codex creates two dedicated Windows user accounts — Codex sandbox online and Codex sandbox offline — and assigns each a restricted synthetic identity (SID) with filesystem access limited to a designated project folder. By default, the agent runs as the no-network user, meaning it cannot reach the internet. NetworkChuck verifies this live using icacls and the PowerShell net users command, showing that the SID appears on the project folder but not on any other directory. The agent can run PowerShell, Python, and Git within that scope, and nothing else.
Alongside the Codex walkthrough, the video weaves in seven Windows trivia moments — including the story of Microsoft modifying Windows 95 to accommodate a SimCity bug, and how enabling Hyper-V on Windows 11 Pro silently turns the OS into a guest on a Type 1 hypervisor identical to Azure’s. The sandbox explanation is the most technically substantive part and is directly useful for developers evaluating how agentic coding tools handle permission boundaries on Windows.
📺 Source: NetworkChuck · Published June 01, 2026
🏷️ Format: Tutorial Demo
