CodeRifts Decision Spec
Machine-readable, stable JSON format for API contract governance decisions. Any agent, CI system, or runtime that needs to know whether an API change is safe to deploy can consume this format.
Contents
Decision Object (Public Layer)
Every CodeRifts analysis returns a Decision Object. The public fields are stable, versioned, and free to consume without authentication.
{
"coderifts_version": "1.0",
"decision": "BLOCK",
"risk_score": 87,
"safe_for_agent": false,
"breaking_changes": 3,
"patterns": [
"AUTH_SCOPE_REDUCTION",
"FIELD_REMOVED",
"ENDPOINT_REMOVED"
],
"requires_migration": true,
"timestamp": "2026-03-18T10:00:00Z"
}Field Definitions
| Field | Type | Description |
|---|---|---|
| coderifts_version | string | Spec version. Always "1.0" for this release. |
| decision | enum | BLOCK, REQUIRE_APPROVAL, WARN, or ALLOW |
| risk_score | integer | 0-100. Composite risk score across 4 dimensions. |
| safe_for_agent | boolean | false if any agent-breaking pattern is detected. |
| breaking_changes | integer | Total count of breaking changes detected. |
| patterns | array[string] | Named patterns detected. See Pattern Registry. |
| requires_migration | boolean | true if consumers need to update before deploy. |
| timestamp | string | ISO 8601 timestamp of the analysis. |
Decision Values
The change violates a governance rule or exceeds the risk threshold. Merge is blocked.
When agents see BLOCK: Do not proceed. The API contract has changed in a way that will break this agent's tool calls or workflow steps.
The change is high-risk but does not automatically block. Human approval required before merge.
When agents see REQUIRE_APPROVAL: Pause execution. Wait for human sign-off before calling the updated API.
The change is potentially risky but within policy. Merge is allowed with a warning.
When agents see WARN: Proceed with caution. Monitor downstream behavior after deployment.
No breaking changes detected. Change is safe to deploy.
When agents see ALLOW: Proceed normally.
safe_for_agent Flag
safe_for_agent: false is set when any of the following agent-breaking patterns are detected:
- • Tool schema drift (
TOOL_CALLING_SCHEMA_DRIFT) - • Tool result shape change (
TOOL_RESULT_SHAPE_DRIFT) - • Agent protocol change (
AGENT_PROTOCOL_DRIFT) - • Workflow chain break (
WORKFLOW_CHAIN_BREAK) - • Auth delegation change (
AUTH_DELEGATION_DRIFT) - • Shared state schema change (
SHARED_STATE_SCHEMA_DRIFT)
If safe_for_agent: false, agents must not call the updated API without human review.
Pattern Registry (v1.0)
Patterns are named identifiers for categories of breaking changes. They are stable across spec versions.
Contract Patterns
| Pattern | Severity | Description |
|---|---|---|
| FIELD_REMOVED | HIGH | A response or request field was removed |
| FIELD_RENAMED | HIGH | A field was renamed (old name no longer exists) |
| TYPE_CHANGED | HIGH | A field's type changed incompatibly |
| REQUIRED_ADDED | HIGH | A previously optional parameter is now required |
| ENDPOINT_REMOVED | CRITICAL | An endpoint was removed |
| AUTH_SCOPE_REDUCTION | CRITICAL | Authentication requirements were tightened |
| ENUM_RESTRICTED | MEDIUM | Enum values were removed |
Agent Patterns
| Pattern | Severity | Description |
|---|---|---|
| TOOL_CALLING_SCHEMA_DRIFT | CRITICAL | MCP/function calling schema changed |
| TOOL_RESULT_SHAPE_DRIFT | CRITICAL | Tool return value structure changed |
| AGENT_PROTOCOL_DRIFT | CRITICAL | Agent communication protocol changed |
| WORKFLOW_CHAIN_BREAK | CRITICAL | A field used by a downstream workflow step was removed |
| AUTH_DELEGATION_DRIFT | CRITICAL | Agent authentication delegation changed |
| SHARED_STATE_SCHEMA_DRIFT | CRITICAL | Shared state between agent steps changed |
Behavioral Patterns
| Pattern | Severity | Description |
|---|---|---|
| LATENCY_DRIFT | MEDIUM | Response time degradation detected |
| SIGNAL_LOSS | HIGH | API signal quality degrading |
| SYNAPTIC_NOISE_RISE | MEDIUM | Inconsistent response patterns |
| AUTH_CONDUCTION_DECAY | HIGH | Auth success rate declining |
Extended Decision Object (Authenticated)
With an API key, the full decision object is returned including blast radius, migration plan, compliance index, and workflow simulation:
{
"coderifts_version": "1.0",
"decision": "BLOCK",
"risk_score": 87,
"safe_for_agent": false,
"breaking_changes": 3,
"patterns": ["AUTH_SCOPE_REDUCTION", "FIELD_REMOVED"],
"requires_migration": true,
"timestamp": "2026-03-18T10:00:00Z",
"extended": {
"omega_api": 87.3,
"reflex_triggers": [
{ "rule": "endpoint_removed ∧ public_api", "decision": "BLOCK" }
],
"blast_radius": {
"affected_consumers": 4,
"estimated_cost": "$12,000–$45,000",
"migration_effort_days": 8
},
"migration_plan": "Restore removed field as deprecated with x-sunset date. Notify consumers via POST /api/v1/scar/create.",
"compliance_index": "F",
"workflow_simulation": {
"simulation_result": "WORKFLOW_BROKEN",
"first_failure_step": 2
}
}
}How Agents Should Use This Spec
Step 1: Preflight Check Before Tool Call
POST https://app.coderifts.com/api/v1/agent/preflight
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
{
"tools_before": [ /* previous tool schemas */ ],
"tools_after": [ /* current tool schemas */ ]
}Step 2: Parse the Decision
const { decision, safe_for_agent, patterns } = response;
if (!safe_for_agent || decision === "BLOCK") {
throw new Error(`API change blocks agent execution. Patterns: ${patterns.join(", ")}`);
}
if (decision === "REQUIRE_APPROVAL") {
await requestHumanApproval(response);
return;
}
// ALLOW or WARN — proceed
await callAPI();Step 3: Handle BLOCK Gracefully
if (decision === "BLOCK") {
// 1. Log the block with full decision object
// 2. Notify the team
// 3. Do not retry — human review required
// 4. Check extended.migration_plan for remediation steps
}Integration Examples
LangChain
from langchain.tools import tool
@tool
def safe_api_call(endpoint: str, payload: dict):
"""Call an API endpoint with CodeRifts governance check."""
preflight = coderifts.preflight_check(
tools_before=get_cached_schema(endpoint),
tools_after=get_current_schema(endpoint)
)
if not preflight["safe_for_agent"]:
return {"error": f"Blocked by CodeRifts. Decision: {preflight['decision']}"}
return call_endpoint(endpoint, payload)AutoGen
import autogen
def coderifts_preflight_hook(agent, message):
result = coderifts.preflight_check(message["tool_schemas"])
if result["decision"] == "BLOCK":
raise ValueError(f"CodeRifts BLOCK: {result['patterns']}")
return message
agent = autogen.AssistantAgent(
name="SafeAgent",
pre_message_hooks=[coderifts_preflight_hook]
)Claude / MCP
{
"mcpServers": {
"coderifts": {
"url": "https://coderifts.com/mcp.json",
"headers": { "x-api-key": "YOUR_API_KEY" }
}
}
}Claude will automatically run coderifts.preflight_check before tool invocations.
Auto-Discovery
Agents can discover CodeRifts governance endpoints automatically:
GET https://coderifts.com/.well-known/coderifts.jsonReturns the full manifest including available tools, endpoints, and this spec URL.
Versioning Policy
- • This is v1.0. The public layer fields (
decision,risk_score,safe_for_agent,breaking_changes,patterns,requires_migration) are stable and will not change in v1.x. - • New fields may be added in minor versions (v1.1, v1.2) without breaking existing consumers.
- • Breaking changes to the spec format will only occur in major versions (v2.0) with 6 months notice.
Changelog
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2026-03-18 | Initial stable release |