Enterprise Integration Platform

Build integrations.
Groovy executes.

Groovy is the base agent. Your product becomes a capability inside it. No forks, no separate chatbots, no custom UIs. You define typed tools. Groovy orchestrates, validates, executes, and tracks everything.

Works for SaaS APIs, CLIs, on-prem products, and anything with an HTTP endpoint or a command-line interface.

Developer Docs Contact Sales

Core Concept

One agent. Many capabilities.

Groovy stays the single agent the user talks to. Integrations add new tools and behaviors without creating separate agents, dashboards, or chatbots.

Extensions are not agents

Your product does not become its own AI assistant. It becomes a set of typed tools inside Groovy. The user never has to choose which agent to talk to.

Skills teach, tools execute

Skills are natural language instructions that tell Groovy when and how to use your tools. Tools are the actual executable actions with validated schemas.

Groovy handles the rest

Routing, input validation, approval checks, execution, error handling, audit logging, usage metering, and response formatting are all handled by Groovy.

How It Works

Three steps to a live integration.

From your product to a Groovy capability in minutes, not months.

Define Your Tools

Create a JSON manifest that declares your tools. Each tool has a slug, description, input schema (JSON Schema), risk level, auth requirements, and an action that tells Groovy how to execute it.

{
  "schemaVersion": 1,
  "displayName": "AcmeOps",
  "capabilityTags": ["incidents", "ops"],
  "skillInstructions": "Use for incident
    and deployment workflows.",
  "tools": [{
    "slug": "create_incident",
    "name": "Create Incident",
    "description": "Create a new incident",
    "riskLevel": "write",
    "authScope": "end_user",
    "inputSchema": {
      "type": "object",
      "properties": {
        "title": { "type": "string" },
        "severity": {
          "type": "string",
          "enum": ["low", "medium", "high"]
        }
      },
      "required": ["title", "severity"]
    },
    "action": {
      "kind": "http_action",
      "method": "POST",
      "url": "{{connection.base_url}}/incidents",
      "headers": {
        "Authorization":
          "Bearer {{connection.api_token}}"
      },
      "body": {
        "title": "{{title}}",
        "severity": "{{severity}}"
      }
    }
  }]
}

Install & Configure

Install the extension, choose a runtime, configure auth (per-user or org-wide), set approval policies for destructive actions, and optionally assign a customer runner for CLI/on-prem execution.

// 1. Create the extension
POST /api/extensions
{ slug, name, manifest, activate: true }

// 2. Install it
POST /api/extensions/{id}/install
{
  "approvalPolicy": {
    "requireApprovalForRiskLevels":
      ["destructive", "privileged"]
  }
}

// 3. Save connection auth
POST /api/extensions/{id}/connection
{
  "config": {
    "base_url": "https://api.acme.com"
  },
  "secrets": {
    "api_token": "sk-acme-..."
  }
}
// secrets are encrypted with AES-256-GCM
// never returned to the client

Users Talk to Groovy

Users don't interact with your integration directly. They talk to Groovy in natural language. Groovy picks the right tool, validates inputs against your schema, checks approvals, executes, and responds.

User: "Create a high severity incident
       for checkout failures and assign
       it to the on-call team"

Groovy sees:
  → AcmeOps integration installed
  → ext_acmeops_create_incident available
  → riskLevel: write (no approval needed)
  → authScope: end_user (connected)

Groovy executes:
  POST https://api.acme.com/incidents
  { title: "Checkout failures",
    severity: "high" }

Result:
  ✓ Incident INC-4821 created
  ✓ 1.2s · Audited · Metered

Runtime Targets

Execute anywhere your product runs.

Every integration chooses where its tools execute. Three runtime targets cover SaaS, on-prem, and local-device use cases.

Groovy Cloud

For SaaS APIs and hosted webhooks

Groovy calls your API directly from the server
Template-driven URLs, headers, query params, and request bodies
Supports GET, POST, PUT, PATCH, DELETE
Connection secrets (API keys, tokens) encrypted at rest with AES-256-GCM
Configurable timeouts and response size limits
Automatic JSON parsing and response truncation for large payloads

"action": {
  "kind": "http_action",
  "method": "POST",
  "url": "{{connection.base_url}}/api/v2/incidents",
  "headers": { "Authorization": "Bearer {{connection.api_token}}" },
  "body": { "title": "{{title}}", "severity": "{{severity}}" },
  "timeoutMs": 15000
}

Customer Runner

For CLIs, on-prem, and private networks

You deploy a small HTTPS runner in your environment (any server, container, or VM)
Groovy sends typed execution requests to the runner over HTTPS with bearer auth
Runner validates and executes approved CLI commands from argv templates
No raw shell access — only declared command templates can run
Runner reports health via heartbeats so Groovy knows when it is online
Auth tokens are encrypted and verified with SHA-256 hash matching

"action": {
  "kind": "cli_action",
  "argvTemplate": [
    "acmectl", "incident", "create",
    "--title", "{{title}}",
    "--severity", "{{severity}}",
    "--json"
  ],
  "cwd": "/opt/acme",
  "timeoutMs": 30000,
  "maxOutputChars": 8000
}

Device Connector

For local-device and personal automations

Tool executes on the user's paired Groovy Connector (macOS/Windows)
Uses the existing connector relay infrastructure
Good for local file access, browser automation, or device-specific actions
Same connector round-trip pattern as built-in Groovy tools

"action": {
  "kind": "connector_action",
  "connectorType": "terminal_exec",
  "params": {
    "command": "acme status --json --env {{env}}"
  }
}

Control Plane

Enterprise governance built in.

Not bolted on later. Every extension tool call goes through permissions, approvals, audit, and metering from day one.

Audit Events

Immutable log of who triggered what action, through what identity, with what approval outcome. Every tool call, every time.

Usage Metering

Track duration, bytes in/out, cost, runtime target, adapter type, approval state, and error codes per tool call.

Runtime Traces

Full execution traces with request/response payloads, error messages, and timing for debugging and performance analysis.

Analytics Events

Product analytics for adoption tracking: which integrations are used, how often, by whom, and which tools are most popular.

Risk Levels

Every tool is classified as read, write, destructive, or privileged. Risk drives approval policy and branch-controller behavior.

Approval Policies

Require human approval for specific risk levels. Per-install, per-tool granularity. Blocked tools return structured approval requests.

Auth Scopes

Four auth scopes: none, end_user, shared_org, service_identity. Each tool declares what it needs. Connections match scope.

Encrypted Secrets

Connection secrets encrypted with AES-256-GCM before storage. Never returned to the client. Decrypted server-side at execution time only.

Extension Pack

What you actually ship.

An Extension Pack is a versioned JSON manifest with five parts. No custom UI code, no server infrastructure (unless you use a runner).

Manifest

Schema version, display name, description, capability tags for routing, and the list of tools. This is the root of the extension.

Tools

Each tool has a slug, name, description, input/output JSON Schema, risk level, auth scope, runtime target, and an action definition (HTTP, CLI, or connector).

Skills

Optional natural-language instructions that teach Groovy when and how to use your tools. Injected into the system prompt when the extension is installed.

Connections

Auth configuration per install. Supports per-user tokens, shared org credentials, and service identities. Secrets encrypted at rest.

Runners

For CLI/on-prem: register HTTPS runners with endpoints, bearer auth, and heartbeats. Groovy sends typed execution requests to the runner.

Policies

Approval policies per-install. Choose which risk levels require human approval. Groovy blocks execution and returns structured approval requests.

Template Engine

Dynamic values everywhere via `{{...}}`

Reference user arguments, connection secrets, and runtime context in URLs, headers, query params, request bodies, and CLI argv templates.

Available scopes

args.*User-provided tool arguments (from Groovy's tool call)

connection.*Merged config + decrypted secrets from the saved connection

runtime.user_idCurrent Groovy user ID

runtime.trace_idCurrent execution trace ID

runtime.session_idCurrent orchestrator session ID

runtime.turn_idCurrent turn ID (for billing aggregation)

runtime.device_idPaired device/connector ID (if present)

Example usage

// HTTP action
"url": "{{connection.base_url}}/api/v2/incidents"
"headers": {
  "Authorization": "Bearer {{connection.api_token}}",
  "X-Request-ID": "{{runtime.trace_id}}"
}
"body": {
  "title": "{{title}}",
  "assignee": "{{assignee}}"
}

// CLI action
"argvTemplate": [
  "acmectl", "incident", "create",
  "--title", "{{title}}",
  "--severity", "{{severity}}",
  "--team", "{{connection.default_team}}"
]

// If the entire value is a single {{...}},
// the resolved type is preserved (not stringified).
// "body": "{{args}}" → passes the full object.

Use Cases

Built for real enterprise products.

Any product with an API or CLI can become a Groovy integration. Here are the patterns we see most.

Incident Management

Create, update, escalate, and resolve incidents from natural language. Map severity, assign on-call, post updates — all through Groovy.

"Create a P1 for payment failures and page the on-call"

Infrastructure Ops

Rotate API keys, check service health, trigger deploys, manage feature flags. CLI runner executes approved commands in your infra.

"Rotate the staging API key for Team Red"

CRM & Sales Tools

Look up contacts, create deals, log activities, update pipeline stages. Groovy becomes the natural-language interface for your sales stack.

"Add a note to the Acme deal that they want Q3 pricing"

Analytics & Reporting

Query dashboards, fetch metrics, generate summaries. Read-only tools with no approval required — fast and safe.

"What was our conversion rate last week vs the week before?"

Internal Tools & Admin

User management, permission changes, config updates. Destructive actions require approval. Audit log captures who did what.

"Disable the staging account for user@example.com"

Data Pipelines

Trigger ETL jobs, check pipeline status, query data warehouses. Groovy wraps your data CLI or API with typed schemas.

"Run the daily revenue sync and tell me when it finishes"

Architecture

End-to-end execution flow.

From enterprise product to audited result in a single Groovy conversation turn.

Your Product

API / CLI / Webhook

→

Extension Pack

Manifest + Tools + Auth

→

Groovy Agent

Orchestrates & Executes

→

Control Plane

Audit · Usage · Approvals

User sends a message in Groovy chat (dashboard or WhatsApp)

Groovy loads installed extension tools alongside built-in tools

Groovy picks the right tool based on capability tags and skill instructions

Policy engine checks install state, permissions, auth scope, and approval policy

Runtime adapter executes: HTTP fetch, runner POST, or connector relay

Control plane writes usage_meter, audit_event, runtime_trace, and analytics_event

Groovy formats the result and responds to the user normally

If connector-backed: result returns via the existing WhatsApp/relay round-trip

Who Uses What

Three personas, one platform.

Developers build integrations. Admins install and govern them. End users just talk to Groovy.

Developer

Define tools with JSON Schema inputs
Choose runtime target (cloud, runner, connector)
Write skill instructions for Groovy
Classify tools by risk level
Publish the extension pack via API

Admin

Install extensions for their org/workspace
Configure auth (per-user or shared)
Set approval policies for destructive tools
Register and manage customer runners
Monitor usage, audit logs, and runner health

End User

Talks to Groovy in natural language
Never chooses which integration to use
Sees lightweight source chips ("Using AcmeOps")
Gets inline auth/connection error messages
Receives normal Groovy responses with results

API

Full REST API.

Every operation is an API call. Build dashboards, CI/CD hooks, or CLI tools on top.

# Extensions
GET    /api/extensions                          List extensions
POST   /api/extensions                          Create or update extension + version

# Installation
POST   /api/extensions/{id}/install             Install or update installation

# Connections
GET    /api/extensions/{id}/connection          List connections for an extension
POST   /api/extensions/{id}/connection          Create or update connection (secrets encrypted)

# Runners
GET    /api/extensions/runners                  List runners
POST   /api/extensions/runners                  Register or update a runner
POST   /api/extensions/runners/{id}/heartbeat   Runner liveness heartbeat (bearer auth supported)

# All endpoints use standard Supabase cookie auth.
# Runner heartbeat also supports bearer token auth for machine-to-machine.

Your product.
Groovy's reach.

Ship an integration in hours. Your users get a capability they can talk to in natural language.

Get Started Talk to Us

Build integrations.Groovy executes.