AI CLI coding¶
Codex (ChatGPT/OpenAI)¶
Install Alpine in WSL using the Windows Store. Run the following commands:
(If you're having trouble with permissions, try running su - to get into sudo mode.)
# Get rid of the Windows PATH
echo -e "[interop]\nappendWindowsPath = false" | sudo tee /etc/wsl.conf # RESTART WSL after this!
su -
apk add sudo # install sudo
adduser work wheel # add current user "work" to sudo permissions
echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers
exit
sudo sed -i 's/^#\(.*community\)/\1/' /etc/apk/repositories
sudo apk update
sudo apk add nodejs npm
# Set up npm so that "global" installs into just my local profile
mkdir -p ~/.npm-global
npm config set prefix '~/.npm-global'
echo 'export PATH="$HOME/.npm-global/bin:$PATH"' >> ~/.profile
source ~/.profile
npm i -g @openai/codex
codex # run Codex and authenticate, etc
Allow limited network access¶
Add this to config.toml:
[sandbox_workspace_write]
network_access = true # opt in to outbound network
To check which IP addresses are being accessed, run:
Or to see which IP a domain points to, run:
Then lock down network access so it can only access approved IP addresses:
#!/bin/sh
echo "Enabling network restrictions..."
# Flush existing rules
sudo iptables -F OUTPUT
# Default policy: drop all outbound
sudo iptables -P OUTPUT DROP
# Allow loopback
sudo iptables -A OUTPUT -o lo -j ACCEPT
# Allow established/related connections
sudo iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow DNS
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
# Whitelist specific IPs/domains
sudo iptables -A OUTPUT -d 167.71.186.147 -j ACCEPT # sgc.andrewblankenship.dev
sudo iptables -A OUTPUT -d 172.64.155.209 -j ACCEPT # openai codex IP
echo "Network restrictions enabled"
sudo iptables -L OUTPUT -v -n
To go back to normal, run this:
#!/bin/sh
echo "Disabling network restrictions..."
# Flush all OUTPUT rules
sudo iptables -F OUTPUT
# Set default policy back to ACCEPT
sudo iptables -P OUTPUT ACCEPT
echo "Network restrictions disabled"
sudo iptables -L OUTPUT -v -n
Codex saves logs of each session to ~\.codex\sessions.
OpenCode¶
(See also OpenCode and the Zen models, some of which are much cheaper than the high end Claude/OpenAI ones.)
Gemini¶
Make sure to disable sending of usage statistics.
Aider¶
Install Aider and use the openrouter API to talk to a free LLM like Llama. It can edit files directly on your system (using diffs) and even automatically commit its changes.
python -m pip install aider-install
aider-install
setx OPENROUTER_API_KEY <key> # Windows, restart shell after setx
cd /to/your/project
aider --model openrouter/meta-llama/llama-4-maverick:free
/add script.php # add files that you want Aider to work with