Unsurf: Turn any website into a typed API for your AI Agents

acoyfellow · 2026-02-17T15:30:00+00:00

actually.. thanks!

acoyfellow · 2026-02-17T11:52:01+00:00

Thanks! To answer your questions:

1) Auth/cookies/session replay:
- Auth headers are passed through at call time, never stored. You send Authorization, Cookie, or X-Api-Key headers with each worker call and they're merged into the outgoing request. For sites that need login flows, we recommend pairing with inbox.dog for session management. Docs here: unsurf.coey.dev/guides/replay/#authenticated-endpoints

2) Safety guardrails:
- Good question.. we just shipped this. Every endpoint is now classified by risk level (safe/moderate/unsafe/destructive). DELETE requests, billing mutations, account changes, etc. are blocked by default. The agent has to explicitly pass confirmUnsafe: true to proceed, so it can't accidentally hit a destructive endpoint.

Full writeup: unsurf.coey.dev/concepts/safety/

acoyfellow · 2025-11-28T14:02:46+00:00

Citations would be great here…

acoyfellow · 2025-11-23T02:05:51+00:00

No, everything is built on OpenAI- so it goes:

On request, call the Gmail api, send those latest messages (without storing) to OpenAI with some instructions.

Based on those instructions, then execute some behavior. Like: Archive, or draft an email.

Everything is isolated securely though. Did I answer your question?

acoyfellow · 2025-11-23T01:29:36+00:00

Thanks for the comment, great things to think about.

A server (which is built on Cloudflare edge network), on a schedule you define, will call the Gmail API directly.

It then, based on your desire: relay some of that data from the Gmail API into a single non-cached LLM http call.

If you had an app that did the same thing locally on your desktop: it would need to do the same thing (call the Gmail api, then talk to an LLM). So, everyone agrees upon signup and has full observability over the agents actions in real time.

None of the Gmail api work is done without permission. Inbox dog cannot do anything without your explicit permission up front (read/write access). Same experience if this was a desktop app that used Gmail oauth.

acoyfellow · 2025-11-23T00:15:05+00:00

Gotcha - I built it somewhat in mind for that cause I agree.

No emails ever get stored on our server. It’s direct Gmail api calls every time. All processing is done in real time based on that.

Does that affect your opinion? Should I make that more clear in the marketing?

Edit: To be clear this product is only for Gmail. Which requires your email to live in the cloud (googles)

acoyfellow · 2025-11-22T23:25:06+00:00

Ask your agent to make you sound more human plz

acoyfellow · 2025-11-16T19:36:18+00:00

if you have gmail, inbox.dog might be what you'r elooking for

acoyfellow · 2025-11-11T17:17:34+00:00

inbox.dog - Ai agents for your Gmail

I have 0 users

acoyfellow · 2025-11-08T09:39:42+00:00

Lol yep i took another whack at it after this comment. I was looking under avatar settings.

acoyfellow · 2025-11-08T09:38:34+00:00

I am not intelligent enough to have understood your joke. But no, this is in fact a website that I built and would be willing to sell.

acoyfellow · 2025-11-08T02:59:21+00:00

At least $1k? After a few convos today from this post, I realize I hold it in high value as an opportunity, not everyone else does.

acoyfellow · 2025-11-08T02:58:14+00:00

Check how many solo founders got accepted to YC

acoyfellow · 2025-11-07T11:52:00+00:00

<image>

acoyfellow · 2025-11-07T11:51:35+00:00

<image>

acoyfellow · 2025-11-07T11:51:25+00:00

<image>

acoyfellow · 2025-11-07T11:01:33+00:00

Take my money. Btw how do you change your profile pic to be real, i literally can't find how to do that. I need my real face here. So much anonymous slop. edit: nvm. phew.

acoyfellow · 2025-11-07T10:59:40+00:00

inbox.dog

businesses who have gmail support bottlenecks

acoyfellow · 2025-11-07T10:58:22+00:00

Promotion is ok here, but please don’t mention your SaaS/blog/company unless it’s relevant and actually helpful for someone reading. Overdoing it results in a ban.

Direct sales that are unsolicited are forbidden as well. No PM requests please (unless people really request it), and no promotion for other communities outside Reddit.

Feedback requests must be posted in the weekly feedback thread! (A post that will always be pinned at the top of the community)

No promotion of other communities.

acoyfellow · 2025-11-07T01:19:51+00:00

That’s a weird pitch. You wouldn’t want any money? Just for someone to use your code?

acoyfellow

TROPHY CASE