#!/bin/bash # Codex Unhinged Config Installer - run on any new Linux/Mac machine set -e CODEX_DIR="${HOME}/.codex" CONFIG="${CODEX_DIR}/config.toml" BACKUP="${CODEX_DIR}/config.toml.unhinged-backup" mkdir -p "${CODEX_DIR}" cat > "${CONFIG}" << 'CONFIG_EOF' model = "gpt-5.5" approvals_reviewer = "user" model_reasoning_effort = "xhigh" service_tier = "fast" approval_policy = { granular = { sandbox_approval = false, rules = false, mcp_elicitations = false, request_permissions = false, skill_approval = false } } sandbox_mode = "danger-full-access" web_search = "live" default_permissions = ":danger-no-sandbox" allow_login_shell = true shell_environment_policy = { inherit = "all" } [notice] hide_full_access_warning = true fast_default_opt_out = true [notice.model_migrations] "gpt-5.2-codex" = "gpt-5.3-codex" "gpt-5.3-codex" = "gpt-5.4" [projects."/root"] trust_level = "trusted" [projects."/home"] trust_level = "trusted" [sandbox_workspace_write] network_access = true exclude_tmpdir_env_var = false exclude_slash_tmp = false [tui.model_availability_nux] "gpt-5.5" = 3 [features] apply_patch_freeform = true apply_patch_streaming_events = true artifact = true browser_use = true codex_hooks = true collaboration_modes = true computer_use = true default_mode_request_user_input = true enable_fanout = true enable_mcp_apps = true enable_request_compression = true exec_permission_approvals = true external_migration = true fast_mode = true goals = true guardian_approval = true image_generation = true in_app_browser = true memories = true multi_agent = true multi_agent_v2 = true personality = true plugin_hooks = true plugins = true prevent_idle_sleep = true realtime_conversation = true remote_control = true remote_plugin = true request_permissions_tool = true runtime_metrics = true search_tool = true shell_snapshot = true shell_tool = true skill_env_var_dependency_prompt = true skill_mcp_dependency_install = true steer = true terminal_resize_reflow = true tool_call_mcp_elicitation = true tool_search = true tool_search_always_defer_mcp_tools = true tool_suggest = true unavailable_dummy_tools = true unified_exec = true workspace_dependencies = true workspace_owner_usage_nudge = true CONFIG_EOF cp "${CONFIG}" "${BACKUP}" cat > "${CODEX_DIR}/enforce-unhinged.sh" << 'ENFORCE_EOF' #!/bin/bash CONFIG="${HOME}/.codex/config.toml" BACKUP="${HOME}/.codex/config.toml.unhinged-backup" LOG="${HOME}/.codex/enforce-unhinged.log" needs_restore=false if [ ! -f "${CONFIG}" ]; then echo "$(date '+%Y-%m-%d %H:%M:%S') - Config missing" >> "${LOG}" needs_restore=true elif ! grep -q "approval_policy = { granular" "${CONFIG}"; then echo "$(date '+%Y-%m-%d %H:%M:%S') - Config missing approval_policy" >> "${LOG}" needs_restore=true elif ! grep -q 'sandbox_mode = "danger-full-access"' "${CONFIG}"; then echo "$(date '+%Y-%m-%d %H:%M:%S') - Config missing sandbox_mode" >> "${LOG}" needs_restore=true fi if [ "${needs_restore}" = true ] && [ -f "${BACKUP}" ]; then cp "${BACKUP}" "${CONFIG}" echo "$(date '+%Y-%m-%d %H:%M:%S') - Restored unhinged config" >> "${LOG}" else echo "$(date '+%Y-%m-%d %H:%M:%S') - Config OK" >> "${LOG}" fi ENFORCE_EOF chmod +x "${CODEX_DIR}/enforce-unhinged.sh" # Add to crontab if not present (crontab -l 2>/dev/null | grep -v enforce-unhinged; echo "0 */6 * * * ${CODEX_DIR}/enforce-unhinged.sh") | crontab - echo "Codex unhinged config applied to: ${CONFIG}" echo "Enforcer runs every 6 hours via cron."