Skip to main content

Shadow Mode

Every API quality tool starts at maximum noise. Dino does the opposite. Shadow Mode lets Dino earn your trust gradually. Start by watching silently. As confidence grows, increase autonomy.

The Four Levels

LevelNameWhat Dino DoesConfig
L1ObserveWatches silently, builds baseline, reports findingsautonomy.level: observe
L2SuggestRanked findings with confidence scoresPlanned (M1.5)
L3WriteCreates PRs with human approvalPlanned (post-M2)
L4EnforceBlocks CI on violationsautonomy.level: enforce
Today, Dino ships with Observe and Enforce. Suggest and Write are coming.

How It Works

Observe Mode (default)

autonomy:
  level: observe
Dino scans your API, records findings, and reports them — but never blocks CI. Every scan result is saved to watch history for trend analysis. 
dino watch --autonomy observe --interval 300
This runs a scan every 5 minutes. Findings accumulate in .dino/watch-history.jsonl. You review at your pace. Use observe when: You’re evaluating Dino, onboarding a new API, or want to see what it finds before trusting it.

Enforce Mode

autonomy:
  level: enforce
Dino blocks CI when it finds issues. dino watch returns exit code 1 on failures. dino diff --fail-on-breaking returns exit code 1 on breaking changes. 
# In CI: single scan, fail the build on issues
dino watch --autonomy enforce --once
Use enforce when: Dino has been running in observe mode and you trust its findings. Typically after 2-4 weeks of consistent, accurate results.

The Customer Journey

Day 1    → dino init, first scan, observe mode
Week 1   → "Found 12 issues across 7 scans. 2 false positives."
Week 2   → Adjust config, reduce false positives to 0
Week 3   → "14 scans, 100% useful findings"
Month 1  → Enable enforce mode in staging CI
Month 2  → Enable enforce mode in production CI

CI Integration

Observe in CI (non-blocking)

# GitHub Actions
- name: Dino Scan (observe)
  run: dino watch --once --autonomy observe
  continue-on-error: true

Enforce in CI (blocking)

# GitHub Actions
- name: Dino Scan (enforce)
  run: dino watch --once --autonomy enforce

Breaking change gate

- name: Schema Gate
  run: dino diff --fail-on-breaking
Start with observe mode in CI using continue-on-error: true. Review findings for a few weeks. When you trust them, remove continue-on-error and switch to enforce.

Watch History

Every dino watch iteration saves a record to .dino/watch-history.jsonl: 
{
  "timestamp": "2026-03-31T10:00:00Z",
  "duration_ms": 4200,
  "operations": 312,
  "findings": 3,
  "agents": { "input-fuzzer": "pass", "rbac-matrix": "2 findings" }
}
This history powers trend analysis: “Are findings increasing? Decreasing? Did a deploy introduce new issues?”
Shadow Mode levels 2 (Suggest) and 3 (Write) are on the roadmap. L2 adds confidence scoring and ranked recommendations. L3 will create pull requests with fixes, pending human approval.