GitHub - dochia-dev/dochia-cli: Dochia automatically generates and executes negative and boundary testing so you can focus on creative problem-solving. Because nobody wants to debug why their "enterprise-grade" API can't handle a simple 🤷‍♀️

4 min read Original article ↗

Dochia

Bringing Chaos with Love - Dochia automatically generates and executes negative and boundary testing so you can focus on creative problem-solving. Because nobody wants to debug why their "enterprise-grade" API can't handle a simple 🤷‍♀️

License Java Version GraalVM Release

CI Commits

Quality Gate Status Bugs Code Smells Coverage

What is Dochia?

Dochia automatically generates and executes negative and boundary testing so you can focus on creative problem-solving. It auto-generates malicious, weird, and edge-case inputs to hammer your endpoints. Instead of spending 40% of your time writing repetitive test cases and missing critical edge cases, let Dochia do the heavy lifting while you focus on building amazing features.

It's like throwing a tantrum at your API, so your users don't have to.

See it in action

Demo

Features

  • 🚀 Instant Setup: Point it at your OpenAPI spec and go
  • 🧠 Smart Testing: 120+ playbooks create realistic, context-aware test cases
  • 🔍 Find Hidden Issues: Edge cases, invalid inputs, and boundary conditions
  • 📊 Clear Results: Actionable reports with specific fixes
  • 🔄 Replay Mode: Replay and investigate specific test scenarios
  • 📋 OpenAPI Native: Understands your API structure automatically

About the Name

Dochia comes from Romanian folklore - a legendary figure known for testing the limits of winter's harshness. Like its namesake, this tool rigorously tests your APIs to ensure they can withstand any conditions.

Why Dochia?

The Problem:

  • Engineers spend 40% of time writing repetitive test cases
  • Manual testing misses critical edge cases and boundary conditions
  • Traditional automation mostly tests the "happy path" scenarios
  • These missed edge cases become expensive production failures

The Solution:

  • Automatically discovers and tests thousands of input variations
  • Finds the boundary conditions that would otherwise break production
  • 80% less time on manual and automation negative testing
  • 95% reduction in "how did that get through testing?" incidents
  • More time for creative problem-solving

Is Dochia free?

Yes, the code in this repo is free and open source under the Apache 2.0 license, and Dochia as a product follows an open core model. A Pro version will be available soon that will contain additional features and support.

Quick Start

Installation

Homebrew (macOS/Linux)

brew install dochia-dev/tap/dochia-cli

Curl (Linux/macOS)

curl -sSL https://get.dochia.dev | sh

Docker

docker run --rm -v $(pwd):/workspace dochiadev/dochia-cli test -c /workspace/api.yaml -s http://localhost:8080

Manual Download

# Download latest release for your platform
wget https://github.com/dochia-dev/dochia-cli/releases/latest/dochia_platform_version.tar.gz -O dochia.tar.gz
tar -xzf dochia.tar.gz
chmod +x dochia
sudo mv dochia /usr/local/bin/dochia
rm dochia.tar.gz

# Verify insallation
dochia --version

Basic Usage

# Test your API using OpenAPI spec in blackbox mode i.e., checking only 500 status codes
dochia test -c api.yaml -s http://locahost:8080 -b

# Target specific endpoints
dochia test  -c api.yaml -s http://locahost:8080 -b --path "/api/users"

# Pass in an authentication header from the API_KEY environment variable
dochia test  -c api.yaml -s http://locahost:8080 -b --path "/api/users" -H "Api-Key=$API_KEY"

# Replay a specific test
dochia replay Test120

How It Works

1. Reads Your OpenAPI Specs

Dochia automatically parses your OpenAPI/Swagger specifications to understand your API structure, parameters, and expected data types.

2. Generates Smart Payloads

Creates thousands of context-aware test cases including:

  • Boundary value testing
  • XSS payloads
  • Buffer overflow tests
  • Type confusion attacks
  • Authentication bypasses

3. Finds Hidden Issues

Discovers vulnerabilities and edge cases through:

  • Predefined playbooks
  • Intelligent payload mutation
  • Response analysis
  • Error pattern detection

Documentation

You can find the full documentation at https://docs.dochia.dev.

Contributing

We welcome contributions! Please see our Contributing Guide for details.

Development Setup

# Clone the repository
git clone https://github.com/dochia-dev/dochia-cli.git
cd dochia

# Build with Maven
./mvnw clean compile

# Run tests
./mvnw test

# Build native binary with GraalVM
./mvnw clean package -Pnative

# Run from JAR (development)
java -jar target/dochia.jar test -c api.yaml -s http://localhost:8080

Prerequisites for Development

  • Java 21+: OpenJDK or Oracle JDK
  • GraalVM: For native binary compilation
  • Maven: Build tool (wrapper included)

Building Native Binary

# Install GraalVM (if not already installed)
sdk install java 22.3.r17-grl
sdk use java 22.3.r17-grl

# Build native executable
./mvnw clean package -Pnative

# Binary will be created at target/dochia
./target/dochia-runner --version

📄 License

This project is licensed under the Apache 2.0 License - see the LICENSE file for details.

🔗 Links

Let machines do machine work, humans do human work.