GitHub - dochia-dev/dochia-cli: Dochia automatically generates and executes negative and boundary testing so you and your AI agents can focus on building. Because nobody wants to debug why their "enterprise-grade" API can't handle a simple 🤷‍♀️

5 min read Original article ↗

🤖 Agent-ready • 🧑 Human-friendly

120+ negative and boundary playbooks plus chaos testing, all from your OpenAPI spec. No test cases to write.

Bringing chaos with love.

License Java Version GraalVM Release CI

What is Dochia?

Dochia is a CLI tool for automated negative, boundary, and chaos API testing.

Dochia automatically generates and executes negative and boundary API testing, so you and your AI agents can focus on building, not writing endless test cases or debugging edge-case failures.

Because nobody wants to debug why their "enterprise-grade" API can't handle a simple 🤷‍♀️

It runs 120+ deterministic test playbooks that challenge your APIs with malicious, unusual, and edge-case inputs. It combines negative, boundary, and chaos testing to reveal weaknesses before they surface in production.

It's like throwing a tantrum at your API, so your users don't have to.

The problem. Engineers spend too much time writing repetitive test cases, traditional automation mostly covers the happy path, and coding agents waste tokens reasoning about test cases they could just run.

The solution. Point Dochia at your OpenAPI spec, and it handles the rest. No test cases to write.

Commits Quality Gate Status Bugs Code Smells Coverage

See it in action

Demo

Features

  • Instant setup: Point it at your OpenAPI spec, no test cases required
  • 120+ Test playbooks: Negative, boundary, and chaos scenarios - deterministic and ready to run
  • Context-aware payloads: Understands your API structure to generate meaningful edge cases
  • Actionable reports: Specific fixes, not just failure logs
  • Replay mode: Replay and investigate specific test scenarios
  • Agent-readable reports: Structured JSON output so coding agents can read, reason, and act on results directly
  • Agent-ready workflows: Run dochia init-skills to expose Dochia skills to your coding agent so they can test as they build

How It Works

1. Reads Your OpenAPI Specs

Parses your OpenAPI/Swagger spec to understand your API structure, parameters, and expected data types.

2. Generates Smart Payloads

Creates thousands of context-aware test cases including boundary values, XSS payloads, buffer overflow tests, type confusion attacks, and authentication bypasses.

3. Finds Hidden Issues

Runs predefined playbooks with intelligent payload mutation, then analyzes responses for error patterns you wouldn't have thought to test.

4. Surfaces Issues - For You or Your Agent

Results land in dochia-summary-report.json plus individual test files per endpoint, structured so both humans and AI agents can act on them immediately.

Dochia in Agentic Workflows

As AI agents write more code, they need something to test it first. Dochia closes the loop:

  1. Agent writes new API endpoint
  2. Agent runs: dochia test -c api.yml -s localhost:3000
  3. Dochia produces dochia-summary-report.json + individual test .json files
  4. Agent reads errors, fixes code, re-runs
  5. Ship with confidence. Human never touched a test

Without Dochia, agents burn tokens reading specs, reasoning about edge cases, generating payloads, and interpreting raw responses — often across multiple back-and-forth iterations. Dochia handles all of that internally. One command, structured results.

Run dochia init-skills to expose Dochia skills to your coding agent.

About the Name

Dochia is a figure from Romanian folklore.

According to legend, she climbs the mountains believing winter has passed, only to be caught off guard when the cold returns. One by one, she sheds her layers, trusting the weather has changed, until it suddenly turns against her.

Your API might seem fine until it faces the unexpected. Dochia tests those hidden conditions before they find your users.

Quick Start

Installation

Homebrew (macOS/Linux)

brew install dochia-dev/tap/dochia-cli

Curl (Linux/macOS)

curl -sSL https://get.dochia.dev | sh

Docker

docker run --rm -v $(pwd):/workspace dochiadev/dochia-cli test -c /workspace/api.yaml -s http://localhost:8080

Manual Download

wget https://github.com/dochia-dev/dochia-cli/releases/latest/dochia_platform_version.tar.gz -O dochia.tar.gz
tar -xzf dochia.tar.gz
chmod +x dochia
sudo mv dochia /usr/local/bin/dochia
rm dochia.tar.gz

# Verify installation
dochia --version

Agent Setup

Basic Usage

# Blackbox mode — checks for 5XX status codes only
dochia test -c api.yaml -s http://localhost:8080 -b

# Target specific endpoints
dochia test -c api.yaml -s http://localhost:8080 -b --path "/api/users"

# Pass an auth header from an environment variable
dochia test -c api.yaml -s http://localhost:8080 -b --path "/api/users" -H "Api-Key=$API_KEY"

# Replay a specific test
dochia replay Test120

Agent Workflow

dochia init-skills

# Your agent can now trigger Dochia with natural commands like:
# → "test my API"
# → "check for 5XX errors"
# → "run boundary testing"
# → "validate my endpoints"
# → "check input validation"

Contributing

We welcome contributions! Please see our Contributing Guide for details.

Prerequisites

  • Java 25+: OpenJDK or Oracle JDK
  • GraalVM: For native binary compilation
  • Maven: Build tool (wrapper included)

Development Setup

git clone https://github.com/dochia-dev/dochia-cli.git
cd dochia
./mvnw clean compile  # build
./mvnw test           # run tests
java -jar target/dochia.jar test -c api.yaml -s http://localhost:8080  # run from JAR

Building Native Binary

sdk install java 25.0.1-graalce
sdk use java 25.0.1-graalce
./mvnw clean package -Pnative
./target/dochia-runner --version

Is Dochia free?

Yes, the code in this repo is free and open source under the Apache 2.0 license, and Dochia follows an open core model. A Pro version with additional features and support is coming soon.

License

Apache 2.0 - see LICENSE for details.

Links

Let machines do machine work, humans do human work.