Move workspace roots onto thread/session state and stop using active permission profile modifications as an overlay for writable roots. Existing app-server threads now preserve their persisted PermissionProfile value across resume, fork, and turn updates; permissions requests on existing threads only update the active named profile after validating it exists. Workspace roots can be updated independently, and SandboxPolicy::WorkspaceWrite no longer stores its own writable_roots.

codex-rs/cli/src/debug_sandbox.rs

@@ -762,6 +762,16 @@ mod tests {
         Ok(())
     }
 
+    fn workspace_write_policy_for_codex_home(
+        codex_home: &TempDir,
+    ) -> codex_protocol::permissions::FileSystemSandboxPolicy {
+        let memories_root = AbsolutePathBuf::try_from(codex_home.path().join("memories"))
+            .expect("codex home tempdir should be absolute");
+        codex_protocol::models::PermissionProfile::workspace_write()
+            .file_system_sandbox_policy()
+            .with_additional_legacy_workspace_writable_roots(std::slice::from_ref(&memories_root))
+    }
+
     #[tokio::test]
     async fn debug_sandbox_honors_active_permission_profiles() -> anyhow::Result<()> {
         let codex_home = TempDir::new()?;
@@ -940,8 +950,7 @@ mod tests {
 
         assert_eq!(
             config.permissions.file_system_sandbox_policy(),
-            codex_protocol::models::PermissionProfile::workspace_write()
-                .file_system_sandbox_policy()
+            workspace_write_policy_for_codex_home(&codex_home)
         );
 
         Ok(())
@@ -973,8 +982,7 @@ mod tests {
 
         assert_eq!(
             config.permissions.file_system_sandbox_policy(),
-            codex_protocol::models::PermissionProfile::workspace_write()
-                .file_system_sandbox_policy()
+            workspace_write_policy_for_codex_home(&codex_home)
         );
 
         Ok(())