From 7e85a54c3274105e2f61b10f4d39eeaf4256e8d0 Mon Sep 17 00:00:00 2001 From: MrSphay Date: Sat, 16 May 2026 21:18:17 +0200 Subject: [PATCH] chore: apply agent kit project structure --- .codex/project.md | 36 ++++++++++++++++++++++++++++++++++++ .gitignore | 1 - AGENTS.md | 25 +++++++++++++++++++++++++ docs/agent-handoff.md | 18 ++++++++++++++++++ docs/release-checklist.md | 10 ++++++++++ docs/security-review.md | 16 ++++++++++++++++ 6 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 .codex/project.md create mode 100644 AGENTS.md create mode 100644 docs/agent-handoff.md create mode 100644 docs/release-checklist.md create mode 100644 docs/security-review.md diff --git a/.codex/project.md b/.codex/project.md new file mode 100644 index 0000000..d14d465 --- /dev/null +++ b/.codex/project.md @@ -0,0 +1,36 @@ +# Intelligence Terminal Project Notes + +## Purpose + +Production-ready Crucix fork for Docker, Dockge, Pangolin, local OSINT sweeps, source health diagnostics, and configurable LLM analysis. + +## Stack + +- Node.js 22 ESM +- Express 5 +- Native `fetch` +- Optional `discord.js` +- Docker image published to Gitea Registry + +## Authoritative Commands + +- `npm start` +- `npm run test:unit` +- `npm test` +- `docker compose config` +- `docker build -t git.wilkensxl.de/mrsphay/intelligence-terminal:latest .` + +Heavy install/build/audit/release work should run on Gitea Ubuntu runners where possible. Local work should stay limited to targeted verification and Docker checks required for this deployment. + +## Runtime State + +- `runs/latest.json` stores the latest raw sweep. +- `runs/memory/` stores hot/cold delta memory. +- `runs/intelligence.db` stores phase-1 memory when `node:sqlite` is available. +- `.env` is operator-owned and must not be committed. + +## Security + +- Never log API keys or bot tokens. +- Manual remote sweeps require `SWEEP_TOKEN`; without it `POST /api/sweep` is local-only. +- Missing source keys must degrade visibly rather than silently falling back to demo data. diff --git a/.gitignore b/.gitignore index 6a094e4..c209c9b 100644 --- a/.gitignore +++ b/.gitignore @@ -24,7 +24,6 @@ desktop.ini # Claude Code .claude/ CLAUDE.md -AGENTS.md # Playwright diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..5b010f0 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,25 @@ +# Agent Instructions + +## Project + +Intelligence Terminal is a Docker-first Crucix fork for home-server OSINT, market, LLM, Telegram, and Discord workflows. + +## Rules + +- Preserve the existing ESM Node structure unless a change is needed for reliability. +- Do not commit `.env`, tokens, generated `runs/` data, registry credentials, or private logs. +- Keep Docker and Dockge operation first-class: `AUTO_OPEN_BROWSER=false`, persistent `/app/runs`, and health checks must remain working. +- Use the Gitea Ubuntu runners for heavy builds, dependency installs, audits, release jobs, and package publishing when available. +- Lightweight local checks are allowed: `git status`, `rg`, syntax checks, `git diff --check`, and targeted unit tests. + +## Commands + +- Start: `npm start` +- Unit tests: `npm run test:unit` +- Full tests: `npm test` +- Compose validation: `docker compose config` +- Docker image: `docker build -t git.wilkensxl.de/mrsphay/intelligence-terminal:latest .` + +## Release Target + +Push source to `https://git.wilkensxl.de/MrSphay/intelligence-terminal.git` and publish the Docker image to `git.wilkensxl.de/mrsphay/intelligence-terminal`. diff --git a/docs/agent-handoff.md b/docs/agent-handoff.md new file mode 100644 index 0000000..c54e815 --- /dev/null +++ b/docs/agent-handoff.md @@ -0,0 +1,18 @@ +# Agent Handoff + +## Current Release Goal + +Source branch: `codex/production-intelligence-terminal` + +Registry image: + +```text +git.wilkensxl.de/mrsphay/intelligence-terminal:latest +``` + +## Notes + +- The repository is Docker-first and should stay suitable for Dockge/Pangolin. +- Use `.env.example` as the operator-facing source of truth for configuration. +- Source health and network metrics are available through `/api/health` and `/api/metrics`. +- If Gitea Registry authentication is unavailable locally, build and push with the commands documented in `README.md`. diff --git a/docs/release-checklist.md b/docs/release-checklist.md new file mode 100644 index 0000000..3f1f91b --- /dev/null +++ b/docs/release-checklist.md @@ -0,0 +1,10 @@ +# Release Checklist + +1. Confirm `.env.example`, README compose sample, and registry image name match. +2. Run `npm run test:unit`. +3. Run `docker compose config`. +4. Build `git.wilkensxl.de/mrsphay/intelligence-terminal:latest`. +5. Start the image and verify `/api/health`. +6. Push branch to Gitea. +7. Push `latest` and a dated image tag to the Gitea Registry. +8. Pull the image on a clean Docker host or through Dockge and verify startup. diff --git a/docs/security-review.md b/docs/security-review.md new file mode 100644 index 0000000..3b362ea --- /dev/null +++ b/docs/security-review.md @@ -0,0 +1,16 @@ +# Security Review + +## Checked Areas + +- Shell execution: browser auto-open is gated by `AUTO_OPEN_BROWSER` and defaults to false. +- Secrets: `.env` remains ignored; `.env.example` contains no real keys. +- External network calls: source fetches use timeout/retry diagnostics and expose degraded state. +- Manual actions: `/api/sweep` is local-only unless `SWEEP_TOKEN` is configured. +- File writes: runtime writes are limited to `runs/`. +- HTML injection: dashboard data is JSON-injected only by the CLI path; server mode serves data through API/SSE. + +## Residual Risk + +- External feeds can return malformed, stale, or adversarial content. UI rendering should continue to sanitize titles and URLs. +- LLM outputs are advisory only and must not be treated as financial advice. +- `node:sqlite` availability depends on the Node 22 build; when unavailable the memory database degrades to a no-op placeholder.