moritz
/
haumdaucher_de
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
haumdaucher_de/user_creation/AGENTS.md

23 lines
2.0 KiB
Markdown
Raw Blame History

# AGENTS.md
This document provides context for AI agents operating on the `user_creation` infrastructure.
## Architecture & Tooling
- This directory contains a standalone Google Apps Script project managed via `@google/clasp`.
- Do NOT use TypeScript. We use vanilla `.js` (`src/Code.js`) to bypass local transpilation complexity.
- **Authentication**: We use `ScriptApp.getOAuthToken()` directly to authenticate against the Google Identity Toolkit REST API. **DO NOT** implement Web API Keys or Service Accounts in the code. The script relies on its link to the underlying GCP project to inherit the trigger owner's permissions.
## Rules & Safeguards (CRITICAL)
1. **Never physically delete users.**
- The declarative logic must use Soft Deletes. If an email is removed from the Google Sheet, the script must issue an API update to set `disableUser: true` in Firebase. This preserves historical records and prevents data corruption.
2. **Respect `DRY_RUN`.**
- When `CONFIG.DRY_RUN` is true, the script must only evaluate state and log its intended API calls. It must completely bypass any `UrlFetchApp.fetch` calls that mutate Firebase state.
3. **Trigger Handling (`setup`).**
- The script uses dual triggers (`onFormSubmit` and `onChange`). Ensure both are cleared and re-created whenever `setup()` is called.
- `clasp push` does not update triggers. Always instruct the human user to run `setup()` manually in the IDE after a push.
4. **Conditional Email Logging.**
- Only dispatch the admin summary email (to `CONFIG.ADMIN_EMAIL`) if a mutation occurred. If the target state and current state are perfectly synchronized, exit silently to prevent inbox pollution.
## Implementation Details
- **Email/Password Strategy**: The user requested that we do NOT send out official welcome/password reset emails during the initial implementation to avoid spamming end users. We will generate a highly secure random password locally during the `accounts:signUp` request. The admin will manually trigger password resets later when they are ready.
Reference in New Issue View Git Blame Copy Permalink