Skip to content

seankim-business/spectral

BranchesTags
 
 

Repository files navigation

Spectral

Reverse-engineer any app's private API. Browse normally, get a full spec — then use it to build AI agents and automations instead of brittle browser scripts.

Most apps sit on undocumented APIs that work perfectly well. But without a spec, people fall back to Playwright/Selenium/Puppeteer: slow, fragile, breaks on every UI change, can't handle mobile. Spectral captures the traffic, has an LLM figure out what each call means, and gives you a spec you can actually use.

Supports both REST (outputs OpenAPI 3.1) and GraphQL (outputs SDL with inferred types).

Documentation

How it works

  1. Capture — Chrome extension (web) or MITM proxy records traffic + UI actions while you browse
  2. Analyze — LLM correlates UI actions with API calls, infers endpoint patterns, auth flow, and business meaning
  3. Call — Generated Restish config + auth helper let you call the API immediately from the command line

Quick start

Prerequisites: Python 3.11+, uv, and one LLM route for analysis.

Recommended (OAuth/subscription-first): point Spectral at an OpenAI-compatible broker/proxy.

git clone https://github.com/romain-gilliotte/spectral.git && cd spectral
uv sync

# Option A (recommended): OAuth/subscription broker
cat > .env <<'EOF'
SPECTRAL_OPENAI_BASE_URL=https://your-broker.example/v1
SPECTRAL_OPENAI_API_KEY=dummy
EOF

# Option B: direct OpenAI-compatible API key
# echo "OPENAI_API_KEY=sk-..." > .env

# Option C: Anthropic API key
# echo "ANTHROPIC_API_KEY=sk-ant-..." > .env

Capture traffic with the Chrome extension or the MITM proxy:

# Chrome extension: load extension/ as unpacked in chrome://extensions
# then: Start Capture → browse → Stop Capture → Export Bundle

# Or use the MITM proxy
uv run spectral capture proxy -o capture.zip

Analyze the capture to produce an API spec:

uv run spectral analyze capture.zip -o myapp-api
# → myapp-api.yaml (OpenAPI 3.1)
# → myapp-api.graphql (SDL schema, if GraphQL detected)
# → myapp-api.restish.json (Restish config)
# → myapp-api-auth.py (auth helper, if auth detected)

Call the API with Restish:

restish api edit < myapp-api.restish.json
restish myapp-api get-user-profile

See the getting started guide for detailed setup, or the CLI reference for all commands.

Capture methods

Method Best for UI context Needs certification installation
Chrome extension Web apps Yes — clicks, navigation, page content No
MITM proxy CLI tools, desktop apps No Yes — setup guide
Android APK patching + MITM proxy Mobile apps No Yes — setup guide

License

MIT

About

Capture web traffic while browsing, then let an LLM analyze it into OpenAPI specs, GraphQL schemas, and ready-to-use CLI configs with auth

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Python 88.6%
  • JavaScript 10.1%
  • Other 1.3%