mcp: send sandbox metadata as permission profile only

codex-rs/core/src/mcp_tool_call.rs

@@ -578,7 +578,6 @@ async fn augment_mcp_tool_request_meta_with_sandbox_state(
 
     let sandbox_state = serde_json::to_value(SandboxState {
         permission_profile: Some(turn_context.permission_profile()),
-        sandbox_policy: turn_context.sandbox_policy(),
         codex_linux_sandbox_exe: turn_context.codex_linux_sandbox_exe.clone(),
         sandbox_cwd: turn_context.cwd.to_path_buf(),
         use_legacy_landlock: turn_context.features.use_legacy_landlock(),

codex-rs/core/tests/suite/rmcp_client.rs

@@ -821,13 +821,11 @@ async fn stdio_mcp_tool_call_includes_sandbox_state_meta() -> anyhow::Result<()>
     let sandbox_meta = meta
         .get(MCP_SANDBOX_STATE_META_CAPABILITY)
         .expect("sandbox state metadata should be present");
-    let (sandbox_policy, _) =
-        turn_permission_fields(PermissionProfile::read_only(), fixture.config.cwd.as_path());
-    let expected_sandbox_policy = serde_json::to_value(&sandbox_policy)?;
     assert_eq!(
-        sandbox_meta.get("sandboxPolicy"),
-        Some(&expected_sandbox_policy)
+        sandbox_meta.get("permissionProfile"),
+        Some(&serde_json::to_value(PermissionProfile::read_only())?)
     );
+    assert_eq!(sandbox_meta.get("sandboxPolicy"), None);
     assert_eq!(
         sandbox_meta.get("sandboxCwd").and_then(Value::as_str),
         fixture.config.cwd.as_path().to_str()