sbx policy rm network --id fails with UUID shown in sbx policy ls

[CGangDev]

Description:

sbx policy ls displays a UUID in the POLICY/RULE column for user-added rules. Passing that UUID to sbx policy rm network --id fails with "rule not found", even though the rule is clearly present.

Steps to reproduce:

Add a rule

$ sbx policy allow network test.org:443
Rule added to policy local (scope: global): 9d442f70-40a9-42b7-bc3a-e9efd337531e (test.org:443)

List rules — note the POLICY/RULE column shows a DIFFERENT UUID

$ sbx policy ls
PROVENANCE APPLIES_TO POLICY/RULE TYPE DECISION RESOURCES
local all cef43db6-e9fa-4a3e-9154-9564bcedca19 network allow test.org:443

Try to remove using the UUID from policy ls

$ sbx policy rm network --id cef43db6-e9fa-4a3e-9154-9564bcedca19
ERROR: remove network rule: remove-id: rule "cef43db6-e9fa-4a3e-9154-9564bcedca19" not found

Using --resource works as a workaround

$ sbx policy rm network --resource test.org:443
Rule removed from policy local: resources=test.org:443

Expected behavior:

Either:

The UUID shown in sbx policy ls should be the same one accepted by --id, or
The --id flag help text and policy ls output should clarify which identifier to use
Workaround: Use --resource instead of --id.

Version: sbx v0.32.0