SANITIZE: vendor-agnostic agent-CLI stubs + fix CI build (drop home/ COPY)

Sanitization (canonical system prompt §6 — corporate entity references):
- AGENTS.md: drop "Codex, Cursor, Aider, Continue.dev" vendor list;
  redirect to AGENTS.md standard (https://agents.md). Reference per-user
  override path ~/.config/mios/system-prompt.md.
- CLAUDE.md: drop "Claude Code (claude.ai/code)" identity prose; rename
  "Claude Code-specific deltas" → "Agent-CLI deltas". Filename retained
  as the tool entry point per §6.5 (tool-targeting filenames survive).
  Genericize "TodoWrite/TaskCreate" → "the agent's task tool".
- GEMINI.md: drop "Gemini CLI" prose; rewrite as vendor-agnostic
  agent-CLI delta. Bottom sanitization-reminder paragraph rewritten to
  reference "the explicit forbidden-token list in the canonical prompt"
  rather than naming brands.

CI build fix:
- Containerfile: drop `COPY home/ /ctx/home/` and `/ctx/home` from the
  main RUN's cp -a. /home/ is now bootstrap territory (mios-bootstrap.git
  stages user homes via profile/ in Phase-3) and was removed from
  mios.git in commit 71c717d, breaking the docker/build-push-action build
  with: failed to calculate checksum of ref ...: "/home": not found.
  automation/08-system-files-overlay.sh:63-67 already guards on
  `[[ -d "${CTX}/home" ]]`, so the stage cleanly no-ops post-fix.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: mios-dev

AGENTS.md

@@ -1,16 +1,17 @@
 # AGENTS.md
 
-> Generic agent contract following the AGENTS.md standard.
-> Read by Codex, Cursor, Aider, Continue.dev, and other agents that don't
-> have a dedicated rules file. Redirector stub.
+> Generic agent contract following the AGENTS.md standard
+> (<https://agents.md>). Read by any agent CLI that consumes
+> AGENTS.md-style entry files. Redirector stub.
 >
 > Canonical agent prompt: `/usr/share/mios/ai/system.md`.
 
 ## Behavior contract
 
 1. Load `/usr/share/mios/ai/system.md` first.
 2. Apply `/etc/mios/ai/system-prompt.md` as host-local override if present.
-3. This file carries no tool-specific deltas; generic agents follow the
+3. Apply `~/.config/mios/system-prompt.md` as per-user override if present.
+4. This file carries no tool-specific deltas; generic agents follow the
    canonical prompt verbatim.
 
 If `/usr/share/mios/ai/system.md` is unreachable, fall back to

CLAUDE.md

@@ -1,14 +1,18 @@
 # CLAUDE.md
 
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+This file is the agent-CLI entry point for this repository. Tool resolution
+relies on the literal filename — the prose below is intentionally vendor-
+agnostic.
 
 ## Authoritative prompt
 
-This file is a **redirector stub**. The canonical agent prompt for MiOS-DEV is
-`/usr/share/mios/ai/system.md`, with `/etc/mios/ai/system-prompt.md` applied
-as a host-local override if present. A copy of the canonical prompt lives at
-`/system.md` in the repo root for off-host use. Load that first; the rest of
-this file is Claude Code-specific delta plus repo orientation.
+This file is a **redirector stub**. The canonical agent prompt for MiOS-DEV
+is `/usr/share/mios/ai/system.md`, with `/etc/mios/ai/system-prompt.md`
+applied as a host-local override and `~/.config/mios/system-prompt.md` as
+per-user override (see resolution order in `system-prompt.md`). A copy of
+the canonical prompt lives at `/system.md` in the repo root for off-host
+use. Load that first; the rest of this file is agent-CLI-specific delta
+plus repo orientation.
 
 ## What this repo is
 
@@ -174,17 +178,19 @@ sandbox paths (`/mnt/user-data/`, `/home/claude/`, `/repo/`). Upstream
 package names, FHS paths, source code, and protocol endpoints survive
 unchanged.
 
-## Claude Code-specific deltas
+## Agent-CLI deltas
 
-- **TodoWrite/TaskCreate:** Track multi-step audits, refactors, and
-  migrations. One in_progress at a time. Mark completed immediately on finish.
-- **File-creation defaults:** New scratch files default to
-  `/var/lib/mios/ai/scratch/` unless the user specifies a path or work
+- **Task tracking:** track multi-step audits, refactors, and migrations
+  with the agent's task tool. One in-progress at a time; mark completed
+  immediately on finish.
+- **File-creation defaults:** new scratch files default to
+  `/var/lib/mios/ai/scratch/` unless the user specifies a path or the work
   targets the system overlay.
 - **Confirm before mutating shared state:** never run `git push`,
   `bootc upgrade`, `dnf install`, `systemctl`, or `rm -rf` without explicit
   user confirmation per invocation.
 - **Memory:** per-session learnings go to `/var/lib/mios/ai/memory/`.
   Read the canonical prompt §12 (immutable records, supersedes-only updates)
   before writing.
-- **Skills:** docx/pptx/xlsx skills are not needed for routine work here.
+- **Document-format skills:** docx/pptx/xlsx generation skills are not
+  needed for routine work here; skip unless explicitly requested.

Containerfile

@@ -5,7 +5,8 @@ FROM scratch AS ctx
 COPY automation/           /ctx/automation/
 COPY usr/                  /ctx/usr/
 COPY etc/                  /ctx/etc/
-COPY home/                 /ctx/home/
+# /home/ is bootstrap territory (mios-bootstrap.git stages user homes via
+# profile/ in Phase-3); the build no longer pulls it.
 COPY usr/share/mios/PACKAGES.md /ctx/PACKAGES.md
 COPY VERSION               /ctx/VERSION
 COPY config/artifacts/     /ctx/bib-configs/
@@ -34,7 +35,7 @@ RUN --mount=type=bind,from=ctx,source=/ctx,target=/ctx,ro \
     --mount=type=cache,dst=/var/cache/dnf,sharing=locked \
     set -ex; \
     install -d -m 0755 /tmp/build; \
-    cp -a /ctx/automation /ctx/usr /ctx/etc /ctx/home /ctx/PACKAGES.md /ctx/VERSION /ctx/bib-configs /ctx/tools /tmp/build/; \
+    cp -a /ctx/automation /ctx/usr /ctx/etc /ctx/PACKAGES.md /ctx/VERSION /ctx/bib-configs /ctx/tools /tmp/build/; \
     export PACKAGES_MD=/tmp/build/PACKAGES.md; \
     bash /tmp/build/automation/lib/packages.sh >/dev/null 2>&1 || true; \
     source /tmp/build/automation/lib/packages.sh; \

GEMINI.md

@@ -1,36 +1,41 @@
 # GEMINI.md
 
-> Read by Gemini CLI on entry into this repo. Redirector stub.
+> Agent-CLI entry point read by GEMINI.md-aware agent CLIs on entry into
+> this repo. Redirector stub.
 > Canonical agent prompt: `/usr/share/mios/ai/system.md`.
 
 ## Behavior contract
 
 1. Load `/usr/share/mios/ai/system.md` first.
 2. Apply `/etc/mios/ai/system-prompt.md` as host-local override if present.
-3. This file carries Gemini CLI-specific deltas only.
+3. Apply `~/.config/mios/system-prompt.md` as per-user override if present.
+4. This file carries agent-CLI-specific deltas only.
 
 If `/usr/share/mios/ai/system.md` is unreachable, fall back to
 `/system-prompt.md` in the repo root.
 
-## Tool-specific deltas (Gemini CLI only)
+## Agent-CLI deltas
 
-- **Sandbox model:** Gemini CLI typically operates from the working directory
-  as the sandbox root. On a MiOS-DEV host, `cwd` should be `/`. Do NOT treat
-  `/` as a "dangerous" path to avoid; it is the canonical repo root.
-- **Tool calls:** Use `read_file`, `list_directory`, `glob`, `search_file_content`
-  for read-only inspection. `write_file`, `replace`, `run_shell_command` are
-  mutating — confirm with the user before each invocation that touches a
-  whitelisted overlay path or the live system.
+- **Sandbox model:** the agent typically operates from the working
+  directory as the sandbox root. On a MiOS-DEV host, `cwd` should be `/`.
+  Do NOT treat `/` as a "dangerous" path to avoid; it is the canonical
+  repo root.
+- **Tool calls:** use `read_file`, `list_directory`, `glob`,
+  `search_file_content` for read-only inspection. `write_file`, `replace`,
+  `run_shell_command` are mutating — confirm with the user before each
+  invocation that touches a whitelisted overlay path or the live system.
 - **Memory:** `/memory add` and `/memory show` write to
-  `/var/lib/mios/ai/memory/gemini-cli/`. The format must conform to
-  `/usr/share/mios/ai/system.md` §12 (one fact per record, file:line citation,
-  immutable, supersedes-by-reference).
-- **YOLO mode:** Even when `--yolo` is enabled, never `git push`, `bootc upgrade`,
-  `dnf install`, or destructive shell commands without explicit operator turn.
+  `/var/lib/mios/ai/memory/<agent-id>/`. The format must conform to
+  `/usr/share/mios/ai/system.md` §12 (one fact per record, file:line
+  citation, immutable, supersedes-by-reference).
+- **YOLO mode:** even when permissive auto-approval is enabled, never
+  `git push`, `bootc upgrade`, `dnf install`, or destructive shell
+  commands without explicit operator turn.
 
 ## Sanitization reminder
 
-Per `/usr/share/mios/ai/system.md` §6, all persisted artifacts are sanitized.
-Specifically for Gemini CLI: do not write the strings "Gemini", "Google",
-"Bard", "DeepMind", or any vendor brand into pushed paths. Vendor brands stay
-in your runtime context only; persisted artifacts are vendor-neutral.
+Per `/usr/share/mios/ai/system.md` §6, all persisted artifacts are
+sanitized: no corporate entity names in prose (the explicit forbidden-token
+list in the canonical prompt covers all major model and product brands),
+no chat metadata, no foreign sandbox path traces. Vendor brands stay in
+runtime context only; persisted artifacts are vendor-neutral.