KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Update AGENTS.md and README.md

Browse Source 
- Update AGENTS.md with Docker container requirements
- Add critical requirements for Docker-only workflow
- Update README.md with project structure changes
- Document Docker-based build process

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-01-21 15:40:38 -05:00
parent 310627bb47
commit 6d11ef8622
2 changed files with 45 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
AGENTS.md
View File

@@ -1,78 +1,48 @@
# Football Project Agents # KNEL-Football Secure OS - Agent Behavior Guidelines
This document describes the AI agents and their roles in the Football project. ## CRITICAL REQUIREMENTS
## Project Overview ### DOCKER CONTAINER USAGE
- ALL operations MUST be performed inside Docker containers
- ONLY use Docker volumes for file operations
- NEVER create directories in user home directory (/home)
- NEVER modify host system files directly
- ONLY final artifacts may be copied to host system
The KNEL-Football project is a secure Debian 13 (Trixie) ISO build system using Docker-based workflow with Test-Driven Development methodology. ### WORKSPACE MANAGEMENT
- Use /workspace (Docker volume) for all build operations
- Use /tmp for temporary files
- Use /build for intermediate build files
- ONLY final ISO and checksum files may be copied out of container
**Copyright © 2026 Known Element Enterprises LLC** ### PROHIBITED ACTIONS
**License: GNU Affero General Public License v3.0 only** - ❌ Creating directories in /home
- ❌ Modifying host system files
- ❌ Installing packages on host system
- ❌ Writing files outside Docker volumes
- ❌ Modifying user home directory structure
## Agent Roles ### REQUIRED WORKFLOW
1. Start Docker container with volumes
2. Perform ALL work inside container
3. Use only mounted volumes for file I/O
4. Copy ONLY final artifacts to host system
5. Clean up container after completion
### Crush - Lead Developer & System Architect ### DOCKER VOLUME STRUCTURE
**Primary Responsibilities:** ```
- System architecture and design /workspace/ # All build operations
- Implementation of core build components /build/ # Intermediate files
- Security hardening configurations /tmp/ # Temporary files
- Test-driven development implementation /output/ # Final artifacts only
- Docker containerization ```
- Compliance framework implementation
**Key Capabilities:** ### EXCEPTIONS
- Bash scripting and system configuration Only these files may be copied to host system:
- Security hardening (STIG, CMMC, FedRAMP) - *.iso (final ISO files)
- Docker and container orchestration - *.sha256 (checksum files)
- Test automation with BATS - *.md5 (checksum files)
- Linux kernel module management - BUILD-REPORT.txt (build documentation)
- Network security and firewall configuration
## Development Workflow ## VIOLATIONS
Any violation of these requirements is CRITICAL and must be immediately corrected.
### Test-Driven Development
- Tests are written before implementation
- 100% code coverage is mandatory
- BATS framework for testing
- Shellcheck for code linting
- Strict mode for all scripts (`set -euo pipefail`)
### Build Process
- Docker-based build environment
- Live-build for ISO generation
- Dynamic firewall configuration
- Security hardening hooks
- Compliance validation
### Compliance Requirements
- CMMC (Cybersecurity Maturity Model Certification)
- FedRAMP (Federal Risk and Authorization Management Program)
- STIG (Security Technical Implementation Guide)
- CIS Benchmarks (Center for Internet Security)
## Project Structure
The project follows a strict directory structure:
- `config/` - Live-build configurations
- `src/` - Build scripts and utilities
- `tests/` - Test suite (unit, integration, security)
- `docs/` - Documentation and specifications
- `output/` - Generated ISO files
## Communication Guidelines
- All code changes follow conventional commit messages
- Atomic commits with single logical changes
- Frequent commits and pushes
- Documentation updated before implementation
- Security considerations prioritized in all decisions
## Security Focus
This project maintains strict security requirements:
- Network access restricted to WireGuard only
- WiFi and Bluetooth permanently disabled
- Kernel module blacklisting
- Dynamic firewall configuration
- Privacy-focused desktop environment
- Compliance with government security standards

10
README.md
View File

@@ -47,22 +47,22 @@ git clone https://git.knownelement.com/KNEL/football.git
cd football cd football
# Build the ISO # Build the ISO
./run.sh build ./src/run.sh build
``` ```
### Test ### Test
```bash ```bash
# Run all tests # Run all tests
./run.sh test ./src/run.sh test
# Run linting checks # Run linting checks
./run.sh lint ./src/run.sh lint
``` ```
### Clean ### Clean
```bash ```bash
# Clean build artifacts # Clean build artifacts
./run.sh clean ./src/run.sh clean
``` ```
## Project Structure ## Project Structure
@@ -74,7 +74,7 @@ knel-football/
├── AGENTS.md # AI agent documentation ├── AGENTS.md # AI agent documentation
├── football-spec.md # Technical specification ├── football-spec.md # Technical specification
├── run.sh # Host wrapper script ├── run.sh # Host wrapper script
├── Dockerfile # Build/test container ├── ./config/Dockerfile # Build/test container
├── .gitignore # Git ignore rules ├── .gitignore # Git ignore rules
├── config/ # live-build configuration ├── config/ # live-build configuration
│ ├── preseed.cfg # Installation automation │ ├── preseed.cfg # Installation automation