core tests: build user turns from permission profiles (#20011)

## Summary - Add `turn_permission_fields()` so tests that construct `Op::UserTurn` directly can provide a canonical `PermissionProfile` while still filling the required legacy `sandbox_policy` compatibility field. - Migrate direct user-turn construction in core integration tests from `SandboxPolicy::DangerFullAccess` to `PermissionProfile::Disabled`. - Continue reducing direct `SandboxPolicy` usage in `codex-rs/core/tests`, from 41 files after #20010 to 32 files in this PR. ## Testing - `cargo check -p codex-core --tests` - `just fmt` - `just fix -p core_test_support` - `just fix -p codex-core`
2026-05-02 18:37:01 +00:00 · 2026-04-28 17:03:20 -07:00
parent 2223b31c06
commit 7d15936e69
10 changed files with 81 additions and 37 deletions
--- a/codex-rs/core/tests/common/test_codex.rs
+++ b/codex-rs/core/tests/common/test_codex.rs
@@ -203,6 +203,18 @@ pub enum ShellModelOutput {
    // UnifiedExec has its own set of tests
 }

+/// Returns the permission fields required by `Op::UserTurn` for tests that
+/// construct the op directly.
+pub fn turn_permission_fields(
+    permission_profile: PermissionProfile,
+    cwd: &Path,
+) -> (SandboxPolicy, Option<PermissionProfile>) {
+    let sandbox_policy = permission_profile
+        .to_legacy_sandbox_policy(cwd)
+        .unwrap_or_else(|_| SandboxPolicy::new_read_only_policy());
+    (sandbox_policy, Some(permission_profile))
+}
+
 pub struct TestCodexBuilder {
    config_mutators: Vec<Box<ConfigMutator>>,
    auth: CodexAuth,
@@ -710,9 +722,8 @@ impl TestCodex {
        service_tier: Option<Option<ServiceTier>>,
        environments: Option<Vec<TurnEnvironmentSelection>>,
    ) -> Result<()> {
-        let sandbox_policy = permission_profile
-            .to_legacy_sandbox_policy(self.config.cwd.as_path())
-            .unwrap_or_else(|_| SandboxPolicy::new_read_only_policy());
+        let (sandbox_policy, permission_profile) =
+            turn_permission_fields(permission_profile, self.config.cwd.as_path());
        let session_model = self.session_configured.model.clone();
        self.codex
            .submit(Op::UserTurn {
@@ -726,7 +737,7 @@ impl TestCodex {
                approval_policy,
                approvals_reviewer: None,
                sandbox_policy,
-                permission_profile: Some(permission_profile),
+                permission_profile,
                model: session_model,
                effort: None,
                summary: None,