Process agent kit v1.0.6

.codex/project.md

@@ -41,7 +41,9 @@ Build and test verification should run on the Gitea runner with:
 .gitea/workflows/build.yml
 ```
 
-The local machine is not the source of truth for CI results.
+Project build, test, audit, package, installer, dependency setup, and release commands must run on Gitea Ubuntu runners only. Supported labels are `ubuntu-latest`, `ubuntu-24.04`, and `ubuntu-22.04` on `global-runner-1`, `global-runner-2`, and `global-runner-3`.
+
+The local machine is not the source of truth for CI results. Local checks are limited to lightweight validation that does not install dependencies or create build artifacts.
 
 ## Stack
 
@@ -80,13 +82,12 @@ No published release process exists yet.
 
 Before a release:
 
-1. run `npm run build`,
-2. run `npm test`,
-3. run the release checklist,
-4. verify CI is green,
-5. verify download links when publishing artifacts,
-6. update README and changelog,
-7. create a tag,
-8. create the release.
+1. run the release checklist,
+2. verify `npm run lint`, `npm test`, `npm run build`, and `npm run audit` are green on a supported Gitea Ubuntu runner,
+3. verify download links when publishing artifacts,
+4. update README and changelog,
+5. verify release artifacts exclude Codex kit metadata such as `AGENTS.md`, `.codex/`, `blueprint.md`, `blueprint.json`, template workflows, and agent handoff notes unless explicitly requested,
+6. create a tag,
+7. create the release through Gitea Actions or the Gitea API.
 
 Do not create releases unless the user explicitly asks for a release.

.gitea/workflows/release-dry-run.yml

@@ -33,12 +33,12 @@ jobs:
             fi
           done
 
-          placeholder_paths=(README.md AGENTS.md .codex docs)
-          placeholder_pattern='PROJECT_NAME|PROJECT_DESCRIPTION|REPOSITORY_OWNER|REPOSITORY_NAME|PACKAGE_NAME|ARTIFACT_NAME|ARTIFACT_OUTPUT_DIRECTORY|DOWNLOAD_URL|BUILD_COMMAND|TEST_COMMAND|LINT_COMMAND|AUDIT_COMMAND'
+          placeholder_paths=(README.md AGENTS.md .codex docs .gitea)
+          placeholder_pattern='PROJECT_NAME|PROJECT_DESCRIPTION|REPOSITORY_OWNER|REPOSITORY_NAME|PACKAGE_NAME|ARTIFACT_NAME|ARTIFACT_OUTPUT_DIRECTORY|DOWNLOAD_URL|CI_URL|RELEASES_URL|BUILD_COMMAND|TEST_COMMAND|LINT_COMMAND|AUDIT_COMMAND|COMMIT_OR_VERSION'
 
           for path in "${placeholder_paths[@]}"; do
             [ -e "$path" ] || continue
-            if grep -RInE --exclude-dir=.git "$placeholder_pattern" "$path"; then
+            if grep -RInE --exclude-dir=.git --exclude=release-dry-run.yml --exclude=template-compliance.yml "$placeholder_pattern" "$path"; then
               echo "Unresolved template placeholders found."
               missing=1
             fi

.gitea/workflows/template-compliance.yml

@@ -53,12 +53,12 @@ jobs:
         shell: bash
         run: |
           found=0
-          paths=(AGENTS.md README.md SECURITY.md CHANGELOG.md .codex docs)
-          pattern='PROJECT_NAME|PROJECT_DESCRIPTION|REPOSITORY_OWNER|REPOSITORY_NAME|PACKAGE_NAME|ARTIFACT_NAME|ARTIFACT_OUTPUT_DIRECTORY|AUTHOR_NAME|PROJECT_STACK|DOWNLOAD_URL|BUILD_COMMAND|TEST_COMMAND|LINT_COMMAND|AUDIT_COMMAND|README_COMMAND|INSTALL_COMMAND|DEV_COMMAND|PACKAGE_MANAGER|PROJECT_VERSION'
+          paths=(AGENTS.md README.md SECURITY.md CHANGELOG.md .codex docs .gitea blueprint.md blueprint.json)
+          pattern='PROJECT_NAME|PROJECT_DESCRIPTION|REPOSITORY_OWNER|REPOSITORY_NAME|PACKAGE_NAME|ARTIFACT_NAME|ARTIFACT_OUTPUT_DIRECTORY|AUTHOR_NAME|PROJECT_STACK|DOWNLOAD_URL|CI_URL|RELEASES_URL|BUILD_COMMAND|TEST_COMMAND|LINT_COMMAND|AUDIT_COMMAND|README_COMMAND|INSTALL_COMMAND|DEV_COMMAND|PACKAGE_MANAGER|PROJECT_VERSION|COMMIT_OR_VERSION'
 
           for path in "${paths[@]}"; do
             [ -e "$path" ] || continue
-            if grep -RInE --exclude-dir=.git "$pattern" "$path"; then
+            if grep -RInE --exclude-dir=.git --exclude=release-dry-run.yml --exclude=template-compliance.yml "$pattern" "$path"; then
               found=1
             fi
           done

AGENTS.md

@@ -6,9 +6,15 @@ League of Legends GUI Overhaul: React/Vite prototype for a modern, dark, MOBA-/f
 
 ## Repository Rules
 
+- At the start of every user-requested task, check for upstream updates and apply a safe fast-forward pull when the working tree is clean. If local changes exist, fetch or report the blocker before editing.
+- Conserve context tokens: search with `rg` or targeted file lists first, read only task-relevant files, and avoid generated folders, dependency folders, build outputs, or full logs unless they are directly relevant.
 - Prefer existing project patterns over new abstractions.
 - Keep changes scoped to the user's request.
 - Do not commit secrets, `.env` files, private keys, certificates, or tokens.
+- Treat `global-runner-1`, `global-runner-2`, and `global-runner-3` as the only available build runners.
+- Run project builds, tests, audits, package jobs, installers, dependency setup, and releases only on Gitea Ubuntu runners with `ubuntu-latest`, `ubuntu-24.04`, or `ubuntu-22.04`.
+- Do not run those heavy project commands on the user's local machine. Local checks are limited to lightweight reads and validation that do not install dependencies or create build artifacts.
+- Do not add Windows or macOS runners. Use open-source Linux-compatible tooling or workflow workarounds that run on the Ubuntu runners.
 - Do not rewrite history or run destructive git commands unless explicitly requested.
 - Do not create a release unless explicitly requested.
 - Check repository state before editing and before finishing. Preserve unrelated user changes.
@@ -16,9 +22,11 @@ League of Legends GUI Overhaul: React/Vite prototype for a modern, dark, MOBA-/f
 - Derive repository owner and name from this repository's remote or `GITHUB_REPOSITORY`. Never reuse owner/name values from the Agent Kit template repository.
 - The current stack is Node, React, Vite, TypeScript, React Router, Vitest, Testing Library, and CSS custom properties.
 - If `GITEA_TOKEN` is available locally, use it only for read-only Gitea API checks such as private repository metadata, package-read visibility, and Actions run status. Never print, commit, or store the token.
+- When real, actionable follow-up work is outside the current scope or independently parallelizable, create a focused tracker issue. If no issue tracker is available, update `docs/agent-handoff.md`.
 - After pushing commits that trigger a Gitea workflow, poll the workflow run until it succeeds or a concrete blocker is known.
 - Repository cleanup automation must be non-destructive. Do not delete branches, packages, releases, or tracked files without explicit user approval.
 - Dependency, compliance, and release dry-run automation must report findings only. Do not auto-update dependencies, auto-open PRs, create tags, publish packages, or create releases without explicit user approval.
+- Keep Codex kit files in source control when they help agents, but exclude them from user-facing release, package, installer, archive, and upload artifacts unless the user explicitly asks to ship repository-maintenance files.
 
 ## Commands
 
@@ -37,7 +45,7 @@ git diff --check
 
 `npm run lint` runs `tsc --noEmit`. `npm run release:check` runs lint, tests, and build.
 
-For build and test verification, prefer the Gitea runner workflow `.gitea/workflows/build.yml` over relying on this local machine. Local runs are useful for quick checks only when the required tools are already available.
+For build, test, audit, dependency setup, package, installer, and release verification, use the Gitea runner workflow `.gitea/workflows/build.yml`. Do not use this local machine for those heavy project commands.
 
 Keep `.codex/project.md` and this `AGENTS.md` aligned when commands, artifact paths, or release rules change.
 
@@ -62,11 +70,13 @@ No release package naming or download verification process exists yet.
 - Keep external network calls documented.
 - Prefer local processing for user data.
 - Keep CI publishing secrets in repository or organization secrets, not in tracked files.
+- Do not include Codex kit metadata such as `AGENTS.md`, `.codex/`, `blueprint.md`, `blueprint.json`, template workflow files, or agent handoff notes in downloadable release artifacts unless explicitly requested.
 
 ## Finish Checklist
 
 - `git diff --check` passes.
-- The cheapest reliable verification command has been run, or the reason it could not run is documented.
+- Lightweight local validation has passed, and project verification has run through Gitea Actions on a supported Ubuntu runner or the reason runner verification could not run is documented.
 - README, changelog, security review, and release checklist are updated when the change touches release behavior.
 - `docs/agent-handoff.md` is updated when work is interrupted, risky, or spans multiple sessions.
+- Independent follow-up work has tracker issues, or `docs/agent-handoff.md` explains why issues could not be created.
 - Any pushed Gitea workflow has been polled to success or a concrete blocker has been reported.

docs/agent-handoff.md

@@ -2,6 +2,8 @@
 
 Use this file when a task spans multiple sessions, has unresolved follow-up work, or changes release behavior.
 
+Prefer focused tracker issues for independent follow-up work when an issue tracker is available. Use this handoff file when issues cannot be created, when the context is too sensitive for a public issue, or when a task needs a compact session summary.
+
 ## Current State
 
 ```text
@@ -18,6 +20,7 @@ Codex Agent Repository Kit baseline applied. The project is a React/Vite/TypeScr
 - Added a Gitea runner build workflow for `npm ci`, `npm test`, `npm run build`, and `dist/` artifact upload.
 - Added standard npm `lint`, `audit`, and `release:check` scripts from the Node kit profile.
 - Processed Agent Kit update `c0262b9`, including the repository-owner derivation rule.
+- Processed Agent Kit update `v1.0.6`, including safe fast-forward task starts, Gitea Ubuntu runner-only verification, follow-up issue guidance, and release artifact metadata exclusions.
 
 ## Verification
 
@@ -34,6 +37,12 @@ Codex Agent Repository Kit baseline applied. The project is a React/Vite/TypeScr
 - Watch the Gitea build workflow after pushes and fix runner-only failures in follow-up commits.
 - Update README, `AGENTS.md`, `.codex/project.md`, and release docs when implementation begins.
 
+## Follow-up Issues
+
+| Issue | Status |
+| --- | --- |
+| PENDING | No independent follow-up issue created in this session. |
+
 ## Risks
 
 - Release packaging is intentionally limited until download targets are defined.

docs/release-checklist.md

@@ -11,9 +11,11 @@ No release process exists yet. Complete this checklist only after the project ha
 ## Quality
 
 - [ ] Working tree is clean.
-- [ ] Lint or type checks pass.
-- [ ] Tests pass or missing tests are documented.
-- [ ] Build succeeds in CI.
+- [ ] Lightweight local validation passes without installing dependencies or creating build artifacts.
+- [ ] Lint or type checks pass on a Gitea Ubuntu runner.
+- [ ] Tests pass on a Gitea Ubuntu runner or missing tests are documented.
+- [ ] Build succeeds in CI on `ubuntu-latest`, `ubuntu-24.04`, or `ubuntu-22.04`.
+- [ ] No project build, test, audit, package, installer, dependency setup, or release command was run on the local machine.
 
 ## Security
 
@@ -26,6 +28,7 @@ No release process exists yet. Complete this checklist only after the project ha
 
 - [ ] Artifacts are produced by documented commands.
 - [ ] Artifacts are uploaded.
+- [ ] User-facing artifacts exclude Codex kit metadata such as `AGENTS.md`, `.codex/`, `blueprint.md`, `blueprint.json`, template workflows, and agent handoff notes unless explicitly requested.
 - [ ] Download links work.
 - [ ] Package registry links work if used.
 - [ ] Installer, portable, or archive naming is clear.
@@ -34,5 +37,5 @@ No release process exists yet. Complete this checklist only after the project ha
 
 - [ ] Git tag created.
 - [ ] Release notes written.
-- [ ] Release published.
+- [ ] Release published from Gitea Actions or through the Gitea API, not by running local release tooling.
 - [ ] Post-release download smoke test completed.