Ready-made .coderifts.yml governance policies for API breaking change detection.
CodeRifts detects breaking API changes in OpenAPI schemas on every pull request. It works with GitHub, GitLab, Bitbucket, and any CI/CD pipeline.
Install: https://github.com/apps/coderifts Integrations: https://coderifts.com/integrations/ Live demo: coderifts/demo#2
Pick a template, copy it to your repo root as .coderifts.yml, and connect CodeRifts to your CI/CD.
Or use the CLI:
npx coderifts init fintechAvailable templates:
npx coderifts init startup # Startup Lean
npx coderifts init growth # Growth Balanced
npx coderifts init fintech # Fintech Strict
npx coderifts init public-api # Public API Safe
npx coderifts init microservices # Microservices Internal| Platform | How |
|---|---|
| GitHub App | Zero-config, one-click install |
| GitHub Actions | uses: coderifts/action@v1 |
| GitLab CI | CI/CD Catalog component |
| Bitbucket Pipelines | Docker pipe |
| REST API | Bearer token, any CI/CD system |
| CLI | npx coderifts diff |
Full integration docs: coderifts.com/integrations/
| Template | Best For | Breaking Tolerance | Risk Threshold |
|---|---|---|---|
| startup-lean | Early stage, MVPs | 5 per PR | None |
| growth-balanced | Series A-C, 5-50 engineers | 3 per PR | 85 |
| fintech-strict | Banks, healthcare, regulated | 0 | 60 |
| public-api-safe | Developer platforms, external APIs | 0 | 50 |
| microservices-internal | 10+ internal services | 3 per PR | 80 |
For fast-moving teams that want safety without friction. Catches critical breaking changes but stays out of your way. Allows up to 5 breaking changes per PR, ignores low-severity rules like nullable changes and optional property removals.
For teams scaling from startup to mid-size. Enforces good practices without blocking velocity. Requires deprecation before removal, version bumps on breaking changes, and enables overlap detection and generator-aware risk scoring.
For regulated industries where API stability is critical. Zero tolerance for unreviewed breaking changes. Includes approval matrix for security and governance teams, freeze periods for audits and Q4, and comprehensive sensitive data patterns (SSN, tax ID, routing numbers).
For public-facing APIs where backward compatibility is paramount. External developers depend on your API contract. Zero breaking changes allowed, all removals require team lead approval, and the risk threshold is set low at 50 to catch even moderate-risk changes.
For internal service-to-service APIs in a microservices architecture. Focus on blast radius and cross-service impact. Defines domain ownership for payments, users, and catalog services with Slack notifications for breaking changes.
Real-world configurations contributed by the community:
| Example | Description |
|---|---|
| e-commerce-api | Multi-tenant e-commerce with payments domain and Black Friday freeze |
| saas-platform | B2B SaaS with public API, webhook contracts, and SDK generation |
| mobile-backend | Mobile app backend with app version tracking and feature flags |
- Copy a template to your repo root as
.coderifts.yml - Connect CodeRifts via any integration: GitHub App, GitHub Actions, GitLab CI, Bitbucket Pipelines, REST API, or CLI
- Open a PR that changes an OpenAPI schema
- CodeRifts posts a governance report
The report includes:
- Risk Score (0-100) — Revenue impact, blast radius, compatibility, security
- Policy Violations — Breaking budgets, freeze windows, approval requirements
- Security Analysis — Auth removals, sensitive field exposure
- Migration Estimates — Downstream effort in hours and dollars
- Change Intent — Structural, behavioral, security, or performance classification
- Confidence Score — High, medium, or low certainty for each breaking change
We welcome community policy contributions! See CONTRIBUTING.md for guidelines.