Defining actions by hand works, but most teams have dozens of API endpoints worth wiring up. These three methods let you go from “I have an API” to “I have a draft action registry” without writing each definition manually. The codebase method is fastest and most accurate — pick it when you have repo access. The browser extension has the lowest friction and works without code access — pick it when you can’t grant repo access or want to start with the endpoints your team actually hits. Running locally is a fallback that works with any setup — copy a prompt, run it yourself, paste the results back.Documentation Index
Fetch the complete documentation index at: https://agents.candu.ai/llms.txt
Use this file to discover all available pages before exploring further.
Codebase
Scans your API routes via GitHub App.
Browser extension
Watches live API calls as you use your product.
Run locally
Copy a prompt, run it yourself, paste the results back.
After discovery
Discovered actions land in your registry as candidates. They’re listed but not enabled — the AI can’t call them yet. For each candidate you:- Review the endpoint and inferred schema. Confirm the method, path, and input fields are right.
- Edit the description. The AI relies on this for intent matching, so make it specific to what the action does.
- Set the governance policy.
Automaticfor reads,Confirm requiredfor writes (see Policies). - Scope to roles if needed. Restrict the action to specific user roles via
identifiers.role. - Enable.
How we handle your code
For the codebase method, your source code is processed under strict guarantees:| Risk | Mitigation |
|---|---|
| Persistent code storage | Ephemeral, encrypted disks only. Destroyed on session end. |
| Cross-tenant access | One isolated ECS task per session, no shared storage |
| External container access | Private subnets, no public IPs |
| Token misuse | Scoped, short-lived GitHub App tokens |
| Accidental logging | File contents redacted from all logs |