{"slug": "show-hn-reverse-engineering-web-apps-into-agent-tools", "title": "Show HN: Reverse-engineering web apps into agent tools", "summary": "A developer built a browser-based agent that reverse-engineers web apps' own APIs to automatically generate reusable tools for AI assistants, enabling deep integration without modifying source code. The agent creates 'recipes' from authenticated endpoints, handling authentication and schema extraction, and self-updates when APIs change. The project aims to simplify AI agent integration with complex, non-standard web applications.", "body_md": "Hey HN! We built a browser-based agent that runs inside an authenticated web app, watches how the app calls its own APIs, and automatically turns those into agent tools. You can think of it as an auto-generated MCP server that self-updates as the host app changes.\n\nThe result is a skilled AI assistant that actually integrates deeply with any product (not just chat and RAG) with minimal effort.\n\nCheck out these short demos below that show the agent in software you're probably familiar with:\n\n- Jira: [https://demo.frigade.com/hn?skill=jira](https://demo.frigade.com/hn?skill=jira)\n\n- Spotify: [https://demo.frigade.com/hn?skill=spotify](https://demo.frigade.com/hn?skill=spotify)\n\n- Hacker News (lol): [https://demo.frigade.com/hn?skill=hackernews](https://demo.frigade.com/hn?skill=hackernews)\n\n- Full Demo: [https://demo.frigade.com/hn?skill=full-demo](https://demo.frigade.com/hn?skill=full-demo)\n\nAs you can see in the examples, you can do way more (and faster) than what you normally would be able to via point and click. And we never even touched the source code of these products!\n\nWhy do this?\n\nIn an ideal world, every application has an MCP server or an easily-digestible API available for AI agents to feed from. In practice, we found that even very modern software tends to have a spider web of confusing APIs and services that AI agents simply cannot use out of the box. Security also becomes a huge issue as applications have different (often homebrewed) standards for how endpoints are secured (JWTs/cookies/mix of both). Finally, having an actual browser agent go in and use the application on behalf of the user (i.e. computer-use), is simply too brittle, slow, and burns a lot of tokens.\n\nWe took our existing browser agent that’s already trained to use and learn authenticated applications, and added an extra step that automatically turns the app’s authenticated APIs into \"recipes\". A recipe is a mix of the following:\n\n- API endpoint + method\n\n- Authentication method (and how to retrieve refresh auth tokens/cookies)\n\n- Response schema\n\n- Input schema (for POST/PUT)\n\n- Human readable description of what the tool does\n\nPutting it all together, these become reusable tools for LLMs, all without writing or maintaining any code. Even if the APIs change our agent figures this out and replaces the recipe for the tool with the updated version.\n\nAdding tools to an AI agent becomes super simple this way:\n\n- Our agent trains on the app and builds the recipes\n\n- The app owner enables discovered tools from our dashboard\n\n- The agent can now take actions on the user’s behalf directly inside the application. For instance, saying something like \"invite my teammate to my workspace\" would securely call the existing API endpoint for inviting users without proxying or relaying through a third party.\n\nOf course, there's a ton of edge cases you run into when you try to do this - every application is intrinsically different despite how many \"standards\" exist. Fun fact: graphql was by far the worst API to work with in standardizing the recipes.\n\nLooking forward to your feedback/comments!\n\nComments URL: [https://news.ycombinator.com/item?id=48847834](https://news.ycombinator.com/item?id=48847834)\n\nPoints: 9\n\n# Comments: 1", "url": "https://wpnews.pro/news/show-hn-reverse-engineering-web-apps-into-agent-tools", "canonical_source": "https://news.ycombinator.com/item?id=48847834", "published_at": "2026-07-09 15:45:17+00:00", "updated_at": "2026-07-09 16:50:38.073129+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-infrastructure", "developer-tools"], "entities": ["Frigade", "Jira", "Spotify", "Hacker News", "MCP"], "alternates": {"html": "https://wpnews.pro/news/show-hn-reverse-engineering-web-apps-into-agent-tools", "markdown": "https://wpnews.pro/news/show-hn-reverse-engineering-web-apps-into-agent-tools.md", "text": "https://wpnews.pro/news/show-hn-reverse-engineering-web-apps-into-agent-tools.txt", "jsonld": "https://wpnews.pro/news/show-hn-reverse-engineering-web-apps-into-agent-tools.jsonld"}}