moritz
/
haumdaucher_de
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
haumdaucher_de/user_creation/AGENTS.md

2.2 KiB
Raw Permalink Blame History

AGENTS.md

This document provides context for AI agents operating on the user_creation infrastructure.

Architecture & Tooling

  • This directory contains a standalone Google Apps Script project managed via @google/clasp.
  • Do NOT use TypeScript. We use vanilla .js (src/Code.js) to bypass local transpilation complexity.
  • Authentication: We use ScriptApp.getOAuthToken() directly to authenticate against the Google Identity Toolkit REST API. DO NOT implement Web API Keys or Service Accounts in the code. The script relies on its link to the underlying GCP project to inherit the trigger owner's permissions.

Rules & Safeguards (CRITICAL)

  1. Never physically delete users.
    • The declarative logic must use Soft Deletes. If an email is removed from the Google Sheet, the script must issue an API update to set disableUser: true in Firebase. This preserves historical records and prevents data corruption.
  2. Respect DRY_RUN.
    • When CONFIG.DRY_RUN is true, the script must only evaluate state and log its intended API calls. It must completely bypass any UrlFetchApp.fetch calls that mutate Firebase state.
  3. Trigger Handling (setup).
    • The script uses dual triggers (onFormSubmit and onChange). Ensure both are cleared and re-created whenever setup() is called.
    • clasp push does not update triggers. Always instruct the human user to run setup() manually in the IDE after a push.
  4. Conditional Email Logging.
    • Only dispatch the admin summary email (to CONFIG.ADMIN_EMAIL) if a mutation occurred. If the target state and current state are perfectly synchronized, exit silently to prevent inbox pollution.

Implementation Details

  • Email/Password Strategy: We generate a highly secure random password locally during the accounts creation request. CONFIG.SEND_EMAIL_ON_CREATION controls whether password reset emails are sent automatically.
  • Custom Action URL: The Firebase Password Reset templates have been modified via the Console to point to the Vue.js app (https://haumdaucher.de/). The frontend App.vue intercepts ?mode=resetPassword and displays PasswordReset.vue. Do NOT change this logic without considering the UI impact.