-System Codex installs the owner-standard full-auto profile by default with the official Codex config schema hint, `approval_policy = "never"`, `sandbox_mode = "danger-full-access"`, `default_permissions = ":danger-full-access"`, `model = "gpt-5.5"`, `model_reasoning_effort = "xhigh"`, `suppress_unstable_features_warning = true`, managed subagents on `gpt-5.5`/`medium` with temporary specialist-MCP isolation, and `[features].hooks = true`, `[features].plugin_hooks = true`, plus `[features].multi_agent = true`. Current Codex profile selection uses `$CODEX_HOME/<name>.config.toml`, so the installer writes `rldyour-yolo.config.toml` and `rldyour-safe.config.toml` and must not write legacy `profile = "..."` selectors or `[profiles.*]` tables. The owner-standard mode is also referred to as YOLO mode, full-auto mode, and dangerously-skip-permissions mode. `scripts/install_system_codex.sh --apply --safe-mode` is the explicit conservative override and selects `approval_policy = "on-request"` and `sandbox_mode = "workspace-write"` only when the owner intentionally asks for that posture. Current Codex documentation treats `sandbox_mode` as the active older sandbox model when present, so do not migrate this owner profile to beta permission profiles without an explicit policy decision. Current Codex CLI keeps plugin-bundled hooks behind `plugin_hooks`, so the flag is intentionally explicit. Deprecated config aliases such as `codex_hooks`, legacy `features.web_search*`, `experimental_instructions_file`, `background_terminal_timeout`, `experimental_use_unified_exec_tool`, `memories.no_memories_if_mcp_or_web_search`, `use_legacy_landlock`, legacy `profile`, and legacy `[profiles.*]` must not be present. Continue to avoid destructive actions unless the owner explicitly requests them.
0 commit comments