Most teams document less than a third of their API surface. The rest of the undocumented operations, missing descriptions, breaking changes, and deprecated fields ship silently to production. Dino is an API Quality Intelligence Platform, the quality layer for APIs. It gives humans and agents the judgment of a world-class quality engineer across security, correctness, documentation, and lifecycle.Documentation Index
Fetch the complete documentation index at: https://docs.usedino.dev/llms.txt
Use this file to discover all available pages before exploring further.
What Dino does
Scan & analyze
Run the full quality pipeline against your GraphQL or REST API. Nineteen REST fuzz strategies, schema validation, auth boundary testing, health scores: one command (
dino scan).Diff & changelog
Track every schema change between deploys. Catch breaking changes before they reach consumers.
Document
Generate API reference docs from your live schema. Fill in what your team forgot to write.
Watch & govern
Run scheduled scans with Shadow Mode. Start observing, graduate to enforcing.
Capabilities
| Command | What it does | CI-ready? |
|---|---|---|
dino scan | Full pipeline shipped quality modules (including rest-fuzzer When REST operations exist, health scores, and intelligence reports | Yes (--fail-on-high for HIGH/CRITICAL gate) |
dino diff | Schema diff against last snapshot, breaking change detection | Yes (--fail-on-breaking) |
dino docs | Generate API reference from live schema | Yes (--output) |
dino lint | Check SDL descriptions, catch documentation regressions. | Yes (--fail-on-undocumented) |
dino changelog | Keep a Changelog-formatted API changelog from snapshot diffs | Yes (--fail-on-breaking) |
dino watch | Scheduled scans with Shadow Mode (observe/enforce) | Yes (--once) |
dino init | Interactive onboarding creates .dino.yml config | No (interactive) |
dino validate | Validate .dino.yml against schema | Yes |
What makes Dino different
Deterministic engine
Deterministic engine
Every run produces the same results for the same input. No flaky results, no AI hallucinations in the core pipeline: the engine is deterministic, with optional AI reasoning layered on top.
GraphQL and REST from one pipeline
GraphQL and REST from one pipeline
Same catalogue, same health model, same reporting: one CI gate whether your surface is introspected GraphQL or OpenAPI-backed REST.
19 schema-aware fuzz strategies across six attack surfaces (REST)
19 schema-aware fuzz strategies across six attack surfaces (REST)
Body, path, query, HTTP method,
Content-Type, schema corners, and headers including auth-bypass strings, host and IP spoofing headers, and CORS probes. GraphQL retains the full input-fuzzer and response-validator coverage you already rely on.RBAC matrix testing
RBAC matrix testing
Every operation × every auth state from your tenant roles is automated, with auto-skip when auth is not configured, so you do not get noisy false positives.
Shadow Mode graduated autonomy.
Shadow Mode graduated autonomy.
Start in observe mode (report only), graduate to enforce (fail the build). Your team controls the pace.
Who it’s for
- Backend teams shipping APIs without dedicated QA, Dino is the quality intelligence you do not have to hire.
- Platform engineers managing dozens of internal APIs catch breaking changes across services.
- API-first companies where the API is the product, documentation gaps are revenue gaps.
Next steps
Quick Start
Run your first scan in under 5 minutes.
Architecture
How the scan pipeline, agents, and deterministic engine work together.