# Dino — API Quality Intelligence Platform

> The quality layer for APIs. Dino gives humans and agents the judgment of a world-class quality engineer across security, correctness, documentation, and lifecycle — for **GraphQL** and **REST (OpenAPI 3.0/3.1)**.

## Docs

- [Introduction](https://docs.usedino.dev/introduction): Positioning, capabilities table, multi-protocol differentiators, RBAC matrix, Shadow Mode.
- [Installation](https://docs.usedino.dev/installation): Node.js 22+, global `npm` install, config search order, environment variables.
- [Quick Start](https://docs.usedino.dev/quickstart): GraphQL ad-hoc path and REST tenant path (`tenants/<id>.yml`, `dino scan --tenant`).
- [dino scan](https://docs.usedino.dev/cli/scan): Full quality pipeline; **`--fail-on-high`** (exit 1 on HIGH/CRITICAL); module list including **`rest-fuzzer`**; REST configured via tenant OpenAPI, not `--protocol`.
- [dino init](https://docs.usedino.dev/cli/init), [dino validate](https://docs.usedino.dev/cli/validate), [dino diff](https://docs.usedino.dev/cli/diff), [dino lint](https://docs.usedino.dev/cli/lint), [dino changelog](https://docs.usedino.dev/cli/changelog), [dino watch](https://docs.usedino.dev/cli/watch): CLI reference pages.
- [.dino.yml](https://docs.usedino.dev/config/dino-yml): Ad-hoc GraphQL fields; **tenant** `apis[]` table for `type: rest`, `source: openapi`, `specPath`.
- [Architecture](https://docs.usedino.dev/how-it-works/architecture): GraphQL introspection + OpenAPI discovery; shared catalog and reporting.
- [Agents](https://docs.usedino.dev/how-it-works/agents): GraphQL modules; **REST fuzzer** (19 strategies, six surfaces); **`validateResponseAgainstSpec`** (six OpenAPI response checks, programmatic API today).
- [Deterministic engine](https://docs.usedino.dev/how-it-works/deterministic-engine): Reproducibility and false-output discipline.
- [Health scores](https://docs.usedino.dev/how-it-works/health-scores): Per-operation and aggregate scoring including REST.
- [Shadow mode](https://docs.usedino.dev/how-it-works/shadow-mode): Observe vs enforce; M1.5 REST shipped; L2 Suggest still planned.
- [Security](https://docs.usedino.dev/security/overview), [Compliance](https://docs.usedino.dev/security/compliance): Trust and data-handling context.
- [FAQ](https://docs.usedino.dev/reference/faq): REST support, CI exit codes, open-source scope.

## `dino scan` (one-line for models)

Run the full quality pipeline — **19** REST fuzz strategies across **six** attack surfaces when REST operations exist, plus GraphQL input fuzzing and response validation, auth boundary testing (RBAC matrix), and health-scored reporting. Supports **GraphQL introspection** and **REST via OpenAPI** from tenant configuration.

## Agents / modules (one-line for models)

Shipped deterministic modules include input fuzzer, response validator, RBAC matrix, rate limit validator, error code validator, deprecation tracker, and **`rest-fuzzer`** for OpenAPI-backed REST operations; optional AI reasoning layers sit on top without replacing deterministic results.