Skip to content
Thymian

Thymian

Thymian is a language-agnostic, open-source governance engine that integrates directly into developer and AI workflows across the entire API lifecycle. It validates your services against OpenAPI or HTTP specifications to mandate strict conformance for security, performance, and reliability. By using extensible plugins and shareable custom rules, you can write once and run everywhere to automate complex use-case testing with zero friction.
Get Started Enterprise

Thymian Across the API Lifecycle

From specification to production — see where Thymian lints, tests, and analyzes your APIs.

Lint Static analysis
Test Live endpoint testing
Analyze Traffic analysis

📐 API Design / Spec

Lint

💻 Development

Lint Test Analyze

🔀 CI

Lint Test

🚀 Dev / Staging

Test

🧪 QA

Test Analyze

🌐 Production

Analyze

Built for Developer & AI Workflows

Thymian fits naturally into the development loop — whether you're coding by hand or an AI agent is driving. Generate, validate, fix, repeat.

Generate

Developer or AI Agent

Write or generate an OpenAPI spec or API implementation based on requirements.

Validate

Thymian CLI

Lint specs, test live endpoints, or analyze traffic — same rules, every context.

Fix

Developer or AI Agent

Rich error context with rule IDs, RFC references, and exact locations enables targeted fixes.

Why It Works

Designed from the ground up for both human developers and AI agents.

Rich Error Context

Violations include rule names, RFC references, severity levels, and exact locations — giving any AI agent or developer all the context needed to fix issues.

Deterministic Feedback Loops

Non-interactive mode with explicit flags ensures reproducible results — perfect for agentic retry-and-fix workflows.

Zero Ambiguity

Exit codes, structured results, and typed schemas mean agents never have to parse prose or guess what went wrong.

Scaffolding for Agents

Generate configs, rules, and sample data programmatically with --no-interactive — no human prompts blocking the pipeline.

Works with Any LLM

Language-agnostic CLI output works with GitHub Copilot, Cursor, Aider, local models, or any tool that reads structured output.

Composable Commands

Lint, test, analyze — each command does one thing well and plays nicely with pipes and automation scripts.

One Rule. Every Stage. Zero Drift.

Write validation logic once — Thymian applies it across your entire API lifecycle, catching inconsistencies before they reach users.

error-responses.rule.ts 
export default httpRule('consistent-error-responses')
  .severity('error')
  .type('static', 'test', 'analytics')
  .description('Error responses must use problem+json')
  .rule(ctx =>
    ctx.validateCommonHttpTransactions(
      statusCodeRange(400, 599),
      not(responseMediaType('application/problem+json'))
    )
  )
  .done();
Same logic. Three contexts. Automatic adaptation.
📐

API Design & CI

Lint

Validates API specifications before any code is written.

Data Source OpenAPI Specifications
Catches Missing headers, wrong status codes, incomplete schemas
Spec violation? Caught here.
💻

Dev & Staging

Test

Actively tests running endpoints against the same rule.

Data Source Live API Endpoints
Catches Implementation diverges from spec, runtime errors
Implementation diverges? Caught here.
🌐

QA & Production

Analyze

Analyzes real traffic to verify compliance passively.

Data Source Recorded HTTP Traffic
Catches Real-world violations, undocumented behavior, regressions
Production regression? Caught here.

Sharable Rule Sets

Package rules as npm modules and share them across teams and projects. Use built-in sets like @thymian/rules-rfc-9110 or create your own organizational standards.

@thymian/rules-rfc-9110 @thymian/rules-api-description-validation @your-org/api-standards

Built to Be Extended

Virtually everything in Thymian is a plugin. A reactive event bus connects them all — swap, extend, or build your own without touching a single line of framework code or even JavaScript!

Everything Is a Plugin

Core features, integrations, and extensions are all plugins — the framework imposes no hard-coded behavior.

Event-Driven Architecture

Plugins communicate through a reactive event bus with typed events, actions, and error flows.

Loose Coupling

Plugins interact through well-defined APIs and events. Add, remove, or swap plugins without touching others.

Remote Plugins via WebSocket

Connect plugins running in any language or process over WebSockets — perfect for polyglot environments.

Shareable as npm Packages

Publish plugins and rule sets as npm modules. Share validation logic across teams and projects.

Schema-Validated Config

Plugin options are validated at startup via JSON Schema — catch misconfigurations before they cause failures.

my-custom-plugin.ts 
import type { ThymianPlugin } from '@thymian/core';

export const myPlugin: ThymianPlugin = {
  name: 'my-custom-plugin',
  version: '*',

  async plugin(bus, logger, options) {
    bus.onAction('core.ready', async (payload, ctx) => {
      logger.info('Plugin is ready!');
      ctx.reply();
    });

    bus.onAction('core.lint', async (payload, ctx) => {
      // Your custom validation logic here
      ctx.reply({ results: [] });
    });
  }
};
Typed interface. Event-driven. Zero boilerplate.

Official Plugin Ecosystem

Ready-to-use plugins covering every stage of the API lifecycle — or build your own with the same powerful APIs.

HTTP Linter

@thymian/plugin-http-linter
Official

Static analysis of OpenAPI specs and HTTP definitions.

HTTP Tester

@thymian/plugin-http-tester
Official

Live endpoint testing against your rule definitions.

HTTP Analyzer

@thymian/plugin-http-analyzer
Official

Passive analysis of recorded HTTP traffic for compliance.

OpenAPI

@thymian/plugin-openapi
Official

Load, parse, and validate OpenAPI specifications.

Reporter

@thymian/plugin-reporter
Official

Collect and format validation results into reports.

Sampler

@thymian/plugin-sampler
Official

File-based HTTP request sampling for reproducible tests.

WebSocket Proxy

@thymian/plugin-websocket-proxy
Official

Connect remote plugins over WebSocket for distributed setups.

Request Dispatcher

@thymian/plugin-request-dispatcher
Official

Dispatch HTTP requests to live endpoints for testing.

Build Your Own in Minutes

Implement the ThymianPlugin interface, hook into lifecycle events, and publish as an npm package. Local plugins, remote WebSocket plugins, and shared rule sets all use the same unified API.

Plugin Developer Guide Remote Plugins Guide

Explore the Thymian Ecosystem

Section titled “Explore the Thymian Ecosystem”

Quick Start

Get up and running with Thymian in minutes. Follow our step-by-step guide to add resilience and HTTP conformance to your APIs.

Get Started

Thymian CLI

Master the Thymian command-line interface. Learn how to use powerful CLI commands to test, analyze, and validate your APIs from the terminal.

View CLI Docs

Plugin Ecosystem

Explore plugins to extend Thymian’s capabilities. Discover plugins that add new features and integrations to your workflow.

Explore Plugins

Integrations

Install Thymian integrations to extend your workflow. Explore integrations that automate your testing, monitoring, and deployment processes.

Explore Integrations

Documentation

Comprehensive guides and API reference. Dive deep into Thymian’s features, configuration options, and best practices.

Read Docs

Enterprise Support

Professional consulting and dedicated support from the creators of Thymian for your team. Get expert help with implementation, custom solutions, and priority support.

Learn More