space/clickthrough
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-05-20. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
f05e0c56e6c163527f8568c8e833d20829c62877
clickthrough/AGENTS.md
space f05e0c56e6
All checks were successful
python-syntax / syntax-check (push) Successful in 6s
Details
Add AGENTS playbook and prioritize automation backlog
2026-05-04 12:27:31 +02:00

2.2 KiB
Raw Blame History

AGENTS

Purpose

This file defines how agents and contributors should work in this repository. It is a codebase playbook, not a product roadmap.

Repository Map

  • server/app.py: FastAPI routes, auth checks, response envelope, exception handling.
  • server/services.py: screenshot/OCR/input/window/exec behavior and safety enforcement.
  • server/models.py: request schemas and validation rules.
  • server/config.py: environment loading and runtime settings.
  • tests/: unit and API contract tests (monkeypatched where host behavior is nondeterministic).
  • docs/API.md: public API request/response reference.
  • skill/SKILL.md: operational method for agent usage of the API.

Local Workflow

  • Install dependencies: pip install -r requirements.txt
  • Run server: python -m server.app
  • Run tests: pytest -q
  • Basic health check: GET /health with x-clickthrough-token when token auth is enabled.

Non-Negotiable Contracts

  • Keep the response envelope shape stable:
    • ok, request_id, time_ms, data, error
  • Preserve one-action-per-request semantics in /interact.
  • Keep coordinate behavior in global desktop coordinates unless an explicit versioned change is introduced.
  • All new request fields must be represented in server/models.py with explicit validation constraints.

Safety and Security Rules

  • Do not weaken x-clickthrough-token validation.
  • Do not weaken /exec secret validation (x-clickthrough-exec-secret).
  • Preserve dry_run behavior for non-destructive execution paths.
  • Preserve allowed-region enforcement for pointer-target actions.
  • Keep /exec constraints explicit:
    • shell allowlist
    • timeout limits
    • output truncation limits

Testing Expectations

  • Add tests for each new behavior in services/models/routes.
  • Cover success and failure paths, especially validation and ambiguity branches.
  • Prefer deterministic tests with monkeypatches over host/UI-dependent flakiness.
  • If API behavior changes, update tests in the same change.

Documentation Policy

  • When API behavior changes, update docs/API.md in the same change.
  • Keep examples aligned with current schema in docs/API.md and examples/quickstart.py.
  • Keep skill/SKILL.md aligned with current safe usage flow.
Reference in New Issue View Git Blame Copy Permalink