Skip to main content

🚀 Beta: All Pro and Team features are free. Install on GitHub →

Comparison

CodeRifts vs oasdiff

Which is right for your team?

oasdiff gives you the raw breaking-change diff; CodeRifts wraps that diff in a deterministic risk verdict - a 0-100 score, a cost estimate, a policy decision, and a signed receipt. Both tools detect breaking changes in OpenAPI specs. oasdiff is an open-source Go CLI and GitHub Action, now with a hosted Pro tier at oasdiff.com that adds PR comments, per-change approvals, and an audit trail. CodeRifts is a zero-config GitHub App built around a deterministic risk verdict: every change gets a 0-100 risk score, a cost estimate, a policy decision, and a cryptographically signed, externally verifiable receipt. Here is an honest comparison.

Capability CodeRifts oasdiff
Setup One-click GitHub App installGitHub Action YAML config
Breaking change detection Yes Yes
Change intent classification With intent tags:
🏗️ Structural⚙️ Behavioral🔒 Security⚡ Performance
No
Detection confidence scoring With confidence levels:
🟢 High🟡 Medium🔴 Low
No
Risk scoring (0–100) 4-dimension model No
Policy engine (budgets, freeze, approvals) Yes No
Security analysis Yes No
API design linting Yes No
Governance health score Yes No
Generator-aware risk amplification Yes No
Migration cost estimation Yes No
PR comment with full report 20+ sectionsBasic diff output
CLI tool npm Go binary, Docker
REST API Yes No
Web UI for quick diff Yes No
PricingFree tier + Pro $49/moFree (Apache-2.0)
MaintenanceManaged SaaSSelf-maintained
OpenAPI 3.0 / 3.1 Yes Yes
GraphQL / gRPCPlanned No

When to choose oasdiff

  • You want a free, open-source CLI you can run anywhere, including air-gapped CI
  • You want per-change human approvals with a hosted review UI (oasdiff Pro)
  • Your team is comfortable wiring GitHub Actions and maintaining CI YAML
  • You need diff classification and a merge gate, and that is enough

When to choose CodeRifts

  • You want a risk NUMBER and a cost estimate, not just a severity label - our verdict scores every change 0-100 and estimates blast radius and fix cost
  • You want deterministic, reproducible decisions - the same spec pair always produces the same byte-identical verdict fingerprint
  • You want cryptographic evidence, not just review history - every verdict returns an Ed25519-signed receipt any external party can verify against our published key
  • You are building for AI agents - agent-native action-verdict API, MCP server, and governance policies agents can consume directly
  • Your PRs change more than specs - CodeRifts also cross-checks schema migrations against live code references (MigraGuard), one app for both gates
  • You want zero-config - install the GitHub App, add one YAML file, done

The honest difference

oasdiff Pro and CodeRifts now overlap on the approval workflow: both can gate a merge and route breaking changes to humans. The difference is what the human sees and what survives the decision. oasdiff shows you the diff and records who clicked approve. CodeRifts shows you a risk score, a cost estimate, and the affected consumers - and issues a signed receipt that proves, to anyone, what was decided and on what basis. If your API feeds AI agents or downstream teams that need evidence rather than trust, that is the gap we fill.

Ready to try CodeRifts?

Install in one click. No config files, no CI setup, no credit card required.