Safe composition of

Whip transparently intercepts and checks messages a service sends and receives against their contracts.
Use Whip to find the sources of buggy services.

Language Agnostic

Whip treats services as black boxes, only intercepting the network messages they send and receive.


Whip exchanges information by piggybacking on existing service messages, and is transparent to Whip-unenhanced services.

Message Format Aware

Whip's modular message parsing system supports popular interface technologies, such as Thrift, REST, and WSDL.

Service contracts

Whip tracks how services refer to other services, and checks that the claimed behavior matches their actual behavior.

service Login { register(username, email, pass) @requires « valid_email(email) and len(pass) > 7 » login(username, pass) @ensures « result.status == 'success' or result.status == 'failure' » @identifies User by « (result.userServiceURL, result.authToken) » }
service User { get_userinfo(authToken) @where index is « authToken » @ensures « valid_email( » }

Whip Contracts

Whip provides its own specification language to express contracts. It does not focus on syntactic specifications, but rather on how services refer to each other.

Whip monitors contracts at run time by intercepting messages a service sends and receives.

Learn more »

contract: authentication.whip
  Login: thrift(idl='users.thrift', ns='users', protocol='binary')
  User: thrift(idl='users.thrift', ns='users', protocol='binary')
  - mapstoservice Login
  - proxiedby mapstoservice User

Whip Configuration

Whip connects the contract with the wire protocols through a configuration file.

Configuration describes the message formats used by services, the services the program initially knows about and the services it provides itself.

See how Whip works with an example application that you can run in your browser.