From 6807660ddba98367addfdfa05945662cd31d091c Mon Sep 17 00:00:00 2001
From: ToxicCrzay270 <185776014+ToxicCrzay270@users.noreply.github.com>
Date: Fri, 15 May 2026 00:42:11 +0200
Subject: [PATCH] Add Codex repository baseline
---
.codex/project.md | 76 +++++++++++++++++++++++++++++++++++++++
.gitignore | 48 +++++++++++++++++++++++++
AGENTS.md | 51 ++++++++++++++++++++++++++
CHANGELOG.md | 7 ++++
CONTRIBUTING.md | 41 +++++++++++++++++++++
README.md | 60 +++++++++++++++++++++++++++++++
SECURITY.md | 21 +++++++++++
docs/agent-handoff.md | 40 +++++++++++++++++++++
docs/release-checklist.md | 35 ++++++++++++++++++
docs/release-notes.md | 28 +++++++++++++++
docs/security-review.md | 54 ++++++++++++++++++++++++++++
11 files changed, 461 insertions(+)
create mode 100644 .codex/project.md
create mode 100644 .gitignore
create mode 100644 AGENTS.md
create mode 100644 CHANGELOG.md
create mode 100644 CONTRIBUTING.md
create mode 100644 README.md
create mode 100644 SECURITY.md
create mode 100644 docs/agent-handoff.md
create mode 100644 docs/release-checklist.md
create mode 100644 docs/release-notes.md
create mode 100644 docs/security-review.md
diff --git a/.codex/project.md b/.codex/project.md
new file mode 100644
index 0000000..2c22bc5
--- /dev/null
+++ b/.codex/project.md
@@ -0,0 +1,76 @@
+# Codex Project Notes
+
+## Project
+
+`Robocopy_Overhaul` is a Codex-ready repository baseline for a Robocopy overhaul project.
+
+Repository:
+
+```text
+Toxic/Robocopy_Overhaul
+```
+
+Remote:
+
+```text
+https://git.wilkensxl.de/Toxic/Robocopy_Overhaul.git
+```
+
+## Commands
+
+No stack-specific commands are defined yet.
+
+Use this section as the source of truth once the project has implementation code:
+
+```text
+lint: PENDING
+test: PENDING
+build: PENDING
+audit: PENDING
+readme: manual README
+```
+
+Do not invent commands that cannot run.
+
+## Stack
+
+```text
+PENDING
+```
+
+Package manager or build tool:
+
+```text
+PENDING
+```
+
+## Build Artifacts
+
+Release artifacts are not defined yet.
+
+Expected files:
+
+```text
+PENDING
+```
+
+## Security Rules
+
+- Do not commit secrets, tokens, `.env` files, certificates, or private keys.
+- Treat generated credentials as sensitive.
+- Prefer local generation and local processing for user data.
+- Keep dependency audit results visible in CI where possible after a stack is chosen.
+- Do not add external network calls unless the feature explicitly requires them.
+
+## Release Rules
+
+Before a release:
+
+1. run the release checklist,
+2. verify CI is green,
+3. verify download links,
+4. update README and changelog,
+5. create a tag,
+6. create the release.
+
+Do not create releases unless the user explicitly asks for a release.
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..39784f6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,48 @@
+# Dependencies
+node_modules/
+vendor/
+.venv/
+venv/
+__pycache__/
+
+# Build outputs
+dist/
+build/
+out/
+release/
+target/
+bin/
+obj/
+
+# Logs and temporary files
+*.log
+*.tmp
+*.temp
+.cache/
+.turbo/
+.vite/
+.pytest_cache/
+
+# Local environment and secrets
+.env
+.env.*
+!.env.example
+*.pem
+*.key
+*.pfx
+*.p12
+*.crt
+*.cer
+*.token
+secrets/
+
+# OS and editor files
+.DS_Store
+Thumbs.db
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Local template source
+codex-agent-repository-kit/
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..79b2c1a
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,51 @@
+# Agent Instructions
+
+## Project
+
+Robocopy_Overhaul: Codex-ready repository baseline for a Robocopy overhaul project.
+
+## Repository Rules
+
+- Start by reading `AGENTS.md` and `.codex/project.md`.
+- Keep changes scoped to the user's request.
+- Prefer existing project patterns once application code exists.
+- Do not commit secrets, `.env` files, private keys, certificates, or tokens.
+- Do not rewrite history or run destructive git commands unless explicitly requested.
+- Do not create a release unless explicitly requested.
+- Check the working tree before editing and before finishing. Preserve unrelated user changes.
+- If `GITEA_TOKEN` is available locally, use it only for read-only Gitea API checks such as private repository metadata, package-read visibility, and Actions run status. Never print, commit, or store the token.
+- Repository cleanup automation must be non-destructive if added later.
+- Dependency, compliance, and release dry-run automation must report findings only unless the user explicitly asks for write actions.
+
+## Commands
+
+No stack-specific commands are defined yet.
+
+When code is added, update this file and `.codex/project.md` with the real commands for:
+
+```text
+lint
+test
+build
+audit
+```
+
+## Artifacts
+
+No release artifact output directory is defined yet.
+
+## Security Notes
+
+- Review `docs/security-review.md` before release work.
+- Treat generated credentials and config files as sensitive.
+- Keep external network calls documented.
+- Prefer local processing for user data.
+- Keep CI publishing secrets in repository or organization secrets, not in tracked files.
+- Ensure `.gitignore` covers local config, build outputs, logs, temporary files, and secret material for the detected stack.
+
+## Finish Checklist
+
+- `git diff --check` passes when the directory is a Git repository.
+- The cheapest reliable verification command has been run, or the reason it could not run is documented.
+- README, changelog, security review, and release checklist are updated when the change touches release behavior.
+- `docs/agent-handoff.md` is updated when work is interrupted, risky, or spans multiple sessions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..4ed52d3
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,7 @@
+# Changelog
+
+All notable changes to this project are documented here.
+
+## Unreleased
+
+- Added Codex Agent Repository Kit baseline files.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..9b27e80
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,41 @@
+# Contributing
+
+## Working Rules
+
+- Keep changes scoped to the issue or user request.
+- Prefer existing project patterns once application code exists.
+- Do not commit secrets, generated credentials, local `.env` files, or private keys.
+- Do not create releases unless explicitly requested.
+- Preserve unrelated user changes.
+
+## Before Committing
+
+Run the cheapest reliable verification commands for this project. No stack-specific commands are defined yet.
+
+When the directory is a Git repository, also run:
+
+```bash
+git diff --check
+```
+
+If a command cannot run, document why in the final response or handoff notes.
+
+## Pull Requests
+
+Pull requests should include:
+
+- summary of changes,
+- verification performed,
+- known risks or skipped checks,
+- artifact/download notes when relevant.
+
+## Releases
+
+Before release work, update:
+
+```text
+CHANGELOG.md
+docs/release-checklist.md
+docs/security-review.md
+README.md
+```
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8324f57
--- /dev/null
+++ b/README.md
@@ -0,0 +1,60 @@
+# Robocopy_Overhaul
+
+Codex-ready repository baseline for a Robocopy overhaul project.
+
+
+
+## Overview
+
+This repository has been prepared with the Codex Agent Repository Kit. The current state is a documentation and agent-context baseline; implementation code, stack choice, build commands, and release artifacts are still pending.
+
+
+
+## Repository Baseline
+
+| Area | State |
+| --- | --- |
+| Repository | `Toxic/Robocopy_Overhaul` |
+| Remote | `https://git.wilkensxl.de/Toxic/Robocopy_Overhaul.git` |
+| Agent context | `AGENTS.md` and `.codex/project.md` |
+| Security policy | `SECURITY.md` and `docs/security-review.md` |
+| Release process | `CHANGELOG.md`, `docs/release-checklist.md`, and `docs/release-notes.md` |
+| Ignore rules | `.gitignore` covers common generated files, logs, local config, and secret material |
+| CI | Not configured until a concrete stack and commands exist |
+
+
+
+## Development
+
+No build, lint, test, or audit command is defined yet.
+
+When implementation code is added, update:
+
+```text
+AGENTS.md
+.codex/project.md
+README.md
+docs/security-review.md
+docs/release-checklist.md
+```
+
+
+
+## Security
+
+Security posture:
+
+| Area | State |
+| --- | --- |
+| Secrets | Secrets must not be committed |
+| Dependency audit | Pending until dependencies exist |
+| User data | Prefer local processing |
+| External services | Document any external network calls |
+
+See `SECURITY.md` and `docs/security-review.md`.
+
+
+
+## Release
+
+Release readiness is tracked in `docs/release-checklist.md`. Do not create tags, packages, or releases until the project has implementation code and the user explicitly asks for release work.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a31a3e7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| --- | --- |
+| Latest | Yes |
+
+## Reporting A Vulnerability
+
+Report security issues privately to the project owner.
+
+Do not include secrets, production data, or private credentials in public issues.
+
+## Project Security Principles
+
+- Keep secrets out of the repository.
+- Prefer local processing for user data.
+- Document external network calls.
+- Keep release artifacts reproducible through CI once CI exists.
+- Run dependency audits before releases once dependencies exist.
diff --git a/docs/agent-handoff.md b/docs/agent-handoff.md
new file mode 100644
index 0000000..29c4f8a
--- /dev/null
+++ b/docs/agent-handoff.md
@@ -0,0 +1,40 @@
+# Agent Handoff
+
+Use this file when a task spans multiple sessions, has unresolved follow-up work, or changes release behavior.
+
+## Current State
+
+```text
+Codex repository baseline added. Implementation code, stack, commands, CI, and release artifacts are still pending.
+```
+
+## Changes Made
+
+- Added agent context files.
+- Added repository security and release documentation.
+- Added baseline README and ignore rules.
+
+## Verification
+
+| Check | Result |
+| --- | --- |
+| `git diff --check` | Pending until the directory is a Git repository |
+| lint | Not available |
+| test | Not available |
+| build | Not available |
+
+## Open Questions
+
+- Which implementation stack should Robocopy_Overhaul use?
+- Which build, test, lint, and audit commands should become authoritative?
+- Should Gitea CI workflows be added after the stack is known?
+
+## Next Steps
+
+- Add implementation code.
+- Update `AGENTS.md` and `.codex/project.md` with real commands and artifact paths.
+- Add CI workflows once commands can run.
+
+## Risks
+
+- No code-level security or release behavior can be validated until implementation exists.
diff --git a/docs/release-checklist.md b/docs/release-checklist.md
new file mode 100644
index 0000000..40b7a68
--- /dev/null
+++ b/docs/release-checklist.md
@@ -0,0 +1,35 @@
+# Release Checklist
+
+## Version
+
+- [ ] Version number updated.
+- [ ] Changelog updated.
+- [ ] README updated.
+
+## Quality
+
+- [ ] Working tree is clean.
+- [ ] Lint/type checks pass or are documented as unavailable.
+- [ ] Tests pass or missing tests are documented.
+- [ ] Build succeeds in CI once CI exists.
+
+## Security
+
+- [ ] Security review is current.
+- [ ] Dependency audit is clean or documented once dependencies exist.
+- [ ] No secrets are committed.
+- [ ] Release artifacts do not contain local config files.
+
+## Artifacts
+
+- [ ] Artifacts are uploaded if the project produces artifacts.
+- [ ] Download links work if downloads are published.
+- [ ] Package registry links work if used.
+- [ ] Installer/portable/archive naming is clear if applicable.
+
+## Release
+
+- [ ] Git tag created.
+- [ ] Release notes written.
+- [ ] Release published.
+- [ ] Post-release download smoke test completed.
diff --git a/docs/release-notes.md b/docs/release-notes.md
new file mode 100644
index 0000000..14948a3
--- /dev/null
+++ b/docs/release-notes.md
@@ -0,0 +1,28 @@
+# Robocopy_Overhaul Unreleased
+
+## Downloads
+
+No release artifacts are published yet.
+
+## Highlights
+
+- Added Codex Agent Repository Kit baseline files.
+
+## Security
+
+- Dependency audit: not applicable until dependencies exist.
+- Secret handling: baseline `.gitignore` excludes common local config and secret files.
+- External network calls: no project implementation exists yet.
+
+## Verification
+
+| Check | Result |
+| --- | --- |
+| lint | Not available |
+| test | Not available |
+| build | Not available |
+| Artifact download | Not available |
+
+## Notes
+
+This repository is not release-ready until implementation code, commands, CI, and artifacts are defined.
diff --git a/docs/security-review.md b/docs/security-review.md
new file mode 100644
index 0000000..0037a01
--- /dev/null
+++ b/docs/security-review.md
@@ -0,0 +1,54 @@
+# Security Review
+
+## Scope
+
+Project:
+
+```text
+Robocopy_Overhaul
+```
+
+Reviewed version or commit:
+
+```text
+Baseline before implementation code.
+```
+
+## Code Patterns Checked
+
+- [x] No `eval` in project source. No project source exists yet.
+- [x] No dynamic `Function` constructor. No project source exists yet.
+- [x] No unsafe HTML injection. No project source exists yet.
+- [x] No unexpected shell execution. No project source exists yet.
+- [x] No unexpected external network calls. No project source exists yet.
+- [x] No secrets committed in baseline files.
+- [x] No unsafe file writes outside expected user-selected paths. No project source exists yet.
+
+## Dependency Review
+
+Command:
+
+```text
+PENDING: no dependency manifest exists yet.
+```
+
+Result:
+
+```text
+Not applicable for the baseline.
+```
+
+## Runtime Review
+
+- [ ] Least-privilege runtime configuration. Pending until runtime exists.
+- [ ] External URLs documented. Pending until implementation exists.
+- [ ] Local data storage documented. Pending until implementation exists.
+- [x] Sensitive data is not persisted by baseline files.
+
+## Release Notes
+
+Known residual risks:
+
+```text
+No implementation risk has been reviewed yet because no application code exists.
+```