The API is designed to be a first‑class tool for AI coding agents (Claude Code, Cursor, Cline) and CI pipelines doing planning or audit work in repos that depend on each other across an org.Documentation Index
Fetch the complete documentation index at: https://docs.riftmap.dev/llms.txt
Use this file to discover all available pages before exploring further.
Why the API matters more than the UI
The graph UI is for humans. The API is for agents and pipelines: an agent fixing repo A needs to know what depends on A before it starts so the change can stay green. That’s a tool call, not a tab.Recommended call pattern
For an agent in a working tree atgithub.com/myorg/repo:
Resolve the local clone URL to a Riftmap repo
.git suffix variants. Returns 404 on miss, 409 on ambiguous match. Provide exactly one of url or full_path.Hydrate context in one round-trip
{ repository, dependencies (capped 100, with dependencies_total), dependents (capped 100, with dependents_total), artifacts }. Composes four endpoints into one call. Impact is deliberately omitted — call /impact separately when blast radius is actually needed.Drill in as needed
- More than 100 dependents?
GET /repositories/{id}/dependents?limit=500&offset=0 - Transitive blast radius?
GET /repositories/{id}/impact?max_depth=3 - Neighbourhood graph for visualisation?
GET /connected-orgs/{org_id}/graph?root={id}&depth=2
The freshness rule
Every repo response carries four freshness fields:| Field | Meaning |
|---|---|
last_scanned_at | Wall‑clock time of the last successful scan that processed this repo. |
last_commit_sha | The commit SHA observed at that scan. |
last_activity_at | The most recent commit / push timestamp from the platform API. |
archived | Whether the repo is archived on GitHub/GitLab. |
archived: true is also a strong signal — archived repos are a frequent source of phantom edges in older graphs.
Pagination contract
All list endpoints (dependencies, dependents, repositories, artifacts, scans, members) follow the same shape:| Parameter | Type | Default | Max |
|---|---|---|---|
limit | integer | 100 | 500 |
offset | integer | 0 | — |
X-Total-Count carries the total matching rows so the client can compute page counts in one round‑trip. Out‑of‑range values return 422.
Auth
Workspace API keys (X-API-Key: rfm_live_… or Authorization: Bearer rfm_live_…). Keys are workspace‑scoped — the agent never needs to pass a workspace_id. See Authentication for the full matrix and rate limits.
Static OpenAPI schema
Live/openapi.json and /docs stay disabled in production — they would otherwise hand attackers a complete endpoint inventory plus validation rules. The schema is generated in CI from the dev‑mode app and shipped with the frontend build at a stable static URL:
The full surface
| Endpoint | One-liner |
|---|---|
GET /repositories/lookup | Resolve a clone URL or org/repo slug → Riftmap repo. |
GET /repositories/{id} | Repo details, including freshness fields. |
GET /repositories/{id}/context | Single‑call agent bundle (repo + capped deps + capped dependents + artifacts). |
GET /repositories/{id}/dependencies | Direct dependency declarations, paginated, deduplicated. |
GET /repositories/{id}/dependents | Direct dependents, paginated, deduplicated. |
GET /repositories/{id}/impact | Transitive downstream blast radius via Python BFS. |
GET /artifacts/{id}/consumers | Who consumes this artifact and at which version. |
GET /artifacts/{id}/versions | All versions seen across the org. |
GET /connected-orgs/{id}/graph | Full org graph or subgraph anchored at a repo. |