Bootstrap Warium NeoForge port scaffold

.codex/project.md

@@ -0,0 +1,76 @@
+# Codex Project Notes
+
+## Project
+
+`Warium NeoForge 1.21.1 Port` is a private internal NeoForge 21.1.225 port scaffold for Warium 1.2.7.
+
+Repository:
+
+```text
+MrSphay/Warium-NeoForge-1.21.1
+```
+
+## Commands
+
+Use these commands as the source of truth:
+
+```text
+python tools/generate_port_sources.py
+python tools/registry_parity.py
+./gradlew --no-daemon build
+./gradlew --no-daemon runData
+python tools/check_required_integrations.py
+```
+
+If a command does not exist, document the closest safe alternative. Do not invent commands that cannot run.
+
+## Stack
+
+```text
+Java 21, Gradle, NeoGradle, NeoForge 21.1.225, Minecraft 1.21.1
+```
+
+Package manager or build tool:
+
+```text
+Gradle wrapper
+```
+
+## Build Artifacts
+
+Release artifacts are produced in:
+
+```text
+build/libs
+```
+
+Expected files:
+
+```text
+warium-neoforge-1.21.1-1.2.7+neo.21.1.225.jar
+```
+
+## Security Rules
+
+- Do not commit secrets, tokens, `.env` files, certificates, or private keys.
+- Treat generated credentials as sensitive.
+- Prefer local generation and local processing for user data.
+- Keep dependency audit results visible in CI where possible.
+- Do not add external network calls unless the feature explicitly requires them.
+- Do not commit the original Warium jar, generated extracted assets, decompiled sources, or private integration jars.
+- The source jar is downloaded from Modrinth in CI and verified against SHA1 `528d81630a23fb4004e3abdd99b16bd225cd1e92`.
+- Keep the repository private until the Warium ARR/AFL license conflict is clarified.
+
+## Release Rules
+
+Before a release:
+
+1. run the release checklist,
+2. verify CI is green,
+3. verify download links,
+4. update README and changelog,
+5. verify the private Gitea package URL,
+6. create a tag only if explicitly requested,
+7. create the release only if explicitly requested.
+
+Do not create releases unless the user explicitly asks for a release.