What OpenAI Agents SDK v0.14 means for the memory layer market

On April 15, OpenAI released openai-agents-python v0.14.0. The headline: Sandbox Agents — a new SDK surface with workspace memory, per-run manifests, and seven hosted sandbox providers (Blaxel, Cloudflare, Daytona, E2B, Modal, Runloop, Vercel). Runs can be snapshotted and resumed. Memory surfaces prior-run lessons into later runs, with read-only, generate-only, and multi-turn grouping modes.

It's a meaningful release, and it meaningfully changes the memory-layer market.

Memory is a commodity now

"Persistent memory for agents" used to be a headline. As of Tuesday it reads as table stakes. OpenAI ships it. LangChain has it. Mem0, Letta, Cognee, Beads — they all ship it. If you're picking a memory layer in 2026, you're picking between features and ergonomics, not between having and not having.

That's not an insult to any of those projects. It's what commoditization looks like. The primitive works, the category matures, and the differentiation moves.

What OpenAI didn't ship

Three things, all structural:

Tamper-evident audit. v0.14 has unified sandbox tracing with SDK spans, plus "safer redaction of sensitive MCP tool outputs." That is observability — debugging-grade visibility. It is not forensics. There is no cryptographic hash chain, no non-repudiation, no way to detect that a trace was edited after the fact. Traces tell you what probably happened. An audit chain proves it.

Policy-gated actions. v0.14 adds built-in capabilities for shell, filesystem, image inspection, and memory. None of them are gated by an approval flow. If your agent has shell access and decides to run rm -rf, it runs rm -rf. Production agents need a "wait, ask a human first" primitive for risky actions. OpenAI doesn't ship one.

Transactional rollback. OpenAI snapshots are excellent — they restore the sandbox workspace so you can reconnect to in-progress work. But they restore files, not governed state. When an agent writes three memories based on a stale context window and one of those memories is wrong, you need to rewind the agent's context, memory pointers, capability bindings, and policy snapshot in a single transaction — with the audit chain preserved through the rewind. Workspace snapshots don't do this. Transactional governance rollback does.

Complement, don't compete

We don't think this is adversarial. OpenAI ships a fantastic runtime for running an agent. We ship governance that sits underneath any runtime. They're complementary — and we're proving it by making the integration one line of setup.

Today we published novyx-openai-agents v0.1.0 to PyPI. It wraps OpenAI's RunHooks interface, so every tool call and model turn from an OpenAI Agents run lands in Novyx's SHA-256 audit chain, every risky action can be gated, and every run is rewindable by checkpoint. Keep your OpenAI code exactly as is. Get governance underneath.

pip install novyx-openai-agents

from agents import Agent, Runner
from novyx_openai_agents import NovyxRunHooks

agent = Agent(name="my-agent", instructions="...", tools=[...])
hooks = NovyxRunHooks(api_key="nram_...", agent_id="my-agent")

result = await Runner.run(agent, "user input", hooks=hooks)

# Every tool call + model turn is now in Novyx's audit chain.
# If the run went sideways:
hooks.rollback_to_latest()

The bigger shift

For the last year the question for AI infra was "does this help my agent remember?" For the next year it's going to be "can I prove what my agent did, stop what I don't want it to do, and undo what went wrong?"

Memory is the substrate. Governance is the product. OpenAI's release makes that clearer, not less.