Examples
Concrete tasks you can hand to the Admin Assistant, from read-only questions to multi-step changes. Each example shows the kind of request you type and what the assistant does behind it. Requests are plain language — you don't name tools or write code yourself.
Asking questions (read-only)
These run without the Allow changes toggle. The assistant inspects configuration and answers; it changes nothing.
"Which endpoints are public?" The Planner calls
introspect-endpoints, filters by access mode, and lists each public endpoint with its path.
"What does the support-chat agent do, and which tools can it call?"
introspect-agentsandintrospect-agent-readreturn the agent's system prompt, output schema, and tool set; the assistant summarises it.
"What changed in the configuration in the last 24 hours?"
introspect-audit-historyreturns recent commits on the configuration git history — who changed what, and when.
"Are any scheduled tasks failing?"
introspect-scheduled-tasksreturns each task's status and last error; the assistant calls out the failing ones, and can pull related entries withintrospect-exceptions.
Other questions in this shape:
- "How does text get from a PDF into search in this workspace?"
- "Which AI tools have the highest error rate this hour?" (uses
introspect-metrics) - "Show me the source of the
open-ticketsendpoint." - "Which access groups exist, and which are admin groups?"
Making a single change
These need Allow changes on. The assistant drafts a proposal, you review the diff, and approval applies it as one commit.
Add a read-only endpoint
You: "Add a read-only endpoint at open-tickets that returns open support tickets grouped by product."
The assistant:
- reads the schema and existing endpoints to find the right node and edge types;
- drafts the endpoint code and compiles it with
code-compile; - stages it with
propose-endpoint— the diff shows the new file; - waits for you to review and approve;
- applies it with
apply-proposal, thentest-endpointconfirms it runs.
Give an agent another tool
You: "The support agent should also be able to search the internal wiki."
The assistant:
- finds the wiki-search tool with
introspect-tools; - proposes an updated agent with the tool added to its set via
propose-agent; - shows a diff containing only the added tool edge;
- after approval, runs
test-agent-runto check the agent still answers correctly.
More single-change requests:
- "Add a daily scheduled task at 2am that re-indexes the
Tickettype." - "Add a
Priorityfield to theTicketnode type." - "Add the synonyms 'laptop' and 'notebook' to search."
- "Rename the
Customerrenderer's title to use the company name."
Multi-step changes
When a request needs several coordinated changes, the Planner lays out the steps and the assistant proposes them as a set with dependencies, so related changes are reviewed and applied together.
A new surface, end to end
You: "I want a product-health dashboard endpoint and an AI tool the chat can use to read it."
The Planner breaks this into two dependent changes:
propose-endpointfor theproduct-healthendpoint;propose-toolfor an AI tool that calls it (depends on step 1).
Both diffs are presented grouped by dependency. You can approve the set, or approve step by step. After applying, the Verifier runs test-endpoint, then test-tool.
Operating and debugging
The assistant can use its read-only tools to investigate problems, then propose a fix.
"The nightly sync task started failing yesterday — what happened?"
introspect-scheduled-tasksshows the failure and timestamp;introspect-exceptionsandintrospect-audit-historyline up the error with a recent config change. The assistant explains the likely cause and can propose a fix.
"Roll back the last change — it broke search." With your approval,
rollback-lastreverts the most recent applied change as a new commit.
Things it will not do
- Touch your data. It reads configuration code and metadata, never search results, file contents, or messages.
- Write without approval. It always stages a reviewable diff first; you approve each change.
- Silently widen access. A change that makes an endpoint or tool reachable by more users is flagged as blocking and needs explicit per-step approval.
- Call external services. It only uses the workspace's built-in operations.
Next steps
- Overview — how the assistant and its approval workflow fit together.
- Read-only skills — everything it can inspect.
- Change skills — everything it can propose, apply, and verify.