Problem
Computer Use currently behaves like a single shared desktop-control surface. That makes it difficult to run multiple Codex agent instances that each need to use different apps or browser sessions at the same time.
The desired workflow is to have several agent instances operating in parallel, each with its own Computer Use context. For example:
- Agent A uses an approved browser session to retrieve a value from Google Cloud Console.
- Agent B works in YouTube Studio or another browser profile.
- Agent C drafts or posts through x.com after user approval.
Today, that kind of workflow is not practically supported. Even when multiple Codex sessions/subagents exist, Computer Use does not expose a clear per-agent desktop session, window lease, app lease, browser profile, virtual display, or conflict-resolution contract.
Current local evidence
Environment from a current macOS install:
Codex app: 26.429.30905
Codex CLI: codex-cli 0.128.0
Computer Use plugin: openai-bundled/computer-use/1.0.770
macOS: 26.2 arm64
The Computer Use plugin is wired as a bundled MCP helper:
{
"mcpServers": {
"computer-use": {
"command": "./Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient",
"args": ["mcp"],
"cwd": "."
}
}
}The exposed tool model is app-targeted, not session-targeted. For example, calls take an app name or bundle identifier, and get_app_state must be called before interaction in a turn. There is no visible session_id, window_id, lease token, browser profile ID, virtual desktop ID, or concurrency primitive in the user-facing tool contract.
I also see multiple SkyComputerUseClient mcp processes locally, which suggests multiple helper processes may be spawned, but that is not the same as product-level concurrent Computer Use. The shared desktop still has one foreground focus, one keyboard/mouse stream, shared macOS approvals, and no visible arbitration when multiple agents want to act.
Related but distinct existing issues:
This issue is specifically about safe concurrent Computer Use by multiple Codex agents.
Requested behavior
Please add a supported concurrency model for Computer Use so multiple Codex agents can operate in parallel on disjoint targets.
Useful product/API shapes could include:
- per-agent Computer Use session IDs
- explicit app/window/tab leases
- browser-profile or ephemeral-browser allocation per agent
- optional virtual displays or isolated desktop contexts
- a visible queue/lock when two agents request the same app, window, browser profile, or screen region
- parent/orchestrator supervision that can pause, revoke, or reassign an agent's Computer Use lease
- clear audit logs showing which agent clicked, typed, scrolled, read screenshots, or submitted data
Conflict handling
If two agents target different apps/windows, they should be able to proceed concurrently or with minimal scheduling.
If two agents target the same app/window, Codex should surface the conflict explicitly, for example:
Computer Use lease denied: Agent B requested Google Chrome window 3, but Agent A holds the lease until it yields or the user revokes it.
The important part is that focus stealing, mouse collisions, hidden keystrokes, or silent shared-state races should not happen.
Security requirements
Parallel Computer Use needs stronger safety semantics than single-agent use:
- user-visible identity for each agent instance
- per-agent app/window/browser-profile permission scopes
- approval gates for secrets, payments, posting, sending, deletion, and account changes
- deterministic revocation of a specific agent's Computer Use access
- audit trail for each agent's desktop actions
- no accidental cross-agent leakage of screenshots, page contents, form fields, or session cookies
Acceptance criteria
- Three Codex sessions/agents can each request Computer Use concurrently.
- When agents target disjoint apps or isolated browser profiles, each can inspect and act without stealing focus from the others.
- When agents target the same app/window/profile, Codex queues or rejects the second request with an explicit conflict reason.
- The user can see which agent currently controls each app/window/profile and can revoke that access.
- Logs/audits identify which agent performed each Computer Use action.
- Sensitive workflows, such as reading a console secret or submitting a social post, remain gated by explicit user approval.
Problem
Computer Use currently behaves like a single shared desktop-control surface. That makes it difficult to run multiple Codex agent instances that each need to use different apps or browser sessions at the same time.
The desired workflow is to have several agent instances operating in parallel, each with its own Computer Use context. For example:
Today, that kind of workflow is not practically supported. Even when multiple Codex sessions/subagents exist, Computer Use does not expose a clear per-agent desktop session, window lease, app lease, browser profile, virtual display, or conflict-resolution contract.
Current local evidence
Environment from a current macOS install:
The Computer Use plugin is wired as a bundled MCP helper:
{ "mcpServers": { "computer-use": { "command": "./Codex Computer Use.app/Contents/SharedSupport/SkyComputerUseClient.app/Contents/MacOS/SkyComputerUseClient", "args": ["mcp"], "cwd": "." } } }The exposed tool model is app-targeted, not session-targeted. For example, calls take an
appname or bundle identifier, andget_app_statemust be called before interaction in a turn. There is no visiblesession_id,window_id, lease token, browser profile ID, virtual desktop ID, or concurrency primitive in the user-facing tool contract.I also see multiple
SkyComputerUseClient mcpprocesses locally, which suggests multiple helper processes may be spawned, but that is not the same as product-level concurrent Computer Use. The shared desktop still has one foreground focus, one keyboard/mouse stream, shared macOS approvals, and no visible arbitration when multiple agents want to act.Related but distinct existing issues:
This issue is specifically about safe concurrent Computer Use by multiple Codex agents.
Requested behavior
Please add a supported concurrency model for Computer Use so multiple Codex agents can operate in parallel on disjoint targets.
Useful product/API shapes could include:
Conflict handling
If two agents target different apps/windows, they should be able to proceed concurrently or with minimal scheduling.
If two agents target the same app/window, Codex should surface the conflict explicitly, for example:
The important part is that focus stealing, mouse collisions, hidden keystrokes, or silent shared-state races should not happen.
Security requirements
Parallel Computer Use needs stronger safety semantics than single-agent use:
Acceptance criteria