chore: apply agent kit project structure
This commit is contained in:
36
.codex/project.md
Normal file
36
.codex/project.md
Normal file
@@ -0,0 +1,36 @@
|
||||
# Intelligence Terminal Project Notes
|
||||
|
||||
## Purpose
|
||||
|
||||
Production-ready Crucix fork for Docker, Dockge, Pangolin, local OSINT sweeps, source health diagnostics, and configurable LLM analysis.
|
||||
|
||||
## Stack
|
||||
|
||||
- Node.js 22 ESM
|
||||
- Express 5
|
||||
- Native `fetch`
|
||||
- Optional `discord.js`
|
||||
- Docker image published to Gitea Registry
|
||||
|
||||
## Authoritative Commands
|
||||
|
||||
- `npm start`
|
||||
- `npm run test:unit`
|
||||
- `npm test`
|
||||
- `docker compose config`
|
||||
- `docker build -t git.wilkensxl.de/mrsphay/intelligence-terminal:latest .`
|
||||
|
||||
Heavy install/build/audit/release work should run on Gitea Ubuntu runners where possible. Local work should stay limited to targeted verification and Docker checks required for this deployment.
|
||||
|
||||
## Runtime State
|
||||
|
||||
- `runs/latest.json` stores the latest raw sweep.
|
||||
- `runs/memory/` stores hot/cold delta memory.
|
||||
- `runs/intelligence.db` stores phase-1 memory when `node:sqlite` is available.
|
||||
- `.env` is operator-owned and must not be committed.
|
||||
|
||||
## Security
|
||||
|
||||
- Never log API keys or bot tokens.
|
||||
- Manual remote sweeps require `SWEEP_TOKEN`; without it `POST /api/sweep` is local-only.
|
||||
- Missing source keys must degrade visibly rather than silently falling back to demo data.
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -24,7 +24,6 @@ desktop.ini
|
||||
# Claude Code
|
||||
.claude/
|
||||
CLAUDE.md
|
||||
AGENTS.md
|
||||
|
||||
|
||||
# Playwright
|
||||
|
||||
25
AGENTS.md
Normal file
25
AGENTS.md
Normal file
@@ -0,0 +1,25 @@
|
||||
# Agent Instructions
|
||||
|
||||
## Project
|
||||
|
||||
Intelligence Terminal is a Docker-first Crucix fork for home-server OSINT, market, LLM, Telegram, and Discord workflows.
|
||||
|
||||
## Rules
|
||||
|
||||
- Preserve the existing ESM Node structure unless a change is needed for reliability.
|
||||
- Do not commit `.env`, tokens, generated `runs/` data, registry credentials, or private logs.
|
||||
- Keep Docker and Dockge operation first-class: `AUTO_OPEN_BROWSER=false`, persistent `/app/runs`, and health checks must remain working.
|
||||
- Use the Gitea Ubuntu runners for heavy builds, dependency installs, audits, release jobs, and package publishing when available.
|
||||
- Lightweight local checks are allowed: `git status`, `rg`, syntax checks, `git diff --check`, and targeted unit tests.
|
||||
|
||||
## Commands
|
||||
|
||||
- Start: `npm start`
|
||||
- Unit tests: `npm run test:unit`
|
||||
- Full tests: `npm test`
|
||||
- Compose validation: `docker compose config`
|
||||
- Docker image: `docker build -t git.wilkensxl.de/mrsphay/intelligence-terminal:latest .`
|
||||
|
||||
## Release Target
|
||||
|
||||
Push source to `https://git.wilkensxl.de/MrSphay/intelligence-terminal.git` and publish the Docker image to `git.wilkensxl.de/mrsphay/intelligence-terminal`.
|
||||
18
docs/agent-handoff.md
Normal file
18
docs/agent-handoff.md
Normal file
@@ -0,0 +1,18 @@
|
||||
# Agent Handoff
|
||||
|
||||
## Current Release Goal
|
||||
|
||||
Source branch: `codex/production-intelligence-terminal`
|
||||
|
||||
Registry image:
|
||||
|
||||
```text
|
||||
git.wilkensxl.de/mrsphay/intelligence-terminal:latest
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
- The repository is Docker-first and should stay suitable for Dockge/Pangolin.
|
||||
- Use `.env.example` as the operator-facing source of truth for configuration.
|
||||
- Source health and network metrics are available through `/api/health` and `/api/metrics`.
|
||||
- If Gitea Registry authentication is unavailable locally, build and push with the commands documented in `README.md`.
|
||||
10
docs/release-checklist.md
Normal file
10
docs/release-checklist.md
Normal file
@@ -0,0 +1,10 @@
|
||||
# Release Checklist
|
||||
|
||||
1. Confirm `.env.example`, README compose sample, and registry image name match.
|
||||
2. Run `npm run test:unit`.
|
||||
3. Run `docker compose config`.
|
||||
4. Build `git.wilkensxl.de/mrsphay/intelligence-terminal:latest`.
|
||||
5. Start the image and verify `/api/health`.
|
||||
6. Push branch to Gitea.
|
||||
7. Push `latest` and a dated image tag to the Gitea Registry.
|
||||
8. Pull the image on a clean Docker host or through Dockge and verify startup.
|
||||
16
docs/security-review.md
Normal file
16
docs/security-review.md
Normal file
@@ -0,0 +1,16 @@
|
||||
# Security Review
|
||||
|
||||
## Checked Areas
|
||||
|
||||
- Shell execution: browser auto-open is gated by `AUTO_OPEN_BROWSER` and defaults to false.
|
||||
- Secrets: `.env` remains ignored; `.env.example` contains no real keys.
|
||||
- External network calls: source fetches use timeout/retry diagnostics and expose degraded state.
|
||||
- Manual actions: `/api/sweep` is local-only unless `SWEEP_TOKEN` is configured.
|
||||
- File writes: runtime writes are limited to `runs/`.
|
||||
- HTML injection: dashboard data is JSON-injected only by the CLI path; server mode serves data through API/SSE.
|
||||
|
||||
## Residual Risk
|
||||
|
||||
- External feeds can return malformed, stale, or adversarial content. UI rendering should continue to sanitize titles and URLs.
|
||||
- LLM outputs are advisory only and must not be treated as financial advice.
|
||||
- `node:sqlite` availability depends on the Node 22 build; when unavailable the memory database degrades to a no-op placeholder.
|
||||
Reference in New Issue
Block a user