Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.riftmap.dev/llms.txt

Use this file to discover all available pages before exploring further.

New features

/ready health probe. A new public /ready endpoint returns 200 only when Postgres, both Redis instances, and at least one scan worker are reachable, and 503 otherwise. Point external uptime monitors at it to catch half-broken states the main /health endpoint can’t see. Idempotent scans. POST /connected-orgs/{id}/scans now rejects a second scan for an org that already has one pending or running with a 409 Conflict. Safe to retry from agents and CI without queuing duplicates. Broader Helm, Python, Terraform, and Ansible detection. Riftmap now recognizes cross-repo consumption from helmfile.yaml, kustomization.yaml’s helmCharts, Poetry and uv dependency tables, and Ansible Galaxy requirements.yml. Previously these declarations were invisible — orgs heavy on Helm or Python will see substantially more edges on the next scan. Container image edges from Helm chart templates. Scans now extract image: references from charts/*/templates/*.yaml even when they contain Go template directives, surfacing k8s_container_image consumption that was previously dropped at parse time.

Updates

Faster recovery from stuck scans. The stuck-scan reaper now runs every 15 minutes instead of daily and uses task state (not just age) to decide what to clear, so a hard-killed scan no longer blocks an org’s queue for hours. Search-jump camera stability. Clicking a graph search result reliably pans to the target node and opens the detail panel without the graph re-fitting and undoing the pan. Subsequent searches in the same session also stay stable. GitHub container registry attribution. Docker image artifacts produced by GitHub-hosted repos now resolve to ghcr.io/<org>/<repo> instead of an invalid host, so consumer matching across GitHub orgs works correctly.

Bug fixes

Artifact consumers reflect the latest scan. /artifacts/{id}/consumers, /artifacts/{id}/versions, and the /stats endpoints could return stale pinned versions and inflated orphan counts after a re-scan because they read across all historical scans. They now scope to the latest scan per org, so edited constraints show up immediately and consumers_lagging is correct. Stripe checkout self-heal. Workspaces whose subscription was canceled out-of-order with a late invoice.payment_succeeded webhook could get stuck unable to re-checkout. The checkout endpoint now reconciles with Stripe before returning 409, and the plan card surfaces a clear next action instead of a generic error. Worker boot resilience. The worker healthcheck sidecar now starts before the broker connection, so a slow Redis at boot no longer causes the platform to mark workers unhealthy and restart them in a loop. Cleaner dependency graphs. The resolver now rejects several classes of bogus artifacts that were polluting org graphs:
  • Vendored package.json files (e.g. Hugo themes, vendored frontend assets) no longer register as npm packages “produced by” the host repo.
  • Vendored or subchart Chart.yaml files no longer attribute Helm charts to the wrong repo.
  • Go modules with bare names (module foo) or bare hosts (module github.com) are dropped instead of prefix-matching unrelated consumers.
  • Self-edges (a repo declaring a dependency on its own artifact via a sub-module) are filtered from the resolver chain.
These changes mean noticeably fewer phantom edges on the next scan, especially for orgs with vendored dependencies or multi-module Go repos.