API Governance Platform
Gravity for APIs.
Ship APIs that won't break your consumers.
$ npm install -g @grapity/cli @grapity/registry @grapity/hub
$ grapity serve
● Registry ready · http://localhost:3750
● Hub ready · http://localhost:3000Free. Self-hosted. Apache 2.0. No signup required.
The problem
The API contract is defined once, filed somewhere, and immediately starts lying.
Six symptoms, one root cause. You've likely dealt with all of them.
Specs are scattered
OpenAPI and AsyncAPI files live across repos, owned by different teams, sometimes absent. No single place answers "what APIs do we have?"
Breaking changes ship silently
A developer removes a required field, changes a schema, or renames a channel. No CI gate. No notification. Downstream teams discover it during an incident.
Consuming APIs is manual
Teams write HTTP clients, Kafka consumers, and WebSocket boilerplate by hand. The spec that describes exactly how to connect exists, but nothing generates typed code from it.
The gateway is disconnected
Auth schemes, rate limits, and routing rules are configured separately from the specs that define the API. When the spec changes, nobody tells the gateway.
AI tools work from stale context
Coding assistants hallucinate endpoints, use deprecated fields, and generate code that doesn't match the spec. No compact, LLM-optimised representation exists.
No audit trail
When a breaking change causes an incident, nobody can answer who changed it, when, or whether it was reviewed. Contract evolution is ungoverned.
The solution
Contract-first, from push to production.
One source of truth. Enforced at every step.
grapity Registry
The contract guardian. Validates backward compatibility, enforces semver, manages deprecation lifecycles. A spec that doesn't meet the bar doesn't get in.
grapity Hub
Every API your team has built, in one place. Browse specs, explore endpoints, diff versions, and consume with confidence.
grapity Gateway
Generates Kong and APISIX config from the registered spec. Policies applied. Drift detected.
grapity Forge
Typed clients and consumers, forged from specs. Wraps existing generators into a unified pipeline per service across languages and protocols.
grapity Schema
Bridges AsyncAPI specs with schema registries (Confluent, AWS Glue, Apicurio). Producers and consumers share the same version.
grapity Mind
Specs compressed for AI. Auto-generated LLM-optimised representations. Breaking change explanations in plain language.
grapity Registry
A spec that breaks backward compatibility doesn't enter. Period.
Backward compat enforcement
Every push is diffed against the previous version. Breaking changes are blocked with a precise explanation of what changed and which consumers are affected. Not just rejected. Explained.
Semver discipline
grapity Registry enforces version increments and suggests the correct bump based on what changed. You can't ship v1.2.0 when you removed a required field. The registry knows, and it won't let you.
Deprecation lifecycle
When a version is deprecated, grapity Registry tracks which consumers depend on it, when the sunset date is, and what the migration path is. Sunset is enforced by the registry, not by whoever happens to remember.
Breaking changes (blocked)
- Removing an endpoint or HTTP method
- Removing or renaming a required field
- Changing a field type
- Adding a new required request field
- Narrowing an enum by removing values
Safe changes (accepted)
- Adding new optional fields to responses
- Adding new endpoints or methods
- Adding optional request parameters
- Widening an enum (adding values)
- Improving descriptions or examples
grapity Hub
Every API your team has built, in one place.
Browse all APIs
See every spec your team owns in one searchable list. Filter by type, owner, or tags. No more hunting through repos.
Explore endpoints
Click into any spec to see its OpenAPI endpoints rendered with schemas, parameters, and example requests. Understand an API without reading YAML.
Compare versions
Side-by-side version comparison with compatibility reports. See exactly what changed between v1.0 and v1.1 before you upgrade.
Version timeline
Visual timeline of every version pushed. See at a glance which versions are safe to upgrade to and which introduced breaking changes.
How it works
Start. Push. Explore.
Two commands. One running system. The spec drives everything downstream.
Start both servers
$ grapity serve
● Registry ready · http://localhost:3750
● Hub ready · http://localhost:3000
# Open http://localhost:3000 to browse your APIsOne command starts both servers. The Registry validates and stores specs. The Hub serves the developer portal. No Docker, no config files.
Your spec earns its place
$ grapity registry push ./openapi.yaml --name payments-api
✓ Spec validated
✓ Backward compatibility: 0 breaking, 2 safe changes
✓ Version 1.1.0 registeredEvery push is diffed against the previous version. Breaking changes are blocked with a precise explanation. No breaking change slips through.
Browse and explore
Click into any spec to see its OpenAPI endpoints rendered with schemas, parameters, and example requests. Understand an API without reading YAML.
Pricing
Self-host for free. Scale with us.
The open source product is complete. Cloud hosting scales with your team.
Self-hosted
Run everything on your own infrastructure. No limits.
- Backward compatibility engine
- Unlimited APIs
- Unlimited team members
- Self-managed PostgreSQL
- Developer portal (Hub)
- Version history and comparison
Team
Hosted by grapity. Pay only for what you use.
- Backward compatibility engine
- 5 APIs included
- 5 team members included
- Managed PostgreSQL with backups
- Developer portal (Hub)
- Version history and comparison
Enterprise
For organizations that need governance, compliance, and custom support.
- Backward compatibility engine
- Unlimited APIs
- Unlimited team members
- Managed PostgreSQL with backups
- Developer portal (Hub)
- SSO/SAML integration
- Audit and compliance reporting