tests: use permission profile fixtures in config checks

core: build permission instructions from profiles only
utils: summarize permission profiles directly
2026-05-06 04:17:03 +00:00 · 2026-04-30 02:36:30 -07:00 · 2026-04-30 02:36:30 -07:00 · 2026-04-30 02:36:30 -07:00
9 changed files with 193 additions and 189 deletions
--- a/codex-rs/config/src/config_requirements.rs
+++ b/codex-rs/config/src/config_requirements.rs
@@ -1198,8 +1198,7 @@ mod tests {
    use codex_execpolicy::Decision;
    use codex_execpolicy::Evaluation;
    use codex_execpolicy::RuleMatch;
-    use codex_protocol::protocol::NetworkAccess;
-    use codex_protocol::protocol::SandboxPolicy;
+    use codex_protocol::permissions::NetworkSandboxPolicy;
    use codex_utils_absolute_path::AbsolutePathBuf;
    use codex_utils_absolute_path::AbsolutePathBufGuard;
    use pretty_assertions::assert_eq;
@@ -1215,10 +1214,6 @@ mod tests {
        )?)
    }

-    fn profile_from_sandbox_policy(sandbox_policy: &SandboxPolicy) -> PermissionProfile {
-        PermissionProfile::from_legacy_sandbox_policy(sandbox_policy)
-    }
-
    fn with_unknown_source(toml: ConfigRequirementsToml) -> ConfigRequirementsWithSources {
        let ConfigRequirementsToml {
            allowed_approval_policies,
@@ -1767,9 +1762,7 @@ allowed_approvals_reviewers = ["user"]
        assert_eq!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::DangerFullAccess,
-                )),
+                .can_set(&PermissionProfile::Disabled),
            Err(ConstraintError::InvalidValue {
                field_name: "sandbox_mode",
                candidate: "DangerFullAccess".into(),
@@ -1914,9 +1907,7 @@ allowed_approvals_reviewers = ["user"]
        assert!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::new_read_only_policy()
-                ))
+                .can_set(&PermissionProfile::read_only())
                .is_ok()
        );

@@ -1999,29 +1990,25 @@ allowed_approvals_reviewers = ["user"]
        assert!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::new_read_only_policy()
-                ))
+                .can_set(&PermissionProfile::read_only())
                .is_ok()
        );
-        let workspace_write_policy = SandboxPolicy::WorkspaceWrite {
-            writable_roots: vec![AbsolutePathBuf::from_absolute_path(root)?],
-            network_access: false,
-            exclude_tmpdir_env_var: false,
-            exclude_slash_tmp: false,
-        };
+        let workspace_write_profile = PermissionProfile::workspace_write_with(
+            &[AbsolutePathBuf::from_absolute_path(root)?],
+            NetworkSandboxPolicy::Restricted,
+            /*exclude_tmpdir_env_var*/ false,
+            /*exclude_slash_tmp*/ false,
+        );
        assert!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(&workspace_write_policy))
+                .can_set(&workspace_write_profile)
                .is_ok()
        );
        assert_eq!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::DangerFullAccess,
-                )),
+                .can_set(&PermissionProfile::Disabled),
            Err(ConstraintError::InvalidValue {
                field_name: "sandbox_mode",
                candidate: "DangerFullAccess".into(),
@@ -2032,11 +2019,9 @@ allowed_approvals_reviewers = ["user"]
        assert_eq!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::ExternalSandbox {
-                        network_access: NetworkAccess::Restricted,
-                    }
-                )),
+                .can_set(&PermissionProfile::External {
+                    network: NetworkSandboxPolicy::Restricted,
+                }),
            Err(ConstraintError::InvalidValue {
                field_name: "sandbox_mode",
                candidate: "ExternalSandbox".into(),
@@ -2117,24 +2102,22 @@ allowed_approvals_reviewers = ["user"]

        let requirements = ConfigRequirements::try_from(requirements_with_sources)?;
        let root = if cfg!(windows) { "C:\\repo" } else { "/repo" };
-        let workspace_write_policy = SandboxPolicy::WorkspaceWrite {
-            writable_roots: vec![AbsolutePathBuf::from_absolute_path(root)?],
-            network_access: false,
-            exclude_tmpdir_env_var: false,
-            exclude_slash_tmp: false,
-        };
+        let workspace_write_profile = PermissionProfile::workspace_write_with(
+            &[AbsolutePathBuf::from_absolute_path(root)?],
+            NetworkSandboxPolicy::Restricted,
+            /*exclude_tmpdir_env_var*/ false,
+            /*exclude_slash_tmp*/ false,
+        );
        assert!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(&workspace_write_policy))
+                .can_set(&workspace_write_profile)
                .is_ok()
        );
        assert_eq!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::DangerFullAccess,
-                )),
+                .can_set(&PermissionProfile::Disabled),
            Err(ConstraintError::InvalidValue {
                field_name: "sandbox_mode",
                candidate: "DangerFullAccess".into(),
@@ -2165,9 +2148,7 @@ allowed_approvals_reviewers = ["user"]
        assert_eq!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::DangerFullAccess,
-                )),
+                .can_set(&PermissionProfile::Disabled),
            Err(ConstraintError::InvalidValue {
                field_name: "sandbox_mode",
                candidate: "DangerFullAccess".into(),
@@ -2206,9 +2187,7 @@ allowed_approvals_reviewers = ["user"]
        assert_eq!(
            requirements
                .permission_profile
-                .can_set(&profile_from_sandbox_policy(
-                    &SandboxPolicy::new_workspace_write_policy(),
-                )),
+                .can_set(&PermissionProfile::workspace_write()),
            Err(ConstraintError::InvalidValue {
                field_name: "sandbox_mode",
                candidate: "WorkspaceWrite".into(),
--- a/codex-rs/core/src/config/network_proxy_spec_tests.rs
+++ b/codex-rs/core/src/config/network_proxy_spec_tests.rs
@@ -5,13 +5,8 @@ use codex_network_proxy::NetworkDomainPermission;
 use codex_protocol::models::ManagedFileSystemPermissions;
 use codex_protocol::models::PermissionProfile;
 use codex_protocol::permissions::NetworkSandboxPolicy;
-use codex_protocol::protocol::SandboxPolicy;
 use pretty_assertions::assert_eq;

-fn permission_profile_for_sandbox_policy(sandbox_policy: &SandboxPolicy) -> PermissionProfile {
-    PermissionProfile::from_legacy_sandbox_policy(sandbox_policy)
-}
-
 fn domain_permissions(
    entries: impl IntoIterator<Item = (&'static str, NetworkDomainPermissionToml)>,
 ) -> NetworkDomainPermissionsToml {
@@ -62,7 +57,7 @@ fn requirements_allowed_domains_are_a_baseline_for_user_allowlist() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_read_only_policy()),
+        &PermissionProfile::read_only(),
    )
    .expect("config should stay within the managed allowlist");

@@ -97,7 +92,7 @@ fn requirements_allowed_domains_do_not_override_user_denies_for_same_pattern() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_workspace_write_policy()),
+        &PermissionProfile::workspace_write(),
    )
    .expect("managed allowlist should not erase a user deny");

@@ -129,7 +124,7 @@ fn requirements_allowlist_expansion_keeps_user_entries_mutable() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_workspace_write_policy()),
+        &PermissionProfile::workspace_write(),
    )
    .expect("managed baseline should still allow user edits");

@@ -207,7 +202,7 @@ fn danger_full_access_keeps_managed_allowlist_and_denylist_fixed() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::DangerFullAccess),
+        &PermissionProfile::Disabled,
    )
    .expect("yolo mode should pin the effective policy to the managed baseline");

@@ -241,7 +236,7 @@ fn managed_allowed_domains_only_disables_default_mode_allowlist_expansion() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_workspace_write_policy()),
+        &PermissionProfile::workspace_write(),
    )
    .expect("managed baseline should still load");

@@ -270,7 +265,7 @@ fn managed_allowed_domains_only_ignores_user_allowlist_and_hard_denies_misses()
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_workspace_write_policy()),
+        &PermissionProfile::workspace_write(),
    )
    .expect("managed-only allowlist should still load");

@@ -300,7 +295,7 @@ fn managed_allowed_domains_only_without_managed_allowlist_blocks_all_user_domain
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_workspace_write_policy()),
+        &PermissionProfile::workspace_write(),
    )
    .expect("managed-only mode should treat missing managed allowlist as empty");

@@ -324,7 +319,7 @@ fn managed_allowed_domains_only_blocks_all_user_domains_in_full_access_without_m
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::DangerFullAccess),
+        &PermissionProfile::Disabled,
    )
    .expect("managed-only mode should treat missing managed allowlist as empty");

@@ -351,7 +346,7 @@ fn deny_only_requirements_do_not_create_allow_constraints_in_full_access() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::DangerFullAccess),
+        &PermissionProfile::Disabled,
    )
    .expect("deny-only requirements should not constrain the allowlist");

@@ -384,7 +379,7 @@ fn allow_only_requirements_do_not_create_deny_constraints_in_full_access() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::DangerFullAccess),
+        &PermissionProfile::Disabled,
    )
    .expect("allow-only requirements should not constrain the denylist");

@@ -417,7 +412,7 @@ fn requirements_denied_domains_are_a_baseline_for_default_mode() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_workspace_write_policy()),
+        &PermissionProfile::workspace_write(),
    )
    .expect("default mode should merge managed and user deny entries");

@@ -452,7 +447,7 @@ fn requirements_denylist_expansion_keeps_user_entries_mutable() {
    let spec = NetworkProxySpec::from_config_and_constraints(
        config,
        Some(requirements),
-        &permission_profile_for_sandbox_policy(&SandboxPolicy::new_workspace_write_policy()),
+        &PermissionProfile::workspace_write(),
    )
    .expect("managed baseline should still allow user edits");

--- a/codex-rs/core/src/context/permissions_instructions.rs
+++ b/codex-rs/core/src/context/permissions_instructions.rs
@@ -8,7 +8,6 @@ use codex_protocol::permissions::NetworkSandboxPolicy;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::GranularApprovalConfig;
 use codex_protocol::protocol::NetworkAccess;
-use codex_protocol::protocol::SandboxPolicy;
 use codex_protocol::protocol::WritableRoot;
 use codex_utils_template::Template;
 use std::path::Path;
@@ -85,27 +84,6 @@ impl PermissionsInstructions {
        )
    }

-    /// Builds permissions instructions from a legacy sandbox policy.
-    pub fn from_policy(
-        sandbox_policy: &SandboxPolicy,
-        approval_policy: AskForApproval,
-        approvals_reviewer: ApprovalsReviewer,
-        exec_policy: &Policy,
-        cwd: &Path,
-        exec_permission_approvals_enabled: bool,
-        request_permissions_tool_enabled: bool,
-    ) -> Self {
-        Self::from_permission_profile(
-            &PermissionProfile::from_legacy_sandbox_policy(sandbox_policy),
-            approval_policy,
-            approvals_reviewer,
-            exec_policy,
-            cwd,
-            exec_permission_approvals_enabled,
-            request_permissions_tool_enabled,
-        )
-    }
-
    fn from_permissions_with_network(
        sandbox_mode: SandboxMode,
        network_access: NetworkAccess,
--- a/codex-rs/core/src/context/permissions_instructions_tests.rs
+++ b/codex-rs/core/src/context/permissions_instructions_tests.rs
@@ -53,29 +53,6 @@ fn builds_permissions_with_network_access_override() {
    );
 }

-#[test]
-fn builds_permissions_from_policy() {
-    let policy = SandboxPolicy::WorkspaceWrite {
-        writable_roots: vec![],
-        network_access: true,
-        exclude_tmpdir_env_var: false,
-        exclude_slash_tmp: false,
-    };
-
-    let instructions = PermissionsInstructions::from_policy(
-        &policy,
-        AskForApproval::UnlessTrusted,
-        ApprovalsReviewer::User,
-        &Policy::empty(),
-        &PathBuf::from("/tmp"),
-        /*exec_permission_approvals_enabled*/ false,
-        /*request_permissions_tool_enabled*/ false,
-    );
-    let text = instructions.body();
-    assert!(text.contains("Network access is enabled."));
-    assert!(text.contains("`approval_policy` is `unless-trusted`"));
-}
-
 #[test]
 fn builds_permissions_from_profile() {
    let cwd = PathBuf::from("/tmp");
--- a/codex-rs/core/tests/suite/permissions_messages.rs
+++ b/codex-rs/core/tests/suite/permissions_messages.rs
@@ -575,9 +575,8 @@ async fn permissions_message_includes_writable_roots() -> Result<()> {
    let permissions = permissions_texts(&req.single_request());
    let normalize_line_endings = |s: &str| s.replace("\r\n", "\n");
    let exec_policy = load_exec_policy(&test.config.config_layer_stack).await?;
-    let sandbox_policy = test.config.legacy_sandbox_policy();
-    let expected = PermissionsInstructions::from_policy(
-        &sandbox_policy,
+    let expected = PermissionsInstructions::from_permission_profile(
+        &test.config.permissions.permission_profile(),
        AskForApproval::OnRequest,
        test.config.approvals_reviewer,
        &exec_policy,
--- a/codex-rs/tui/src/status/tests.rs
+++ b/codex-rs/tui/src/status/tests.rs
@@ -528,6 +528,7 @@ async fn status_snapshot_shows_auto_review_permissions() {
 async fn status_permissions_full_disk_managed_with_network_is_danger_full_access() {
    let temp_home = TempDir::new().expect("temp home");
    let mut config = test_config(&temp_home).await;
+    config.approvals_reviewer = ApprovalsReviewer::User;
    config
        .permissions
        .approval_policy
@@ -548,9 +549,10 @@ async fn status_permissions_full_disk_managed_with_network_is_danger_full_access
 }

 #[tokio::test]
-async fn status_permissions_full_disk_managed_without_network_is_external_sandbox() {
+async fn status_permissions_full_disk_managed_without_network_is_custom_permissions() {
    let temp_home = TempDir::new().expect("temp home");
    let mut config = test_config(&temp_home).await;
+    config.approvals_reviewer = ApprovalsReviewer::User;
    config
        .permissions
        .approval_policy
@@ -566,7 +568,7 @@ async fn status_permissions_full_disk_managed_without_network_is_external_sandbo

    assert_eq!(
        permissions_text_for(&config).as_deref(),
-        Some("Custom (external-sandbox, on-request)")
+        Some("Custom (custom permissions, on-request)")
    );
 }

--- a/codex-rs/utils/sandbox-summary/src/config_summary.rs
+++ b/codex-rs/utils/sandbox-summary/src/config_summary.rs
@@ -1,7 +1,7 @@
 use codex_core::config::Config;
 use codex_model_provider_info::WireApi;

-use crate::sandbox_summary::summarize_sandbox_policy;
+use crate::sandbox_summary::summarize_permission_profile;

 /// Build a list of key/value pairs summarizing the effective configuration.
 pub fn create_config_summary_entries(config: &Config, model: &str) -> Vec<(&'static str, String)> {
@@ -15,10 +15,9 @@ pub fn create_config_summary_entries(config: &Config, model: &str) -> Vec<(&'sta
        ),
        (
            "sandbox",
-            summarize_sandbox_policy(
-                &config
-                    .permissions
-                    .legacy_sandbox_policy(config.cwd.as_path()),
+            summarize_permission_profile(
+                &config.permissions.permission_profile(),
+                config.cwd.as_path(),
            ),
        ),
    ];
--- a/codex-rs/utils/sandbox-summary/src/lib.rs
+++ b/codex-rs/utils/sandbox-summary/src/lib.rs
@@ -3,4 +3,3 @@ mod sandbox_summary;

 pub use config_summary::create_config_summary_entries;
 pub use sandbox_summary::summarize_permission_profile;
-pub use sandbox_summary::summarize_sandbox_policy;
--- a/codex-rs/utils/sandbox-summary/src/sandbox_summary.rs
+++ b/codex-rs/utils/sandbox-summary/src/sandbox_summary.rs
@@ -1,109 +1,185 @@
 use codex_protocol::models::PermissionProfile;
-use codex_protocol::protocol::NetworkAccess;
-use codex_protocol::protocol::SandboxPolicy;
+use codex_protocol::permissions::FileSystemSandboxPolicy;
+use codex_protocol::permissions::NetworkSandboxPolicy;
 use std::path::Path;

-pub fn summarize_sandbox_policy(sandbox_policy: &SandboxPolicy) -> String {
-    match sandbox_policy {
-        SandboxPolicy::DangerFullAccess => "danger-full-access".to_string(),
-        SandboxPolicy::ReadOnly { network_access, .. } => {
-            let mut summary = "read-only".to_string();
-            if *network_access {
-                summary.push_str(" (network access enabled)");
-            }
-            summary
-        }
-        SandboxPolicy::ExternalSandbox { network_access } => {
-            let mut summary = "external-sandbox".to_string();
-            if matches!(network_access, NetworkAccess::Enabled) {
-                summary.push_str(" (network access enabled)");
-            }
-            summary
-        }
-        SandboxPolicy::WorkspaceWrite {
-            writable_roots,
-            network_access,
-            exclude_tmpdir_env_var,
-            exclude_slash_tmp,
-        } => {
-            let mut summary = "workspace-write".to_string();
-
-            let mut writable_entries = Vec::<String>::new();
-            writable_entries.push("workdir".to_string());
-            if !*exclude_slash_tmp {
-                writable_entries.push("/tmp".to_string());
-            }
-            if !*exclude_tmpdir_env_var {
-                writable_entries.push("$TMPDIR".to_string());
-            }
-            writable_entries.extend(
-                writable_roots
-                    .iter()
-                    .map(|p| p.to_string_lossy().to_string()),
-            );
-
-            summary.push_str(&format!(" [{}]", writable_entries.join(", ")));
-            if *network_access {
-                summary.push_str(" (network access enabled)");
-            }
-            summary
+pub fn summarize_permission_profile(permission_profile: &PermissionProfile, cwd: &Path) -> String {
+    match permission_profile {
+        PermissionProfile::Disabled => "danger-full-access".to_string(),
+        PermissionProfile::External { network } => {
+            summary_with_network("external-sandbox", network.is_enabled())
        }
+        PermissionProfile::Managed {
+            file_system,
+            network,
+        } => summarize_managed_profile(&file_system.to_sandbox_policy(), *network, cwd),
    }
 }

-pub fn summarize_permission_profile(permission_profile: &PermissionProfile, cwd: &Path) -> String {
-    match permission_profile.to_legacy_sandbox_policy(cwd) {
-        Ok(policy) => summarize_sandbox_policy(&policy),
-        Err(_) => {
-            if permission_profile.network_sandbox_policy().is_enabled() {
-                "custom permissions (network access enabled)".to_string()
-            } else {
-                "custom permissions".to_string()
-            }
+fn summarize_managed_profile(
+    file_system: &FileSystemSandboxPolicy,
+    network: NetworkSandboxPolicy,
+    cwd: &Path,
+) -> String {
+    let network_enabled = network.is_enabled();
+    if file_system.has_full_disk_write_access() {
+        if network_enabled {
+            return "danger-full-access".to_string();
        }
+        return custom_summary(network_enabled);
    }
+
+    let writable_roots = file_system.get_writable_roots_with_cwd(cwd);
+    if writable_roots.is_empty() {
+        if file_system.has_full_disk_read_access() {
+            return summary_with_network("read-only", network_enabled);
+        }
+        return custom_summary(network_enabled);
+    }
+    if !file_system.can_write_path_with_cwd(cwd, cwd) {
+        return custom_summary(network_enabled);
+    }
+
+    let writable_entries = writable_roots
+        .iter()
+        .map(|root| writable_root_display(root.root.as_path(), cwd))
+        .collect::<Vec<_>>();
+    summary_with_network(
+        &format!("workspace-write [{}]", writable_entries.join(", ")),
+        network_enabled,
+    )
+}
+
+fn writable_root_display(root: &Path, cwd: &Path) -> String {
+    if root == cwd {
+        return "workdir".to_string();
+    }
+    if cfg!(unix) && root == Path::new("/tmp") {
+        return "/tmp".to_string();
+    }
+    if root == std::env::temp_dir() {
+        return "$TMPDIR".to_string();
+    }
+    root.display().to_string()
+}
+
+fn summary_with_network(base: &str, network_enabled: bool) -> String {
+    if network_enabled {
+        format!("{base} (network access enabled)")
+    } else {
+        base.to_string()
+    }
+}
+
+fn custom_summary(network_enabled: bool) -> String {
+    summary_with_network("custom permissions", network_enabled)
 }

 #[cfg(test)]
 mod tests {
    use super::*;
+    use codex_protocol::permissions::FileSystemAccessMode;
+    use codex_protocol::permissions::FileSystemPath;
+    use codex_protocol::permissions::FileSystemSandboxEntry;
+    use codex_protocol::permissions::FileSystemSpecialPath;
    use codex_utils_absolute_path::AbsolutePathBuf;
    use pretty_assertions::assert_eq;

    #[test]
    fn summarizes_external_sandbox_without_network_access_suffix() {
-        let summary = summarize_sandbox_policy(&SandboxPolicy::ExternalSandbox {
-            network_access: NetworkAccess::Restricted,
-        });
+        let summary = summarize_permission_profile(
+            &PermissionProfile::External {
+                network: NetworkSandboxPolicy::Restricted,
+            },
+            Path::new("/repo"),
+        );
        assert_eq!(summary, "external-sandbox");
    }

    #[test]
    fn summarizes_external_sandbox_with_enabled_network() {
-        let summary = summarize_sandbox_policy(&SandboxPolicy::ExternalSandbox {
-            network_access: NetworkAccess::Enabled,
-        });
+        let summary = summarize_permission_profile(
+            &PermissionProfile::External {
+                network: NetworkSandboxPolicy::Enabled,
+            },
+            Path::new("/repo"),
+        );
        assert_eq!(summary, "external-sandbox (network access enabled)");
    }

    #[test]
    fn summarizes_read_only_with_enabled_network() {
-        let summary = summarize_sandbox_policy(&SandboxPolicy::ReadOnly {
-            network_access: true,
-        });
+        let file_system = FileSystemSandboxPolicy::restricted(vec![FileSystemSandboxEntry {
+            path: FileSystemPath::Special {
+                value: FileSystemSpecialPath::Root,
+            },
+            access: FileSystemAccessMode::Read,
+        }]);
+        let profile = PermissionProfile::from_runtime_permissions(
+            &file_system,
+            NetworkSandboxPolicy::Enabled,
+        );
+        let summary = summarize_permission_profile(&profile, Path::new("/repo"));
        assert_eq!(summary, "read-only (network access enabled)");
    }

+    #[test]
+    fn unrestricted_filesystem_without_network_is_custom_permissions() {
+        let profile = PermissionProfile::from_runtime_permissions(
+            &FileSystemSandboxPolicy::unrestricted(),
+            NetworkSandboxPolicy::Restricted,
+        );
+        let summary = summarize_permission_profile(&profile, Path::new("/repo"));
+        assert_eq!(summary, "custom permissions");
+    }
+
+    #[test]
+    fn explicit_writable_root_outside_cwd_is_custom_permissions() {
+        let writable_root = AbsolutePathBuf::try_from(if cfg!(windows) {
+            "C:\\outside"
+        } else {
+            "/outside"
+        })
+        .unwrap();
+        let file_system = FileSystemSandboxPolicy::restricted(vec![
+            FileSystemSandboxEntry {
+                path: FileSystemPath::Special {
+                    value: FileSystemSpecialPath::Root,
+                },
+                access: FileSystemAccessMode::Read,
+            },
+            FileSystemSandboxEntry {
+                path: FileSystemPath::Path {
+                    path: writable_root,
+                },
+                access: FileSystemAccessMode::Write,
+            },
+        ]);
+        let profile = PermissionProfile::from_runtime_permissions(
+            &file_system,
+            NetworkSandboxPolicy::Restricted,
+        );
+        let cwd = if cfg!(windows) { "C:\\repo" } else { "/repo" };
+        let summary = summarize_permission_profile(&profile, Path::new(cwd));
+        assert_eq!(summary, "custom permissions");
+    }
+
    #[test]
    fn workspace_write_summary_still_includes_network_access() {
        let root = if cfg!(windows) { "C:\\repo" } else { "/repo" };
        let writable_root = AbsolutePathBuf::try_from(root).unwrap();
-        let summary = summarize_sandbox_policy(&SandboxPolicy::WorkspaceWrite {
-            writable_roots: vec![writable_root.clone()],
-            network_access: true,
-            exclude_tmpdir_env_var: true,
-            exclude_slash_tmp: true,
-        });
+        let cwd = if cfg!(windows) {
+            "C:\\workdir"
+        } else {
+            "/workdir"
+        };
+        let profile = PermissionProfile::workspace_write_with(
+            std::slice::from_ref(&writable_root),
+            NetworkSandboxPolicy::Enabled,
+            /*exclude_tmpdir_env_var*/ true,
+            /*exclude_slash_tmp*/ true,
+        );
+        let summary = summarize_permission_profile(&profile, Path::new(cwd));
        assert_eq!(
            summary,
            format!(
Author	SHA1	Message	Date
Michael Bolin	ee05c896f7	tests: use permission profile fixtures in config checks	2026-04-30 02:36:30 -07:00
Michael Bolin	ada7881352	core: build permission instructions from profiles only	2026-04-30 02:36:30 -07:00
Michael Bolin	c4c371f257	utils: summarize permission profiles directly	2026-04-30 02:36:30 -07:00