Zatanna – Turn Software Workflows into APIs for AI Agents

TL;DR

TL;DR: Zatanna observes real network traffic behind any web portal and reverse-engineers it into executable APIs — letting AI agents interact with legacy enterprise software without a UI.

Source and Accuracy Notes

• Official site: zatanna.ai
• YC backed: Y Combinator W26 batch
• HN launch thread: Show HN: Kampala (YC W26) – Reverse-Engineer Apps into APIs

What Is Zatanna?

Enterprise software was built for humans, not agents. Zatanna flips this by capturing the actual network traffic that flows through a web portal and reconstructing it as automation-friendly APIs.

Instead of scripting against a UI, you point Zatanna at a workflow you perform manually. It observes the real HTTP requests your browser sends, reverse-engineers the underlying API contract, and exposes a clean endpoint you can call programmatically.

Core use cases:

• Turn legacy web apps into API-first services
• Let AI agents trigger workflows that normally require a human clicking through a UI
• Capture and replay complex multi-step portal workflows as a single API call

Setup Workflow

Step 1: Request Access

Zatanna is currently in private beta. Sign up at zatanna.ai to join the waitlist.

Step 2: Define Your Target Portal

Once inside the platform, you specify the web portal you want to reverse-engineer — the tool records your browser session as you perform a workflow manually.

Step 3: Record the Workflow

Walk through the portal workflow you want to automate. Zatanna captures the network layer, tracking every request and response.

Step 4: Generate API

Zatanna reconstructs the API contract from the recorded traffic and exposes a clean endpoint.

Step 5: Call from Code

Use any HTTP client to trigger the generated API. The call executes the full workflow server-side in seconds.

Deeper Analysis

How the Reverse-Engineering Works

Zatanna acts as a local proxy between your browser and the target portal. As you click through a workflow, it records the actual request sequence — including auth tokens, session state, and any dynamic parameters. It then replays this sequence to generate a reproducible API call.

Comparison to Browser Automation Tools

Traditional browser automation (Playwright, Puppeteer) drives a real browser to interact with UIs. Zatanna works at the network layer below the UI — it doesn’t need to render anything. This makes it faster and more reliable for stable portal workflows.

Limitations

• Dynamic portals: Sites with heavy JS rendering or CAPTCHA may not record cleanly
• Session complexity: Multi-step workflows with complex session state can be harder to replay
• Beta maturity: API surface and documentation are still evolving

Practical Evaluation Checklist

• [ ] Target portal is accessible from your network (no VPN blocks)
• [ ] Workflow is stable (portal UI doesn’t change frequently)
• [ ] Auth mechanism is compatible with Zatanna’s recording approach
• [ ] Response latency is acceptable for your use case (usually under 5 seconds)
• [ ] You have permission to automate the target service

Security Notes

• Zatanna records network traffic locally — verify your data stays within your infrastructure
• Generated API calls carry the same credentials as your browser session — protect the endpoints
• Review what data leaves your environment when calling third-party portal APIs

FAQ

Q: Does Zatanna work with MFA-protected portals? A: It depends on the MFA mechanism. TOTP-based MFA may be recorded in the session; push notifications and hardware keys are harder to handle.

Q: How is this different from just using Playwright? A: Playwright drives a browser UI. Zatanna works at the network layer — it’s faster and more reliable for stable workflows, but can’t handle highly dynamic JS-heavy portals.

Q: Can I self-host Zatanna? A: Currently cloud-only (YC-backed startup, still in beta). Self-hosted options may come later.

Conclusion

Zatanna solves a real problem: legacy enterprise software that can’t be automated because it has no API. By reverse-engineering the network layer, it creates a clean path for AI agents to interact with UI-only tools. Worth watching as it exits beta — especially if your stack involves lots of manual portal workflows.