# Agent Instructions ## Project League of Legends GUI Overhaul: React/Vite prototype for a modern, dark, MOBA-/fantasy-inspired client interface. ## Repository Rules - Prefer existing project patterns over new abstractions. - Keep changes scoped to the user's request. - Do not commit secrets, `.env` files, private keys, certificates, or tokens. - Do not rewrite history or run destructive git commands unless explicitly requested. - Do not create a release unless explicitly requested. - Check repository state before editing and before finishing. Preserve unrelated user changes. - Replace applicable placeholders in copied templates. Remove non-applicable placeholder sections instead of leaving fake values. - The current stack is Node, React, Vite, TypeScript, React Router, Vitest, Testing Library, and CSS custom properties. - If `GITEA_TOKEN` is available locally, use it only for read-only Gitea API checks such as private repository metadata, package-read visibility, and Actions run status. Never print, commit, or store the token. - After pushing commits that trigger a Gitea workflow, poll the workflow run until it succeeds or a concrete blocker is known. - Repository cleanup automation must be non-destructive. Do not delete branches, packages, releases, or tracked files without explicit user approval. - Dependency, compliance, and release dry-run automation must report findings only. Do not auto-update dependencies, auto-open PRs, create tags, publish packages, or create releases without explicit user approval. ## Commands Use these commands: ```bash npm install npm run dev npm run build npm test git diff --check ``` There is no separate lint script yet. `npm run build` runs `tsc --noEmit` before the Vite build. Keep `.codex/project.md` and this `AGENTS.md` aligned when commands, artifact paths, or release rules change. ## Artifacts Build output is produced in: ```text dist/ ``` No release package naming or download verification process exists yet. ## Security Notes - Review `docs/security-review.md` before release work. - Fill `docs/security-review.md` with actual checked commands and results when performing release-readiness work. - Review scheduled security workflow failures before changing code. Treat matches as leads: they may be true positives, documentation examples, or test fixtures. - Review repository cleanup workflow failures as maintenance leads. Document intentional exceptions instead of blindly deleting files. - Review dependency and template compliance workflow failures as maintenance leads. Preserve project-specific conventions when they are documented. - Treat generated credentials and config files as sensitive. - Keep external network calls documented. - Prefer local processing for user data. - Keep CI publishing secrets in repository or organization secrets, not in tracked files. ## Finish Checklist - `git diff --check` passes. - The cheapest reliable verification command has been run, or the reason it could not run is documented. - README, changelog, security review, and release checklist are updated when the change touches release behavior. - `docs/agent-handoff.md` is updated when work is interrupted, risky, or spans multiple sessions. - Any pushed Gitea workflow has been polled to success or a concrete blocker has been reported.