AI Copilot Framework for Web Applications

The AI copilot that can actually operate your app

A user asks Sidepilot to update a set of accounts, generate a report, or import a spreadsheet. The agent finds the right data, asks for approval when needed, and completes the workflow inside the application.

For development teams who want to give end users an AI that reads data, calls APIs, and guides them through real workflows inside their existing app.

See how it works How it evolves
Every write requires confirmation Works with existing auth Full audit trail
Sidepilot

What makes Sidepilot different

It doesn't simulate a user.
It becomes part of the app.

The Sidepilot SDK turns an existing business web app into something an agent can actually operate. It reads structured state from the page, works with your authentication model, and turns repeated workflows into reusable product capabilities.

Not ChatGPT in a widget

ChatGPT can't see your data, call your API, or execute actions. Sidepilot is embedded inside your app. It reads live state and operates through real API calls.

Not a browser automation tool

Browser agents take screenshots and simulate clicks. Slow, brittle, insecure. Sidepilot reads structured data and calls APIs directly from inside the app.

Not a code assistant

GitHub Copilot helps developers write code. Sidepilot helps end users operate applications: product managers, operations teams, and customers.

Not a traditional no-code platform

No drag-and-drop builders. Features emerge from natural language: the agent composes API calls, confirmations, and exports against the live application.

Every write needs confirmation

The framework automatically detects every write operation and requires explicit user approval. Mutations never execute without confirmation. Enforced by the framework, not by convention.

Structured data, not screenshots

The agent reads real data from the DOM and cache: exact values, correct types. Not pixel-guessing from a screenshot.

Your OpenAPI spec is the integration

Point Sidepilot at your existing spec. It auto-parses endpoints, parameters, and schemas. No custom tool definitions.

Configurable authentication

Session forwarding, API keys, on-behalf-of tokens, or cookies. Sidepilot never stores or proxies credentials.

How it evolves

It gets smarter, cheaper, and
more capable, automatically

Sidepilot can already handle real workflows today. Over time, better app context, API coverage, and feedback make it more useful, and the product evolves from assistant to operational layer.

Connect

Integration path

Start with your OpenAPI spec, your knowledge sources, and the frontend SDK shell. The technical shell is fast to add. The real integration work is tuning Sidepilot to one specific application, its workflows, and its guardrails.

openapi_specs: auto-parsed knowledge: ingested + indexed SDK shell: minimal
Use

Guided workflow execution

Users can describe the work they need. Sidepilot reads the current app state, selects tools, asks for confirmation before writes, and reports progress in the same conversation.

Workflow lifecycle

How a guarded operation runs:

1 User requests
2 Agent composes APIs
3 User confirms
4 Available to all
Live app context Explicit confirmation Progress tracking
Grow

Gets better with every interaction

Each interaction reveals where app context, API descriptions, and guardrails should improve. Better integrations make repeated operations faster and more reliable without hiding internal proof machinery in the user interface.

Token cost drops on reuse Faster repeat tasks Better app grounding More value from the same platform
Build

Features without code

Tool-backed workflows become a conversational operating layer. Work that would have required one-off UI screens can often be handled through the existing application, API, and confirmation flow.

Every handled workflow is a feature that did not need a separate backlog item, dedicated UI flow, or one-off automation project.

"Generate a compliance report as PDF" replaces: analytics page + export feature
"Import these 200 records from a spreadsheet" replaces: import wizard + batch endpoint
"Update pricing for all accounts in region X" replaces: bulk action + filter UI

Architecture

Frontend-first for interactive work

Sidepilot uses the browser when the user should see and control the action in context. For longer-running workflows and exports, the server can execute in the background with forwarded authentication. The point is not one mode only. The point is using the right mode for each job.

Browser
Your Web App
@sidepilot/sdk
User's session • Live DOM data • API execution
WebSocket
Sidepilot Server
LLM Orchestration
RAG Retrieval
Tool Composition
Task Management
Audit Logging

The server orchestrates. The browser handles interactive work. Background execution is available when the workflow needs it.

Your API, your auth, your data. Interactive actions run in the user's existing session. Background workflows can also run server-side with forwarded auth when that is the safer or more practical path.

Setup at a glance

What you bring,
what gets deployed

Sidepilot plugs into the things you already have: your app, your API, your docs, your auth. No backend rewrite, no data migration, no new identity system.

Your web app

Any modern SPA. Add the SDK with ~50 lines.

OpenAPI spec

Your existing backend spec, auto-parsed into agent tools.

Knowledge docs

Markdown files in a folder, auto-chunked and embedded.

LLM API key

Claude, Gemini, or on-premise. Your key, your costs, your control.

Browser
Your Web App
@sidepilot/sdk
Chat widget

Runs in the user's session for interactive work. Reads live page data. Can call your API with the user's existing JWT.

WebSocket
Sidepilot Server
LLM Orchestration
Tool Composer
RAG Retrieval
Task History
Background Tasks
Audit Log
Backoffice Admin Console
HTTPS
LLM Provider
Claude
Gemini
On-premise

Your API key. Model-agnostic: switch providers without code changes.

Your existing API
REST OpenAPI 3.x Your auth

Interactive actions can call your API directly from the browser using the user's session. Background workflows can also run server-side with forwarded auth when that is the better fit.

Sidepilot data
PostgreSQL pgvector JSONL audit

Stores embeddings, task history, and audit log. Lives next to the Sidepilot server, on-premise or managed.

No new identity system, no backend rewrite, no data migration. Your data stays in your API and your database. Sidepilot stores only the platform data it needs to operate: embeddings, task history, and audit trail.

What's included

The full stack, already built

Everything the agent needs to understand your app, act on it, learn from it, and be managed by your team, so you don't build it yourself.

Connect & Understand

OpenAPI Auto-Parse

Point at your spec: endpoints, parameters, and schemas are instantly available as agent tools.

Knowledge Base

Answers grounded in your docs, FAQs, and business rules via RAG, auto-chunked and embedded.

Page Awareness & Navigation

Knows every page, the current route, and live data on screen. Routes users with validation.

Act Safely

Write Actions & Confirmation

Executes mutations with framework-enforced user approval, single or bulk. No rogue actions.

Tool-Orchestrated Workflows

Composes app context, API calls, confirmations, and progress updates for each request.

Background Tasks

Long-running operations with real-time progress tracking, downloadable results, and recovery.

Produce & Import

PDF Reports

Generates professional PDF reports from agent-composed data: charts, tables, multi-page.

File Import

Upload Excel or CSV. The agent maps columns, validates data, and imports rows with error recovery.

Manage & Monitor

Admin Console

Full backoffice: session inspector, knowledge base, analytics, audit review, and command palette.

Audit & Observability

Real-time audit event stream via WebSocket, JSONL file log, and in-memory ring buffer. Every action traceable.

Comparison

AI that actually operates your app

Generic AI can't act. Custom AI takes months to build. Sidepilot is a different category: an agent framework with context, actions, and learning built in.

Feature ChatGPT Sidepilot Custom Build
App context None Full: pages, data, routes Full (hand-built)
Execute actions No Yes, with confirmation Yes (hand-built)
Navigate app No Yes, route-validated Yes (hand-built)
Read live data No Yes, structured and instant Yes (hand-built)
Grounded answers Generic / hallucination risk RAG from your docs RAG (hand-built)
Workflow grounding No Yes: app context, tools, and confirmations Possible (months of work)
Bulk operations No Yes, with progress & recovery Yes (hand-built)
Operational visibility None Audit, tasks, usage insight Build from scratch
Integration effort Copy-paste answers ~50 lines + config 30,000+ lines / 6–12 months
Admin & audit No 14-page backoffice + real-time audit Build from scratch
On-premise No Yes Yes

Integration

A config file and a lightweight SDK integration.
Not 30,000 lines from scratch.

Minimal effort

With Sidepilot

# config.yaml
system_prompt: "You are a helpful assistant..."
openapi_specs: ["./specs/api.yaml"]
knowledge_dir: "./docs"

Then add the widget shell:

// minimal shell in your layout
import { SidepilotChat } from '@sidepilot/sdk/svelte'
<SidepilotChat />

OpenAPI specs auto-parsed. Docs ingested. Admin console included. The real integration work is tuning Sidepilot to one application, its workflows, and its guardrails.

6–12 months

Custom Build

Chat UI + streaming + message history
LLM integration + prompt engineering
Tool system + function calling + error recovery
Confirmation flows + write protection
RAG pipeline + embeddings + vector search
Workflow orchestration + RAG
Background tasks + progress tracking
Admin dashboard + analytics

30,000+ lines of code. Multiple engineering sprints.

Use cases

What it makes possible

Works with any web application that has an API. These are the workflows the agent handles out of the box.

Support Deflection

Users ask basic product and domain questions inside a complex application. Sidepilot answers from your knowledge base, explains what to do, and can navigate directly to the right place in the app.

"Where can I see the produced energy for this community?" answered and opened directly in the right dashboard view.

Operational Workflow Execution

Users ask for work to be done, not just explained. Sidepilot can navigate, read live application state, prepare guarded actions, and complete multi-step workflows inside the product.

"Update all accounts in region X to the new tariff and show me what changed."

Reports and Exports

The agent can collect information that already exists in the application and assemble useful outputs such as CSV exports, review reports, and operational summaries.

"Export all members with their metering points and tariffs as CSV."

Workflow Assistance

Domain experts describe repeatable operating procedures in plain language. Sidepilot follows the current request with tools, confirmations, and visible progress.

"Prepare the monthly community operations pack", guided by existing data and app tools.

Deployment

Runs wherever you need it

Your data, your infrastructure, your rules. Sidepilot supports on-premise, hybrid, and cloud deployments.

On-Premise

Full control. Deploy with Docker Compose or Kubernetes. Data never leaves your infrastructure.

Hybrid

Sidepilot server on-premise, LLM via cloud API. Best of both worlds: privacy meets capability.

Cloud

Managed hosting, zero infrastructure. Get started fast without operating servers.

One platform layer.
Real workflows handled inside the app.

Sidepilot adds an AI copilot to an existing application without a backend rewrite. It reads live state, executes guarded actions, runs background workflows, and turns repeated work into reusable capabilities.

Get Started on GitHub Read the Quick Start
Back to top ↑
~50
Lines for the SDK shell
0
Backend rewrite required
Per app
Commercial model, not per seat