From 52439d8f37612de17f7be671f09b035d02e4265a Mon Sep 17 00:00:00 2001 From: ReachableCEO Date: Fri, 12 Sep 2025 14:34:47 -0500 Subject: [PATCH] docs(agents): enforce host-as-read-only; only use preinstalled docker/git/tea/curl; all work in containers --- AGENTS.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 9daf533..713c8a9 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -7,7 +7,8 @@ Package ~100 free/libre/open-source applications as Cloudron apps with a fast, c ## Golden Rules - Single branch: use only `main`. Do not create feature branches unless explicitly requested. -- No host pollution: never install packages or tools on the host. The only required host tools are `docker`, `git` (and optionally `tea`). +- Host is read-only: do not install or modify anything on the host OS. You MAY only check for the presence of tools and run them if already installed. +- Allowed host tools (if present): `docker`, `git`, `tea` (optional), and `curl` for connectivity checks. Never attempt to install or upgrade them. - Containers only: all build, test, lint, and packaging commands must run inside the packaging container. - Do not push to remote without approval: never run `git push` for a package change until it has been validated and explicitly approved by the maintainer. - Keep repo slim: do not commit upstream source trees or build artefacts. Only commit package files under `CloudronPackages//`, small helper scripts, and minimal docs. @@ -62,8 +63,8 @@ Package ~100 free/libre/open-source applications as Cloudron apps with a fast, c ## Networking & External Access - All networked actions (git clones, docker pulls, downloads) must happen from within the packaging container. -- Host-level curl allowance: You MAY use `curl` on the host strictly for quick connectivity checks (e.g., verifying a URL or endpoint is reachable). Do not install any additional host packages beyond `docker`, `git` (and optionally `tea`). -- Do not attempt other host-level network configuration or host-level package installation. +- Host-level curl allowance: You MAY use `curl` on the host strictly for quick connectivity checks IF it is already installed. Do not install any host packages. +- Do not attempt other host-level network configuration, filesystem changes outside the repo, or host-level package installation. ## Commit Messages - Use conventional, concise messages: