tests: use permission profiles in suite turn submits

[bolinfest]

Why

A couple of integration test helpers were still passing SandboxPolicy::DangerFullAccess for ordinary turn submission. These tests are not validating the legacy policy bridge; they just need the turn to run without sandbox restrictions. Using PermissionProfile directly keeps the tests aligned with the canonical permissions model and removes more incidental legacy usage.

What Changed

• Updated the apply-patch CLI helper that constructs Op::UserTurn directly to populate both permission fields from PermissionProfile::Disabled via turn_permission_fields(...).
• Updated the plugin hook test to call submit_turn_with_permission_profile(...) instead of submit_turn_with_policy(...).
• Removed the SandboxPolicy import from core/tests/suite/apply_patch_cli.rs.

Verification

cargo test -p codex-core apply_patch_cli_move_without_content_change_has_no_turn_diff -- --nocapture
cargo test -p codex-core plugin_pre_tool_use_blocks_shell_command_before_execution -- --nocapture

---

Stack created with Sapling. Best reviewed with ReviewStack.

• windows-sandbox: isolate allow path computation from legacy policy #20469
• docs: avoid stale SandboxPolicy references #20468
• config tests: assert sandbox-mode fallbacks via profiles #20467
• config tests: assert permission profile runtime state #20466
• config tests: derive permission profiles directly #20465
• tui tests: assert permission profiles directly #20459
• config: gate legacy writable roots from profiles #20456
• windows-sandbox: accept permission profiles from callers #20455
• exec: localize legacy Windows sandbox projection #20452
• session: stop exposing legacy sandbox policy #20450
• protocol: remove legacy sandbox turn-context overrides #20449
• protocol: drop legacy sandbox from user turns #20446
• protocol: require permission profiles for user turns #20441
• protocol: canonicalize turn context permissions #20440
• session: localize legacy sandbox turn fallback #20438
• rollout-trace: record permission profiles #20436
• protocol: make user-turn sandbox policy optional #20433
• session: tag turns with permission profiles #20432
• core tests: submit turns with permission profiles #20431
• turn-context: stop writing legacy sandbox policy #20430
• app-server: normalize command sandbox overrides as profiles #20429
• app-server: validate turn sandbox overrides as profiles #20428
• session: convert legacy sandbox updates before settings apply #20426
• sandboxing: exercise seatbelt with runtime policies #20424
• app-server: compare resume sandbox from permission profile #20423
• mcp: send sandbox metadata as permission profile only #20422
• thread-store: stop exposing legacy sandbox policy #20421
• tui: centralize legacy sandbox projection #20420
• test support: derive turn sandbox from permission profiles #20414
• windows setup: derive sandbox from permission profile #20412
• exec tests: derive thread sandbox from profile #20411
• windows read grants: accept permission profiles #20410
• session tests: configure permissions with profiles #20409
• analytics tests: derive sandbox fixtures from profiles #20408
• approval tests: configure scenarios with permission profiles #20407
• tui: hydrate thread permissions from profiles #20406
• rollout tests: seed turn contexts from permission profiles #20404
• state: extract rollout permissions from profiles #20403
• state: derive metadata sandbox from permission profiles #20401
• otel: report conversation permissions from profiles #20400
• protocol: drop cwd-less legacy profile constructor #20398
• app-server-test-client: select permission profiles by name #20397
• session tests: configure runtime permissions directly #20396
• tests: mutate spawn-agent permission profile directly #20394
• app-server tests: select turn permission profiles by name #20393
• file-system: drop unused legacy sandbox constructor #20390
• tests: use disabled profile in exec capture check #20389
• tests: use profile constructors in config checks #20388
• tests: use permission profiles in multi-agent config checks #20387
• tests: remove sandbox policy fixture from rollout trace #20386
• tests: use permission profiles in session network checks #20384
• tests: use permission profiles in config loader checks #20382
• tests: submit websocket turns with permission profiles #20381
• tests: use permission profiles in exec policy checks #20380
• tests: use permission profiles in request permission suite #20378
• tests: use permission profiles in unified exec suite #20376
• core: use permission profiles in small read-only contexts #20375
• exec tests: launch sandbox cases from permission profiles #20372
• -> tests: use permission profiles in suite turn submits #20370
• guardian: configure review session permissions directly #20369
• tests: use permission profiles in small core fixtures #20368
• exec-server: use permission profiles in file system handler tests #20367
• memories: configure consolidation permissions directly #20365
• analytics: distinguish custom managed permission profiles #20363
• tests: use permission profiles in guardian config checks #20362
• tests: use permission profiles in unix escalation checks #20360
• tests: use permission profiles in patch safety checks #20359
• tests: use permission profiles in tool sandbox tests #20358
• tests: use permission profile fixtures in config checks #20357
• core: build permission instructions from profiles only #20356
• utils: summarize permission profiles directly #20355
• tests: copy plugin stdio server before launch #20373

[chatgpt-codex-connector]

💡 Codex Review

codex/codex-rs/utils/sandbox-summary/src/sandbox_summary.rs

Lines 40 to 47 in 53010bd

	let writable_entries = writable_roots
	.iter()
	.map(|root| writable_root_display(root.root.as_path(), cwd))
	.collect::<Vec<_>>();
	summary_with_network(
	&format!("workspace-write [{}]", writable_entries.join(", ")),
	network_enabled,
	)

Preserve custom label for non-workdir writable policies

This branch classifies any managed profile with at least one writable root as workspace-write, but some valid managed policies grant writes outside the working directory (for example, write access only to /tmp or other explicit roots) and are not equivalent to workspace mode. Before this change those profiles were surfaced as custom permissions via the legacy-conversion fallback, while now they are mislabeled and downstream UI logic can collapse them to "Workspace", which understates the actual permission shape. Please gate the workspace-write label on workdir-write semantics rather than just writable_roots.is_empty().

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".