These instructions apply to all work in this repository:
- Do not install anything on the host system. Use containers for any installs.
- If any install is required, ask for approval before proceeding.
- Run tests or tooling inside containers whenever possible.
- If a command must run outside containers, only use existing folders (no new host-wide installs).
- Always check container logs after making changes, to spot errors.
- Never use
npm install; always usenpm ci --ignore-scripts, pin versions in package.json/package-lock.json, and avoid running scripts on install (supply chain risk).