Add a wizzard to configure .sloptrap files

README.md

@@ -24,9 +24,8 @@ brew install coreutils gnu-tar jq
    ```bash
    cat > path/to/project/.sloptrap <<'EOF'
    name=path/to/project
-   default_targets=run
    packages_extra=make
-   codex_args=--sandbox workspace-write 
+   codex_args=--sandbox danger-full-access --ask-for-approval never
    EOF
 
    cat > path/to/project/.sloptrapignore <<'EOF'
@@ -54,20 +53,19 @@ brew install coreutils gnu-tar jq
 
 The manifest is optional. When absent, sloptrap derives:
 - `name = basename(project directory)`
-- `default_targets = run`
 - `packages_extra = ""` (none)
-- `codex_args = "--sandbox workspace-write"`
+- `codex_args = "--sandbox danger-full-access --ask-for-approval never"`
+If a build is requested and no `.sloptrap` exists, sloptrap prompts to create one interactively.
 
 Supported keys when the manifest is present:
 
 | Key | Default | Notes |
 | --- | --- | --- |
 | `name` | project directory name | Must match `^[A-Za-z0-9_.-]+$`. Used for image/container naming. |
-| `default_targets` | `run` | Space-separated targets invoked when none are provided on the CLI. |
 | `packages_extra` | *empty* | Additional Debian packages installed during `docker/podman build`. Tokens must be alphanumeric plus `+.-`. |
-| `codex_args` | `--sandbox workspace-write` | Passed verbatim to the Codex CLI entrypoint. Tokens are shell-split, so quote values with spaces (e.g., `--profile security-audit`). |
+| `codex_args` | `--sandbox danger-full-access --ask-for-approval never` | Passed verbatim to the Codex CLI entrypoint. Tokens are shell-split, so quote values with spaces (e.g., `--profile security-audit`). |
 | `allow_host_network` | `false` | `true` opts into `--network host`; keep `false` unless the project absolutely requires direct access to host-local services. |
-`codex_args` are appended after the default sandbox flag, and sloptrap refuses to run if the resulting `--sandbox` mode is anything other than `workspace-write` or `workspace-read-only`.
+`codex_args` are appended after the default sandbox flag, and sloptrap refuses to run if the resulting `--sandbox` mode is anything other than `workspace-write`, `workspace-read-only`, or `danger-full-access`.
 
 Values containing `$`, `` ` ``, or newlines are rejected to prevent command injection. Setting illegal keys or malformed values aborts the run before containers start.
 
@@ -93,7 +91,7 @@ Options:
 
 Behaviour:
 
-- Missing manifests are treated as default configuration.
+- Missing manifests are treated as default configuration; when a build is requested, sloptrap runs the interactive wizard if a TTY is available, otherwise it warns and continues with defaults.
 - `SLOPTRAP_CONTAINER_ENGINE` overrides engine auto-detection.
 - If `${HOME}/.codex/auth.json` is absent, sloptrap prepends a login run before executing your targets.
 - Exit status mirrors the last target executed; errors in parsing or setup abort early with a message.
@@ -107,7 +105,7 @@ Behaviour:
 
 ## Built-in Targets
 
-Targets are supplied after the code directory (or via `default_targets` in the manifest). When omitted, sloptrap defaults to `run`.
+Targets are supplied after the code directory. When omitted, sloptrap defaults to `run`.
 
 | Target | Description |
 | --- | --- |
@@ -118,6 +116,7 @@ Targets are supplied after the code directory (or via `default_targets` in the m
 | `resume <session-id>` | Continues a Codex session by running `codex resume <session-id>` inside the container (builds if needed). |
 | `login` | Starts Codex in login mode to bootstrap `${HOME}/.codex`. |
 | `shell` | Launches `/bin/bash` inside the container for debugging. |
+| `wizzard` | Creates or updates `.sloptrap` interactively (no build); rerun `build` or `rebuild` afterward. |
 | `stop` | Best-effort stop of the running container (if any). |
 | `clean` | Removes `.sloptrap-ignores`, deletes the container/image, and stops the container if necessary. |