Skip to content

aharwelik/blast-radius

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

blast-radius banner

blast-radius

Score the reach and risk of a code diff before you merge it. Flags diffs that touch auth, commit secrets, delete tests, change CI/CD, or widen dependencies -- offline, as a pre-merge gate or a Claude Code skill.

ci license: MIT python dependencies: none

Keywords: code review, AI code review, diff risk, pre-merge gate, secret detection, CI security, blast radius, change risk, DevSecOps, Claude Code, Codex, agent guardrails, pull request automation.


The problem

An agent stops when the diff looks done, and a plausible-looking diff is the most common way a real problem slips through (the trust-then-verify gap). The danger of a change is not its size. A two-line edit to authentication, an accidentally committed key, or a quietly deleted test outranks a large mechanical refactor. Reviewers and gates need the reach measured, not assumed.

blast-radius reads a unified diff and reports which high-reach signals fired, the overall scope, and a severity, so review effort matches actual risk and an unattended run can refuse to merge a dangerous change on its own.

What it flags

  • Secrets committed in the diff (AWS keys, private keys, GitHub tokens, api_key/token/password assignments) -- critical.
  • Authentication / session / OAuth paths -- high.
  • Deleted or gutted tests (removing tests to make a build pass) -- high.
  • CI/CD, Dockerfiles, deploy changes -- high.
  • Database migrations and infrastructure as code -- high.
  • Dependency manifests and lockfiles -- medium (supply-chain reach).
  • Large changes (many files or lines) raise the scope to service or global.

Install

No dependencies. Python 3.10+.

git clone https://github.com/aharwelik/blast-radius
cd blast-radius

Use it

git diff | python -m blastradius score
# or a saved diff:
python -m blastradius score examples/risky.diff

Output on the bundled risky example:

blast-radius: severity=critical  scope=service
  files=3  dirs=3  lines=9

high-reach signals:
  - secret committed in diff (src/auth/login.py)
  - touches authentication (src/auth/login.py)
  - deletes a test file (tests/test_login.py)
  - changes a dependency manifest or lockfile (requirements.txt)

Exit code is 1 when severity meets the --fail-on threshold (default high), so it gates a merge. Verify a diff as a change receipt:

git diff | python -m blastradius score --receipt | python -m pco verify -

Use it as a Claude Code skill

mkdir -p ~/.claude/skills/blast-radius
cp skill/SKILL.md ~/.claude/skills/blast-radius/SKILL.md

Then ask Claude to "score the blast radius of this diff before merging."

Theory

This implements the Blast-Radius declaration of the proof-carrying-ops model: the reach of a change must be measured before the change is accepted, because the same request can produce a local or a global edit and the cost of accepting an unmeasured global one is not proportional to the agent's average quality.

Honesty boundary

The signals are transparent rules, not a verdict that the change is wrong. A high score means "look closely", not "reject"; a low score is not a correctness guarantee. Pair it with tests. Example diffs use documentation-only placeholder secrets.

Design

Standard library only, tested on Python 3.10 through 3.13, no-emoji guard in CI.

Author

Anthony Harwelik -- [email protected] -- https://github.com/aharwelik

License

MIT. See LICENSE.

About

Score the reach and risk of a code diff before merging. Flags diffs that commit secrets, touch auth, delete tests, change CI/CD or migrations, or widen dependencies. Offline pre-merge gate and Claude Code skill with a proof-carrying-ops receipt. Stdlib only.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages