Providers

Configure API services that agents can access through Janee.

Adding a Provider

Use the interactive CLI to add a service:

janee add

Or add non-interactively with flags:

janee add stripe \
  --url https://api.stripe.com \
  --auth-type bearer \
  --key sk_live_xxx

Configuration File

Providers are stored in ~/.janee/config.yaml:

services:
  stripe:
    baseUrl: https://api.stripe.com
    auth: { type: bearer, key: sk_live_xxx }
  github:
    baseUrl: https://api.github.com
    auth: { type: bearer, key: ghp_xxx }
  openai:
    baseUrl: https://api.openai.com
    auth: { type: bearer, key: sk-xxx }
  slack:
    baseUrl: https://slack.com/api
    auth: { type: bearer, key: xoxb-xxx }

Authentication Types

Bearer Token

Most common — adds an Authorization: Bearer header:

services:
  github:
    baseUrl: https://api.github.com
    auth:
      type: bearer
      key: ghp_xxx

GitHub App

For autonomous agents — generates short-lived installation tokens instead of static PATs:

services:
  github:
    baseUrl: https://api.github.com
    auth:
      type: github-app
      appId: "123456"
      pemFile: /path/to/private-key.pem
      installationId: "789"

💡 Recommended for production. GitHub App tokens expire after 1 hour. Janee handles token refresh automatically.

Basic Auth

services:
  jira:
    baseUrl: https://your-domain.atlassian.net
    auth:
      type: basic
      username: [email protected]
      key: your-api-token

Exec Mode

For CLI tools that need credentials as environment variables:

janee add twitter --exec \
  --key "tvly-xxx" \
  --allow-commands "bird,tweet-cli" \
  --env-map "TWITTER_API_KEY={{credential}}"

Agents can then run CLI tools through Janee without seeing the API key:

janee_exec({
  capability: "twitter",
  command: ["bird", "post", "Hello world!"],
  reason: "User asked to post a tweet"
})

Janee spawns the process with the credential injected as an environment variable, runs the command, and returns stdout/stderr.

Capabilities

After adding a service, create capabilities that define how agents access it:

capabilities:
  stripe-readonly:
    service: stripe
    rules:
      - allow: GET /v1/**
    ttl: 1h
    autoApprove: true
  github-repos:
    service: github
    rules:
      - allow: GET /repos/**
      - allow: POST /repos/*/issues
      - deny: DELETE /**
    ttl: 2h
    autoApprove: true

See Policies & Scoping for detailed rule configuration.

← Installation Policies & Scoping →