feat!: breaking changes v1.5.0 — remove phone field + narrow order status enum#4
feat!: breaking changes v1.5.0 — remove phone field + narrow order status enum#4zsobpeter-code wants to merge 1 commit into
Conversation
🔴 BLOCK | Risk: 57/100 | 3 breaking changes❌ Decision: BLOCK • 🟡 Risk: 57/100 • ❌ Breaking: 3 • 🔍 Patterns: 5 🟡 CodeRifts — Risk Score: 57/100 (Moderate)🏷️ Suggested version bump: 📌 Current version is v1.4.0 → next version should be v2.0.0 ❌ Why This PR Is BlockedThis PR is blocked because a HIGH pattern (ENUM_NARROWING) was detected. ✅ How to Unblock
🔬 Decision Audit — Ω_API V3
Reflex triggers:
Pattern config hash:
📊 API Stability Grade: C (moderate risk) 📦 Generator, AI-spec & SDK impact (2)🔧 Generator Impact AnalysisDetected generators:
📦 SDK Surface Impact2 generated SDKs detected in this repository:
Total SDK impact: 6 models and 0 methods across 2 SDKs need regeneration.
🔍 Top Detected Patterns
🔴 3 Breaking Changes Found
Change intent breakdown: 2 structural · 1 behavioral 🤖 Agent Impact
🔧 Suggested migration snippets🤖 How to update your agentThe following breaking changes affect AI agent workflows. Platform-specific starter code below — substitute the real field types and auth scopes from your schema: Tool result shape changed (
|
| Icon | Trigger | Action needed |
|---|---|---|
| 💾 | New required field field in POST /users |
Ensure database column exists with a default value for existing rows |
✅ Pre-merge checklist
- Verify API documentation is updated
- Notify downstream consumers of breaking changes
- Update API client SDKs if applicable
- Check mobile app compatibility
- Run database migration before deploying
- Verify migration is backward-compatible (can roll back)
💰 Economic Impact Estimate
├── Migration cost: $18,000 (120 eng-hours × $150/hr)
├── Testing cost: $27,000 (180 eng-hours × $150/hr)
├── Rollback risk: $54,000 (if rollback needed)
├── Downstream consumers: 1 service
└── Total estimated impact: $45,000
📐 Heuristic estimate from configurable assumptions (engineer rate, migration hours, consumer count). Tune the 'cost' section in '.coderifts.yml' for your team. Estimate, not a precise quote.
ℹ️ CodeRifts detected this before merge. Monthly cost: $49. Estimated impact prevented: $45,000.
Change Impact Graph
flowchart LR
API["API contract<br/>BLOCK · 3 breaking · $45,000"]
C0["response-body-scope-add"] --> API
C1["response-body-scope-add"] --> API
C2["request-property-enum-value-removed"] --> API
API -->|"3 impacted, MEDIUM"| AGENTS["AI agents"]
API -->|"3 models"| SDK_TypeScript["TypeScript SDK"]
API -->|"3 models"| SDK_Java["Java SDK"]
The API contract (hub), the breaking changes feeding it, and the consumers it fans out to. Full machine-readable graph via POST /api/v1/change-impact-graph.
⏰ Deprecation Calendar
| Endpoint | Deprecated Since | Scheduled Removal | Status |
|---|---|---|---|
POST /payments/refund |
— | 2026-04-01 (-81d) | 🔴 Overdue |
👥 No
CODEOWNERSfile found. Consider adding one to auto-assign reviewers for API changes:# .github/CODEOWNERS # Auto-generated from .coderifts.yml domains api/openapi.yaml @payments-team @backend-team
📍 No URL versioning detected. Consider adopting URL versioning (e.g.
/v1/,/v2/) to manage breaking changes safely.
📏 API Design Lint — 2 warnings
| Rule | Endpoint | Details |
|---|---|---|
/users |
Plural /users — most paths use singular convention |
|
/users/{id} |
Plural /users — most paths use singular convention |
⌛ Deprecation Lifecycle
Currently deprecated (not removed in this PR):
POST /payments/refund— sunset: 2026-04-01 (-82 days remaining) → usePOST /payments/v2/refund
⚠️ Generated Spec Drift Warning
The OpenAPI spec api/openapi.yaml appears to be generated by OpenAPI Generator but was modified directly in this PR.
Drift confidence: 40% (medium)
Detected signals:
- 🔧 Generator config was not changed in this PR
- ✏️ Source annotations/code were not modified
Risk: Manual changes to generated specs will be overwritten on next generation. This can cause:
- Silent loss of the changes in this PR
- Merge conflicts when regenerating
- Inconsistency between source code and API contract
Recommended actions:
- Update the source (code annotations, config, or source spec) instead of editing the generated output
- Regenerate the spec from the updated source
- If this is an intentional override, add the file to
.openapi-generator-ignoreorgenerator_drift.ignore_filesin.coderifts.yml
📖 Documentation Coverage
Overall coverage: 92%
| Schema | Score | Grade | Delta | Top Gap |
|---|---|---|---|---|
| api/openapi.yaml | 92% | 🟢 A (Excellent) | Examples (44%) |
📋 Raw diff details
response.body.scope.add— paths./users.post.responses.201.content.application/json.schema (api/openapi.yaml)response.body.scope.add— paths./users/{id}.get.responses.200.content.application/json.schema (api/openapi.yaml)request-property-enum-value-removed— schemas.Order.status (api/openapi.yaml)request.body.scope.add— paths./users.post.requestBody.content.application/json.schema (api/openapi.yaml)
👥 Breaking change in
usersdomain — notify @backend-team
📝 Documentation Drift
Consider updating: README.md, API docs, or CHANGELOG before merging.
🏛️ Governance Health: A (95/100)
📋 Policy
| Rule | Condition | Action | Status |
|---|---|---|---|
| block-endpoint-removal | endpoint_removed | BLOCK | ✅ not triggered |
| warn-high-risk | risk_score >= 80 | WARN | ✅ not triggered |
Effective action: ALLOW
⚠️ Schema Overlap Warning
Other open PRs also modify the same OpenAPI spec files. Merging this PR may cause conflicts or inconsistent changes in:
| PR | Spec File | Status |
|---|---|---|
| #2 — feat: migrate payment API to v2 schema | api/openapi.yaml |
Open (111 days) |
| #3 — Update openapi.yaml | api/openapi.yaml |
Open (100 days) |
| #1 — fix: update API schema for v2 migration | api/openapi.yaml |
Open (116 days) |
💡 Tip: Coordinate with these PR authors before merging. Consider rebasing after one PR is merged.
📋 Action Items
- Review all breaking changes above
- Update MCP manifest if agent-facing endpoints changed
- Prepare consumer-facing changelog
- Define rollout plan before merge
📊 API surface: 9 endpoints · 29 fields · 9 schemas
⚙️ Configure in .coderifts.yml · 🔗 CodeRifts
🎋 A few cracks appear
🎋 In the contract we once kept
🎋 Review before merge
☁️ You're on the Free plan. Pro features (risk scoring, governance, deprecation enforcement) are included during the beta. Lock in Pro pricing →
⏱️ PR Review Insights
This PR
| Metric | Value | Benchmark |
|---|---|---|
| Time to First Review | Awaiting review | — |
| Review Rounds | 0 | 🟢 Normal |
| PR Size | +2 / -11 | 🟢 Small |
🌐 Cross-Repo Impact
This PR affects downstream consumers:
| Consumer Repo | Criticality | Risk |
|---|---|---|
| coderifts/example | 🔴 Critical | Breaking changes may cascade |
1 downstream repo affected. Notify consumer teams before merging.
✅ Pre-merge Checklist
Before merging this PR, verify:
- Backward compatibility reviewed for all breaking changes
- Changelog prepared for downstream consumers
- Rollout plan defined (monitor closely after deploy)
- Database migration tested if schema changes detected
- SDK regeneration scheduled (5 generated SDKs affected)
- Consumer team notified (1 downstream repo registered)
🧬 Lesion Simulator
Pre-release resilience test: 9 micro-injuries tested.
| Lesion | Target | Decision | Severity |
|---|---|---|---|
| ENDPOINT_REMOVAL | GET /users/{id} | 🔴 BLOCK | HIGH |
| ENDPOINT_REMOVAL | POST /users | 🔴 BLOCK | HIGH |
| ENDPOINT_REMOVAL | GET /orders | 🔴 BLOCK | HIGH |
| AUTH_REMOVAL | Security removed from GET /users/{id} | 🟡 REQUIRE_APPROVAL | LOW |
| AUTH_REMOVAL | Security removed from POST /users | 🟡 REQUIRE_APPROVAL | LOW |
| AUTH_REMOVAL | Security removed from GET /orders | 🟡 REQUIRE_APPROVAL | LOW |
| REQUIRED_FIELD_ADDED | Added required field '_lesion_required_field' to POST /users | 🟡 REQUIRE_APPROVAL | LOW |
| REQUIRED_FIELD_ADDED | Added required field '_lesion_required_field' to POST /orders | 🟡 REQUIRE_APPROVAL | LOW |
| REQUIRED_FIELD_ADDED | Added required field '_lesion_required_field' to POST /payments/charge | 🟡 REQUIRE_APPROVAL | LOW |
Resilience Score: 0/100 (F)
3 critical lesions detected. This API is fragile — small changes cause major downstream impact.
08fd210 to
b3fb3c0
Compare
…wing)
Demo PR showcasing CodeRifts breaking-change detection: removes fields from the
POST /users and GET /users/{id} responses and narrows the Order.status enum.
b3fb3c0 to
8c97086
Compare
feat: remove phone field and delivered status enum (v1.5.0)