KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Update AGENTS.md and README.md

Browse Source 
- Update AGENTS.md with Docker container requirements
- Add critical requirements for Docker-only workflow
- Update README.md with project structure changes
- Document Docker-based build process

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-01-21 15:40:38 -05:00
parent 310627bb47
commit 6d11ef8622
2 changed files with 45 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
AGENTS.md
View File

@@ -1,78 +1,48 @@
# Football Project Agents
# KNEL-Football Secure OS - Agent Behavior Guidelines
This document describes the AI agents and their roles in the Football project.
## CRITICAL REQUIREMENTS
## Project Overview
### DOCKER CONTAINER USAGE
- ALL operations MUST be performed inside Docker containers
- ONLY use Docker volumes for file operations
- NEVER create directories in user home directory (/home)
- NEVER modify host system files directly
- ONLY final artifacts may be copied to host system
The KNEL-Football project is a secure Debian 13 (Trixie) ISO build system using Docker-based workflow with Test-Driven Development methodology.
### WORKSPACE MANAGEMENT
- Use /workspace (Docker volume) for all build operations
- Use /tmp for temporary files
- Use /build for intermediate build files
- ONLY final ISO and checksum files may be copied out of container
**Copyright © 2026 Known Element Enterprises LLC**
**License: GNU Affero General Public License v3.0 only**
### PROHIBITED ACTIONS
- ❌ Creating directories in /home
- ❌ Modifying host system files
- ❌ Installing packages on host system
- ❌ Writing files outside Docker volumes
- ❌ Modifying user home directory structure
## Agent Roles
### REQUIRED WORKFLOW
1. Start Docker container with volumes
2. Perform ALL work inside container
3. Use only mounted volumes for file I/O
4. Copy ONLY final artifacts to host system
5. Clean up container after completion
### Crush - Lead Developer & System Architect
**Primary Responsibilities:**
- System architecture and design
- Implementation of core build components
- Security hardening configurations
- Test-driven development implementation
- Docker containerization
- Compliance framework implementation
### DOCKER VOLUME STRUCTURE
```
/workspace/ # All build operations
/build/ # Intermediate files
/tmp/ # Temporary files
/output/ # Final artifacts only
```
**Key Capabilities:**
- Bash scripting and system configuration
- Security hardening (STIG, CMMC, FedRAMP)
- Docker and container orchestration
- Test automation with BATS
- Linux kernel module management
- Network security and firewall configuration
### EXCEPTIONS
Only these files may be copied to host system:
- *.iso (final ISO files)
- *.sha256 (checksum files)
- *.md5 (checksum files)
- BUILD-REPORT.txt (build documentation)
## Development Workflow
### Test-Driven Development
- Tests are written before implementation
- 100% code coverage is mandatory
- BATS framework for testing
- Shellcheck for code linting
- Strict mode for all scripts (`set -euo pipefail`)
### Build Process
- Docker-based build environment
- Live-build for ISO generation
- Dynamic firewall configuration
- Security hardening hooks
- Compliance validation
### Compliance Requirements
- CMMC (Cybersecurity Maturity Model Certification)
- FedRAMP (Federal Risk and Authorization Management Program)
- STIG (Security Technical Implementation Guide)
- CIS Benchmarks (Center for Internet Security)
## Project Structure
The project follows a strict directory structure:
- `config/` - Live-build configurations
- `src/` - Build scripts and utilities
- `tests/` - Test suite (unit, integration, security)
- `docs/` - Documentation and specifications
- `output/` - Generated ISO files
## Communication Guidelines
- All code changes follow conventional commit messages
- Atomic commits with single logical changes
- Frequent commits and pushes
- Documentation updated before implementation
- Security considerations prioritized in all decisions
## Security Focus
This project maintains strict security requirements:
- Network access restricted to WireGuard only
- WiFi and Bluetooth permanently disabled
- Kernel module blacklisting
- Dynamic firewall configuration
- Privacy-focused desktop environment
- Compliance with government security standards
## VIOLATIONS
Any violation of these requirements is CRITICAL and must be immediately corrected.

10
README.md
View File

@@ -47,22 +47,22 @@ git clone https://git.knownelement.com/KNEL/football.git
cd football
# Build the ISO
./run.sh build
./src/run.sh build
```
### Test
```bash
# Run all tests
./run.sh test
./src/run.sh test
# Run linting checks
./run.sh lint
./src/run.sh lint
```
### Clean
```bash
# Clean build artifacts
./run.sh clean
./src/run.sh clean
```
## Project Structure
@@ -74,7 +74,7 @@ knel-football/
├── AGENTS.md # AI agent documentation
├── football-spec.md # Technical specification
├── run.sh # Host wrapper script
├── Dockerfile # Build/test container
├── ./config/Dockerfile # Build/test container
├── .gitignore # Git ignore rules
├── config/ # live-build configuration
│ ├── preseed.cfg # Installation automation