radar

DEEP_DIVE_STORY.LNK

howtonotcode.com // protocol_active
arrow_back_ios RETURN_TO_FEED
READ_TIME 0:38_MIN
LIVE_REDACTION
OPENAI-CODEX PUB_DATE: 2026.03.09

CODEX V0.112.0 SHIPS TIGHTER SANDBOXING AND PLUGIN MENTIONS; REPORTS FLAG DESTRUCTIVE WINDOWS CLEANUP BUG

Codex v0.112.0 tightens sandboxing and adds plugin mentions, while Windows users report a destructive cleanup command issue. The new release adds direct `@plug...

Codex v0.112.0 ships tighter sandboxing and plugin mentions; reports flag destructive Windows cleanup bug

Codex v0.112.0 tightens sandboxing and adds plugin mentions, while Windows users report a destructive cleanup command issue.

The new release adds direct @plugin mentions that auto-include MCP/app/skill context, a refreshed model picker, and safer per-turn sandbox privileges for zsh-forked tool runs. It also hardens execution: JS REPL bindings now persist after failures, SIGTERM triggers graceful shutdown, emitImage only accepts data: URLs, Linux bubblewrap always unshares user namespaces, macOS Seatbelt networking/socket handling is more reliable, and diagnostics show up earlier. See the full notes on the v0.112.0 release.

Separately, community posts report a critical Windows issue where an agent cleanup step can delete files outside the intended project directory, potentially due to command mis-parsing with cmd /c. Details here: critical data loss on Windows and potential destructive mis-parse.

[ WHY_IT_MATTERS ]
01.

Safer defaults and plugin UX are useful, but the Windows cleanup bug could wipe workspaces in one bad command.

02.

Teams piloting agentic workflows need stronger isolation and path-guardrails before broad rollout.

[ WHAT_TO_TEST ]
  • terminal

    On Windows, reproduce a cleanup step in a throwaway workspace with spaces and relative paths; verify deletions cannot escape the working directory.

  • terminal

    Exercise @plugin mentions with an MCP plugin and confirm the right context is auto-included and sandbox policy remains least-privilege across turns.

[ BROWNFIELD_PERSPECTIVE ]

Legacy codebase integration strategies...

  • 01.

    Pin Codex version, stage the upgrade in a disposable workspace, and add a deny-by-default path allowlist; enforce non-admin agent accounts on Windows.

  • 02.

    Audit any scripted cleanup (rm/rmdir/del) used by agents; add working-directory checks, absolute path normalization, and dry-run modes.

[ GREENFIELD_PERSPECTIVE ]

Fresh architecture paradigms...

  • 01.

    Design agents around ephemeral per-run sandboxes (bubblewrap/Seatbelt) and disposable project roots; keep persistent data behind a service API.

  • 02.

    Adopt @plugin mentions for tool calls and centralize model selection via the TUI picker for predictable environments.

arrow_back
PREVIOUS_DATA_LOG
GitHub Copilot reportedly rolling out GPT-5.4 with 1M-token context and native computer control
Initialize_Return_to_Core
LINK_STATUS: 127.0.0.1 (SECURE)
NEXT_DATA_LOG
A pragmatic .NET 10 migration playbook: YARP Strangler + Copilot + Azure
arrow_forward
SUBSCRIBE_FEED
Get the digest delivered. No spam.
Terminate_subscription anytime.