# KNEL-Football Secure OS - Agent Behavior Guidelines

## CRITICAL REQUIREMENTS

### DOCKER CONTAINER USAGE
- ALL operations MUST be performed inside Docker containers
- ONLY use Docker volumes for file operations
- NEVER create directories in user home directory (/home)
- NEVER modify host system files directly
- ONLY final artifacts may be copied to host system

### WORKSPACE MANAGEMENT
- Use /workspace (Docker volume) for all build operations
- Use /tmp for temporary files
- Use /build for intermediate build files
- ONLY final ISO and checksum files may be copied out of container

### PROHIBITED ACTIONS
- ❌ Creating directories in /home
- ❌ Modifying host system files
- ❌ Installing packages on host system
- ❌ Writing files outside Docker volumes
- ❌ Modifying user home directory structure

### REQUIRED WORKFLOW
1. Start Docker container with volumes
2. Perform ALL work inside container
3. Use only mounted volumes for file I/O
4. Copy ONLY final artifacts to host system
5. Clean up container after completion

### DOCKER VOLUME STRUCTURE
```
/workspace/  # All build operations
/build/      # Intermediate files
/tmp/         # Temporary files
/output/      # Final artifacts only
```

### EXCEPTIONS
Only these files may be copied to host system:
- *.iso (final ISO files)
- *.sha256 (checksum files)
- *.md5 (checksum files)
- BUILD-REPORT.txt (build documentation)

## VIOLATIONS
Any violation of these requirements is CRITICAL and must be immediately corrected.