Dino

24 weekly downloads·3,320 tests·0 false positives

The QA engineer your team never has to hire

Dino automatically tests every API operation on every deploy, catches breaking changes before users do, and keeps your docs current. Deterministic, not AI guesswork.

$npm install -g @dino-hq/cli
Read the docs →
terminal
$ dino scan
Scanning API. 261 operations discovered.
Fuzz Testing
94%
Schema Validation
100%
Auth Verification
87%
Checking Rate Limiting
78%
Deprecation Checks
100%
12 agents completed in 4.2s
3 findings surfaced. 0 false positives.

Tests every operation

Dino runs 12 specialized agents across your entire API surface on every deploy. Schema validation, auth verification, rate limits, deprecation checks. All of it.

Documents every change

Documentation that reflects what is actually live, updated every scan. Not every sprint. Not when someone remembers.

Catches what changed

Dino diffs your schema on every scan, surfaces breaking changes, and tells you what is new versus what has been there for weeks.

Earns trust before it acts

Shadow Mode starts silent. Dino watches first, builds a baseline, then earns the right to flag, suggest, and protect. You set the level.

Why this matters now

AI did not just speed up shipping code. It made shipping code almost irrelevant as a bottleneck. Every team builds faster now. Every team ships more.

But speed without quality is just faster failure. APIs break silently. Docs drift. AI agents call endpoints that stopped working weeks ago. Nobody catches it until something collapses in production.

That is the gap AI created. Dino fills it.

Earns trust before it takes action.

Every other approach to API quality starts at maximum noise. Dino does the opposite. It watches silently, builds a baseline, and earns the right to act, one level at a time.

L1Observe

"Dino is watching"

Watches live traffic. No action taken.

L2Suggest

"Dino would flag this"

Flags issues in real time. No blocking.

L3WriteComing

"Dino would suggest a fix"

Generates fix suggestions and draft PRs.

L4EnforceComing

"Dino is protecting"

Blocks requests that violate contract.

Set your autonomy level in .dino.yml: autonomy.level: observe | suggest | write | enforce

Learn how it works →

12 agents. Every dimension of API quality.

Each agent is a specialist. Run independently or together. Every agent produces deterministic output: same input, same result, every time.

Correctness Agent

Tests every endpoint against your schema on every deploy

Is the API doing what the schema says?

finding: "POST /payments returns { amount: string } but schema declares integer"
Security Agent

Tests auth boundaries and detects access control bypass

Is the API safe from attacks?

finding: "GET /users/{id} returns other tenants data with valid token"
Health Agent

Checks if your health endpoint is telling the truth

Can I trust the API's self-reported status?

finding: "/health returns 200 OK but database connection is down"
Documentation Agent

Flags undocumented operations and generates missing descriptions

Is the API documented and current?

finding: "mutation createOrder: 0 of 4 arguments have descriptions"
Evolution Agent

Tracks deprecation lifecycles and surfaces endpoints that should be sunset

Is the API changing safely?

finding: "query legacyUsers deprecated 90 days ago, still called 340 times/day"
Performance Agent

Tracks response times and detects latency regressions between deploys

Is the API fast and stable?

finding: "GET /feed p99 latency 4.2s, up from 1.1s since last deploy"
See all 12 agents →

Start in 30 seconds.

$npm install -g @dino-hq/cli
Read the docs →·How it works →·See all agents →