diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..6d73cb7
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,52 @@
+# AGENTS.md
+
+> [!NOTE]
+> **Infrapuzzle** is the monorepo for my personal infrastructure, encompassing Kubernetes cluster provisioning, workload deployment, DNS management, and IoT monitoring.
+
+## Repository Structure & Documentation
+This repository is divided into distinct domains, each with its own `AGENTS.md` or specialized documentation.
+
+### 1. [Bootstrap](./bootstrap/AGENTS.md) (`bootstrap/`)
+*   **Purpose**: Provisioning the single-node Kubernetes cluster (Haumdaucher).
+*   **Tool**: Kubespray (Ansible).
+*   **Key File**: `init.sh` (Source of Truth for versioning).
+*   **Read**: [bootstrap/AGENTS.md](./bootstrap/AGENTS.md)
+
+### 2. [Kubernetes Workloads](./k8s/AGENTS.md) (`k8s/`)
+*   **Purpose**: Deploying applications and services to the cluster.
+*   **Method**: GitOps-style directory structure (Namespace = Folder).
+*   **Constraints**: Enforces `ingress-nginx`, `cert-manager` (Let's Encrypt), and `git-crypt` for secrets.
+*   **Read**: [k8s/AGENTS.md](./k8s/AGENTS.md)
+
+### 3. Terraform (`terraform/`)
+*   **Purpose**: Infrastructure as Code for external resources, primarily **DNS**.
+*   **Provider**: OVH (`ovh/ovh`).
+*   **Scope**:
+    *   **DNS Zones**: `haumdaucher.de`, `moritzgraf.de`, `ameliegraf.de`, and others.
+    *   **Mail Config**: Google Workspace MX/SPF/DKIM records.
+    *   **Cluster IP**: Points domains to the Haumdaucher node IP (`136.243.23.215`).
+*   **Usage**:
+    ```bash
+    cd terraform
+    terraform init
+    terraform apply
+    ```
+
+### 4. Monitoring (`monitoring/`)
+*   **Purpose**: IoT and physical device monitoring, separate from K8s metrics.
+*   **Tool**: [ESPHome](https://esphome.io).
+*   **Devices**: Temperature sensors, plant monitors (Xiaomi/BLE), ESP32 bridges.
+*   **Usage**:
+    ```bash
+    cd monitoring
+    # Flash or update a device
+    esphome run config/<device>.secret.yml
+    ```
+*   **Network**: Devices typically operate on static IPs in the `192.168.x.x` range.
+
+## Global Constraints
+*   **Secrets**: `git-crypt` is used extensively. Ensure you have the unlock key before editing `*.secret` files.
+*   **Identity**:
+    *   **Cluster**: `haumdaucher`
+    *   **Primary Domain**: `haumdaucher.de`
+    *   **User Identity**: `moritzgraf.de`