docs: add network architecture constraints to prevent agent bypass

CONSTRAINTS.md

@@ -1,4 +1,4 @@
-# ZeroLagHub – Frontend Constraints (ZLH Grind)
+# ZeroLagHub — Frontend Constraints (ZLH Grind)
 
 These constraints are **non-negotiable**.  
 They exist to prevent architectural drift, instability, and "demo-ware" UI patterns.
@@ -50,3 +50,59 @@ They exist to prevent architectural drift, instability, and "demo-ware" UI patte
 - No cookies are allowed for auth
 - Portal stores tokens client-side (sessionStorage)
 - APIv1 and Pterodactyl auth patterns are forbidden
+
+---
+
+## Network & Agent Architecture (CRITICAL)
+
+### Frontend Cannot Reach Agents
+
+**The Rule**
+- Frontend must never call agents directly
+- All agent access flows through API
+- Container IPs are internal-only (10.x network)
+- No CORS headers exist on agents
+
+**Why This Is Enforced**
+- Agents are not web services
+- They have no public network path
+- Direct calls would fail (no route)
+- API enforces auth, logging, rate limits
+
+**Correct Pattern**
+```
+Frontend → API → Agent
+```
+
+**Forbidden Pattern**
+```
+Frontend → Agent (FAILS)
+```
+
+### Common Violations
+
+**Adding CORS to Agents**
+- Never add CORS headers to agents
+- Agents are not HTTP APIs
+- This breaks security model
+
+**Exposing Agent Ports**
+- Do not proxy agent ports through Caddy
+- Do not expose container IPs
+- API is the only gateway
+
+**Frontend Shortcuts**
+- No direct WebSocket to agent
+- No fetch() to container IPs
+- No "quick fixes" that bypass API
+
+---
+
+## Enforcement
+
+If a change violates these constraints:
+- The change must be reverted
+- The documentation takes precedence
+- AI tools must be corrected
+
+These constraints override convenience.