docs(skill): clarify user-owned instance setup responsibilities
All checks were successful
python-syntax / syntax-check (push) Successful in 4s
All checks were successful
python-syntax / syntax-check (push) Successful in 4s
This commit is contained in:
1
TODO.md
1
TODO.md
@@ -25,3 +25,4 @@
|
|||||||
- [x] Require configured exec secret + per-request exec secret header
|
- [x] Require configured exec secret + per-request exec secret header
|
||||||
- [x] Upgrade skill with verify-before-click rules, confidence thresholds, two-phase risky actions, and Spotify playbook
|
- [x] Upgrade skill with verify-before-click rules, confidence thresholds, two-phase risky actions, and Spotify playbook
|
||||||
- [x] Add top-level skill section for instance setup + mini API docs
|
- [x] Add top-level skill section for instance setup + mini API docs
|
||||||
|
- [x] Clarify user-owned setup responsibilities vs agent responsibilities in skill docs
|
||||||
|
|||||||
@@ -7,19 +7,28 @@ description: Control a local computer through the Clickthrough HTTP server using
|
|||||||
|
|
||||||
Use a strict observe-decide-act-verify loop.
|
Use a strict observe-decide-act-verify loop.
|
||||||
|
|
||||||
## Getting a computer instance (quick setup)
|
## Getting a computer instance (user-owned setup)
|
||||||
|
|
||||||
1. Start Clickthrough on the target computer (default: `127.0.0.1:8123`).
|
The **user/operator** is responsible for provisioning and exposing the target machine.
|
||||||
2. Expose it to the agent host (LAN/Tailscale/reverse proxy) and note the base URL.
|
The agent should not assume it can self-install this stack.
|
||||||
3. Set auth on the target machine:
|
|
||||||
|
### What the user must do
|
||||||
|
|
||||||
|
1. Install dependencies and run Clickthrough on the target computer (default bind: `127.0.0.1:8123`).
|
||||||
|
2. Expose access path to the agent (LAN/Tailscale/reverse proxy) and provide the base URL.
|
||||||
|
3. Configure secrets on target machine:
|
||||||
- `CLICKTHROUGH_TOKEN` for general API auth
|
- `CLICKTHROUGH_TOKEN` for general API auth
|
||||||
- `CLICKTHROUGH_EXEC_SECRET` for `/exec` calls
|
- `CLICKTHROUGH_EXEC_SECRET` for `/exec` calls
|
||||||
4. Verify connectivity from the agent side:
|
4. Share connection details with the agent through a secure channel:
|
||||||
- `GET /health` with `x-clickthrough-token` header
|
|
||||||
5. Store connection details for reuse:
|
|
||||||
- `base_url`
|
- `base_url`
|
||||||
- `x-clickthrough-token`
|
- `x-clickthrough-token`
|
||||||
- `x-clickthrough-exec-secret` (only when using `/exec`)
|
- `x-clickthrough-exec-secret` (only when `/exec` is needed)
|
||||||
|
|
||||||
|
### What the agent should do
|
||||||
|
|
||||||
|
1. Validate connection with `GET /health` using provided headers.
|
||||||
|
2. Refuse `/exec` attempts when exec secret is missing/invalid.
|
||||||
|
3. Ask user for missing setup inputs instead of guessing infrastructure.
|
||||||
|
|
||||||
## Mini API map
|
## Mini API map
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user