This connects Claude to a self-hosted CodeRifts instance for API governance during development. It monitors API calls your agent makes, detects breaking changes in real time, and can block requests that exceed safety thresholds. You'd reach for this when your AI workflows interact with production APIs and you need a safety layer that scores blast radius before changes go through. The self-hosted setup runs via Docker Compose with PostgreSQL and Redis, so you keep governance policies and API traffic logs on your own infrastructure. Useful if you're building agent workflows that modify or deploy APIs and need audit trails or rollback protection.
Docker Compose configuration for self-hosting CodeRifts on your own infrastructure.
CodeRifts runs from a prebuilt image published to GitHub Container Registry
(ghcr.io/coderifts/app:latest) - no source checkout or local build required.
# 1. Download the Compose file and environment template
curl -O https://raw.githubusercontent.com/coderifts/self-hosted/main/docker-compose.yml
curl -o .env https://raw.githubusercontent.com/coderifts/self-hosted/main/.env.example
# 2. Edit .env with your values (GitHub App credentials)
# 3. Pull the CodeRifts image and start all services
docker compose pull
docker compose up -d
If pulling the image requires authentication, run
docker login ghcr.iofirst.
CodeRifts is available as a Model Context Protocol (MCP) server so AI agents can run governance and contract-safety checks before they call or merge API changes. The server speaks MCP JSON-RPC over Streamable HTTP.
io.github.coderifts/api-governancehttps://app.coderifts.com/mcphttps://<your-host>/mcp (same path on your own instance)Authorization: Bearer cr_live_YOUR_KEY on tool calls. The initialize and tools/list methods are open (no key required) so clients can discover the tools without authenticating.| Tool | Description |
|---|---|
preflight_check | Analyze an API spec diff before merge. Returns risk score, blast radius, agent impact, and a merge decision (ALLOW / WARN / REQUIRE_APPROVAL / BLOCK). |
agent_tool_check | Check whether an API change breaks AI agent tool calling (endpoint removal, newly required fields, result-shape drift). |
agent_readiness_score | Score an OpenAPI spec or MCP manifest for AI-agent readiness (0–100) with recommendations. |
registry_validate | Validate an MCP tool registry or OpenAPI spec collection for governance health. |
agent_preflight | Pre-flight governance check for agent workflows, given tool schemas before and after a change. |
mcp_diff | Compare two MCP manifests and detect breaking changes in tool schemas, input/output types, and descriptions. |
governance_health | Governance health score for an API spec (A–F grade, policy compliance, recommendations). |
Add CodeRifts to claude_desktop_config.json using the remote bridge:
{
"mcpServers": {
"coderifts": {
"command": "npx",
"args": [
"mcp-remote",
"https://app.coderifts.com/mcp",
"--header",
"Authorization: Bearer cr_live_YOUR_KEY"
]
}
}
}
Replace cr_live_YOUR_KEY with your CodeRifts API key, restart Claude Desktop, and the seven tools above become available.
# List tools (no key required)
curl -s -X POST https://app.coderifts.com/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
For full documentation, visit coderifts.com/docs.
See coderifts.com for licensing terms.