Which frameworks support Truto's LoanPro AI agent tools?

Truto's tools are framework-agnostic. While we offer a truto-langchainjs-toolset for LangChain, you can bind these tools to LangGraph, CrewAI, or the Vercel AI SDK.

Can I access custom tenant roles in LoanPro via the AI agent?

Yes, Truto exposes fields like tenantAccessRoleDescription and tenantActiveStatus via the /tools endpoint, allowing agents to audit and query custom roles.

Connect LoanPro to AI Agents: Automate User Lookups and Agent Data

You want to connect LoanPro to an AI agent so your system can autonomously query user directories, audit multi-factor authentication (MFA) status, manage tenant roles, and oversee agent data. Here is exactly how to do it using Truto's /tools endpoint and SDK, bypassing the need to build and maintain a custom LoanPro connector from scratch.

Financial operations teams are transitioning from static dashboards to agentic AI - autonomous systems that interact with core infrastructure to execute complex administrative workflows. Giving an AI agent read and write access to a lending management system like LoanPro introduces significant engineering friction. If your team uses ChatGPT, check out our guide to connecting LoanPro to ChatGPT, or if you are building heavily on Anthropic's ecosystem, read our guide to connecting LoanPro to Claude.

For engineers building custom, multi-step autonomous workflows using LangChain, LangGraph, CrewAI, or the Vercel AI SDK, you need a programmatic way to fetch LoanPro capabilities and bind them natively to your Large Language Model (LLM). This guide breaks down exactly how to architect this using Truto.

The Engineering Reality of the LoanPro API

Giving an LLM access to external systems sounds trivial in a rapid prototype. You write a Node.js function, wrap it in an @tool decorator, and let the model figure it out. In a production environment involving financial core systems like LoanPro, this approach collapses entirely. If you decide to build a custom integration, your engineering team assumes the full burden of the API lifecycle, from schema maintenance to auth token refreshes.

LoanPro's architecture introduces specific integration challenges that require strict handling when exposed to an LLM:

The Tenant and Role Hierarchy

LoanPro utilizes a deeply nested permission model. Users do not merely have generic "admin" or "agent" statuses. They exist within specific tenant roles (tenantAccessRole), assigned via specific role groups (tenantRole, wizardGroup, searchRestrictionGroup). Standard LLMs struggle with deeply nested, proprietary relationship models. If your tool schemas do not clearly define the structure of tenantActiveStatus versus global active flags, the AI agent will hallucinate role assignments or misinterpret a suspended tenant user as a globally active employee.

Strict Rate Limits and the 429 Reality

LoanPro enforces rate limits to protect its infrastructure. AI agents are notoriously aggressive - when tasked with summarizing 500 user profiles, a while loop inside an agent framework can trigger hundreds of concurrent GET requests in seconds.

A critical architectural note: Truto does not retry, throttle, or apply exponential backoff on rate limit errors for proxy APIs. When LoanPro returns an HTTP 429 Too Many Requests error, Truto passes that error directly back to the caller. However, Truto normalizes the upstream rate limit information into standardized IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). As the developer, you must explicitly implement retry and backoff logic inside your agent's execution loop. You cannot expect the integration layer to absorb runaway agent behavior.

Complex Search and Filtering

Retrieving users in LoanPro often requires structured query parameters to filter by job title, MFA enrollment, or creation date. LLMs are notoriously poor at formatting complex custom query languages. They need strict, predefined JSON schemas for query parameters. If you rely on custom code, you have to write and maintain JSON schemas for every single LoanPro search filter you want the LLM to understand.

High-Leverage LoanPro AI Agent Tools

Truto solves this by providing dynamically generated, LLM-ready tool definitions for every endpoint available in the integration. You simply hit the /tools endpoint, and Truto returns descriptions and strict JSON schemas that map to the underlying LoanPro Proxy APIs. This is especially helpful when figuring out how to handle long-running SaaS API tasks during tool execution.

Here are the most critical hero tools for managing user lookups and agent data in LoanPro.

List All LoanPro Users

Tool Name: list_all_loan_pro_users

This tool allows the agent to search and filter the directory of LoanPro users. It is essential for bulk audits and identity verification. It returns comprehensive profile data including firstName, lastName, fullName, userName, tenantAccessRoleDescription, tenantActiveStatus, active, jobTitle, isEnrolledInMFA, wizardGroup, searchRestrictionGroup, tenantAccessRole, phone, and globalRole. It also returns a summary object containing totalHits and totalTime.

Usage note: Because this returns a paginated list, agents should be prompted to utilize specific search filters to avoid pulling down thousands of records and overflowing their context window.

"Audit the user directory and compile a list of all active users who have the job title 'Support Agent' but are not currently enrolled in MFA. Return their full names and IDs."

Get Single LoanPro User Profile

Tool Name: get_single_loan_pro_user_by_id

When the agent needs deep context on a specific individual, it uses this tool. By passing the user id, the agent retrieves an exact profile including sensitive metadata like recoveryEmail, gender, roleId, tenantRole, tenantAccessActive, validated, and lastContractSigned.

Usage note: This is the primary tool used for targeted identity investigations. If an agent detects anomalous activity from a specific user ID in an external system, it can cross-reference the user's validated status and tenant role here.

"Look up the profile for user ID 849201. Tell me what their current tenant role is, whether their access is active, and the date their last contract was signed."

Update User MFA Requirements

Tool Name: update_loan_pro_user_mfa_requirement

Security and compliance workflows require automated enforcement. This tool allows the agent to update the MFA configuration for a specific user profile, forcing enrollment during their next login session.

Usage note: This tool is typically gated behind a human-in-the-loop approval step in multi-agent frameworks, ensuring that autonomous systems do not lock out executives without confirmation.

"Force MFA enrollment for the user account associated with jdoe@example.com, and trigger an email notifying them of the updated security policy."

Suspend Tenant Access

Tool Name: suspend_loan_pro_tenant_access

Offboarding workflows span multiple SaaS applications. This tool allows the AI agent to immediately revoke a user's active status within a specific tenant without necessarily deleting their historical audit logs or global identity.

Usage note: The agent must distinguish between globalRole suspension and tenantActiveStatus suspension. Modifying tenant access is the preferred route for standard agent offboarding.

"Immediately suspend tenant access for all contractors in the 'Seasonal Processing' wizard group, as their contract period ended yesterday."

Get Role Permissions

Tool Name: get_loan_pro_role_permissions

When auditing access control, knowing that someone is in the 'Tier 2 Support' role is insufficient. The agent needs to know what that role actually allows. This tool fetches the explicit permissions tied to a roleId.

Usage note: Highly useful for compliance agents performing automated SOC 2 access reviews.

"Fetch the permission set for role ID 4021. Does this role grant the ability to authorize manual loan write-offs?"

To view the complete schema definitions and the full inventory of available capabilities, visit the LoanPro integration page.

Workflows in Action

AI agents provide the most value when executing multi-step workflows that require reasoning across different datasets. Here is how these tools operate in real-world scenarios.

Scenario 1: The Automated Access Review

Compliance teams spend weeks manually verifying that users have the correct permissions and MFA status. An AI agent can compress this into seconds.

"Audit the LoanPro user directory. Find all active users with the 'Admin' global role who are not enrolled in MFA. Generate a summary report and draft an alert to the security team."

The agent calls list_all_loan_pro_users passing query parameters for active=true and globalRole=Admin.
The LoanPro API returns the matching records.
The agent processes the JSON array, filtering out any records where isEnrolledInMFA is true.
If violations are found, the agent extracts the fullName, userName, and id for each violator.
The agent generates the final markdown report identifying the security gaps.

Scenario 2: Offboarding an Agent

When an employee leaves, IT administrators must manually hunt down their accounts across dozens of SaaS tools. An autonomous offboarding agent handles this systematically.

"We are offboarding Marcus Chen. Find his active profile in LoanPro, verify his current tenant roles, and suspend his access immediately."

The agent calls list_all_loan_pro_users with a search filter for the name "Marcus Chen".
It extracts his specific user id from the response payload.
The agent calls get_single_loan_pro_user_by_id to log his current tenantRole and wizardGroup for historical compliance records.
The agent calls suspend_loan_pro_tenant_access using the extracted id to securely revoke his login capabilities.
The agent replies to the user confirming the successful offboarding.

Building Multi-Step Workflows

To implement these workflows, you need to architect an execution loop that binds Truto's tools to your LLM. While Truto provides the truto-langchainjs-toolset SDK, the underlying REST structure means this works seamlessly with LangGraph, CrewAI, Vercel AI SDK, or custom frameworks.

Because Truto acts as a transparent proxy, you must explicitly handle API constraints. If your agent decides to rapidly loop through 1,000 user records, LoanPro will return an HTTP 429. Truto will pass this 429 directly to your agent, along with standardized ratelimit-reset headers. Your code must intercept this and pause execution.

Here is an architectural example of how to bind these tools and handle rate limits natively in TypeScript.

import { ChatOpenAI } from "@langchain/openai";
import { AgentExecutor, createOpenAIToolsAgent } from "langchain/agents";
import { TrutoToolManager } from "truto-langchainjs-toolset";
import { pull } from "langchain/hub";
 
async function executeLoanProAgent(prompt: string, integratedAccountId: string) {
  // 1. Initialize the LLM
  const llm = new ChatOpenAI({
    modelName: "gpt-4-turbo-preview",
    temperature: 0,
  });
 
  // 2. Initialize the Truto Tool Manager
  const toolManager = new TrutoToolManager({
    apiKey: process.env.TRUTO_API_KEY,
  });
 
  // 3. Fetch specific LoanPro proxy tools for the connected account
  const tools = await toolManager.getTools(integratedAccountId, {
    methods: ['read', 'write'] // Fetch both GET and POST/PATCH tools
  });
 
  // 4. Bind the tools to the prompt
  const promptTemplate = await pull<any>("hwchase17/openai-tools-agent");
  const agent = await createOpenAIToolsAgent({
    llm,
    tools,
    prompt: promptTemplate,
  });
 
  const executor = new AgentExecutor({
    agent,
    tools,
  });
 
  // 5. Execute with explicit rate limit handling
  let retries = 0;
  const MAX_RETRIES = 3;
 
  while (retries < MAX_RETRIES) {
    try {
      const result = await executor.invoke({
        input: prompt,
      });
      console.log("Workflow Complete:", result.output);
      return result.output;
 
    } catch (error: any) {
      // Check if the error is a 429 Too Many Requests passed through Truto
      if (error.response && error.response.status === 429) {
        // Truto normalizes upstream headers to IETF standard
        const resetTimeHeader = error.response.headers.get('ratelimit-reset');
        
        let waitSeconds = 5; // default fallback
        if (resetTimeHeader) {
          const resetDate = new Date(parseInt(resetTimeHeader) * 1000);
          waitSeconds = Math.max(1, Math.ceil((resetDate.getTime() - Date.now()) / 1000));
        }
 
        console.warn(`Rate limit hit. Agent pausing for ${waitSeconds} seconds...`);
        await new Promise(resolve => setTimeout(resolve, waitSeconds * 1000));
        retries++;
      } else {
        // Bubble up non-rate-limit errors (e.g., 401 Unauthorized, 400 Bad Request)
        console.error("Agent execution failed due to API error.");
        throw error;
      }
    }
  }
  
  throw new Error("Max retries exceeded due to persistent rate limiting.");
}
 
// Example Invocation
executeLoanProAgent(
  "Find the user profile for agent ID 99201 and verify if they are enrolled in MFA.",
  "loanpro_acct_8f92a1b"
);

This architecture guarantees deterministic execution. The LLM relies on Truto's dynamically injected schemas to understand exactly which fields LoanPro requires. The developer relies on standard HTTP headers to manage API quotas, preventing infinite retry loops that could suspend the underlying SaaS account.

By utilizing Truto as the abstraction layer, you eliminate the need to write custom pagination parsers, OAuth refresh daemons, and hardcoded schema definitions. The integration layer operates purely on standardized primitives, freeing your engineering resources to focus entirely on agent orchestration and business logic.