v1.0.0-alpha3
Pre-release
Polychro v1.0.0-alpha3 β π¬ Release Notes
π The first Alpha drops anchor! Polychro is a deterministic linting engine built for spec-driven development β validating YAML, JSON, Markdown, and OpenAPI through composable layers with sub-second latency. Designed from day one for AI agent loops where non-deterministic generation needs deterministic guardrails.
What is Polychro?
Polychro is a deterministic linting engine for spec-driven development. It validates semi-structured specifications β YAML, JSON, Markdown, and OpenAPI β through composable layers including well-formedness, schema-model, ruleset, and format-aware validation, in a single embeddable pipeline with sub-second latency.
Built on Spectral's shoulders. Polychro adopts Spectral's given/then ruleset grammar β the de facto standard for API governance rules β and extends it into a fully self-contained, polyglot engine. Where Spectral requires Node.js and is narrowly focused on OpenAPI, Polychro runs as a single JVM binary with no external runtime, supports custom rule functions in JavaScript, Python, and Groovy, and lints YAML, JSON, Markdown, and OpenAPI in the same pipeline. A natural next step for teams already invested in the Spectral ruleset ecosystem.
π‘ Polychro is designed to work alongside Ikanos β validating capability specs before they reach the runtime β but it is fully standalone and works with any YAML, JSON, or Markdown document.
Built on Spectral's shoulders. Polychro adopts Spectral's given/then ruleset grammar β the de facto standard for API governance rules β and extends it into a fully self-contained, polyglot engine. Where Spectral requires Node.js and is narrowly focused on OpenAPI, Polychro runs as a single JVM binary with no external runtime, supports custom rule functions in JavaScript, Python, and Groovy, and lints YAML, JSON, Markdown, and OpenAPI in the same pipeline. A natural next step for teams already invested in the Spectral ruleset ecosystem.
| Feature | Description |
|---|---|
| CLI | Single binary β lint any YAML/JSON/Markdown spec from the command line |
| MCP Server Mode | Expose linting as MCP tools for AI agent consumption |
| Native Executable | Standalone binaries for Linux, macOS, and Windows β no JVM required |
| GitHub Action | Lint specs in CI with structured SARIF output |
| Spectral-Format Rulesets | Execute governance rulesets with given/then semantics |
| Polyglot Custom Functions | JavaScript, Python, and Groovy custom functions via sandboxed GraalVM |
| Schema-Model Validation | JSON Schema Draft 2020-12 and JSON Structure |
| Well-Formedness Validation | Duplicate keys, encoding, depth limits, YAML-specific traps |
| Format-Aware Validation | Heading hierarchy, internal links, relative file references |
| Unified Diagnostics | All validators produce the same Diagnostic β one pipeline, one output |
| Embeddable Java API | In-process linting for JVM applications β no subprocess, no Node.js |
| Pluggable SPI | Add custom validators via ServiceLoader β zero framework coupling |
β¨ Highlights
π Spectral-Compatible Rulesets β and Beyond
Polychro rulesets speak the same given/then grammar as Spectral, making migration straightforward. But Polychro goes further:
- Polyglot custom functions β write rule functions in JavaScript, Python, or Groovy; no Node.js runtime required
- Projected format rules β format-aware rules that understand document structure, not just raw text
- Multi-format targets β lint YAML, JSON, Markdown, and OpenAPI in the same pipeline
- Zero Node.js dependency β the entire engine is a single JVM binary or native executable
Built-in rulesets ship with alpha1:
| Ruleset | Purpose |
|---|---|
polychro:ai-safety |
Guard AI-generated specs against unsafe patterns |
polychro:governance |
Enforce organizational naming and structure conventions |
polychro:security |
Detect common security misconfigurations |
polychro:resilience |
Validate resilience patterns in capability specs |
π€ AI-Native by Design β MCP Server Mode
Polychro exposes its full linting pipeline as MCP tools, making it a first-class citizen in AI agent loops:
linttool β validates any spec document and returns structured diagnosticsservecommand β starts an MCP server with configurable rulesets- Agent output format β
--format agentreturns LLM-optimized JSON with token-counted diagnostics - Built-in rulesets (
polychro:ai-safety,polychro:governance,polychro:security,polychro:resilience) ready for agent consumption - Polychro ships as the linting backend for Ikanos
polychro-capability, exposing lint-as-a-tool over MCP
𧩠Composable Validation Pipeline
Four independent validator layers compose in a single pass:
- Well-formedness β encoding, duplicate keys, depth limits, YAML-specific traps (tab indentation, implicit typing)
- Schema-model β JSON Schema Draft 2020-12 and JSON Structure formal validation
- Ruleset β declarative
given/thenrules in YAML, Spectral-compatible syntax with polyglot custom functions (JavaScript, Python, Groovy via GraalVM) - Format-aware β document-specific structural checks: Markdown heading hierarchy, internal link resolution, relative file references, HTML reference integrity
All layers produce the same Diagnostic SPI record β one unified output regardless of which validator fired.
π Pluggable SPI Architecture
Every validator is a plugin. The polychro-api module defines the SPI contracts:
Validator/ValidatorFactoryβ implement and register viaServiceLoaderDiagnostic/SourceRangeβ universal diagnostic recordDocument/ValidatorConfigβ document model and configuration contracts- Zero framework coupling β validators have no dependency on Polychro internals
Built-in validators (polychro-wellformedness, polychro-json-schema, polychro-json-structure, polychro-markdown, polychro-checkov, polychro-html) all implement the same SPI.
π‘οΈ Checkov IaC Security Bridge
Infrastructure-as-Code security scanning is a first-class validator:
- Checkov bridge (
polychro-checkov) β delegates to Checkov for IaC and capability security checks - Cross-platform process execution with interrupt handling
- Diagnostics surfaced in the unified Polychro output format
π Format-Aware Markdown & HTML Validation
Document-specific validators go beyond schema:
- Markdown β heading hierarchy, internal anchors, relative file links, nested block recursion, list item links
- HTML (
polychro-html) β<link>and<a>reference integrity, required document parts - Common format layer (
polychro-format-common) β shared projection infrastructure for format-aware rules
π Distribution & Polyglot SDKs
Polychro ships in multiple forms:
- Native CLI binaries β Linux AMD64/ARM64, macOS ARM64, Windows AMD64 (no JVM required)
- GitHub Action β
naftiko/polychroaction with SARIF output for CI integration - Embeddable JAR β
polychro-coreas a Maven dependency for JVM applications - Thin-wrapper SDKs β Python (
polychro-python), Node.js/TypeScript (polychro-node), Go (polychro-go) β delegate to the native binary
β οΈ Known Issues & Limitations
- CLI pre-built binary installation β running the binary directly is not straightforward on macOS (Gatekeeper quarantine:
xattr -dr com.apple.quarantine) or Windows (SmartScreen warning, unsigned binary). Workaround: run viajava -jar polychro.jar polychro-rulesetsJaCoCo coverage β pre-existing gap onmain; coverage gate not yet enforced for this module- Checkov β requires a local Checkov installation; not bundled in the binary
- Conditional routing and async execution β not yet in scope for the linting pipeline
π’ By the Numbers
- ~114 commits β initial release
- 430 files, +41,077 / β1,325 lines
- 2 contributors
π Contributors
Huge thanks to the team for shipping this first release:
- @jlouvel β core engine, validation pipeline, SPI architecture, format-aware validators, MCP server mode, native builds
- @eskenazit β rulesets, AGENTS.md governance, schema-model validation, CI hardening, JaCoCo enforcement
Full Changelog: initial release