feat(cli): add explicit sandbox permission profiles

[viyatb-oai]

Why

codex sandbox is useful for exercising sandbox behavior directly, but before this stack the CLI
only picked up permission profiles indirectly from the active config. The existing debug-sandbox path
already compiled [permissions] profiles through normal config loading, as covered by the existing
profile tests in debug_sandbox.rs.

This adds the smallest stable entry point first: an explicit profile selector that reuses the same
config machinery as normal Codex config, so standalone testing becomes possible without changing
current no-selector behavior.

What changed

• Add additive --permissions-profile NAME support to codex sandbox macos|linux|windows.
• Resolve built-in and user-defined profile names by feeding default_permissions through the
  existing config compilation path instead of inventing a sandbox-only parser.
• Make an explicit selector win over an ambient active profile's legacy sandbox_mode.
• Keep the existing no-selector behavior unchanged.

Stack

1. feat(cli): add explicit sandbox permission profiles #20117 sandbox-ui-profile --> this PR
2. feat(cli): add sandbox profile config controls #20118 sandbox-ui-config

Both PRs are additive. Replay JSON is intentionally deferred to a follow-up design pass.

Tests ran

• cargo test -p codex-cli debug_sandbox
• cargo test -p codex-cli sandbox_macos_parses_permissions_profile
• cargo test -p codex-core cli_override_takes_precedence_over_profile_sandbox_mode
• macOS branch-binary smoke on the rebased top of stack: built-in :workspace and user-defined
  profiles both executed successfully through --permissions-profile.
• Linux devbox branch-binary smoke on the rebased top of stack: built-in :workspace and
  user-defined profiles both executed successfully through --permissions-profile.

[chatgpt-codex-connector]

💡 Codex Review

codex/codex-rs/cli/src/debug_sandbox.rs

Lines 628 to 634 in 8fcc1c3

	if config_uses_permission_profiles(&config) {
	if full_auto {
	anyhow::bail!(
	"`codex sandbox --full-auto` is only supported for legacy `sandbox_mode` configs; choose a writable `[permissions]` profile instead"
	);
	}
	return Ok(config);

Honor --permissions-profile over profile sandbox_mode

load_debug_sandbox_config_with_codex_home returns early whenever default_permissions exists, but config compilation can still resolve to legacy mode when an active config profile sets sandbox_mode (via core's syntax resolution). In that case the new --permissions-profile flag is accepted yet ignored, and the command may run under the profile's legacy sandbox level instead of the requested permissions profile.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".