windows sandbox: support multiple workspace roots (#6854)

The Windows sandbox did not previously support multiple workspace roots
via config. Now it does

codex-rs/windows-sandbox-rs/src/policy.rs

@@ -1,36 +1,17 @@
 use anyhow::Result;
-use serde::Deserialize;
-use serde::Serialize;
+pub use codex_protocol::protocol::SandboxPolicy;
 
-#[derive(Clone, Debug, Serialize, Deserialize)]
-pub struct PolicyJson {
-    pub mode: String,
-    #[serde(default)]
-    pub workspace_roots: Vec<String>,
-}
-
-#[derive(Clone, Debug)]
-pub enum SandboxMode {
-    ReadOnly,
-    WorkspaceWrite,
-}
-
-#[derive(Clone, Debug)]
-pub struct SandboxPolicy(pub SandboxMode);
-
-impl SandboxPolicy {
-    pub fn parse(value: &str) -> Result<Self> {
-        match value {
-            "read-only" => Ok(SandboxPolicy(SandboxMode::ReadOnly)),
-            "workspace-write" => Ok(SandboxPolicy(SandboxMode::WorkspaceWrite)),
-            other => {
-                let pj: PolicyJson = serde_json::from_str(other)?;
-                Ok(match pj.mode.as_str() {
-                    "read-only" => SandboxPolicy(SandboxMode::ReadOnly),
-                    "workspace-write" => SandboxPolicy(SandboxMode::WorkspaceWrite),
-                    _ => SandboxPolicy(SandboxMode::ReadOnly),
-                })
+pub fn parse_policy(value: &str) -> Result<SandboxPolicy> {
+    match value {
+        "read-only" => Ok(SandboxPolicy::ReadOnly),
+        "workspace-write" => Ok(SandboxPolicy::new_workspace_write_policy()),
+        "danger-full-access" => anyhow::bail!("DangerFullAccess is not supported for sandboxing"),
+        other => {
+            let parsed: SandboxPolicy = serde_json::from_str(other)?;
+            if matches!(parsed, SandboxPolicy::DangerFullAccess) {
+                anyhow::bail!("DangerFullAccess is not supported for sandboxing");
             }
+            Ok(parsed)
         }
     }
 }