diff --git a/codex-rs/core/src/session/rollout_reconstruction_tests.rs b/codex-rs/core/src/session/rollout_reconstruction_tests.rs
index e0a0b6ec2fd6..0e07d4b4b055 100644
--- a/codex-rs/core/src/session/rollout_reconstruction_tests.rs
+++ b/codex-rs/core/src/session/rollout_reconstruction_tests.rs
@@ -9,6 +9,7 @@ use codex_protocol::protocol::CompactedItem;
 use codex_protocol::protocol::InitialHistory;
 use codex_protocol::protocol::InterAgentCommunication;
 use codex_protocol::protocol::ResumedHistory;
+use codex_protocol::protocol::SandboxPolicy;
 use pretty_assertions::assert_eq;
 use std::path::PathBuf;
 
@@ -52,6 +53,16 @@ fn inter_agent_assistant_message(text: &str) -> ResponseItem {
     }
 }
 
+fn legacy_sandbox_policy_for_rollout_fixture(turn_context: &TurnContext) -> SandboxPolicy {
+    let file_system_sandbox_policy = turn_context.file_system_sandbox_policy();
+    codex_sandboxing::compatibility_sandbox_policy_for_permission_profile(
+        &turn_context.permission_profile,
+        &file_system_sandbox_policy,
+        turn_context.network_sandbox_policy(),
+        turn_context.cwd.as_path(),
+    )
+}
+
 #[tokio::test]
 async fn record_initial_history_resumed_bare_turn_context_does_not_hydrate_previous_turn_settings()
 {
@@ -64,7 +75,7 @@ async fn record_initial_history_resumed_bare_turn_context_does_not_hydrate_previ
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
@@ -105,7 +116,7 @@ async fn record_initial_history_resumed_hydrates_previous_turn_settings_from_lif
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
@@ -915,7 +926,7 @@ async fn record_initial_history_resumed_turn_context_after_compaction_reestablis
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
@@ -993,7 +1004,7 @@ async fn record_initial_history_resumed_turn_context_after_compaction_reestablis
             current_date: turn_context.current_date.clone(),
             timezone: turn_context.timezone.clone(),
             approval_policy: turn_context.approval_policy.value(),
-            sandbox_policy: Some(turn_context.sandbox_policy()),
+            sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
             permission_profile: None,
             network: None,
             file_system_sandbox_policy: None,
@@ -1024,7 +1035,7 @@ async fn record_initial_history_resumed_aborted_turn_without_id_clears_active_tu
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
@@ -1139,7 +1150,7 @@ async fn record_initial_history_resumed_unmatched_abort_preserves_active_turn_fo
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
@@ -1253,7 +1264,7 @@ async fn record_initial_history_resumed_trailing_incomplete_turn_compaction_clea
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
@@ -1405,7 +1416,7 @@ async fn record_initial_history_resumed_replaced_incomplete_compacted_turn_clear
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy_for_rollout_fixture(&turn_context)),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
diff --git a/codex-rs/core/src/session/tests.rs b/codex-rs/core/src/session/tests.rs
index ae63abcf6b2f..a275e806c50e 100644
--- a/codex-rs/core/src/session/tests.rs
+++ b/codex-rs/core/src/session/tests.rs
@@ -1738,6 +1738,14 @@ async fn fork_startup_context_then_first_turn_diff_snapshot() -> anyhow::Result<
 async fn record_initial_history_forked_hydrates_previous_turn_settings() {
     let (session, turn_context) = make_session_and_context().await;
     let previous_model = "forked-rollout-model";
+    let file_system_sandbox_policy = turn_context.file_system_sandbox_policy();
+    let legacy_sandbox_policy =
+        codex_sandboxing::compatibility_sandbox_policy_for_permission_profile(
+            &turn_context.permission_profile,
+            &file_system_sandbox_policy,
+            turn_context.network_sandbox_policy(),
+            turn_context.cwd.as_path(),
+        );
     let previous_context_item = TurnContextItem {
         turn_id: Some(turn_context.sub_id.clone()),
         trace_id: turn_context.trace_id.clone(),
@@ -1745,7 +1753,7 @@ async fn record_initial_history_forked_hydrates_previous_turn_settings() {
         current_date: turn_context.current_date.clone(),
         timezone: turn_context.timezone.clone(),
         approval_policy: turn_context.approval_policy.value(),
-        sandbox_policy: Some(turn_context.sandbox_policy()),
+        sandbox_policy: Some(legacy_sandbox_policy),
         permission_profile: None,
         network: None,
         file_system_sandbox_policy: None,
diff --git a/codex-rs/core/src/session/turn.rs b/codex-rs/core/src/session/turn.rs
index 07e4e30041a6..342479090ca0 100644
--- a/codex-rs/core/src/session/turn.rs
+++ b/codex-rs/core/src/session/turn.rs
@@ -1820,7 +1820,7 @@ async fn try_run_sampling_request(
     feedback_tags!(
         model = turn_context.model_info.slug.clone(),
         approval_policy = turn_context.approval_policy.value(),
-        sandbox_policy = &turn_context.sandbox_policy(),
+        permission_profile = &turn_context.permission_profile,
         effort = turn_context.reasoning_effort,
         auth_mode = sess.services.auth_manager.auth_mode(),
         features = sess.features.enabled_features(),
diff --git a/codex-rs/core/src/session/turn_context.rs b/codex-rs/core/src/session/turn_context.rs
index 2c7d602f60ca..e334f73ca269 100644
--- a/codex-rs/core/src/session/turn_context.rs
+++ b/codex-rs/core/src/session/turn_context.rs
@@ -4,7 +4,6 @@ use codex_model_provider::SharedModelProvider;
 use codex_model_provider::create_model_provider;
 use codex_protocol::models::AdditionalPermissionProfile;
 use codex_protocol::protocol::TurnEnvironmentSelection;
-use codex_sandboxing::compatibility_sandbox_policy_for_permission_profile;
 use codex_sandboxing::policy_transforms::effective_file_system_sandbox_policy;
 use codex_sandboxing::policy_transforms::effective_network_sandbox_policy;
 use std::sync::atomic::AtomicBool;
@@ -106,17 +105,6 @@ impl TurnContext {
         self.permission_profile.network_sandbox_policy()
     }
 
-    pub(crate) fn sandbox_policy(&self) -> SandboxPolicy {
-        let file_system_sandbox_policy = self.file_system_sandbox_policy();
-        let network_sandbox_policy = self.network_sandbox_policy();
-        compatibility_sandbox_policy_for_permission_profile(
-            &self.permission_profile,
-            &file_system_sandbox_policy,
-            network_sandbox_policy,
-            &self.cwd,
-        )
-    }
-
     pub(crate) fn model_context_window(&self) -> Option<i64> {
         let effective_context_window_percent = self.model_info.effective_context_window_percent;
         self.model_info