ilamanov/agent-bridge
skills/agent-bridge/SKILL.md
Build a safe local AI-agent HTTP interface for any web application. Scans the codebase, discovers all product actions, and exposes them as localhost API endpoints with a review/approval layer. Use when the user wants to expose product actions to an AI agent, create an agent API layer, build agent endpoints, add an MCP-like interface to their app, or make their app controllable by an AI agent. Works with any web framework.
tools
Updated Apr 5, 2026
$ install --global
skillsauthnpx skillsauth add ilamanov/skills agent-bridgeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 8:22 PM5.1s5 files scanned
SKILL.md
- name:
- agent-bridge
- description:
- Build a safe local AI-agent HTTP interface for any web application. Scans the codebase, discovers all product actions, and exposes them as localhost API endpoints with a review/approval layer. Use when the user wants to expose product actions to an AI agent, create an agent API layer, build agent endpoints, add an MCP-like interface to their app, or make their app controllable by an AI agent. Works with any web framework.
Agent Bridge
Build a safe localhost HTTP interface (/api/agent/...) that lets a local AI agent explore, understand, and operate a web application — similar in spirit to an MCP server but implemented as simple HTTP endpoints.
Workflow
This skill has 4 steps. Steps 1-3 are sequential and build on each other. Step 4 is optional. Ask the user which step to run. Recommend starting with Step 1 if this is a fresh setup.
Present:
Which step would you like to run?
1. Discover Actions — scan codebase, identify actions, decide what to expose (start here)
2. Review Layer — implement review tables, audit log, and local review dashboard
3. Agent Endpoints — implement /api/agent/... routes and AGENTS.md
4. Prod Dashboard — (optional) expose the review dashboard in production with security guardrails
Steps 1-3 keep everything localhost-only. If after completing steps 1-3 you want the review/approval dashboard to also be accessible in production, run Step 4 to implement the required security guardrails and get a checklist of manual infrastructure work.
Use AskUserQuestion or equivalent interactive tool for the selection.
Step Execution
Each step has a dedicated reference file with full instructions. Load the appropriate file based on the user's choice:
- Step 1: Read references/step-1-discover-actions.md and follow it
- Step 2: Read references/step-2-review-layer.md and follow it
- Step 3: Read references/step-3-agent-endpoints.md and follow it
- Step 4: Read references/step-4-prod-dashboard.md and follow it
Canonical Files
All steps read/write to these fixed paths so each step can find prior decisions automatically:
| File | Created by | Purpose |
|------|-----------|---------|
| /api/agent/AGENT_ACTION_PLAN.md | Step 1 | Action inventory and exposure decisions |
| /api/agent/AGENT_REVIEW_PLAN.md | Step 2 | Review tables, audit log, dashboard design |
| /api/agent/AGENTS.md | Step 3, updated by Step 4 | Runtime documentation for agents discovering the system |
Never create random documentation files. Always use these canonical paths. When updating existing files, preserve user edits — update sections, don't overwrite.
Cross-Step Rules
These apply to every step:
- Turn-based workflow: At the end of each stage, clearly state: What I did, Your turn, What I'm waiting for
- Interactive interviews: Use
AskUserQuestionor equivalent for all user decisions - Safe defaults: Propose sensible defaults so the user can confirm quickly
- No assumptions: Never assume exposure or safety decisions without user confirmation
- Manual steps: Never pretend manual steps (migrations, env vars, restarts) are complete unless they actually are
Related Skills
ilamanov/session-atlas
development
VerifiedTrustedCommunity
Map every Codex and Claude Code session for a project to the git worktrees they ran in, in an interactive local UI. Use whenever someone wants to see, search, audit, or clean up past AI coding-agent conversations and the worktrees those ran in — e.g. "what Codex sessions ran on this repo", "list my Claude Code sessions", "which worktree was that session in", "find the chat where I refactored auth", "archive old Codex sessions", or "show every session across my worktrees". Reach for it to untangle which of many worktrees still has live agent history attached. This is about Codex and Claude Code transcript history plus git worktrees — not HTTP, login, or auth sessions, not terminal or tmux sessions, and not user-research sessions.
SKILL.mdUpdated Jun 9, 2026
ilamanov/codebase-conventions
tools
VerifiedTrustedCommunity
Generally-applicable conventions for how code is written and arranged — tooling/package manager, import style, file & component naming, comments, and where files live (colocation vs. global folders). Use whenever creating, naming, moving, or importing a file, running project commands, or deciding where a new module belongs. Consult BEFORE writing the code so the conventions are baked in, not retrofitted. If a convention below matches the work, apply it — don't ask, just follow it (call out the choice in one line so the user can override).
SKILL.mdUpdated May 30, 2026
ilamanov/frontend-patterns
development
VerifiedTrustedCommunity
Generally-applicable frontend/UI best practices. Use whenever building, modifying, or reviewing UI — adding a form/button/dialog/modal, wiring keyboard shortcuts, creating any interactive surface that submits a form, or any time TSX/JSX is being written or edited. Consult BEFORE writing the code so the patterns are baked in, not retrofitted. If a scenario described in the skill body matches the work, apply the pattern — don't ask, just follow it (call out the choice in one line so the user can override).
SKILL.mdUpdated May 26, 2026
ilamanov/backend-patterns
tools
VerifiedTrustedCommunity
Generally-applicable backend/data best practices. Use whenever writing or modifying backend/data code — API routes, server actions, DB writes, background jobs, agent tools, import flows, webhooks, paste handlers, or anywhere data enters the system. Consult BEFORE writing the code so the patterns are baked in, not retrofitted. If a scenario described in the skill body matches the work, apply the pattern — don't ask, just follow it (call out the choice in one line so the user can override).
SKILL.mdUpdated May 26, 2026