OpenAI buys Ona (ex‑Gitpod) to run Codex…

OPENAI PUB_DATE: 2026.06.13

OPENAI BUYS ONA (EX‑GITPOD) TO RUN CODEX/AGENTS IN CUSTOMER‑CONTROLLED SANDBOXES

OpenAI is acquiring Ona to run Codex and future agents inside customer‑controlled, persistent sandboxes. OpenAI says Ona brings “secure, persistent environment...

OpenAI is acquiring Ona to run Codex and future agents inside customer‑controlled, persistent sandboxes.

OpenAI says Ona brings “secure, persistent environments” so agents can access tools and keep state across sessions, moving execution from a single device to infrastructure customers control InfoWorld. TechRadar frames this as a coming shift for Codex’s execution model toward enterprise‑ready isolation and governance TechRadar.

This targets long‑standing enterprise fears: uncontrolled file access, runaway token spend, and agent lateral movement. Current community pain points—Docker‑in‑Docker friction and rate‑limit/usage visibility asks—underscore the need for customer‑owned workspaces (Docker in Docker, Flexible rate limit resets, Usage visibility).

A community guide pegs Codex at five million weekly active users and argues the unit of work has shifted from prompts to long‑running runs, which fits this move toward persistent environments Substack guide.

[ WHY_IT_MATTERS ]

01.

Customer‑controlled sandboxes reduce risk from agents touching prod systems and help enforce guardrails, budgets, and audit.

02.

Persistent workspaces shift Codex from chat snippets to durable, resumable runs that fit real engineering workflows.

[ WHAT_TO_TEST ]

terminal
Pilot Codex against a self‑hosted sandbox: validate network egress policies, filesystem isolation, secrets access, and per‑run budget enforcement.
terminal
Exercise Docker‑in‑Docker builds and toolchains inside the sandbox; measure cold‑start, caching, and idempotency across resumed runs.

[ BROWNFIELD_PERSPECTIVE ]

Legacy codebase integration strategies...

01.
Map agent identities to your IAM, SIEM, and DLP; require change windows and approvals for destructive ops.
02.
Pin egress to allow‑listed endpoints, mirror prod data as masked snapshots, and set hard spend/rate‑limit ceilings.

[ GREENFIELD_PERSPECTIVE ]

Fresh architecture paradigms...

01.
Design jobs as agent runs with explicit tools, budgets, and checkpoints inside isolated workspaces from day one.
02.
Use environment templates to standardize toolchains and auditing, then scale horizontally per branch or pipeline.

Enjoying_this_story?

Get daily OPENAI + SDLC updates.

Practical tactics you can ship tomorrow
Tooling, workflows, and architecture notes
One short email each weekday

arrow_back

PREVIOUS_DATA_LOG

US order yanks Claude Fable 5 just after it tops coding charts

Initialize_Return_to_Core

LINK_STATUS: 127.0.0.1 (SECURE)

NEXT_DATA_LOG

Pinterest’s open-source, graph-tuned stack outperforms bigger models on cost, latency, and accuracy

arrow_forward