docs(agents): enforce host-as-read-only; only use preinstalled docker/git/tea/curl; all work in containers

AGENTS.md

@@ -7,7 +7,8 @@ Package ~100 free/libre/open-source applications as Cloudron apps with a fast, c
 
 ## Golden Rules
 - Single branch: use only `main`. Do not create feature branches unless explicitly requested.
-- No host pollution: never install packages or tools on the host. The only required host tools are `docker`, `git` (and optionally `tea`).
+- Host is read-only: do not install or modify anything on the host OS. You MAY only check for the presence of tools and run them if already installed.
+- Allowed host tools (if present): `docker`, `git`, `tea` (optional), and `curl` for connectivity checks. Never attempt to install or upgrade them.
 - Containers only: all build, test, lint, and packaging commands must run inside the packaging container.
 - Do not push to remote without approval: never run `git push` for a package change until it has been validated and explicitly approved by the maintainer.
 - Keep repo slim: do not commit upstream source trees or build artefacts. Only commit package files under `CloudronPackages/<AppName>/`, small helper scripts, and minimal docs.
@@ -43,9 +44,17 @@ Package ~100 free/libre/open-source applications as Cloudron apps with a fast, c
 - Optional: `cloudron install --image <app>:dev` tested from inside the packaging container using `cloudron` CLI, if available.
 
 ## Approval Gate and Push Policy
-- After validation, present a summary of what changed and the validation output to the maintainer.
-- Only on explicit approval run `git push origin main` for the package commit(s).
-- Never force-push unless explicitly instructed.
+- Commits: frequent, small, and descriptive commits are encouraged; no approval needed for local commits.
+- After validation, present a concise summary of changes and validation output to the maintainer and request permission to push.
+- Push only at “natural” points (coherent, validated milestones). Examples:
+  - First green build of a new package scaffold (image builds + container starts + health OK).
+  - A feature-complete slice (e.g., addon integration added and tested).
+  - A bug fix with verification.
+  - Pre-release stabilization checkpoint.
+- Batch pushes to avoid noise (aim for 1–3 pushes per active app per work session).
+- NEVER push a broken or non‑validated build.
+- Only on explicit approval run `git push origin main` for package-affecting changes.
+- Never force‑push unless explicitly instructed.
 
 ## Repository Hygiene
 - Do not commit upstream repos. The directories `PackagingForCloudronWorkspace/Docker/` and `PackagingForCloudronWorkspace/NonDocker/` are gitignored on purpose.
@@ -54,8 +63,8 @@ Package ~100 free/libre/open-source applications as Cloudron apps with a fast, c
 
 ## Networking & External Access
 - All networked actions (git clones, docker pulls, downloads) must happen from within the packaging container.
-- Host-level curl allowance: You MAY use `curl` on the host strictly for quick connectivity checks (e.g., verifying a URL or endpoint is reachable). Do not install any additional host packages beyond `docker`, `git` (and optionally `tea`).
-- Do not attempt other host-level network configuration or host-level package installation.
+- Host-level curl allowance: You MAY use `curl` on the host strictly for quick connectivity checks IF it is already installed. Do not install any host packages.
+- Do not attempt other host-level network configuration, filesystem changes outside the repo, or host-level package installation.
 
 ## Commit Messages
 - Use conventional, concise messages: