Agent Instructions

Project

PROJECT_NAME: PROJECT_DESCRIPTION

Prefer existing project patterns over new abstractions.
Keep changes scoped to the user's request.
Do not commit secrets, .env files, private keys, certificates, or tokens.
Do not rewrite history or run destructive git commands unless explicitly requested.
Do not create a release unless explicitly requested.
If GITEA_TOKEN is available locally, use it only for read-only Gitea API checks such as private repository metadata, package-read visibility, and Actions run status. Never print, commit, or store the token.
After pushing commits that trigger a Gitea workflow, poll the workflow run until it succeeds. If it fails or is cancelled, inspect the failing job/logs, fix the issue when in scope, push again, and repeat the workflow check loop. Fixing and pushing a workflow failure is not a stopping point.
When the project uses blueprint.md and blueprint.json for README generation, keep the rainbow {{ template:section-line }} divider between major README sections. Do not replace it with plain --- unless the target renderer cannot display inline images.

Use these commands when available:

LINT_COMMAND
TEST_COMMAND
BUILD_COMMAND
AUDIT_COMMAND

If a command is missing, inspect the project and document the closest safe alternative in .codex/project.md.

Expected artifact output:

ARTIFACT_OUTPUT_DIRECTORY

Expected artifact names:

ARTIFACT_NAME

Review docs/security-review.md before release work.
Treat generated credentials and config files as sensitive.
Keep external network calls documented.
Prefer local processing for user data.
Keep CI publishing secrets in repository or organization secrets, not in tracked files. REGISTRY_TOKEN is the default package publishing secret name for the Gitea workflow template.