protocol: make user-turn sandbox policy optional

2026-05-25 13:34:51 +00:00 · 2026-04-30 07:35:34 -07:00
parent 2e8a66d44c
commit 0259075ce6
9 changed files with 44 additions and 56 deletions
--- a/codex-rs/core/src/guardian/review_session.rs
+++ b/codex-rs/core/src/guardian/review_session.rs
@@ -703,17 +703,6 @@ async fn run_review_on_session(
        .unwrap_or_default();

    let permission_profile = PermissionProfile::read_only();
-    let sandbox_policy =
-        match permission_profile.to_legacy_sandbox_policy(params.parent_turn.cwd.as_path()) {
-            Ok(sandbox_policy) => sandbox_policy,
-            Err(err) => {
-                return (
-                    GuardianReviewSessionOutcome::SessionFailed(err.into()),
-                    false,
-                    analytics_result,
-                );
-            }
-        };

    let submit_result = run_before_review_deadline(
        deadline,
@@ -724,7 +713,7 @@ async fn run_review_on_session(
            cwd: params.parent_turn.cwd.to_path_buf(),
            approval_policy: AskForApproval::Never,
            approvals_reviewer: None,
-            sandbox_policy,
+            sandbox_policy: None,
            permission_profile: Some(permission_profile),
            model: params.model.clone(),
            effort: params.reasoning_effort,
--- a/codex-rs/core/src/session/handlers.rs
+++ b/codex-rs/core/src/session/handlers.rs
@@ -156,10 +156,11 @@ pub(super) async fn user_input_or_turn_inner(
                    },
                })
            });
-            let clear_active_permission_profile = permission_profile.is_none();
+            let clear_active_permission_profile =
+                permission_profile.is_none() && sandbox_policy.is_some();
            let permission_profile = permission_profile_with_legacy_fallback(
                sess,
-                Some(&sandbox_policy),
+                sandbox_policy.as_ref(),
                permission_profile,
                Some(cwd.as_path()),
            )
--- a/codex-rs/core/src/session/tests.rs
+++ b/codex-rs/core/src/session/tests.rs
@@ -4257,8 +4257,8 @@ async fn user_turn_updates_approvals_reviewer() {
            cwd: config.cwd.to_path_buf(),
            approval_policy: config.permissions.approval_policy.value(),
            approvals_reviewer: Some(codex_config::types::ApprovalsReviewer::AutoReview),
-            sandbox_policy: config.legacy_sandbox_policy(),
-            permission_profile: None,
+            sandbox_policy: None,
+            permission_profile: Some(config.permissions.permission_profile()),
            model: turn_context.model_info.slug.clone(),
            effort: config.model_reasoning_effort,
            summary: config.model_reasoning_summary,