Skip to main content

New features

Ownership & bus-factor signal (opt-in preview). Riftmap can now extract human contributor data from git history during a scan and derive a per-repo bus factor — the number of developers who’d have to leave before a repo is effectively unmaintained. Crossed with the existing fan-in graph, it surfaces the repos that matter most: high blast radius × single maintainer — the build/CI/base-image substrate that everyone depends on but nobody owns. Activity-based health checks miss these (a repo can have a commit this morning and a bus factor of 1); anchoring bus factor to the dependency graph is what makes the finding actionable. The signal ships off by default and is enabled per deployment via OWNERSHIP_SIGNAL_ENABLED. The new API endpoints below are always callable and return empty / zero / null payloads until it’s turned on and an org has been re-scanned — so agents never need a flag-aware branch.
  • GET /repositories/{id}/ownership — per-repo bus factor, top-author share, human author count, and the full human contributor list (paginated, bots stripped). Names only, never emails.
  • GET /connected-orgs/{id}/ownership-risk — the ranked findings feed of concentration-risk repos (high fan-in × low bus factor), ordered by risk score. min_dependents / max_bus_factor overrides for ad-hoc queries.
  • GET /repositories/{id}/context now carries a slim ownership summary (bus_factor, top_author_name, human_author_count), so an agent can answer “who maintains this, and is changing it risky?” in the same round-trip it already makes.
In the app, a bus-factor overlay colours graph nodes by maintainer concentration and a Concentration Risk panel lists the flagged repos, with an “Owners” tab on every repo’s detail view. Privacy: contributor data is git author metadata only — no commit messages, diffs, or file blobs. It’s workspace-scoped, cascade-deleted on workspace deletion and the 30-day GDPR purge, and the API only ever returns names, never emails. See Security.