Last reviewed: 2026-07-15
Direct answer
Put CometAPI rules in the repository instruction file or memory location that the coding agent loads before it edits, tests, or calls an API. Keep the rule short: name the approved CometAPI docs pages to check, require <API_KEY_PLACEHOLDER> in examples, require source-backed endpoint verification, and require a small smoke-test log before a workflow depends on the gateway.
This works because coding agents do not all read the same files. Claude Code documentation describes persistent project instructions through CLAUDE.md files and memory behavior. The Codex AGENTS.md guidance exists for repository instruction files used by Codex-style workflows. A team that writes the CometAPI rule only in a wiki page, ticket comment, or one-off chat message should expect that rule to be missed during a later session. Put the rule where the tool is documented to look, then link out to the current CometAPI docs instead of freezing volatile request details inside long-lived instructions.
For adjacent patterns, see How to Write Repository Instructions for Coding Agents and Route Coding Agent Model Calls Without Endpoint Drift .
A useful workflow is:
- Setup assumptions: the repository has a committed instruction file for the agent, the operator has a local secret outside the repo, and the current CometAPI docs page is open before any example is copied.
- Happy-path request plan: copy the current request shape from the official CometAPI chat reference, replace any credential with
<API_KEY_PLACEHOLDER>in documentation, and run a minimal request in a disposable environment. - Error-path check: intentionally withhold or replace the local credential and confirm the workflow records a controlled authentication or request failure without printing a secret.
- Minimum assertions: the request uses the documented CometAPI area, no example includes a real key, the response is recorded only as a redacted status summary, and the instruction file tells the agent to re-check the docs before changing endpoint details.
- Pass/fail logging fields: date, operator, docs URL checked, request family, credential handling result, redaction result, pass/fail status, and follow-up owner.
- What not to assert: do not claim model availability, pricing, quotas, latency, billing behavior, or production readiness from a small smoke test.
Sanitized log record:
date: 2026-07-15
operator: <operator_name>
docs_url_checked: https://apidoc.cometapi.com/api/text/chat
request_family: chat_reference
credential_value_recorded: false
example_key_placeholder: <API_KEY_PLACEHOLDER>
redacted_status_summary: <status_only>
pass_fail: <pass|fail>
follow_up: <next_action>
Start with CometAPI when you need one gateway rule set for coding agent examples and review workflows.
Who this is for
This guide is for engineers who maintain coding-agent repositories and want API gateway rules to survive across sessions, worktrees, and review loops. It is especially useful when one repository supports multiple agents, because each tool may read a different instruction or memory file.
Use it when a team already has CometAPI examples, model-gateway tests, or agent-authored documentation, but the rules for credentials, source checks, and support escalation live in scattered places. The article is not a CometAPI endpoint tutorial and it is not a pricing guide. It is a placement and policy guide: where the gateway rules belong, what those rules should say, and how to test that an agent can follow them without turning a small check into a broad production claim.
It also helps teams that keep separate pages for secrets, model routing, and pull request handoffs. Those pages are useful, but a coding agent needs the short version before it starts work. Link the deeper pages from the instruction file; do not rely on the agent to discover them after it has already copied an example or changed a request shape.
Key takeaways
- Put gateway rules where the agent already looks for project instructions, not only in an external runbook.
- Keep the rule specific enough to test: approved docs links, credential placeholder policy, source-check requirement, and log fields.
- Separate stable policy from volatile API details. The instruction file can require verification, while the current endpoint path, request fields, and response fields should come from the linked docs at the time of use.
- Treat support and escalation links as reference points, not proof of account-specific behavior.
- Keep exact credentials out of examples, logs, pull request text, and shared instruction files.
- Prefer a small smoke-test record over broad claims. A minimal check can confirm the rule was followed; it cannot prove future cost, availability, or reliability.
A strong repository rule is concise. For example, it can say that coding agents must check the current CometAPI chat reference before writing request examples, must use <API_KEY_PLACEHOLDER> in any public or committed text, must avoid unsupported claims about model availability and billing, and must link the support page when escalation instructions are needed. That is enough for the agent to act safely without copying a full operations manual into the top-level instruction file.
Sources checked
Claude Code memory documentation - accessed 2026-07-15; purpose: verify project memory and instruction-file context for agent workflows.
OpenAI Codex AGENTS.md guidance - accessed 2026-07-15; purpose: verify repository instruction-file context for coding agents.
CometAPI help center - accessed 2026-07-15; purpose: verify support and escalation documentation areas.
CometAPI chat reference - accessed 2026-07-15; purpose: verify the current public reference page to consult before writing request examples.
Contract details to verify
| Area | What to verify | Source URL | Accessed | Safe candidate wording |
|---|---|---|---|---|
| Agent instruction placement | Which repository instruction or memory file the agent reads before work starts | https://code.claude.com/docs/en/memory | 2026-07-15 | “Place the rule in the instruction file or memory location your agent loads for this repository.” |
| Codex repository guidance | Whether AGENTS.md is the right place for Codex-specific repository rules | https://github.com/openai/codex/blob/main/docs/agents_md.md | 2026-07-15 | “For Codex workflows, keep repository rules in AGENTS.md or the documented equivalent.” |
| CometAPI request examples | Current request area, required fields, and safe example shape | https://apidoc.cometapi.com/api/text/chat | 2026-07-15 | “Copy request details from the current CometAPI reference instead of hard-coding them in memory.” |
| Support path | Current public support documentation location | https://apidoc.cometapi.com/support/help-center | 2026-07-15 | “Use the current support page for escalation instructions when a gateway check fails.” |
The table is deliberately conservative. It does not turn a docs page into a promise about account configuration, model inventory, billing behavior, latency, or uptime. It tells the operator which current public pages to consult and which wording remains safe when the article cannot inspect private account state.
Failure modes
- Evidence gap: the agent cannot inspect the failing log, source page, pull request, or local command output. The safe action is to stop and record the missing evidence instead of guessing.
- Scope drift: the agent edits files that are not connected to the observed failure. Keep the repair tied to the failing signal and leave unrelated cleanup for a separate task.
- Environment mismatch: the local check uses different versions, credentials, feature flags, or runtime settings than the hosted path. Record the mismatch before treating the result as proof.
- Unreviewed fallback: the agent changes models, endpoints, permissions, or retry behavior to make a run pass without preserving the review boundary. Treat access and provider failures as operational blockers, not topic failures.
- Weak handoff: the final note says the issue is fixed but omits the command, result, changed files, and remaining uncertainty. That makes the next operator repeat the investigation.
- Frozen endpoint text: the repository instruction file preserves an old request shape after the provider docs have changed. Keep exact request details in examples that are refreshed with docs checks, not in permanent memory rules.
- Secret leakage: a copied terminal command, fixture, or log line includes a real credential. The rule should require
<API_KEY_PLACEHOLDER>in shared text and should record only whether redaction passed.
The practical fix is to make the instruction file tell the agent how to verify details, not to make the instruction file pretend to be the API reference. A repository can also point readers to How to Write Secret-Free Examples for Coding Agent Tutorials when examples are part of the workflow.
Reader next step
Open the instruction or memory file your coding agent actually reads for this repository, then add a short CometAPI rule with four parts: the approved docs URLs, the <API_KEY_PLACEHOLDER> credential rule, a requirement to re-check request details before changing examples, and the pass/fail log fields shown above. After that, run one minimal local check with a disposable setup and record only the redacted result. If the check fails because credentials, account access, or support details are unavailable, keep the note narrow: record the missing input and do not broaden it into a claim about CometAPI behavior.
FAQ
Should the instruction file include exact CometAPI endpoint paths?
Only if they are copied from the current official docs during review. A safer default is to tell the agent which docs URL to check and what kinds of claims must stay source-backed.
Where should credentials appear in examples?
Use <API_KEY_PLACEHOLDER> in examples. Real credentials belong in local secret storage or environment configuration, not in repository instructions, logs, or article text.
Can a smoke test prove production readiness?
No. A smoke test can show that a minimal request path and redaction policy were checked. It should not make claims about price, quotas, latency, model availability, or billing behavior.
What belongs in the gateway rule?
Include approved docs links, credential handling rules, a requirement to verify request details before changes, and a short log template. Keep long operational procedures in a separate guide linked from the instruction file.
What if two coding agents read different files?
Put the shared rule in the common repository instruction file where possible, then bridge tool-specific files to it. For example, one agent may use AGENTS.md while another expects a different memory file. The important point is that each tool reads the same short policy before it can copy request examples or edit gateway-related code.