Skip to main content
Defining actions by hand works, but most teams have dozens of API endpoints worth wiring up. These three methods let you go from “I have an API” to “I have a draft action registry” without writing each definition manually. The codebase method is fastest and most accurate — pick it when you have repo access. The browser extension has the lowest friction and works without code access — pick it when you can’t grant repo access or want to start with the endpoints your team actually hits. Running locally is a fallback that works with any setup — copy a prompt, run it yourself, paste the results back.

Codebase

Scans your API routes via GitHub App.

Browser extension

Watches live API calls as you use your product.

Run locally

Copy a prompt, run it yourself, paste the results back.

After discovery

Discovered actions land in your registry as candidates. They’re listed but not enabled — the AI can’t call them yet. For each candidate you:
  1. Review the endpoint and inferred schema. Confirm the method, path, and input fields are right.
  2. Edit the description. The AI relies on this for intent matching, so make it specific to what the action does.
  3. Set the governance policy. Automatic for reads, Confirm required for writes (see Policies).
  4. Scope to roles if needed. Restrict the action to specific user roles via identifiers.role.
  5. Enable.
Discovery is a starting point, not an auto-publish. The AI only has access to enabled actions, and you control which ones get enabled.

How we handle your code

For the codebase method, your source code is processed under strict guarantees:
RiskMitigation
Persistent code storageEphemeral, encrypted disks only. Destroyed on session end.
Cross-tenant accessOne isolated ECS task per session, no shared storage
External container accessPrivate subnets, no public IPs
Token misuseScoped, short-lived GitHub App tokens
Accidental loggingFile contents redacted from all logs
The browser extension path avoids all of this. It only observes API endpoint patterns from calls your browser is already making. No bodies, no credentials, no code access.