Solid approach on the agent readable JSON. The real value here isn't just "catch bugs faster" it's that agents can now run comprehensive negative testing as part of the build loop, which is increasingly critical with agentic workflows.

One angle worth exploring: injection attacks. When Dochia fuzzes your endpoints, does it specifically test for prompt injection vectors if the API backend is an LLM? Most security tools miss that because they're generic but if an agent is writing an API that wraps Claude or GPT, you'd want fuzzing that includes things like "what if the user input gets templated into a system prompt?"

Same with token limits if the fuzzer generates massive payloads, does it distinguish between "API can't handle large inputs" vs "you'll bankrupt the user with token costs if this endpoint is exposed"?

Might be niche, but seems like low hanging fruit in the agentic testing space.