DEV Community

Cover image for How to Prevent AI Agents From Nuking Working APIs
Hassann
Hassann

Posted on • Originally published at apidog.com

How to Prevent AI Agents From Nuking Working APIs

Giving an AI agent write access to your API project can cause real damage—even without malicious intent. An agent follows the prompt and its available permissions: “clean up user endpoints” can become a deleted live route, and “update the schema” can overwrite a model used by multiple endpoints. The agent does not know what is currently shipping in production; it only knows what it can modify.

Try Apidog today

This creates a new operational risk. A human may pause before deleting an endpoint or replacing a schema. An agent running in a terminal loop does not: it runs a command, receives a success response, and continues. If that command targets main, the change is already in your API design source.

The solution is not to block agents entirely. Give them an isolated workspace instead. Apidog AI Branch routes agent-driven edits into a separate branch, keeps the source branch unchanged, and requires a human to review and merge changes before they reach main.

For the design rationale, see AI Branch and safer agent-driven changes. This post focuses on the CLI workflow you can apply in an agent automation loop.

Why agent write access is dangerous by default

Most tools grant an agent project-level access. If it can create an endpoint, it can usually delete one. If it can update a schema, it can replace it with an incompatible version. There is no enforced boundary between “the agent proposed a change” and “the change reached the source of truth.”

Common failure modes include:

  • Overwrite: The agent regenerates a schema from incomplete context and removes fields required by other endpoints.
  • Delete: The agent consolidates endpoints and deletes routes still used by production clients.
  • Silent drift: The agent makes many small changes during a session. Each edit looks harmless, but the accumulated result diverges from the shipped API.

These are normal failure modes when an agent works on the wrong branch. The goal is to make the protected branch unreachable during agent execution.

Create an isolated AI branch

An AI Branch is a sprint branch designed for external AI and CLI operations. Agents write inside that branch, while your source branch and main remain unchanged until a human reviews and merges the selected changes.

Install and authenticate the Apidog CLI:

npm install -g apidog-cli
apidog login --with-token <YOUR_ACCESS_TOKEN>
Enter fullscreen mode Exit fullscreen mode

Create one AI branch for one scoped task:

apidog branch create --type ai \
  --name "ai/20260708-from-main-user-register" \
  --from main \
  --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode

Use a predictable branch name:

ai/<date>-from-<source-branch>-<task>
Enter fullscreen mode Exit fullscreen mode

For example:

ai/20260708-from-main-user-register
Enter fullscreen mode Exit fullscreen mode

Two details are important:

  1. The branch is created from main, but creating it does not modify main.
  2. The AI Branch starts empty. It does not automatically copy the entire project.

That empty starting point is a safety control. The agent can only edit resources explicitly imported into the branch, which limits the blast radius to the task scope.

Check available options for any branch command with -h:

apidog branch create -h
Enter fullscreen mode Exit fullscreen mode

Import only the resources the agent needs

Before an agent edits an endpoint, schema, or documentation item, import the specific resource into the AI Branch.

Use pick-to with comma-separated resource IDs:

apidog branch pick-to \
  --type ai \
  --from main \
  --to "ai/20260708-from-main-user-register" \
  --endpoint-ids 1,2 \
  --data-schema-ids 3 \
  --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode

This copies endpoints 1 and 2, plus schema 3, from main into the AI Branch.

The agent now works on copies:

  • Updating an endpoint changes the branch copy, not the endpoint on main.
  • Deleting an endpoint deletes only the imported copy.
  • Resources that were not imported are outside the agent's task scope.

When using a coding agent, run these commands as part of the agent workflow. The Apidog CLI returns structured JSON, including agentHints.nextSteps, so an agent can inspect command output and decide what to do next.

For an editor-based example, see the apidog-cli in Cursor guide.

Let the agent edit inside the branch

Once the branch contains the required resources, let the agent perform the scoped task:

  • Create or update endpoints.
  • Modify imported schemas.
  • Update documentation.
  • Add or change test scenarios.
  • Remove branch-local resources when required by the task.

Every write remains inside the AI Branch.

After the agent finishes, inspect the diff before merging. Review from the CLI or the Apidog client and confirm that the changes match the intended API behavior.

Treat this as a required gate:

  1. Verify expected endpoints and schemas changed.
  2. Check that required fields were not removed.
  3. Confirm that no unintended resources were modified.
  4. Reject or discard the branch if the agent misunderstood the task.

Do not skip review. Isolation only helps if a human validates the output before it becomes part of the source branch.

Merge selected changes through a merge request

The merge path depends on whether the target branch is protected.

For an unprotected target branch, you can merge selected resources directly:

apidog branch merge \
  --type ai \
  --from "ai/20260708-from-main-user-register" \
  --to main \
  --endpoint-ids 1,2 \
  --data-schema-ids 3 \
  --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode

For production API work, protect main. A protected branch blocks direct merges and requires a merge request:

apidog merge-request create \
  --from "ai/20260708-from-main-user-register" \
  --to main \
  --endpoint-ids 1,2 \
  --data-schema-ids 3 \
  --reviewer-ids <REVIEWER_USER_IDS> \
  --description "AI branch: user register changes" \
  --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode

This is the preferred workflow for agent-generated changes:

  1. The agent works in an isolated branch.
  2. A human reviews the proposed changes.
  3. The merge request includes only the resource IDs you choose.
  4. A reviewer approves the merge.
  5. The selected changes reach main.

If the agent changed an unintended resource, leave its ID out of the merge request. That resource remains in the AI Branch and never reaches main.

This follows the same branch, review, and merge discipline used in a Git-native API collaboration workflow, but applies it to non-human contributors.

Archive merged or abandoned branches

Use one AI Branch per task. After merging or rejecting the work, archive the branch:

apidog branch archive "ai/20260708-from-main-user-register" \
  --type ai \
  --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode

A clean lifecycle looks like this:

Create branch → Import scoped resources → Agent edits → Human reviews → Merge or discard → Archive
Enter fullscreen mode Exit fullscreen mode

Avoid reusing the same AI Branch across unrelated tasks. A branch that accumulates multiple sessions is harder to review and weakens task isolation.

Apply safe-agent hygiene around the branch

AI Branch isolates writes, but it should be combined with basic access and review controls.

Use least-privilege access tokens

The token passed to apidog login --with-token determines what the agent can access.

Give automation tokens access only to:

  • The required project.
  • The required environment or workspace.
  • The minimum permissions needed for the task.

Do not give an agent a personal owner token for convenience. If a token leaks or the agent behaves unexpectedly, token scope should limit the impact.

Protect main

Protecting main turns review-before-merge from a convention into an enforced rule.

With a protected main branch:

  • Direct merges are blocked.
  • Agent changes must use merge-request create.
  • A reviewer must approve the change before it lands.

Review every agent-generated diff

Reliable agents can still misread prompts, apply stale assumptions, or make incorrect changes after a tool response.

Before approving a merge request, verify:

  • Endpoint paths and methods.
  • Request and response schema changes.
  • Required and optional fields.
  • Breaking changes to existing clients.
  • Resources included in the merge request.

Delegate, then verify

Use a clear responsibility split:

  • Agent: perform the scoped implementation work.
  • Human: validate correctness and accept or reject the result.

The same pattern applies to automated tests. Let the agent run the suite, then review the test harness output and exit code before trusting the result.

If you also version API specifications in Git, use an OpenAPI version control workflow as a second source of history when investigating unexpected changes.

End-to-end workflow

Use this sequence for each agent task:

  1. Create an AI Branch from main.
   apidog branch create --type ai \
     --name "ai/20260708-from-main-user-register" \
     --from main \
     --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode
  1. Import only the endpoints and schemas required for the task.
   apidog branch pick-to \
     --type ai \
     --from main \
     --to "ai/20260708-from-main-user-register" \
     --endpoint-ids 1,2 \
     --data-schema-ids 3 \
     --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode
  1. Let the agent edit the imported resources inside the AI Branch.

  2. Review the diff in the CLI or Apidog client.

  3. Create a merge request against protected main.

   apidog merge-request create \
     --from "ai/20260708-from-main-user-register" \
     --to main \
     --endpoint-ids 1,2 \
     --data-schema-ids 3 \
     --reviewer-ids <REVIEWER_USER_IDS> \
     --description "AI branch: user register changes" \
     --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode
  1. Archive the branch after it is merged or discarded.
   apidog branch archive "ai/20260708-from-main-user-register" \
     --type ai \
     --project <PROJECT_ID>
Enter fullscreen mode Exit fullscreen mode

With this workflow, the agent has no direct path to overwrite or delete a live endpoint on main. The worst-case outcome is a bad change in an isolated copy that you reject.

Give agents room to work without giving them the keys

Agents are useful because they execute quickly and independently. That same behavior makes unrestricted write access risky.

Use an isolated AI Branch, a protected main branch, least-privilege tokens, and mandatory human review. Together, these controls turn a potentially destructive agent action into a branch diff that can be inspected and rejected.

Apidog provides this workflow without requiring you to assemble separate tools. Start with the Apidog CLI, create an AI Branch, and let agents work on scoped copies instead of your production API source.

Download Apidog to try the AI Branch workflow, and review the AI Branch documentation before adding it to a production automation flow.

Top comments (0)