diff --git a/codex-rs/core/src/session/tests.rs b/codex-rs/core/src/session/tests.rs index 973c7a53001f..29263bff1465 100644 --- a/codex-rs/core/src/session/tests.rs +++ b/codex-rs/core/src/session/tests.rs @@ -45,6 +45,7 @@ use codex_protocol::permissions::FileSystemPath; use codex_protocol::permissions::FileSystemSandboxEntry; use codex_protocol::permissions::FileSystemSandboxPolicy; use codex_protocol::permissions::FileSystemSpecialPath; +use codex_protocol::permissions::NetworkSandboxPolicy; use codex_protocol::protocol::NonSteerableTurnKind; use codex_protocol::protocol::SandboxPolicy; use codex_protocol::request_permissions::PermissionGrantScope; @@ -1590,11 +1591,13 @@ async fn session_configured_reports_permission_profile_for_external_sandbox() -> let sandbox_policy = SandboxPolicy::ExternalSandbox { network_access: codex_protocol::protocol::NetworkAccess::Restricted, }; - let expected_sandbox_policy = sandbox_policy.clone(); + let expected_permission_profile = PermissionProfile::External { + network: NetworkSandboxPolicy::Restricted, + }; + let config_permission_profile = expected_permission_profile.clone(); let mut builder = test_codex().with_config(move |config| { - config.permissions.permission_profile = codex_config::Constrained::allow_any( - PermissionProfile::from_legacy_sandbox_policy(&sandbox_policy), - ); + config.permissions.permission_profile = + codex_config::Constrained::allow_any(config_permission_profile); config .set_legacy_sandbox_policy(sandbox_policy) .expect("set sandbox policy"); @@ -1602,10 +1605,6 @@ async fn session_configured_reports_permission_profile_for_external_sandbox() -> let test = builder.build(&server).await?; - let expected_permission_profile = - codex_protocol::models::PermissionProfile::from_legacy_sandbox_policy( - &expected_sandbox_policy, - ); assert_eq!( test.session_configured.permission_profile, expected_permission_profile, "ExternalSandbox is represented explicitly instead of as a lossy root-write profile" diff --git a/codex-rs/protocol/src/models.rs b/codex-rs/protocol/src/models.rs index 198a191d4e9c..819ec7a4b3ae 100644 --- a/codex-rs/protocol/src/models.rs +++ b/codex-rs/protocol/src/models.rs @@ -475,14 +475,6 @@ impl PermissionProfile { } } - pub fn from_legacy_sandbox_policy(sandbox_policy: &SandboxPolicy) -> Self { - Self::from_runtime_permissions_with_enforcement( - SandboxEnforcement::from_legacy_sandbox_policy(sandbox_policy), - &FileSystemSandboxPolicy::from(sandbox_policy), - NetworkSandboxPolicy::from(sandbox_policy), - ) - } - pub fn from_legacy_sandbox_policy_for_cwd(sandbox_policy: &SandboxPolicy, cwd: &Path) -> Self { Self::from_runtime_permissions_with_enforcement( SandboxEnforcement::from_legacy_sandbox_policy(sandbox_policy), @@ -1837,25 +1829,10 @@ mod tests { Ok(()) } - #[test] - fn permission_profile_presets_match_legacy_defaults() { - assert_eq!( - PermissionProfile::read_only(), - PermissionProfile::from_legacy_sandbox_policy(&SandboxPolicy::new_read_only_policy()) - ); - assert_eq!( - PermissionProfile::workspace_write(), - PermissionProfile::from_legacy_sandbox_policy( - &SandboxPolicy::new_workspace_write_policy() - ) - ); - } - #[test] fn permission_profile_round_trip_preserves_disabled_sandbox() -> Result<()> { let cwd = tempdir()?; - let permission_profile = - PermissionProfile::from_legacy_sandbox_policy(&SandboxPolicy::DangerFullAccess); + let permission_profile = PermissionProfile::Disabled; assert_eq!(permission_profile, PermissionProfile::Disabled); assert_eq!( @@ -1937,7 +1914,9 @@ mod tests { let sandbox_policy = SandboxPolicy::ExternalSandbox { network_access: crate::protocol::NetworkAccess::Restricted, }; - let permission_profile = PermissionProfile::from_legacy_sandbox_policy(&sandbox_policy); + let permission_profile = PermissionProfile::External { + network: NetworkSandboxPolicy::Restricted, + }; assert_eq!( permission_profile,