added codex structure

.codex/profiles/ansible.md

@@ -0,0 +1,40 @@
+# Ansible profile
+
+Enable this profile for repositories containing Ansible playbooks, roles, inventories, or automation scripts.
+
+## Rules
+
+Codex MUST:
+
+- prefer idempotent tasks;
+- use Ansible builtin modules instead of `shell` or `command` when possible;
+- use `service_facts` when checking service availability or service state;
+- use `become` explicitly when privilege escalation is needed;
+- avoid `ignore_errors` unless explicitly justified;
+- avoid `changed_when: false` unless semantically correct;
+- avoid storing secrets in plain YAML;
+- keep roles and tasks modular;
+- write comments in English;
+- preserve compatibility requirements stated in the repository.
+
+## Validation examples
+
+Use Docker-based validation commands configured for the project, for example:
+
+```bash
+docker compose run --rm ansible ansible-playbook --syntax-check playbook.yml
+```
+
+```bash
+docker compose run --rm ansible ansible-lint
+```
+
+## Shell and command usage
+
+`shell` and `command` are allowed only when there is no suitable module or when interacting with legacy tools.
+
+When using `shell` or `command`, Codex SHOULD:
+
+- make the task idempotent;
+- define `changed_when` and `failed_when` where needed;
+- explain why a module is not used.

.codex/profiles/docker.md

@@ -0,0 +1,40 @@
+# Docker profile
+
+Enable this profile for repositories containing Dockerfiles, Compose files, container entrypoints, reverse proxy configuration, or containerized deployment logic.
+
+## Rules
+
+Codex MUST:
+
+- avoid `latest` tags;
+- prefer pinned or explicit versions;
+- keep images small and reproducible;
+- avoid privileged containers unless explicitly justified in an ADR;
+- avoid unnecessary published ports;
+- use least-privilege users where practical;
+- avoid storing secrets in images or Compose files;
+- use healthchecks when useful and practical;
+- document exposed ports, volumes, networks, and runtime assumptions;
+- keep entrypoints simple and explicit.
+
+## Project mode behavior
+
+If `.codex/project.md` sets `project_mode: work`, Codex SHOULD prefer Red Hat UBI minimal images when possible and reasonable.
+
+If `.codex/project.md` sets `project_mode: personal`, Codex may use the most appropriate base image for the project, but it MUST still avoid `latest` tags and unsafe defaults.
+
+## Validation examples
+
+Use project-specific Docker-based commands, for example:
+
+```bash
+docker compose config
+```
+
+```bash
+docker compose build
+```
+
+```bash
+docker compose run --rm app pytest
+```

.codex/profiles/python.md

@@ -0,0 +1,42 @@
+# Python profile
+
+Enable this profile for Python repositories.
+
+## Suggested standard
+
+Codex SHOULD prefer:
+
+- `pytest` for tests;
+- `ruff` for linting and formatting checks;
+- type hints for public functions and non-trivial logic;
+- `pathlib` for filesystem paths where practical;
+- explicit error handling;
+- small, focused functions;
+- simple modules over unnecessary class hierarchies.
+
+## Rules
+
+Codex MUST:
+
+- keep dependencies minimal;
+- avoid broad `except` clauses unless justified;
+- avoid hidden side effects at import time;
+- separate business logic from CLI, web, or framework glue;
+- avoid global mutable state unless justified;
+- write tests for behavior, not implementation details;
+- run tests inside Docker containers.
+
+## Validation examples
+
+Use project-specific Docker-based commands, for example:
+
+```bash
+docker compose run --rm app ruff check .
+docker compose run --rm app pytest
+```
+
+If formatting is configured:
+
+```bash
+docker compose run --rm app ruff format --check .
+```