Document security model: simple Unix isolation

2026-01-09 16:31:11 -08:00 · 2026-01-09 16:31:11 -08:00 · 99b187fa5a
parent f17604f0ad
commit 99b187fa5a
1 changed files with 23 additions and 0 deletions
--- a/docs/server-AGENTS.md
+++ b/docs/server-AGENTS.md
@ -41,6 +41,19 @@ uv venv && source .venv/bin/activate
 uv pip install <package>
 ```

+## Emes Tools (tissue, jwz, idle)
+
+For now, install per-user (lands in `~/.local/bin`, already in PATH):
+
+```bash
+curl -fsSL https://evil-mind-evil-sword.github.io/releases/idle/install.sh | sh
+```
+
+Notes:
+- `idle` installs `tissue` and `jwz` (zawinski) plus `jq` if needed.
+- Use emes tools for agent workflow; this repo still uses beads (`bd`) for
+  infrastructure issue tracking.
+
 ## Resource Limits

 Per-user limits are enforced:
@ -65,6 +78,16 @@ If you hit limits, your processes may be killed. Design accordingly.
 - No inbound ports (use SSH tunnels for local services)
 - Example tunnel: `ssh -L 8080:localhost:8080 dev-server`

+## Security Model
+
+Simple Unix isolation - no containers, VMs, or complex sandboxing:
+- Home directories are private (`chmod 700 ~`)
+- Per-user resource limits (memory, processes, network)
+- Watchdogs kill runaway processes
+- Shared tokens via group-readable files
+
+This is a learning environment, not a hostile multi-tenant system.
+
 ## Do NOT

 - Run `sudo` (you don't have access)