Codex on Windows has a sandbox built for the way coding agents run! By default, Codex needs to read files across the environment, write inside the workspace, run normal tools like shells/Git/Python/package managers, and keep network access constrained unless the user allows it.