Code-Inc/intelligence-terminal
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

chore: apply agent kit project structure

Browse Source
This commit is contained in:
MrSphay
2026-05-16 21:18:17 +02:00
parent 7a5015e430
commit 7e85a54c32
6 changed files with 105 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/agent-handoff.md Normal file
View File

@@ -0,0 +1,18 @@
# Agent Handoff
## Current Release Goal
Source branch: `codex/production-intelligence-terminal`
Registry image:
```text
git.wilkensxl.de/mrsphay/intelligence-terminal:latest
```
## Notes
- The repository is Docker-first and should stay suitable for Dockge/Pangolin.
- Use `.env.example` as the operator-facing source of truth for configuration.
- Source health and network metrics are available through `/api/health` and `/api/metrics`.
- If Gitea Registry authentication is unavailable locally, build and push with the commands documented in `README.md`.

10
docs/release-checklist.md Normal file
View File

@@ -0,0 +1,10 @@
# Release Checklist
1. Confirm `.env.example`, README compose sample, and registry image name match.
2. Run `npm run test:unit`.
3. Run `docker compose config`.
4. Build `git.wilkensxl.de/mrsphay/intelligence-terminal:latest`.
5. Start the image and verify `/api/health`.
6. Push branch to Gitea.
7. Push `latest` and a dated image tag to the Gitea Registry.
8. Pull the image on a clean Docker host or through Dockge and verify startup.

16
docs/security-review.md Normal file
View File

@@ -0,0 +1,16 @@
# Security Review
## Checked Areas
- Shell execution: browser auto-open is gated by `AUTO_OPEN_BROWSER` and defaults to false.
- Secrets: `.env` remains ignored; `.env.example` contains no real keys.
- External network calls: source fetches use timeout/retry diagnostics and expose degraded state.
- Manual actions: `/api/sweep` is local-only unless `SWEEP_TOKEN` is configured.
- File writes: runtime writes are limited to `runs/`.
- HTML injection: dashboard data is JSON-injected only by the CLI path; server mode serves data through API/SSE.
## Residual Risk
- External feeds can return malformed, stale, or adversarial content. UI rendering should continue to sanitize titles and URLs.
- LLM outputs are advisory only and must not be treated as financial advice.
- `node:sqlite` availability depends on the Node 22 build; when unavailable the memory database degrades to a no-op placeholder.