docs: add AGENTS.md and modular documentation structure

Add AGENTS.md as a project guide with links to focused docs/ files:
build.md, release.md, testing.md, code-conventions.md, ci.md,
yaml-generation.md, and contributing.md.
Merged getting-started.md and onboarding-new-task.md into the new files
to eliminate duplication.

Code was assisted by Cursor AI.

Signed-off-by: Karel Simon <ksimon@redhat.com>

Author: ksimon1

.cursorrules

@@ -0,0 +1,21 @@
+# Cursor AI Instructions
+
+This project uses `AGENTS.md` for general AI agent guidelines that apply to all AI assistants.
+
+**CRITICAL**: Before starting any work, you MUST:
+1. Read docs/ai-workflow.md - Required 2-step process: planning → approval → implementation
+2. Read AGENTS.md for project structure and guidelines
+
+## Quick Reference
+
+All project documentation is available in the `docs/` directory:
+- AI Workflow Rules: docs/ai-workflow.md - **REQUIRED: 2-step planning process**
+- Build & Dependencies: docs/build.md
+- YAML Generation: docs/yaml-generation.md - **NEVER hand-edit `release/` files**
+- Code Conventions: docs/code-conventions.md
+- Testing: docs/testing.md
+- CI / GitHub Actions: docs/ci.md
+- Release: docs/release.md
+- Contributing: docs/contributing.md
+
+See AGENTS.md for the complete project guide.

.env.example

@@ -0,0 +1,11 @@
+# Jira MCP Server Credentials
+# Copy this file to .env.jira and fill in your credentials
+
+# Your Atlassian site name (e.g., "redhat" for redhat.atlassian.net)
+ATLASSIAN_SITE_NAME="redhat"
+
+# Your Atlassian account email
+ATLASSIAN_USER_EMAIL="your.email@redhat.com"
+
+# API token from https://id.atlassian.com/manage-profile/security/api-tokens
+ATLASSIAN_API_TOKEN="your-api-token-here"

.gitignore

@@ -3,3 +3,6 @@
 ah
 /manifests/
 /test/test.test
+.env*
+!.env.example
+.mcp.json

AGENTS.md

@@ -0,0 +1,79 @@
+# KubeVirt Tekton Tasks - Project Guide
+
+KubeVirt-specific Tekton tasks for CI/CD pipelines on Kubernetes. Provides tasks for creating/managing VMs, executing commands over SSH, manipulating disk images with libguestfs, and uploading disk images to container registries.
+
+**IMPORTANT for AI Agents**: See [AI Workflow Rules](docs/ai-workflow.md) for the required 2-step planning and approval process before modifying any code.
+
+## Documentation
+
+| Document | Description |
+|----------|-------------|
+| [AI Workflow Rules](docs/ai-workflow.md) | **Required 2-step process for AI agents** (planning → approval → implementation) |
+| [Build & Dependencies](docs/build.md) | Build system, Go/container toolchain, supported environments |
+| [YAML Generation](docs/yaml-generation.md) | Ansible-driven task YAML generation pipeline (**never hand-edit `release/`**) |
+| [Code Conventions](docs/code-conventions.md) | Go module structure, testing patterns, error handling, formatting |
+| [Testing](docs/testing.md) | Unit tests, E2E tests, `DEV_MODE` for local images |
+| [CI / GitHub Actions](docs/ci.md) | Workflow descriptions, Dependabot, Renovate |
+| [Release](docs/release.md) | Release process, version bumping, artifacts |
+| [Contributing](docs/contributing.md) | PR requirements, code quality workflow, adding new tasks |
+| [Tasks RBAC Permissions](docs/tasks-rbac-permissions.md) | ServiceAccount, ClusterRole, RoleBinding setup |
+
+## Project Structure
+
+```
+cmd/                        # One main.go per compiled task binary
+  create-vm/
+  execute-in-vm/
+  generate-ssh-keys/
+  modify-data-object/
+  wait-for-vmi-status/
+  disk-uploader/
+  disk-virt-customize/
+  disk-virt-sysprep/
+modules/                    # Go libraries and per-task packages + tests
+  shared/pkg/...            # Shared utilities (env, log, output, zconstants, zerrors, zutils)
+  sharedtest/...            # Shared test helpers
+  <task>/pkg/...            # Per-task logic
+  disk-virt/                # Shared by disk-virt-customize and disk-virt-sysprep
+build/                      # Containerfiles and entrypoint scripts
+  Containerfile             # Multi-stage: CentOS Stream 10 builder + runtime
+  Containerfile.DiskVirt    # Builds disk-virt tasks on libguestfs-tools base
+configs/                    # Per-task Ansible variable files
+templates/                  # Ansible-driven Tekton task YAML generation
+  <task>/manifests/         # Generated task manifests
+  <task>/generate-task.yaml # Ansible playbook for YAML generation
+templates-pipelines/        # Pipeline YAML generation (Windows pipelines)
+release/                    # Published task and pipeline YAML artifacts
+  tasks/<task>/
+  pipelines/<pipeline>/
+scripts/                    # Shell automation for build, test, lint, deploy
+  makefile-snippets/        # Included makefile fragments
+test/                       # Ginkgo E2E integration tests and framework
+automation/                 # E2E orchestration, resource deployment, CI helpers
+vendor/                     # Vendored Go modules (GOFLAGS=-mod=vendor)
+docs/                       # Developer and user documentation
+```
+
+### Key relationships
+
+- `cleanup-vm` is generated from `execute-in-vm` templates (with `is_cleanup: true`), not a separate binary.
+- `modify-windows-iso-file` exists as templates and release YAML only (no `cmd/` entry).
+- `disk-virt-customize` and `disk-virt-sysprep` share `modules/disk-virt/`.
+
+## Common Commands
+
+| Command | Description |
+|---------|-------------|
+| `make clean` | Clean build artifacts |
+| `make generate-yaml-tasks` | Generate task YAML from templates |
+| `make generate-pipelines` | Generate pipeline YAML |
+| `make test` | Run unit tests |
+| `make lint` / `make lint-fix` | Check / fix formatting |
+| `make test-yaml-consistency` | Verify YAML consistency |
+| `make cluster-sync` | Build, push, deploy to cluster |
+| `make cluster-test` | Run E2E tests on cluster |
+| `make cluster-clean` | Clean cluster resources |
+| `make e2e-tests` | Full E2E: deploy + test |
+| `make vendor` | Vendor Go dependencies |
+| `make release` | Full release pipeline |
+| `make deploy` / `make undeploy` | Deploy/remove tasks |

CLAUDE.md

@@ -0,0 +1,21 @@
+# Claude Code Instructions
+
+This project uses `AGENTS.md` for general AI agent guidelines that apply to all AI assistants.
+
+**CRITICAL**: Before starting any work, you MUST:
+1. Read [AI Workflow Rules](docs/ai-workflow.md) - Required 2-step process: planning → approval → implementation
+2. Read [AGENTS.md](AGENTS.md) for project structure and guidelines
+
+## Quick Reference
+
+All project documentation is available in the `docs/` directory:
+- [AI Workflow Rules](docs/ai-workflow.md) - **REQUIRED: 2-step planning process**
+- [Build & Dependencies](docs/build.md)
+- [YAML Generation](docs/yaml-generation.md) - **NEVER hand-edit `release/` files**
+- [Code Conventions](docs/code-conventions.md)
+- [Testing](docs/testing.md)
+- [CI / GitHub Actions](docs/ci.md)
+- [Release](docs/release.md)
+- [Contributing](docs/contributing.md)
+
+See [AGENTS.md](AGENTS.md) for the complete project guide.

CONTRIBUTING.md

@@ -31,8 +31,7 @@ Any help is highly appreciated.
 relevant flows should be covered via unit tests and functional tests. So when
 thinking about a contribution, also think about testability. All tests can be
 run local without the need of CI. Have a look at the
-[Testing](docs/getting-started.md#testing)
-section in the [Developer Guide](docs/getting-started.md).
+[Testing](docs/testing.md) documentation.
 
 ### Contributor compliance with Developer Certificate Of Origin (DCO)
 We require every contributor to certify that they are legally permitted to contribute to our project. A contributor expresses this by consciously signing their commits, and by this act expressing that they comply with the Developer Certificate Of Origin
@@ -47,5 +46,5 @@ This can be done by adding --signoff to your git command line.
 Before your PR can be merged it must meet the following criteria:
 
 - README.md has been updated if new task is added or functionality of existing tasks is affected.
-- [Onboarding a New Task](docs/onboarding-new-task.md) has been taken into account when introducing a new task
+- [Adding a New Task](docs/contributing.md#adding-a-new-task) process has been followed when introducing a new task
 - Functionality must be fully tested.

README.md

@@ -100,4 +100,5 @@ Then, a VM is created from such image.
 
 ## Development Guide
 
-See [Getting Started](docs/getting-started.md) for the environment setup and development workflow.
+- See [AGENTS.md](AGENTS.md) for project structure, documentation index, and common commands
+- See [Getting Started](docs/getting-started.md) for environment setup and development workflow

docs/ai-workflow.md

@@ -0,0 +1,126 @@
+# AI Agent Workflow Rules
+
+Whenever you are given a task to modify, refactor, or create code, you MUST strictly follow this 2-step process. Do not skip steps.
+
+## STEP 1: Planning and Documentation
+
+1. Before writing or modifying any project code, create or update a file named `change.md` in the root directory.
+2. In `change.md`, clearly outline:
+   - The goal of the task.
+   - The files that will be modified or created.
+   - A step-by-step technical plan of the exact changes you intend to make.
+3. **CRITICAL INSTRUCTION:** Once you have saved `change.md`, you must **STOP**. Do not write any code. Ask the user: *"I have outlined the plan in change.md. Please review it. Reply with 'APPROVED' to proceed, or let me know what needs to be changed."*
+4. Wait for the user's explicit approval.
+
+## STEP 2: Implementation
+
+1. ONLY after the user explicitly types "APPROVED" (or a clear affirmative), you may begin implementing the steps exactly as outlined in `change.md`.
+2. Do not deviate from the approved plan without asking for permission first.
+3. **Before completing implementation, follow the Review Checklist below**.
+
+### Review Checklist
+
+**IMPORTANT**: This checklist MUST be followed:
+- When implementing changes (after coding, before committing)
+- When performing standalone code reviews (when asked to review code without implementing)
+
+#### Documentation Review
+
+Check if changes require updates to `docs/` files:
+- New features, tasks, or commands
+- Modified behavior or configuration
+- New dependencies or build requirements
+- Changed workflows or processes
+- Update relevant documentation files before proceeding
+- If unsure whether docs need updating, ask the user
+
+#### Manifest Regeneration Review
+
+Check if changes require regenerating YAML manifests:
+- **NEVER hand-edit files in `release/`** (see [YAML Generation](yaml-generation.md))
+- Run `make generate-yaml-tasks` if changes affect:
+  - Files in `templates/` directory
+  - Files in `configs/` (Ansible variable files)
+  - Task parameters or behavior
+  - RBAC requirements in task definitions
+- Run `make generate-pipelines` if changes affect:
+  - Files in `templates-pipelines/` directory
+  - Pipeline definitions or structure
+- Run `make test-yaml-consistency` to verify YAML is in sync
+- Commit any regenerated YAML files along with code changes
+
+#### Code Quality Review
+
+Verify code meets project standards:
+- Run `make lint` to check code formatting and style
+- Fix any linter issues with `make lint-fix`
+- Ensure all linter checks pass before committing
+- Run `make test` to verify unit tests still pass
+- Address any test failures before proceeding
+
+### After Implementation
+
+Once implementation and the review checklist are complete, **ask the user** if they would like to proceed with committing and pushing the changes to GitHub (STEP 3). Do not automatically proceed to STEP 3 without user confirmation.
+
+## STEP 3: Git Workflow
+
+After successfully implementing the changes:
+
+1. **Create a new branch** with a descriptive name:
+   ```bash
+   git checkout -b feature/descriptive-name
+   # or
+   git checkout -b fix/issue-description
+   ```
+
+2. **Commit changes** following the commit message guidelines:
+   - **Format**: `type(scope): description`
+   - **Types**: `feat`, `fix`, `docs`, `test`, `build`, `refactor`
+   - **Subject line**: Imperative mood, max 72 chars, capitalized, no period
+   - **Body**: Wrap at 72 chars, explain what and why
+   - **DCO**: Always use `--signoff`
+
+   Example:
+   ```bash
+   git add <files>
+   git commit --signoff -m "feat(execute-in-vm): Add support for custom SSH timeout
+
+   Implements configurable SSH timeout parameter to handle slow VM boots.
+   Default timeout remains 5 minutes for backwards compatibility."
+   ```
+
+3. **Push to origin**:
+   ```bash
+   git push origin feature/descriptive-name
+   ```
+
+4. **Inform the user** that the branch has been pushed and provide the branch name for PR creation.
+
+## Why This Process?
+
+- **Prevents mistakes**: Plan is reviewed before implementation
+- **Saves time**: Avoids implementing wrong solutions
+- **Builds trust**: User has full visibility and control
+- **Improves quality**: Thoughtful planning leads to better code
+
+## Example Workflow
+
+```
+User: "Add a new Tekton task for disk snapshot"
+
+AI: [Creates change.md with detailed plan]
+AI: "I have outlined the plan in change.md. Please review it.
+     Reply with 'APPROVED' to proceed, or let me know what needs
+     to be changed."
+
+User: [Reviews change.md, suggests modifications]
+
+AI: [Updates change.md based on feedback]
+
+User: "APPROVED"
+
+AI: [Implements the plan step by step]
+AI: [Creates branch, commits with DCO sign-off, pushes to origin]
+AI: "Changes have been pushed to branch 'feature/disk-snapshot-task'.
+     You can now create a PR on GitHub."
+```

docs/build.md

@@ -0,0 +1,48 @@
+# Build & Dependencies
+
+## Build system
+
+- Root build: `makefile` (lowercase), not `Makefile`.
+- **All Go builds use vendored deps**: `GOFLAGS=-mod=vendor`.
+- After any dependency change: **ALWAYS** run `make vendor` (runs `go mod tidy` + `go mod vendor`).
+- Go version: defined in `go.mod` (check the `go` directive). Pinned Kubernetes/OpenShift/CDI versions via `replace` directives in `go.mod`.
+- **Do NOT bump the Go version without confirmation.** Before upgrading, verify which Go version the midstream is using — the upstream version must stay compatible. On **release branches**, never bump the Go version as it would break midstream builds.
+
+## Build commands
+
+```bash
+# Generate task YAML from Ansible templates (only when templates change)
+make generate-yaml-tasks
+
+# Generate pipeline YAML
+make generate-pipelines
+
+# Build and push images to cluster registry, deploy tasks
+make cluster-sync
+
+# Sync a single task
+./scripts/cluster-sync.sh execute-in-vm
+
+# Build multi-arch release images (podman, linux/amd64+arm64+s390x)
+make build-release-images
+
+# Full release: generate YAML + build + push images
+make release
+```
+
+## Container images
+
+- Built with **Podman** (not Docker). Multi-arch: `linux/amd64`, `linux/arm64`, `linux/s390x`.
+- `build/Containerfile`: CentOS Stream 10 builder (Go 1.24.9) + runtime with xorriso, ssh, nbdkit, qemu-img.
+- `build/Containerfile.DiskVirt`: Builds disk-virt tasks on `quay.io/kubevirt/libguestfs-tools:v1.6.0`.
+- Images pushed to `quay.io/kubevirt/tekton-tasks` and `quay.io/kubevirt/tekton-tasks-disk-virt`.
+
+## Supported environments
+
+- **OKD** (OpenShift Kubernetes Distribution)
+- **OCP** (OpenShift Container Platform)
+
+## Troubleshooting
+
+- Build fails with module errors: run `make vendor` first.
+- Cluster sync issues: verify cluster registry is accessible and permissions are set.

docs/ci.md

@@ -0,0 +1,12 @@
+# CI / GitHub Actions
+
+## Workflows
+
+- **`test-yaml-consistency.yaml`**: PRs to `main` - runs `scripts/test-yaml-consistency.sh`.
+- **`validate-no-offensive-lang.yml`**: PRs to `main` - language validation.
+- **`release.yaml`**: On release published - builds multi-arch images, pushes to Quay, uploads manifest asset.
+
+## Dependency management
+
+- **Dependabot**: Watches Go modules and GitHub Actions (ignores Ginkgo/Gomega).
+- **Renovate**: Vulnerability/OSV alerts enabled; ignores `vendor/`.