The way I interpret this. Prior to this, Claude would run code directly in the user's computer, whereas codex runs stuff in codex sandbox and asks for permissions to run outside it, like I show in example - Codex asking to run outside the Codex sandbox