[security]
write_scope = "repo"
deny_write_globs = ["*.env", "*.key", "*.pem", "*.secret"]
deny_command_patterns = ["sudo *", "rm -rf /*", "curl * | sh"]
strip_secrets_from_output = true
[network]
default_api_mode = "readonly"
require_confirmation_for = ["DELETE", "POST", "PUT", "PATCH"]
[container]
require_container = true
deny_host_package_install = true
[recency]
recency_triggers = ["latest", "current", "today", "as of now"]
auto_timestamp_command = "date -Is"
[tools]
default_enabled = ["read", "write", "execute", "search", "web"]
require_user_approval_for = ["delete_file", "force_push"]

# AGENTS.md
## Onboarding
Execute `.agents/ONBOARDING.md`.
## Rules
All constraints in `~/.codex/config.toml` apply.
Behavioral norms in `.agents/BEHAVIOR.md`.
## Knowledge Discovery
Technical background → start at `docs/.INDEX.md`.
Templates → `templates/.INDEX.md`.
Historical decisions → `decisions/.INDEX.md`.
**Principle**: never load all docs at once. Read `.SUMMARY.md` first.
## Continuity
`.agents/CONTINUITY.md`

# ONBOARDING.md
1. Read `.agents/POLICIES.md` — CRITICAL: project constraints override defaults
2. Read `.agents/FILES.md` — special file conventions
3. Read `.agents/BEHAVIOR.md` — coding philosophy
4. Read `.agents/CONTINUITY.md` — restore context
5. Read `docs/.INDEX.md` — discover documentation
6. If the task requires: drill into `docs/**/.INDEX.md` as needed

# BEHAVIOR.md

## 1. Think Before Coding

Don't assume. Don't hide confusion. Surface tradeoffs.

- State assumptions explicitly. If uncertain, ask.
- If multiple interpretations exist, present them — don't pick silently.
- If a simpler approach exists, say so. Push back when warranted.
- If something is unclear, stop. Name what's confusing. Ask.

## 2. Simplicity First

Minimum code that solves the problem. Nothing speculative.

- No features beyond what was asked.
- No abstractions for single-use code.
- No "flexibility" or "configurability" that wasn't requested.
- No error handling for impossible scenarios.
- If you write 200 lines and it could be 50, rewrite it.

Self-check: "Would a senior engineer call this overcomplicated?" If yes, simplify.

## 3. Surgical Changes

Touch only what you must. Clean up only your own mess.

- Don't "improve" adjacent code, comments, or formatting.
- Don't refactor things that aren't broken.
- Match existing style, even if you'd do it differently.
- If you notice unrelated dead code, mention it — don't delete it.
- Remove only imports/variables/functions that YOUR changes made unused.

The test: every changed line should trace directly to the user's request.

## 4. Goal-Driven Execution

Transform vague requests into verifiable goals:

- "Add validation" → "Write tests for invalid inputs, then make them pass"
- "Fix the bug" → "Write a test that reproduces it, then make it pass"
- "Refactor X" → "Ensure tests pass before and after"

For multi-step tasks, state a brief plan:

1. [Step] → verify: [check]
2. [Step] → verify: [check]
3. [Step] → verify: [check]


## 5. Accuracy and Recency

When a request depends on recency:

- Run `date -Is` and state the current timestamp explicitly.
- Prefer official/vendor docs for any dependency.
- Prefer the newest versioned docs, release notes, or changelogs.
- Cross-check at least two reputable sources for safety/compatibility-sensitive details.

## 6. Anti-Hallucination

- Read the full source document before drafting output.
- Re-read the original source before finalizing to verify:
  - factual accuracy
  - no invented details
  - wording/style preserved (unless user explicitly asked to rewrite)
- If paraphrasing is required, label it explicitly as a paraphrase.

## 7. Definition of Done

A task is done when:

- [ ] The requested change is implemented or the question answered
- [ ] Verification provided: build attempted (if code changed), lint run (if code changed)
- [ ] Errors/warnings addressed or explicitly listed as out-of-scope
- [ ] Tests/typecheck passed where applicable
- [ ] Relevant documentation updated
- [ ] Impact explained: what changed, where, why
- [ ] Follow-ups listed if anything was intentionally left out
- [ ] `.agents/CONTINUITY.md` updated if the change materially affects state

## 8. Self-Critique

Before finalizing any non-trivial output, perform one round of self-review:

**Step 1: Edge cases**
- What inputs could break this?
- What happens on empty/null/boundary values?

**Step 2: Reviewer perspective**
- If I were code-reviewing this, what would I flag?
- Is there a hidden assumption I'm not stating?
- Would this still work if the environment/version/scale changed?

**Step 3: Simplicity check**
- Is there a strictly simpler way to achieve the same result?
- Did I introduce any abstraction the problem doesn't demand?

**Step 4: State findings**
If you find issues, fix them before output. If you find tradeoffs worth noting, surface them explicitly rather than hiding them.

## 9. Escalation Protocol
When the agent encounters a situation not covered by existing documentation,
constraints, or behavioral guides:
**Required format for escalation:**

⚠️ ESCALATION: [one-line summary]

Context:

What I'm trying to do: [task description]
What I've tried: [approaches attempted, why they didn't work]
What I considered: [alternatives discarded and why]
Where I'm stuck: [specific decision point or knowledge gap]
Options (if applicable):
A. [Option A] — risk: [risk], requires: [requirement]
B. [Option B] — risk: [risk], requires: [requirement]

Question: [single, specific, actionable question]

**Rules:**
- Never escalate with a vague "how should I do this?"
- Always demonstrate that you've attempted to solve it first
- For tool/library questions, include what docs you've already consulted
- If the decision has tradeoffs, present them — don't force the user to do the analysis

# POLICIES.md
## Language & Runtime
- Python version: 3.11
- Banned syntax: No Python 3.12 features (type params, PEP 695)
## Build & Test
- Test framework: pytest
- Required flags: pytest --strict-markers
## Code Conventions
- Type checking: mypy --strict
- Forbidden patterns: No `Any` type, no bare except
## Dependencies
- Adding a dependency: team approval required
- Version pinning: exact versions in requirements.txt

# FILES.md

## Special File Conventions

| File | Purpose |
|:--|:--|
| `AGENTS.md` | Agent instruction entrypoint |
| `.INDEX.md` | Directory index for fast discovery |
| `.SUMMARY.md` | Directory content summary |
| `CONTINUITY.md` | Cross-session state persistence |
| `ONBOARDING.md` | Session initialization flow |
| `BEHAVIOR.md` | Coding philosophy and judgment norms |
| `POLICIES.md` | Domain-specific constraints |
| `README.md` | Human-maintained project log. **NEVER modify.** |

## Discovery Rules

- Entering any directory → read `.INDEX.md` first
- Need an overview → read `.SUMMARY.md`
- Related files are traced through links in `.INDEX.md`

## Orphan Detection

When navigating directories following the progressive disclosure convention,
if you encounter a `.md` file that is NOT listed in the directory's `.INDEX.md`:

1. Note it in `.agents/CONTINUITY.md` [DISCOVERIES]: "Found orphan file X not in .INDEX.md"
2. If the file appears relevant to the current task, read it anyway
3. Do NOT silently add it to `.INDEX.md` — surface it for human decision

# .agents/ Index
1. [Onboarding](ONBOARDING.md)
2. [Behavior Guide](BEHAVIOR.md)
3. [Project Policies](POLICIES.md)
4. [Documentation](DOCUMENTATION.md)
5. [Continuity](CONTINUITY.md)
6. [Project Docs](../docs/.INDEX.md)
7. [Templates](templates/.INDEX.md)
8. [Decisions](decisions/.INDEX.md)

# CONTINUITY.md

## [PLANS]
<!-- Current plan with status markers: [ ] pending, [=] in progress, [x] done -->

## [DECISIONS]
<!-- Format: ISO_TIMESTAMP [PROVENANCE] decision -->
<!-- Provenance tags: [USER], [CODE], [TOOL], [ASSUMPTION] -->
<!-- If unconfirmed, write UNCONFIRMED. Never guess. -->

## [PROGRESS]
<!-- Mid-implementation course changes, reflections, implications -->

## [DISCOVERIES]
<!-- Unexpected findings with short evidence snippets -->

## [OUTCOMES]
<!-- Task completion summary: achieved, remaining, lessons learned -->

## Anti-Bloat Rules

- Facts only. No transcripts. No raw logs.
- Every entry must include:
  - ISO timestamp (e.g., `2026-05-27T10:30Z`)
  - provenance tag: `[USER]`, `[CODE]`, `[TOOL]`, `[ASSUMPTION]`
  - if unknown → write `UNCONFIRMED`
- Information changes → supersede explicitly. Don't silently rewrite history.
- Sections bloating → compress older items into `[MILESTONE]` bullets.

## [PLANS]          当前计划 + 状态标记 [ ] [=] [x]
## [DECISIONS]       ISO时间戳 + 来源标签 + 决策内容
## [PROGRESS]        中途变更 + 反思
## [DISCOVERIES]     意外发现 + 简短证据
## [OUTCOMES]        任务完成总结