CodeRifts · MCP server · for agents
CodeRifts is a hosted MCP server that scores API and tool-schema changes before merge. Ask it whether a change is safe, who breaks, by what pattern, and at what cost — and get a deterministic ALLOW / WARN / REQUIRE_APPROVAL / BLOCK decision back.
Authorization: Bearer <key> (from coderifts.com)io.github.coderifts/api-governance{
"mcpServers": {
"coderifts": {
"url": "https://app.coderifts.com/mcp",
"headers": {
"Authorization": "Bearer <YOUR_CODERIFTS_API_KEY>"
}
}
}
}
| Tool | Call it when… |
|---|---|
preflight_check | Before merging an API spec change, or before an agent depends on an endpoint. Returns risk score, blast radius, agent impact, incident cost, and a merge decision. If it returns BLOCK, do not ship or call. |
agent_tool_check | An API or tool schema changed and agents call those tools. Detects TOOL_RESULT_SHAPE_DRIFT, AGENT_PROTOCOL_DRIFT and similar, with per-pattern mitigation. |
agent_readiness_score | Before wiring a new API or MCP manifest into an agent. Returns 0–100 readiness with a band and per-signal breakdown. |
registry_validate | Health-check a whole MCP tool registry or a set of OpenAPI specs at once: schema consistency, auth coverage, deprecation, breaking-change density. |
agent_preflight | Before deploying changed agent tool schemas. Pass tools before/after; returns which tools break, which workflows are hit, blast radius across the agent graph, and a deploy decision. |
traffic_analyze | You have live HTTP traffic but no updated spec. Infers behavioral drift from request/response samples to catch runtime contract changes. |
mcp_diff | Before publishing a new MCP manifest version. Compares two manifests for breaking changes in tool schemas, contracts, auth, or tool availability. |
governance_health | You want an A–F governance grade for an API spec: policy violations, deprecation status, docs coverage, and security findings. |
curl -sS https://app.coderifts.com/mcp \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"curl","version":"1.0"}}}'
Every tool returns the same Decision Spec v1.0 envelope, so an agent can branch on a stable shape:
{
"decision": "BLOCK", // ALLOW | WARN | REQUIRE_APPROVAL | BLOCK
"risk_score": 57,
"safe_for_agent": false,
"breaking_changes": [ ... ],
"patterns": [ ... ],
"requires_migration": true,
"evidence_quality": "high",
"coderifts_version": "1.0.0",
"timestamp": "..."
}