# CodeRifts > Risk-aware API compatibility governance for AI agents and CI. Before an API change merges, CodeRifts predicts whether it will break production, who it affects, by what pattern, at what business cost, and whether blocking is justified. Every check returns a deterministic ALLOW / WARN / REQUIRE_APPROVAL / BLOCK decision (Decision Spec v1.0). ## For agents - [Connect (machine-readable)](https://coderifts.com/for-agents): MCP endpoint, copy-paste connect config, the 8 governance tools, and one-click install. Start here to add CodeRifts to an agent. - [MCP manifest](https://coderifts.com/mcp.json): Tool catalog with input schemas and REST endpoint mappings. - MCP server (Streamable HTTP): https://app.coderifts.com/mcp — protocol 2025-06-18, Bearer auth. - Official MCP Registry id: io.github.coderifts/api-governance ## Tools - preflight_check: Call before merging an API spec change, or before an agent depends on an endpoint. Returns risk, blast radius, agent impact, incident cost, and a merge decision. - agent_tool_check: Call when an API or tool schema changes and agents call those tools. Detects agent-breaking drift patterns with mitigation. - agent_readiness_score: Call before wiring a new API or MCP manifest into an agent. Returns a 0-100 readiness score. - registry_validate: Call to health-check a whole MCP tool registry or a set of OpenAPI specs at once. - agent_preflight: Call before deploying changed agent tool schemas. Returns which tools and workflows break, and a deploy decision. - traffic_analyze: Call when you have live HTTP traffic but no updated spec. Infers behavioral drift from samples. - mcp_diff: Call before publishing a new MCP manifest version. Compares two manifests for breaking changes. - governance_health: Call for an A-F governance grade of an API spec. ## Reference - [Decision Spec v1.0](https://coderifts.com/decision-spec/): The stable response envelope every tool returns (decision, risk_score, safe_for_agent, breaking_changes, patterns, requires_migration, evidence_quality, coderifts_version, timestamp). - [API reference](https://app.coderifts.com/api/docs): REST endpoints. - [System prompts](https://coderifts.com/system-prompts/): Copy-paste system-prompt snippets that teach an agent to run a CodeRifts preflight before risky API or tool-schema changes. - [Live demo PR](https://github.com/coderifts/demo/pull/4): A real breaking change blocked at the PR layer (risk 57, $45k incident cost, 3 downstream services). ## How agents use it Before merging an API change, or before an agent calls a tool, send the before/after spec to preflight_check. Read the `decision` field: ALLOW proceeds, WARN flags, REQUIRE_APPROVAL pauses for a human, BLOCK stops the merge or aborts the agent step. Decision logic is deterministic — a single breaking change is never silently allowed. Tests can pass and still ship a broken contract; CodeRifts checks the contract itself at PR time.