# AGENTS.md

These instructions apply to the entire repository.

## Repository workflow

- Create a feature branch for every change.
- Open a pull request for review before changes are merged.
- Do not make direct changes to `main`.
- Keep pull requests focused, reviewable, and aligned with repository-root paths.

## Scope boundaries

- This is a standalone repository dedicated exclusively to Cloutal Workspace.
- Future application code must be maintained only in this repository.
- Do not write application code unless the task explicitly asks for it.
- Do not install framework packages or dependencies unless the task explicitly asks for it.
- Do not create deployment workflows unless the task explicitly asks for it.
- Do not add credentials, secrets, private tokens, or environment-specific values.
- Never use, reference, load, or depend on WordPress.
- Never depend on the existing `thelkstudio/Cloutal` production application.
- Never depend on the existing `thelkstudio/Cloutal` production application's database, tables, users, authentication, sessions, permissions, configuration, deployment, or source code.

## Configuration and secrets

- Do not commit secrets.
- Use environment-based configuration for values that vary by environment.
- Keep `.env.example` limited to safe placeholder values and documentation-friendly defaults.
- Never hard-code credentials, tenant identifiers, private service endpoints, or production-only values.
- Keep UAT and production databases, secrets, encryption keys, Stripe modes, and customer data separate.

## Data and tenant isolation

- Use MySQL as the planned primary relational database unless a later reviewed architecture decision changes it.
- Schema changes must be made through database migrations when application data models are introduced.
- Enforce strict organization-level tenant isolation in all future application design and implementation.
- Tenant-scoped records must not be readable, writable, listable, searchable, exportable, or inferable across organization boundaries.
- Automated tests are required for tenant-boundary behavior whenever tenant-aware functionality is added or changed.
- Access-control checks must be explicit and must not rely on client-provided organization identifiers alone.

## Deployment safety

- Do not deploy directly to production.
- Do not add direct production deployment paths from local machines or unreviewed automation.
- Production deployment, when introduced, must be controlled, reviewed, auditable, and environment-specific.
