Skip to main content
A schema is a JSON description of how to talk to a website. It lists the endpoints and actions the site exposes: URLs, HTTP methods, required headers, parameters, and response shapes. Once a schema exists for a site, callers can look it up and use the endpoints without rediscovering them.

What’s in a schema

A schema for a Shopify store might include: Each endpoint carries its parameters, required headers (like Content-Type: application/json), and enough metadata for an agent to construct a valid HTTP request.

Schema format

Schemas are JSON documents. Here’s a minimal example:

Required fields

Optional fields

Capability badges

The registry surfaces capability signals as badges so agents know what a request requires: These badges appear on the public schema card so agents can decide whether they can handle the site before downloading the full schema.

Contributing a schema

Anyone with an API key can push a schema. There are three paths:

Option 1: Discover with the CLI toolkit

Each subcommand emits JSON that the next step can consume. No LLM key is needed.

Option 2: Let your agent do it

Claude Code, Codex, Cursor, and other agents with the Vercel skills CLI pick up the hermai-contribute skill and can run the discovery + push workflow autonomously. See hermai-ai/hermai-skills.

Option 3: Write and push manually

If you already know the site’s API (from DevTools, documentation, or testing), you can write the schema JSON yourself and push it via the API:
A successful push returns the version hash and site:
If validation fails, you get a specific error code:
Start minimal. You don’t need to map every endpoint. Even a single useful endpoint is a valid contribution. Other contributors can push updated versions with more coverage later.
Schemas go live immediately. There is no approval queue.

Validation rules

Every push runs through validation. If any check fails, the push is rejected with a specific error code. Structure checks: Content governance:

Forbidden fields

These JSON keys are rejected if found anywhere in the schema, at any depth:
Capability signals are allowed. The distinction is between metadata that helps agents understand what a site requires (like requires_stealth: true) and operational secrets that describe how to bypass a defense (like proxy_credentials: "user:pass@host"). The former belongs in schemas; the latter belongs in the CLI runtime.

Content addressing

Each schema is hashed (SHA-256 of canonical JSON with sorted keys). The hash becomes the version ID. Pushing the same content twice for the same site is a no-op because the registry recognizes it as a duplicate.

Verified badge

Schemas are community-contributed and unverified by default. The Hermai team reviews schemas and awards a verified badge to those that meet quality standards. Agents can filter to verified schemas only:
Or include everything (the default):
API keys have a schema access toggle in the dashboard that controls whether unverified schemas are included in catalog responses for that key.

Schema versioning

Each push creates a new version. The registry tracks which version is “latest” for each site. When you query the catalog, you get the latest version by default. Version history is available:

Public card vs full package

The registry exposes two views of every schema: Public card (no API key needed): metadata about what the schema does:
  • Site, category, name, description
  • Endpoint names, methods, descriptions
  • Variable names and sources (path/query/body)
  • Query parameter keys and whether they’re required
  • Response field names and types (top level only)
  • Capability badges (requires browser, requires session, has auth)
Full package (API key + intent required): everything a caller needs to execute:
  • URL templates with actual URLs
  • Header values
  • Body templates
  • Session configuration
  • Variable patterns and defaults
The split is intentional: the card answers “is this useful?”, the package answers “how do I run it?”

Credits for contributions

You earn +50 credits per site when you contribute a schema. Credits are tracked in your dashboard and can be used for hosted execution where available.