core: build permission instructions from profiles only

utils: summarize permission profiles directly
tests: copy plugin stdio server before launch
2026-05-05 03:47:01 +00:00 · 2026-04-30 02:36:30 -07:00 · 2026-04-30 02:36:30 -07:00 · 2026-04-30 02:36:21 -07:00
8 changed files with 182 additions and 133 deletions
--- a/codex-rs/core/src/context/permissions_instructions.rs
+++ b/codex-rs/core/src/context/permissions_instructions.rs
@@ -8,7 +8,6 @@ use codex_protocol::permissions::NetworkSandboxPolicy;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::GranularApprovalConfig;
 use codex_protocol::protocol::NetworkAccess;
-use codex_protocol::protocol::SandboxPolicy;
 use codex_protocol::protocol::WritableRoot;
 use codex_utils_template::Template;
 use std::path::Path;
@@ -85,27 +84,6 @@ impl PermissionsInstructions {
        )
    }

-    /// Builds permissions instructions from a legacy sandbox policy.
-    pub fn from_policy(
-        sandbox_policy: &SandboxPolicy,
-        approval_policy: AskForApproval,
-        approvals_reviewer: ApprovalsReviewer,
-        exec_policy: &Policy,
-        cwd: &Path,
-        exec_permission_approvals_enabled: bool,
-        request_permissions_tool_enabled: bool,
-    ) -> Self {
-        Self::from_permission_profile(
-            &PermissionProfile::from_legacy_sandbox_policy(sandbox_policy),
-            approval_policy,
-            approvals_reviewer,
-            exec_policy,
-            cwd,
-            exec_permission_approvals_enabled,
-            request_permissions_tool_enabled,
-        )
-    }
-
    fn from_permissions_with_network(
        sandbox_mode: SandboxMode,
        network_access: NetworkAccess,
--- a/codex-rs/core/src/context/permissions_instructions_tests.rs
+++ b/codex-rs/core/src/context/permissions_instructions_tests.rs
@@ -53,29 +53,6 @@ fn builds_permissions_with_network_access_override() {
    );
 }

-#[test]
-fn builds_permissions_from_policy() {
-    let policy = SandboxPolicy::WorkspaceWrite {
-        writable_roots: vec![],
-        network_access: true,
-        exclude_tmpdir_env_var: false,
-        exclude_slash_tmp: false,
-    };
-
-    let instructions = PermissionsInstructions::from_policy(
-        &policy,
-        AskForApproval::UnlessTrusted,
-        ApprovalsReviewer::User,
-        &Policy::empty(),
-        &PathBuf::from("/tmp"),
-        /*exec_permission_approvals_enabled*/ false,
-        /*request_permissions_tool_enabled*/ false,
-    );
-    let text = instructions.body();
-    assert!(text.contains("Network access is enabled."));
-    assert!(text.contains("`approval_policy` is `unless-trusted`"));
-}
-
 #[test]
 fn builds_permissions_from_profile() {
    let cwd = PathBuf::from("/tmp");
--- a/codex-rs/core/tests/suite/permissions_messages.rs
+++ b/codex-rs/core/tests/suite/permissions_messages.rs
@@ -575,9 +575,8 @@ async fn permissions_message_includes_writable_roots() -> Result<()> {
    let permissions = permissions_texts(&req.single_request());
    let normalize_line_endings = |s: &str| s.replace("\r\n", "\n");
    let exec_policy = load_exec_policy(&test.config.config_layer_stack).await?;
-    let sandbox_policy = test.config.legacy_sandbox_policy();
-    let expected = PermissionsInstructions::from_policy(
-        &sandbox_policy,
+    let expected = PermissionsInstructions::from_permission_profile(
+        &test.config.permissions.permission_profile(),
        AskForApproval::OnRequest,
        test.config.approvals_reviewer,
        &exec_policy,
--- a/codex-rs/core/tests/suite/plugins.rs
+++ b/codex-rs/core/tests/suite/plugins.rs
@@ -83,6 +83,27 @@ fn write_plugin_mcp_plugin(home: &TempDir, command: &str) {
    .expect("write plugin mcp config");
 }

+fn copy_stdio_server_for_plugin_test(home: &TempDir) -> Result<Option<String>> {
+    let rmcp_test_server_bin = match stdio_server_bin() {
+        Ok(bin) => bin,
+        Err(err) => {
+            eprintln!("test_stdio_server binary not available, skipping test: {err}");
+            return Ok(None);
+        }
+    };
+    let target = home.path().join("test_stdio_server");
+    std::fs::copy(std::path::Path::new(&rmcp_test_server_bin), &target)?;
+    #[cfg(unix)]
+    {
+        use std::os::unix::fs::PermissionsExt as _;
+
+        let mut permissions = std::fs::metadata(&target)?.permissions();
+        permissions.set_mode(0o755);
+        std::fs::set_permissions(&target, permissions)?;
+    }
+    Ok(Some(target.to_string_lossy().to_string()))
+}
+
 fn write_plugin_app_plugin(home: &TempDir) {
    let plugin_root = write_sample_plugin_manifest_and_config(home);
    std::fs::write(
@@ -293,12 +314,8 @@ async fn explicit_plugin_mentions_inject_plugin_guidance() -> Result<()> {
    .await;

    let codex_home = Arc::new(TempDir::new()?);
-    let rmcp_test_server_bin = match stdio_server_bin() {
-        Ok(bin) => bin,
-        Err(err) => {
-            eprintln!("test_stdio_server binary not available, skipping test: {err}");
-            return Ok(());
-        }
+    let Some(rmcp_test_server_bin) = copy_stdio_server_for_plugin_test(codex_home.as_ref())? else {
+        return Ok(());
    };
    write_plugin_skill_plugin(codex_home.as_ref());
    write_plugin_mcp_plugin(codex_home.as_ref(), &rmcp_test_server_bin);
@@ -453,7 +470,9 @@ async fn plugin_mcp_tools_are_listed() -> Result<()> {
    skip_if_no_network!(Ok(()));
    let server = start_mock_server().await;
    let codex_home = Arc::new(TempDir::new()?);
-    let rmcp_test_server_bin = stdio_server_bin()?;
+    let Some(rmcp_test_server_bin) = copy_stdio_server_for_plugin_test(codex_home.as_ref())? else {
+        return Ok(());
+    };
    write_plugin_mcp_plugin(codex_home.as_ref(), &rmcp_test_server_bin);
    let codex = build_plugin_test_codex(&server, codex_home).await?;
    wait_for_sample_mcp_ready(&codex).await?;
--- a/codex-rs/tui/src/status/tests.rs
+++ b/codex-rs/tui/src/status/tests.rs
@@ -528,6 +528,7 @@ async fn status_snapshot_shows_auto_review_permissions() {
 async fn status_permissions_full_disk_managed_with_network_is_danger_full_access() {
    let temp_home = TempDir::new().expect("temp home");
    let mut config = test_config(&temp_home).await;
+    config.approvals_reviewer = ApprovalsReviewer::User;
    config
        .permissions
        .approval_policy
@@ -548,9 +549,10 @@ async fn status_permissions_full_disk_managed_with_network_is_danger_full_access
 }

 #[tokio::test]
-async fn status_permissions_full_disk_managed_without_network_is_external_sandbox() {
+async fn status_permissions_full_disk_managed_without_network_is_custom_permissions() {
    let temp_home = TempDir::new().expect("temp home");
    let mut config = test_config(&temp_home).await;
+    config.approvals_reviewer = ApprovalsReviewer::User;
    config
        .permissions
        .approval_policy
@@ -566,7 +568,7 @@ async fn status_permissions_full_disk_managed_without_network_is_external_sandbo

    assert_eq!(
        permissions_text_for(&config).as_deref(),
-        Some("Custom (external-sandbox, on-request)")
+        Some("Custom (custom permissions, on-request)")
    );
 }

--- a/codex-rs/utils/sandbox-summary/src/config_summary.rs
+++ b/codex-rs/utils/sandbox-summary/src/config_summary.rs
@@ -1,7 +1,7 @@
 use codex_core::config::Config;
 use codex_model_provider_info::WireApi;

-use crate::sandbox_summary::summarize_sandbox_policy;
+use crate::sandbox_summary::summarize_permission_profile;

 /// Build a list of key/value pairs summarizing the effective configuration.
 pub fn create_config_summary_entries(config: &Config, model: &str) -> Vec<(&'static str, String)> {
@@ -15,10 +15,9 @@ pub fn create_config_summary_entries(config: &Config, model: &str) -> Vec<(&'sta
        ),
        (
            "sandbox",
-            summarize_sandbox_policy(
-                &config
-                    .permissions
-                    .legacy_sandbox_policy(config.cwd.as_path()),
+            summarize_permission_profile(
+                &config.permissions.permission_profile(),
+                config.cwd.as_path(),
            ),
        ),
    ];
--- a/codex-rs/utils/sandbox-summary/src/lib.rs
+++ b/codex-rs/utils/sandbox-summary/src/lib.rs
@@ -3,4 +3,3 @@ mod sandbox_summary;

 pub use config_summary::create_config_summary_entries;
 pub use sandbox_summary::summarize_permission_profile;
-pub use sandbox_summary::summarize_sandbox_policy;
--- a/codex-rs/utils/sandbox-summary/src/sandbox_summary.rs
+++ b/codex-rs/utils/sandbox-summary/src/sandbox_summary.rs
@@ -1,109 +1,185 @@
 use codex_protocol::models::PermissionProfile;
-use codex_protocol::protocol::NetworkAccess;
-use codex_protocol::protocol::SandboxPolicy;
+use codex_protocol::permissions::FileSystemSandboxPolicy;
+use codex_protocol::permissions::NetworkSandboxPolicy;
 use std::path::Path;

-pub fn summarize_sandbox_policy(sandbox_policy: &SandboxPolicy) -> String {
-    match sandbox_policy {
-        SandboxPolicy::DangerFullAccess => "danger-full-access".to_string(),
-        SandboxPolicy::ReadOnly { network_access, .. } => {
-            let mut summary = "read-only".to_string();
-            if *network_access {
-                summary.push_str(" (network access enabled)");
-            }
-            summary
-        }
-        SandboxPolicy::ExternalSandbox { network_access } => {
-            let mut summary = "external-sandbox".to_string();
-            if matches!(network_access, NetworkAccess::Enabled) {
-                summary.push_str(" (network access enabled)");
-            }
-            summary
-        }
-        SandboxPolicy::WorkspaceWrite {
-            writable_roots,
-            network_access,
-            exclude_tmpdir_env_var,
-            exclude_slash_tmp,
-        } => {
-            let mut summary = "workspace-write".to_string();
-
-            let mut writable_entries = Vec::<String>::new();
-            writable_entries.push("workdir".to_string());
-            if !*exclude_slash_tmp {
-                writable_entries.push("/tmp".to_string());
-            }
-            if !*exclude_tmpdir_env_var {
-                writable_entries.push("$TMPDIR".to_string());
-            }
-            writable_entries.extend(
-                writable_roots
-                    .iter()
-                    .map(|p| p.to_string_lossy().to_string()),
-            );
-
-            summary.push_str(&format!(" [{}]", writable_entries.join(", ")));
-            if *network_access {
-                summary.push_str(" (network access enabled)");
-            }
-            summary
+pub fn summarize_permission_profile(permission_profile: &PermissionProfile, cwd: &Path) -> String {
+    match permission_profile {
+        PermissionProfile::Disabled => "danger-full-access".to_string(),
+        PermissionProfile::External { network } => {
+            summary_with_network("external-sandbox", network.is_enabled())
        }
+        PermissionProfile::Managed {
+            file_system,
+            network,
+        } => summarize_managed_profile(&file_system.to_sandbox_policy(), *network, cwd),
    }
 }

-pub fn summarize_permission_profile(permission_profile: &PermissionProfile, cwd: &Path) -> String {
-    match permission_profile.to_legacy_sandbox_policy(cwd) {
-        Ok(policy) => summarize_sandbox_policy(&policy),
-        Err(_) => {
-            if permission_profile.network_sandbox_policy().is_enabled() {
-                "custom permissions (network access enabled)".to_string()
-            } else {
-                "custom permissions".to_string()
-            }
+fn summarize_managed_profile(
+    file_system: &FileSystemSandboxPolicy,
+    network: NetworkSandboxPolicy,
+    cwd: &Path,
+) -> String {
+    let network_enabled = network.is_enabled();
+    if file_system.has_full_disk_write_access() {
+        if network_enabled {
+            return "danger-full-access".to_string();
        }
+        return custom_summary(network_enabled);
    }
+
+    let writable_roots = file_system.get_writable_roots_with_cwd(cwd);
+    if writable_roots.is_empty() {
+        if file_system.has_full_disk_read_access() {
+            return summary_with_network("read-only", network_enabled);
+        }
+        return custom_summary(network_enabled);
+    }
+    if !file_system.can_write_path_with_cwd(cwd, cwd) {
+        return custom_summary(network_enabled);
+    }
+
+    let writable_entries = writable_roots
+        .iter()
+        .map(|root| writable_root_display(root.root.as_path(), cwd))
+        .collect::<Vec<_>>();
+    summary_with_network(
+        &format!("workspace-write [{}]", writable_entries.join(", ")),
+        network_enabled,
+    )
+}
+
+fn writable_root_display(root: &Path, cwd: &Path) -> String {
+    if root == cwd {
+        return "workdir".to_string();
+    }
+    if cfg!(unix) && root == Path::new("/tmp") {
+        return "/tmp".to_string();
+    }
+    if root == std::env::temp_dir() {
+        return "$TMPDIR".to_string();
+    }
+    root.display().to_string()
+}
+
+fn summary_with_network(base: &str, network_enabled: bool) -> String {
+    if network_enabled {
+        format!("{base} (network access enabled)")
+    } else {
+        base.to_string()
+    }
+}
+
+fn custom_summary(network_enabled: bool) -> String {
+    summary_with_network("custom permissions", network_enabled)
 }

 #[cfg(test)]
 mod tests {
    use super::*;
+    use codex_protocol::permissions::FileSystemAccessMode;
+    use codex_protocol::permissions::FileSystemPath;
+    use codex_protocol::permissions::FileSystemSandboxEntry;
+    use codex_protocol::permissions::FileSystemSpecialPath;
    use codex_utils_absolute_path::AbsolutePathBuf;
    use pretty_assertions::assert_eq;

    #[test]
    fn summarizes_external_sandbox_without_network_access_suffix() {
-        let summary = summarize_sandbox_policy(&SandboxPolicy::ExternalSandbox {
-            network_access: NetworkAccess::Restricted,
-        });
+        let summary = summarize_permission_profile(
+            &PermissionProfile::External {
+                network: NetworkSandboxPolicy::Restricted,
+            },
+            Path::new("/repo"),
+        );
        assert_eq!(summary, "external-sandbox");
    }

    #[test]
    fn summarizes_external_sandbox_with_enabled_network() {
-        let summary = summarize_sandbox_policy(&SandboxPolicy::ExternalSandbox {
-            network_access: NetworkAccess::Enabled,
-        });
+        let summary = summarize_permission_profile(
+            &PermissionProfile::External {
+                network: NetworkSandboxPolicy::Enabled,
+            },
+            Path::new("/repo"),
+        );
        assert_eq!(summary, "external-sandbox (network access enabled)");
    }

    #[test]
    fn summarizes_read_only_with_enabled_network() {
-        let summary = summarize_sandbox_policy(&SandboxPolicy::ReadOnly {
-            network_access: true,
-        });
+        let file_system = FileSystemSandboxPolicy::restricted(vec![FileSystemSandboxEntry {
+            path: FileSystemPath::Special {
+                value: FileSystemSpecialPath::Root,
+            },
+            access: FileSystemAccessMode::Read,
+        }]);
+        let profile = PermissionProfile::from_runtime_permissions(
+            &file_system,
+            NetworkSandboxPolicy::Enabled,
+        );
+        let summary = summarize_permission_profile(&profile, Path::new("/repo"));
        assert_eq!(summary, "read-only (network access enabled)");
    }

+    #[test]
+    fn unrestricted_filesystem_without_network_is_custom_permissions() {
+        let profile = PermissionProfile::from_runtime_permissions(
+            &FileSystemSandboxPolicy::unrestricted(),
+            NetworkSandboxPolicy::Restricted,
+        );
+        let summary = summarize_permission_profile(&profile, Path::new("/repo"));
+        assert_eq!(summary, "custom permissions");
+    }
+
+    #[test]
+    fn explicit_writable_root_outside_cwd_is_custom_permissions() {
+        let writable_root = AbsolutePathBuf::try_from(if cfg!(windows) {
+            "C:\\outside"
+        } else {
+            "/outside"
+        })
+        .unwrap();
+        let file_system = FileSystemSandboxPolicy::restricted(vec![
+            FileSystemSandboxEntry {
+                path: FileSystemPath::Special {
+                    value: FileSystemSpecialPath::Root,
+                },
+                access: FileSystemAccessMode::Read,
+            },
+            FileSystemSandboxEntry {
+                path: FileSystemPath::Path {
+                    path: writable_root,
+                },
+                access: FileSystemAccessMode::Write,
+            },
+        ]);
+        let profile = PermissionProfile::from_runtime_permissions(
+            &file_system,
+            NetworkSandboxPolicy::Restricted,
+        );
+        let cwd = if cfg!(windows) { "C:\\repo" } else { "/repo" };
+        let summary = summarize_permission_profile(&profile, Path::new(cwd));
+        assert_eq!(summary, "custom permissions");
+    }
+
    #[test]
    fn workspace_write_summary_still_includes_network_access() {
        let root = if cfg!(windows) { "C:\\repo" } else { "/repo" };
        let writable_root = AbsolutePathBuf::try_from(root).unwrap();
-        let summary = summarize_sandbox_policy(&SandboxPolicy::WorkspaceWrite {
-            writable_roots: vec![writable_root.clone()],
-            network_access: true,
-            exclude_tmpdir_env_var: true,
-            exclude_slash_tmp: true,
-        });
+        let cwd = if cfg!(windows) {
+            "C:\\workdir"
+        } else {
+            "/workdir"
+        };
+        let profile = PermissionProfile::workspace_write_with(
+            std::slice::from_ref(&writable_root),
+            NetworkSandboxPolicy::Enabled,
+            /*exclude_tmpdir_env_var*/ true,
+            /*exclude_slash_tmp*/ true,
+        );
+        let summary = summarize_permission_profile(&profile, Path::new(cwd));
        assert_eq!(
            summary,
            format!(
Author	SHA1	Message	Date
Michael Bolin	ada7881352	core: build permission instructions from profiles only	2026-04-30 02:36:30 -07:00
Michael Bolin	c4c371f257	utils: summarize permission profiles directly	2026-04-30 02:36:30 -07:00
Michael Bolin	97aaf4cea4	tests: copy plugin stdio server before launch	2026-04-30 02:36:21 -07:00