# AI agent install packet

> Copyable prompt and acceptance criteria for coding agents installing AnswerLattice.

## Configure AnswerLattice first

- Create or copy the al_* widget key in the dashboard.
- Save allowed production and staging origins in the dashboard.
- Save blocked routes in the dashboard.
- Then copy the dashboard-generated packet so the agent receives the current setup.

## Copy this prompt

```
You are integrating AnswerLattice into this product.

Goal:
Install the AnswerLattice v1 support widget, pass safe page context, respect AnswerLattice dashboard route rules, and prove the installation works.

Use these AnswerLattice values:
- Widget key: {{ANSWERLATTICE_WIDGET_KEY}}
- Dashboard-saved allowed origins, for verification only:
- (none saved yet)
- Dashboard-saved blocked routes:
- (none saved yet)
- Framework: {{FRAMEWORK}}
- Router: {{ROUTER}}
- Support entry points:
- global widget
- help button
- sidebar
- settings page

Canonical install contract:
- Contract version: answerlattice-widget-v1
- Script URL: https://answerlattice.com/widget/v1/answerlattice-widget.js
- Browser global: window.AnswerlatticeWidget
- Context methods:
  - window.AnswerlatticeWidget.setContext(context)
  - window.AnswerlatticeWidget.page(context)

Implementation rules:
1. Find the app root, global layout, document shell, or main client entry point.
2. Install the AnswerLattice script exactly once.
3. Prefer an environment variable for the widget key when the framework supports it.
4. Do not install the widget separately on each page.
5. Do not expose tenantId, storeId, internal user IDs, emails, billing data, tokens, cookies, secrets, or private account metadata.
6. Pass only safe page context: path, title, feature, workflow, role, and locale.
7. Update AnswerLattice context after client-side route changes.
8. Do not create app settings for allowed origins or blocked routes. AnswerLattice dashboard owns those values.
9. If this repository has a central third-party-script guard, use the dashboard-saved blocked routes above to avoid mounting AnswerLattice on sensitive screens.
10. Also avoid routes containing token, invite, reset-password, payment, secret, api-key, or webhook setup screens.
11. Add a short code comment explaining that this is the AnswerLattice v1 widget contract.
12. Run lint, typecheck, and build commands available in the repository.
13. Report changed files, where the script was installed, how route context updates, test commands run, and assumptions.

Acceptance criteria:
- The app builds.
- The AnswerLattice script is loaded once.
- The widget key is not hardcoded when env vars are available.
- Dashboard-owned allowed origins and blocked routes are not duplicated as product settings.
- The widget is absent on blocked routes when a local route guard is present; otherwise AnswerLattice dashboard route rules control runtime visibility.
- Safe page context updates on route changes.
- No forbidden identifiers or secrets are sent to AnswerLattice.
- The browser console has no AnswerLattice integration errors.
```

## Public API note

The public API may be account-gated. For most clients, install the AnswerLattice widget first.