CodeRifts · MCP server · for agents

Check an API change before you depend on it.

CodeRifts is a hosted MCP server that scores API and tool-schema changes before merge. Ask it whether a change is safe, who breaks, by what pattern, and at what cost — and get a deterministic ALLOW / WARN / REQUIRE_APPROVAL / BLOCK decision back.

Endpoint

URL
https://app.coderifts.com/mcp
Transport
Streamable HTTP (protocol 2025-06-18)
Auth
Bearer API key — Authorization: Bearer <key> (from coderifts.com)
Manifest
coderifts.com/mcp.json
Registry
io.github.coderifts/api-governance

Connect

{
  "mcpServers": {
    "coderifts": {
      "url": "https://app.coderifts.com/mcp",
      "headers": {
        "Authorization": "Bearer <YOUR_CODERIFTS_API_KEY>"
      }
    }
  }
}
Add to Cursor

Tools

ToolCall it when…
preflight_checkBefore merging an API spec change, or before an agent depends on an endpoint. Returns risk score, blast radius, agent impact, incident cost, and a merge decision. If it returns BLOCK, do not ship or call.
agent_tool_checkAn API or tool schema changed and agents call those tools. Detects TOOL_RESULT_SHAPE_DRIFT, AGENT_PROTOCOL_DRIFT and similar, with per-pattern mitigation.
agent_readiness_scoreBefore wiring a new API or MCP manifest into an agent. Returns 0–100 readiness with a band and per-signal breakdown.
registry_validateHealth-check a whole MCP tool registry or a set of OpenAPI specs at once: schema consistency, auth coverage, deprecation, breaking-change density.
agent_preflightBefore deploying changed agent tool schemas. Pass tools before/after; returns which tools break, which workflows are hit, blast radius across the agent graph, and a deploy decision.
traffic_analyzeYou have live HTTP traffic but no updated spec. Infers behavioral drift from request/response samples to catch runtime contract changes.
mcp_diffBefore publishing a new MCP manifest version. Compares two manifests for breaking changes in tool schemas, contracts, auth, or tool availability.
governance_healthYou want an A–F governance grade for an API spec: policy violations, deprecation status, docs coverage, and security findings.

Verify

curl -sS https://app.coderifts.com/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"curl","version":"1.0"}}}'

Response contract

Every tool returns the same Decision Spec v1.0 envelope, so an agent can branch on a stable shape:

{
  "decision": "BLOCK",            // ALLOW | WARN | REQUIRE_APPROVAL | BLOCK
  "risk_score": 57,
  "safe_for_agent": false,
  "breaking_changes": [ ... ],
  "patterns": [ ... ],
  "requires_migration": true,
  "evidence_quality": "high",
  "coderifts_version": "1.0.0",
  "timestamp": "..."
}