feat: introduce ExternalSandbox policy (#8290)

## Description

Introduced `ExternalSandbox` policy to cover use case when sandbox
defined by outside environment, effectively it translates to
`SandboxMode#DangerFullAccess` for file system (since sandbox configured
on container level) and configurable `network_access` (either Restricted
or Enabled by outside environment).

as example you can configure `ExternalSandbox` policy as part of
`sendUserTurn` v1 app_server API:

```
 {
            "conversationId": <id>,
            "cwd": <cwd>,
            "approvalPolicy": "never",
            "sandboxPolicy": {
                  "type": ""external-sandbox",
                  "network_access": "enabled"/"restricted"
            },
            "model": <model>,
            "effort": <effort>,
            ....
        }
```

codex-rs/common/Cargo.toml

@@ -21,3 +21,10 @@ toml = { workspace = true, optional = true }
 cli = ["clap", "serde", "toml"]
 elapsed = []
 sandbox_summary = []
+
+[dev-dependencies]
+clap = { workspace = true, features = ["derive", "wrap_help"] }
+codex-utils-absolute-path = { workspace = true }
+pretty_assertions = { workspace = true }
+serde = { workspace = true }
+toml = { workspace = true }

codex-rs/common/src/sandbox_mode_cli_arg.rs

@@ -26,3 +26,22 @@ impl From<SandboxModeCliArg> for SandboxMode {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn maps_cli_args_to_protocol_modes() {
+        assert_eq!(SandboxMode::ReadOnly, SandboxModeCliArg::ReadOnly.into());
+        assert_eq!(
+            SandboxMode::WorkspaceWrite,
+            SandboxModeCliArg::WorkspaceWrite.into()
+        );
+        assert_eq!(
+            SandboxMode::DangerFullAccess,
+            SandboxModeCliArg::DangerFullAccess.into()
+        );
+    }
+}

codex-rs/common/src/sandbox_summary.rs

@@ -1,9 +1,17 @@
+use codex_core::protocol::NetworkAccess;
 use codex_core::protocol::SandboxPolicy;
 
 pub fn summarize_sandbox_policy(sandbox_policy: &SandboxPolicy) -> String {
     match sandbox_policy {
         SandboxPolicy::DangerFullAccess => "danger-full-access".to_string(),
         SandboxPolicy::ReadOnly => "read-only".to_string(),
+        SandboxPolicy::ExternalSandbox { network_access } => {
+            let mut summary = "external-sandbox".to_string();
+            if matches!(network_access, NetworkAccess::Enabled) {
+                summary.push_str(" (network access enabled)");
+            }
+            summary
+        }
         SandboxPolicy::WorkspaceWrite {
             writable_roots,
             network_access,
@@ -34,3 +42,45 @@ pub fn summarize_sandbox_policy(sandbox_policy: &SandboxPolicy) -> String {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use codex_utils_absolute_path::AbsolutePathBuf;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn summarizes_external_sandbox_without_network_access_suffix() {
+        let summary = summarize_sandbox_policy(&SandboxPolicy::ExternalSandbox {
+            network_access: NetworkAccess::Restricted,
+        });
+        assert_eq!(summary, "external-sandbox");
+    }
+
+    #[test]
+    fn summarizes_external_sandbox_with_enabled_network() {
+        let summary = summarize_sandbox_policy(&SandboxPolicy::ExternalSandbox {
+            network_access: NetworkAccess::Enabled,
+        });
+        assert_eq!(summary, "external-sandbox (network access enabled)");
+    }
+
+    #[test]
+    fn workspace_write_summary_still_includes_network_access() {
+        let root = if cfg!(windows) { "C:\\repo" } else { "/repo" };
+        let writable_root = AbsolutePathBuf::try_from(root).unwrap();
+        let summary = summarize_sandbox_policy(&SandboxPolicy::WorkspaceWrite {
+            writable_roots: vec![writable_root.clone()],
+            network_access: true,
+            exclude_tmpdir_env_var: true,
+            exclude_slash_tmp: true,
+        });
+        assert_eq!(
+            summary,
+            format!(
+                "workspace-write [workdir, {}] (network access enabled)",
+                writable_root.to_string_lossy()
+            )
+        );
+    }
+}