[codex] Clean guardian instructions (#18934)

## Summary
- Keep the guardian policy installed as guardian base instructions.
- Clear inherited parent `developer_instructions` for guardian review
sessions.
- Update guardian config tests to assert developer instructions are
cleared and policy text is sourced from base instructions.

## Why
Guardian review sessions are intended to run under an isolated guardian
policy. Because the guardian config is cloned from the parent config,
inherited custom or managed developer instructions could otherwise
remain active and conflict with guardian review behavior.

## Validation
- `just fmt`
- `cargo test -p codex-core guardian_review_session_config`

Co-authored-by: Codex <noreply@openai.com>

codex-rs/core/src/guardian/review_session.rs

@@ -719,13 +719,14 @@ pub(crate) fn build_guardian_review_session_config(
     guardian_config.model = Some(active_model.to_string());
     guardian_config.model_reasoning_effort = reasoning_effort;
     guardian_config.include_skill_instructions = false;
-    guardian_config.developer_instructions = Some(
+    guardian_config.base_instructions = Some(
         parent_config
             .guardian_policy_config
             .as_deref()
             .map(guardian_policy_prompt_with_config)
             .unwrap_or_else(guardian_policy_prompt),
     );
+    guardian_config.developer_instructions = None;
     guardian_config.permissions.approval_policy = Constrained::allow_only(AskForApproval::Never);
     guardian_config.permissions.sandbox_policy =
         Constrained::allow_only(SandboxPolicy::new_read_only_policy());

codex-rs/core/src/guardian/tests.rs

@@ -1727,7 +1727,7 @@ async fn guardian_review_session_config_preserves_parent_network_proxy() {
 }
 
 #[tokio::test]
-async fn guardian_review_session_config_overrides_parent_developer_instructions() {
+async fn guardian_review_session_config_clears_parent_developer_instructions() {
     let mut parent_config = test_config().await;
     parent_config.developer_instructions =
         Some("parent or managed config should not replace guardian policy".to_string());
@@ -1740,8 +1740,9 @@ async fn guardian_review_session_config_overrides_parent_developer_instructions(
     )
     .expect("guardian config");
 
+    assert_eq!(guardian_config.developer_instructions, None);
     assert_eq!(
-        guardian_config.developer_instructions,
+        guardian_config.base_instructions,
         Some(guardian_policy_prompt())
     );
 }
@@ -1902,8 +1903,9 @@ async fn guardian_review_session_config_uses_requirements_guardian_policy_config
     )
     .expect("guardian config");
 
+    assert_eq!(guardian_config.developer_instructions, None);
     assert_eq!(
-        guardian_config.developer_instructions,
+        guardian_config.base_instructions,
         Some(guardian_policy_prompt_with_config(
             "Use the workspace-managed guardian policy."
         ))
@@ -1939,8 +1941,9 @@ async fn guardian_review_session_config_uses_default_guardian_policy_without_req
     )
     .expect("guardian config");
 
+    assert_eq!(guardian_config.developer_instructions, None);
     assert_eq!(
-        guardian_config.developer_instructions,
+        guardian_config.base_instructions,
         Some(guardian_policy_prompt())
     );
 }