Who is it for?¶
Polychro looks like a different tool depending on where you sit. The same engine is an agent guardrail to one team, a CI gate to another, and a rule authoring platform to a third. This page helps you find the framing that fits you, then points you at the guide to start with.
The one-sentence version: Polychro reads a spec โ YAML, JSON, XML, Markdown, or HTML โ and tells you what's wrong with it in a single, fast pass: structural mistakes, schema violations, broken conventions, and security anti-patterns. One binary, one config, one diagnostic format.
You're building AI agents or tools¶
Your agent generates specs โ capabilities, MCP manifests, configs, docs โ and you need a deterministic guardrail that catches mistakes before they reach production, without slowing the loop.
What Polychro can do for you:
- Validate in the same turn the agent generates. Sub-second, in-process โ no 2โ5 s subprocess startup โ so it fits inside a tight generate-validate-retry loop.
- Call it over MCP.
polychro serveexposes linting as MCP tools, so an agent can lint its own output with a tool call. โ MCP server guide - Get LLM-native output. The
--format agentmode emits diagnostics shaped for a model to read and act on. - Embed it in the JVM. Drop
polychro-coreon the classpath and lint in-process โ no Node.js runtime, no shell-out.
| You might beโฆ | Start with |
|---|---|
| An AI agent framework, an MCP tool author, or a JVM app linting in-process | MCP server guide ยท Getting started |
You run CI or a platform¶
You're a platform or DevOps engineer who needs to gate specs in CI and enforce governance across many repos โ without bolting together a pile of linters.
What Polychro can do for you:
- Gate any spec in CI. The GitHub Action lints on every PR and emits SARIF, so findings show up inline in the GitHub UI. โ GitHub Action guide
- Collapse the toolchain. One binary replaces a Docker meta-linter, a separate rule engine, and several config files โ one config, one diagnostic format.
- Run anywhere. A GraalVM-native binary for Linux, macOS, and Windows with sub-second cold start โ no JVM, no Node.js, no Docker dependency.
- Enforce governance, not just schema. Built-in
governance,ai-safety, andsecurityrulesets catch the runtime traps schema validation misses โ port conflicts, dangling references, unreachable steps, secret exposure, and prompt-injection surfaces in tool descriptions. โ Rulesets guide
| You might beโฆ | Start with |
|---|---|
| A platform/DevOps engineer running CI gates or governance across repos | GitHub Action guide ยท Configuration guide |
You author specs or rules¶
You write OpenAPI, AsyncAPI, capabilities, or your own spec format โ and you want consistent, custom validation that goes beyond what a schema can express.
What Polychro can do for you:
- Reuse your Spectral rules. Polychro speaks the Spectral ruleset format natively
(
given/then), so existing rule investment carries over unchanged. - Lint more than OpenAPI. Arbitrary YAML, JSON, XML, Markdown, and HTML are first-class โ capabilities, CRDs, instruction files, even HTML emails.
- Write rules in your language. Custom rule functions in sandboxed JavaScript,
Python, or Groovy โ or native Java via the
RuleFunctionSPI for the fastest path. - Add whole validators. The
ServiceLoaderSPI lets you drop in a custom validator with zero framework coupling. โ Validator plugin guide
| You might beโฆ | Start with |
|---|---|
| An API team, a ruleset author, or a tool author extending the SPI | Rulesets guide ยท Validator plugin guide |
Not sure which one you are?¶
Most teams are more than one of these at once โ that's the point. Pick the framing closest to your immediate goal, run its guide, then explore the others. The Features page is the exhaustive reference, and the Tutorial walks through a full generate-validate-fix loop end to end.