Execution Pipeline

Different approach. Instead of one tool per operation with vendor-specific schema normalization, use fixed meta-tools that can call any operation. No schema normalization per vendor. No dynamic tool registration. LLMs learn interfaces on demand through the tools themselves.

Pipeline Integration

The pieces from previous months—request templates, parameter encoding, credential application, response decoding—compose into a single execution flow. Validate parameters against their schemas. Expand URI templates. Encode the request body. Apply credentials per security scheme. Execute. Decode the response. Return structured results.

Each stage is spec-driven. The OpenAPI spec controls encoding. The security scheme controls authentication. User input flows through designated channels—path parameters into path templates, query parameters into query strings, credentials into their declared locations. Nothing leaks across boundaries.

Credential Application

Credentials bind to security schemes by name and only apply to operations that declare that scheme. API keys go where the scheme specifies—header, query, or cookie. OAuth tokens become Bearer headers. HTTP Basic credentials get base64-encoded. The LLM provides the operation name and parameters; credential resolution happens entirely outside its view.

Corpus Validation

Testing against APIs Guru’s corpus—4,100+ specs, 116,000+ operations—surfaces edge cases no synthetic test suite would find. Malformed specs that violate their declared OpenAPI version. Security schemes declared but never referenced. Parameters with content instead of schema. The corpus is the test suite.