A merged commit in Codex's repository does one focused, important thing: it preserves parent sandbox enforcement for memory consolidation. If you run Codex on untrusted or semi-trusted tasks, this is the kind of fix worth knowing about.
The shape of the bug
Memory consolidation is the process where an agent summarizes and stores what it learned so a later session can pick up where it left off. The commit implies that, during that consolidation step, the parent session's sandbox boundaries were not being carried through to the work doing the consolidation. In practice that means a sub-process spawned to tidy up memory could operate outside the restrictions you set on the parent — wider file access, weaker network rules, looser execution scope.
Why it matters
Sandbox enforcement is the control that keeps an agent from reading files it should not, or writing where it must not. When a background housekeeping task silently drops those boundaries, you lose the guarantee at exactly the moment you are not watching. Memory consolidation is the kind of thing that runs quietly after the fact, so a boundary escape there is hard to notice and easy to exploit.








