model = "gpt-5.3-codex"
model_reasoning_effort = "high"
approval_policy = "never"  # values: untrusted | on-failure | on-request | never
sandbox_mode = "workspace-write"

developer_instructions = """
Work in phases.
- At the start of each phase: state the goal + plan briefly.
- During the phase: edit files and run commands as needed.
- End of each phase: summarize what changed, show key diffs/paths touched, and stop for review.
Do not proceed to the next phase until the user says "continue".
""" :contentReference[oaicite:3]{index=3}

[sandbox_workspace_write]
# Keep network off (commands that need internet will fail instead of prompting).
network_access = false :contentReference[oaicite:4]{index=4}

# Tighten writes to be “workspace only” by removing temp-dir write roots.
# (Workspace-write normally includes temp dirs; these reduce that surface area.)
exclude_slash_tmp = true
exclude_tmpdir_env_var = true :contentReference[oaicite:5]{index=5}


[projects.'C:\Users\Nico\Desktop\Projects\fiddy-finance-buddy-app']
trust_level = "trusted"

[features]
elevated_windows_sandbox = true