API Breaking Change Detection

Never ship a breaking API change again.

CodeRifts analyzes API contract changes directly in your PRs. Predict blast radius, detect agent-breaking drift, and block unsafe merges before production.

Install on GitHub See Live Demo PR

Using GitLab or Bitbucket? →

Read-only access to PR metadata and OpenAPI spec files · No source code access · Security details

All Pro and Team features free during beta · 79 features · GitHub native · Zero config

CodeRifts Demo: A 30-second screen recording showing a real PR comment with breaking change detection, risk scoring, migration guidance, and economic impact analysis

Real PR comment from coderifts/demo#2

74,800+ breaking API changes detected in public repositories

Source: APIstic research dataset, USI Lugano (2024)

Most tools show what changed. CodeRifts shows how dangerous it is.

Other tools

✓ Endpoint removed

✓ Field renamed

✓ Type changed

That's it. A list of diffs.

CodeRifts

⚠️ Risk Score: 87/100

💰 Blast radius: 3 downstream services (consumer-aware analysis)

🎯 3 downstream services affected

🔒 Auth scheme removed — Critical

👤 CTO approval required

🚫 Exceeds breaking budget (3/2)

📋 Migration effort: 12 engineering days

* Cost estimates are based on your team’s configured hourly rate and estimated engineering effort. Configure in .coderifts.yml.

The market shows you what changed.

We tell you how dangerous it is.

We tell you who it affects.

We tell you when deployment is blocked.

We tell you how much it will cost.

What your team sees on every pull request

<{>

CodeRifts Governance Report bot

Risk Score: 78/100

Risk Breakdown

Revenue Impact

high

Blast Radius

medium

Compatibility

high

Security

low

Breaking Changes

Endpoint	Change Type	Intent	Confidence	Severity
`DELETE /api/users/{id}`	Endpoint removed	🏗️ Structural	🟢 High	Critical
`GET /api/orders`	Response schema changed	⚙️ Behavioral	🟡 Medium	Warning
`POST /api/payments`	Auth scheme removed	🔒 Security	🟢 High	Critical

Policy Violations

Exceeds breaking budget (3/2)

Freeze window active until March 15

Recommendations

Add deprecation notice before removing endpoint. Consider versioning the API change.

View live demo PR

See a real PR with 15 breaking changes

Four steps. Zero config.

Push

A pull request modifies an API schema.

Calculate

CodeRifts diffs base vs head and scores risk across 4 dimensions.

Evaluate

Governance rules checked: budgets, freezes, ownership, approvals.

Enforce

Merge allowed or blocked. Full report posted as PR comment.

Works everywhere you code

GitHub App Recommended

Zero config, PR comments GitHub Actions Custom workflows GitLab CI Merge request checks Bitbucket Pipelines Pull request checks REST API Any CI/CD pipeline CLI Local development Web UI Quick ad-hoc checks

31+ governance features in a single PR comment

Zero config on GitHub. Works with GitLab, Bitbucket, and any CI/CD pipeline. Policy as code via .coderifts.yml.

4D Risk Scoring

Revenue, blast radius, app compatibility, and security — scored 0-100 on every PR.

Policy Engine Q2 2026

Governance rules as code: breaking budgets, freeze windows, approval matrix. Coming soon.

Change Intent Classification

Every breaking change tagged: structural, behavioral, security, or performance.

AI-Generated Spec Safety

Detects when AI tools modify your API spec with 7 detection signals.

Auth Scheme Diff Severity

Granular security analysis: 5 severity levels with OAuth scope detection.

Deprecation Lifecycle

Enforce minimum deprecation periods, sunset dates, and replacement requirements.

Documentation Coverage

5-dimension docs quality score with PR delta tracking.

API Stability Badge

Embeddable SVG badges for your README: stability grade, breaking-free streak.

PR-Layer Enforcement

Block unsafe merges at the PR layer — not just detection, but enforcement with BLOCK/WARN/ALLOW decisions.

Agent Preflight Check

preflightCheck() before every tool invocation — verify API contracts haven't drifted before your agent calls them.

Policy as Code Q2 2026

Define governance rules in .github/api-policy.yaml — breaking budgets, freeze windows, approval gates, all version-controlled. Coming soon.

Compliance Ledger

Permanent audit trail of every API change, risk decision, and policy evaluation — immutable and queryable.

SDK Coming Soon

npm install @coderifts/sdk or pip3 install coderifts-sdk — integrate governance checks directly into your agent pipelines. Coming soon.

See all 31+ features

31+

Governance features in a single PR comment

Config required — install and it works

.yml

Policy as code via .coderifts.yml

2,067

Tests — production-grade reliability

33 Named Drift Patterns — 4 Detection Engines

Every pattern is backed by production detection logic and verified test cases. CodeRifts catches what schema diffs miss — behavioral drift, neural degradation, agent-specific breaks, and semantic shifts.

AIDE Instability Engine — 13 patterns

LATENCY_REGRESSION

Response times degrade beyond acceptable thresholds

PAYLOAD_FLAKINESS

Response payloads vary unpredictably between calls

ERROR_RATE_SPIKE

Sudden increase in error responses from endpoints

TOKEN_COST_DRIFT

API token consumption changes unexpectedly

SYSTEMIC_INSTABILITY

Multiple instability signals correlate across endpoints

SILENT_DATA_LOSS

Fields disappear from responses without error signals

ZOMBIE_ENDPOINT

Endpoints exist in spec but return errors or empty data

SESSION_INSTABILITY

Session state becomes unreliable across requests

CHANGE_INDUCED_FLAKINESS

Recent spec changes correlate with intermittent failures

BLOATED_RESPONSE

Response sizes grow beyond expected bounds

AUTH_DRIFT

Authentication requirements change without spec updates

INTERMITTENT_SLOWDOWN

Periodic latency spikes without consistent pattern

TRAFFIC_SHIFT

Request distribution changes across endpoint versions

Neural Drift Engine — 6 patterns

LATENCY_DRIFT

Gradual latency degradation across neural pathways

SIGNAL_LOSS

Critical API signals attenuate below detection threshold

SYNAPTIC_NOISE_RISE

Noise-to-signal ratio increases in API responses

AUTH_CONDUCTION_DECAY

Authentication token propagation degrades over time

TOKEN_INFLATION

Token sizes or counts inflate beyond expected bounds

PAYLOAD_EROSION

Response payload quality degrades incrementally

Agent-Specific Patterns — 6 patterns

TOOL_INPUT_SCHEMA_DRIFT

Tool input schemas change, breaking agent function calls

TOOL_RESULT_SHAPE_DRIFT

Tool response shapes change, breaking agent parsing

AGENT_PROTOCOL_DRIFT

Agent-to-agent communication protocol changes

AUTH_DELEGATION_DRIFT

Delegated auth flows change between agent hops

SHARED_STATE_SCHEMA_DRIFT

Shared state schemas diverge between cooperating agents

WORKFLOW_CHAIN_BREAK

Multi-step agent workflows break at chain boundaries

Semantic Drift Engine — 4 patterns

FIELD_SEMANTIC_CHANGE

Field meaning changes while name stays the same

ENDPOINT_SEMANTIC_CHANGE

Endpoint behavior changes while path stays the same

RESPONSE_CONTRACT_DRIFT

Response contracts shift in meaning or structure

DEFAULT_VALUE_SEMANTIC_CHANGE

Default values change, altering implicit behavior

Every pattern is backed by detection logic and verified test cases across 4 engines.

View Decision Spec v1.0 →

Used by platform teams to enforce release policies.

Governance as code

# .coderifts.yml
breaking_budget: 3
policy:
  no_delete: ["/payments/*"]
  freeze:
    start: "2026-03-01"
    end: "2026-03-15"
domains:
  payments:
    paths: ["/payments/*"]
    owners: ["@payments-team"]

Breaking budgets Q2 2026

Set max allowed breaking changes per PR

Freeze windows Q2 2026

Block breaking changes during release periods

Domain ownership

Route alerts to the right team by API path

Approval matrix Q2 2026

Require sign-off based on risk level

How it works

CodeRifts reads your OpenAPI specification files (JSON or YAML) directly from your repository on every Pull Request. It never accesses your source code, business logic, or runtime data.