Warning

Please be vigilant about TRM impersonation scams, especially those claiming to assist with fund recovery. More info

Solutions
Products
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Life at TRM
May 28, 2026

Meet the Agent: How the Solutions Architecture Team Built Mycroft

An AI agent to reduce vendor API documentation decoding from 15 hours to one hour per week
Todd Soderstrom
Meet the Agent: How the Solutions Architecture Team Built Mycroft

As a senior integrations engineer on the solutions architecture team, my mandate is straightforward to describe and painful to scale: when we’re asked to pull data from a new source, we make it happen. The range is wide — different industries, different scales, different generations of API design — and the queue doesn’t stop.

The hard part isn’t the engineering. It’s the decoding. Every vendor documents their API differently, authenticates differently, and has its own opinions about pagination, errors, and what a “result” looks like. Each new integration starts with me sitting down to figure all of that out from scratch. On average, our team was spending 15 hours a week manually decoding vendor API documentation and writing integration code. So I decided to build an agent that does it in one hour instead.

I named it Mycroft, after Sherlock Holmes’ older brother. Here’s how it works, what went wrong along the way, and what we learned about building automation that improves over time.

15 hours a week on API documentation

Each time a new data source arrives with fresh API documentation, someone on my team has to manually decode what it actually means — not just read it, but understand it deeply enough to generate working code. It’s important work — repetitive but requiring real intelligence — but hard to scale with humans alone. Plus, the documentation quality we receive can vary wildly.

With Mycroft, we decided to turn each vendor into callable tool that our AI agents could use to query that vendor's data, so getting the wiring right mattered.

What Mycroft actually delivers

Mycroft turns a vendor's API documentation into a working tool — a callable, tested, documented capability that our investigative agents can use to query that vendor's data. Each run produces real code merged into the product, not a script someone has to clean up. A vendor goes in and a pull request comes out.

A generator paired with a critic, at every step

The reason Mycroft is reliable is that nothing it produces ships unchallenged. Every generative step — drafting the spec, writing the code, generating tests, reviewing against the docs — is paired with a separate critic agent whose only job is to grade that output and fail it if it falls short. When the critic flags a problem, a focused fix loop runs (up to three attempts) before Mycroft is allowed to advance to the next stage.

That adversarial gating is the actual mechanism behind Mycroft’s reliability. Most automation pipelines hit a ceiling because generation and validation happen in the same step, run by the same agent, with the same blind spots. Splitting them — generator on one side, skeptic on the other — means errors get caught when they're cheap to fix, instead of after they've propagated through three more stages of a complex process.

By the time a developer sees Mycroft's output, every stage has already been written, critiqued, fixed, and re-critiqued. The reviewer is reading a finished pull request with the critic reports attached, not steering a half-built draft.

Mycroft rewrites itself between runs

The continuous improvement story isn't that Mycroft "learns from failure" in some abstract sense. The mechanism is concrete: after every run, Mycroft analyzes what its critics caught, what slipped through to code review, and where the fix loops spent their attempts. It then edits the prompts and instructions of its own agents in the source repo and opens a pull request to update itself.

The agents literally rewrite themselves between runs. The same human review gate that catches bugs in vendor tools also catches bad self-modifications, so the loop stays supervised — but institutional knowledge compounds in the codebase, not just in someone's head. Mycroft tomorrow is meaningfully better at this than Mycroft yesterday, and the diff is auditable.

What we got wrong

Bringing Mycroft to life wasn’t without its challenges, and we made a few critical observations along the way:

Code generation without validation fails

The first iteration assumed Mycroft just needed to generate code. Early versions produced syntactically correct output that had zero chance of actually connecting to a vendor's API. Live validation at every stage — including hitting real endpoints with real credentials — turned out to be essential.

API documentation quality varies wildly

Some vendors ship clean, well-structured OpenAPI specs. Others ship creative interpretations of what a spec could be. We had to build significant preprocessing logic to normalize inputs before generation could work.

Full autonomy is slower than human-in-the-loop

The original goal was a fully autonomous bot. In practice, a developer reviewing Mycroft's PR takes about 30 minutes instead of the original 4–5 hours of building. Keeping a human at the merge gate makes the system faster overall.

These iterations weren't failures — they were ultimately the work that made Mycroft more useful.

Where Mycroft still needs humans

Mycroft works best when it has semantic structure to grab onto — clean specs, structured schemas, well-defined endpoints. Unstructured prose without any schema information is harder.

It’s also important to note that having an AI agent like Mycroft has multiplied the capacity of my team — but it doesn't replace technical judgment. We still verify security reviews and compliance checks before integration.

From 15 hours to one

With Mycroft, we brought 15 hours a week of manual API integration work down to one hour. That's the difference between scaling vendor integrations and being bottlenecked by documentation. Mycroft handles the volume; we focus on the decisions that require human expertise.

{{horizontal-line}}

If building AI agents that do real work and produce real outcomes sounds like your kind of challenge, check out our open roles. We’re hiring across all teams.

This is some text inside of a div block.

Related posts

arrow right
BLOG
May 18, 2026

TRM Has a New Kind of Team Member. Meet Some of Our Roster.

arrow right
BLOG
May 26, 2026

How Structured Communication Became TRM's Quiet Superpower

arrow right
BLOG
May 1, 2026

Solutions Architecture at TRM: Where Technical Depth Meets Customer Outcomes

No posts to show
No posts to show
No posts to show
No posts to show
No posts to show
Subscribe and stay up to date with our insights
No items found.
Digital illustration showing a pie chart, masked criminal figure, and crypto coin symbol on a data grid background—representing crypto crime analytics.
REPORT
See the trends and typologies that shaped the illicit crypto ecosystem in 2025
READ THE REPORT →
Blue diamond with a circle overlayed in white on a dark blue background
REPORT
Unlocking more clarity for institutional adoption with key crypto policy shifts in 2025
READ THE REPORT →
3D illustration of a blue magnifying glass hovering over a digital fingerprint on a dark background, symbolizing crypto investigations or forensic analysis.
FLIP BOOK
Learn more about common crypto-enabled scam typologies in our "Investigating Crypto Scams" flip book
Get your copy →
Illustration of a stablecoin represented by a dollar symbol surrounded by icons for growth, risk alert, user profiles, and a security shield with a target, connected through a network of hexagons — symbolizing the interconnected risks and compliance considerations in digital asset ecosystems.
USE CASE
Learn how TRM helps compliance teams monitor exposure, detect threats, and safeguard their organizations
TRM for stablecoin risk management →
A worn silver wrench tool on a brown-red background, as a metaphor for violent crime
BLOG
Learn about the recent rise of "wrench attacks" and crypto-related violent crime
Read the post →
Illustration of a financial institution icon and a compliance document with checkboxes, symbolizing regulatory due diligence and financial compliance in the digital asset ecosystem.
GUIDE
Learn best practices for evaluating the legal, operational, and financial integrity of crypto entities before engagement
Get the guide →
A judge's gavel rests beside a stack of gold-colored cryptocurrency tokens, including Bitcoin, Dogecoin, Ethereum, and others, symbolizing the intersection of digital assets and regulatory or legal oversight.
REGULATORY ACTION TRACKER
Stay updated on the latest crypto-linked regulatory actions available in the public domain
Check it out →
Screenshot of the splash page used by law enforcement agencies following the takedown of Garantex, with bold red lettering reading, "This domain has been seized," along with the logos of various international law enforcement agencies involved in the action.
BLOG
Learn more about the global law enforcement operation that took down Garantex
Read the post →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
2025 Crypto Crime Report: Explore how the crypto crime landscape evolved over the past year
DIG IN NOW →
Bright blue fiber optic cables on a dark blue background, with flashes of white sparks interspersed throughout.
REPORT
As AI technology becomes more sophisticated, so will the ways in which criminals use it. See what TRM is doing to counter AI-enabled crime.
FIGHT AI WITH AI →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
The crypto crime landscape saw significant shifts in 2024, including decreases in illicit volumes. Dig into the data here.
PREVIEW THE CRYPTO CRIME REPORT →
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT