Reword README

README.md

@@ -6,41 +6,37 @@ sloptrap runs the OpenAI Codex CLI inside a container with a predictable and loc
 
 - Podman ≥ 4 (sloptrap refuses to run without it unless you explicitly override `SLOPTRAP_CONTAINER_ENGINE`).
 - GNU `bash`, `curl`, `tar`, `sha256sum`, `realpath` (from GNU coreutils), and `jq` on the host.
-- Network access to `https://github.com/openai/codex/releases/` for fetching the Codex binary.
-- Enough local disk space to build the container image and cache Codex under `${HOME}/.codex`.
 
-> Tip: set `SLOPTRAP_CONTAINER_ENGINE=<engine>` if you need to override the default Podman requirement (for example, when running inside a CI wrapper that only exposes Docker).
+> Tip: set `SLOPTRAP_CONTAINER_ENGINE=<engine>` if you need to override the default Podman requirement.
 
 ## Quick Start
 
 1. Place `sloptrap` somewhere on your PATH/shared drive (the helper Dockerfile and Codex binary are bundled and downloaded automatically).
 2. (Optional) Create a project-specific manifest and ignore file:
    ```bash
-   cat > your-project/.sloptrap <<'EOF'
-   name=your-project
+   cat > path/to/project/.sloptrap <<'EOF'
+   name=path/to/project
    default_targets=run
    packages_extra=make
    codex_args=--sandbox workspace-write 
    EOF
 
-   cat > your-project/.sloptrapignore <<'EOF'
+   cat > path/to/project/.sloptrapignore <<'EOF'
    .git/
    secrets/
    EOF
    ```
-3. Run `./sloptrap your-project`. On the first invocation sloptrap:
-   - builds `your-project-sloptrap-image` if missing,
+3. Run `./sloptrap path/to/project`. On the first invocation sloptrap:
+   - builds `path/to/project-sloptrap-image` if missing,
    - verifies the Codex binary hash,
    - creates `${HOME}/.codex` and runs `login` if credentials are absent.
-4. Subsequent calls reuse the image; use `--dry-run` first to inspect the container command that would be executed.
-5. Run `make regress` from the repo root to execute the regression suite (ShellCheck plus adversarial harness) before committing changes.
 
-Use `./sloptrap your-project shell` to enter a troubleshooting shell inside the container or `./sloptrap your-project clean` to remove cached images and state.
+> Use `./sloptrap path/to/project shell` to enter a troubleshooting shell inside the container or `./sloptrap path/to/project clean` to remove cached images and state.
 
 ## How It Works
 
 - The project directory mounts at `/workspace`, and `${HOME}/.codex` mounts at `/codex`.
-- `.sloptrapignore` entries (if present) are overlaid by tmpfs (for directories) or empty bind mounts (for files) so Codex cannot read the masked content. Paths are normalised and must remain inside the project tree; attempting to mask parent directories or symlink escapes fails fast.
+- `.sloptrapignore` entries (if present in your project) are overlaid by tmpfs (for directories) or empty bind mounts (for files) so Codex cannot read the masked content.
 - sloptrap launches containers on an isolated network (`bridge` on Docker, `slirp4netns` on Podman) with `--cap-drop=ALL`, `--security-opt no-new-privileges`, a read-only root filesystem, and tmpfs-backed `/tmp`, `/run`, and `/run/lock`. Projects that explicitly set `allow_host_network=true` in their manifest opt into `--network host`.
 - The helper Dockerfile is embedded inside `sloptrap`; set `SLOPTRAP_DOCKERFILE_PATH=/path/to/custom/Dockerfile` if you need to supply your own recipe. The default image installs `curl`, `bash`, `ca-certificates`, `libstdc++6`, `git`, `ripgrep`, `xxd`, and `file`, so most debugging helpers are already available without adding `packages_extra`.
 - The container user matches the host UID/GID (`--userns=keep-id` on Podman or `--user UID:GID` on Docker).
@@ -120,7 +116,7 @@ The launcher executes targets sequentially, so `./sloptrap repo build run` perfo
 
 ## Execution Environment
 
-- Container engine: Podman or Docker with identical command lines. Podman uses `--userns=keep-id`; Docker receives the equivalent `--user UID:GID`.
+- Container engine: Podman or podman with identical command lines. Podman uses `--userns=keep-id`; Docker receives the equivalent `--user UID:GID`.
 - Filesystem view: the project directory mounts at `/workspace`; `${HOME}/.codex` mounts at `/codex`.
 - Ignore filter: `.sloptrapignore` entries are overlaid with tmpfs directories or empty bind mounts so data remains unavailable to Codex.
 - Network: the container always runs with `--network host`. sloptrap does not filter or proxy outbound traffic.