refactor: API-first positioning, Python client library, and tests

.github/workflows/docker-build.yml

@@ -7,6 +7,11 @@ on:
     branches: [ main ]
   release:
     types: [ published ]
+  schedule:
+    # Every 48 hours at midnight UTC
+    - cron: '0 0 */2 * *'
+  workflow_dispatch:
+    # Manual trigger
 
 env:
   REGISTRY: docker.io
@@ -61,7 +66,18 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
         cache-from: type=gha
         cache-to: type=gha,mode=max
-
+
+    - name: Scan image for vulnerabilities
+      if: github.event_name != 'pull_request'
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:docker-latest
+        format: 'table'
+        exit-code: '0'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+
     - name: Generate build summary
       run: |
         echo "## Docker Build Summary" >> $GITHUB_STEP_SUMMARY

Dockerfile

@@ -107,6 +107,47 @@ ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 RUN npm install playwright@1.53.0 -g
 RUN npx playwright@1.53.0 install
 
+# --- AI Coding Agents ---
+# Claude Code, Codex, Gemini (combined to reduce layers)
+RUN npm install -g @anthropic-ai/claude-code@1 @openai/codex && \
+    pip install --no-cache-dir google-generativeai
+
+# Cursor CLI - download and verify before executing
+RUN mkdir -p /tmp/cursor-install && \
+    curl -fsSL https://cursor.com/install -o /tmp/cursor-install/install.sh && \
+    bash /tmp/cursor-install/install.sh && \
+    rm -rf /tmp/cursor-install && \
+    ln -sf /root/.local/bin/agent /usr/local/bin/cursor
+
+# --- Cloud CLIs ---
+# AWS CLI v2
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip" && \
+    unzip -q awscliv2.zip && \
+    ./aws/install && \
+    rm -rf awscliv2.zip aws
+
+# Google Cloud CLI
+RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | \
+    tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
+    gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \
+    apt-get update && apt-get install -y google-cloud-cli && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# GitHub CLI (gh)
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | \
+    dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | \
+    tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
+    apt-get update && apt-get install -y gh && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Azure CLI (official package method)
+RUN curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft.gpg && \
+    echo "deb [arch=arm64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ bookworm main" > /etc/apt/sources.list.d/azure-cli.list && \
+    apt-get update && apt-get install -y azure-cli && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
 # Copy the entrypoint script into the image
 COPY entrypoint.sh /entrypoint.sh