name: blast-radius role: entrypoint description: > Analyze the blast radius of code changes with risk scoring. Shows affected nodes, untested functions, and review priorities using the code knowledge graph. model_hint: standard tags:

• code-review
• impact-analysis
• risk-scoring tools: []

Blast Radius Analysis

Analyze the impact of current code changes using the code knowledge graph.

Prerequisites

This skill requires the gauntlet plugin for graph data. Check if it's available:

GRAPH_QUERY=$(find ~/.claude/plugins -name "graph_query.py" -path "*/gauntlet/*" 2>/dev/null | head -1)

If gauntlet is not installed (GRAPH_QUERY is empty): Fall back to a manual impact analysis using git diff and grep to trace imports and call sites. Skip graph steps and go directly to step 3 (manual mode).

If gauntlet is installed but no graph.db exists: Tell the user: "Run /gauntlet-graph build first."

Steps

1. Show current changes: Run git diff --stat to show the user what files changed.

2. Run impact analysis (requires gauntlet):

   python3 "$GRAPH_QUERY" \
       --action impact --base-ref HEAD --depth 2
   

   Fallback tier 1 (sem available, no gauntlet): Use sem for cross-file dependency tracing:

   if command -v sem &>/dev/null; then
     sem impact --json <changed-file>
   fi
   

   This traces real function-level dependencies instead of filename matching. See leyline:sem-integration for detection patterns.

   Fallback tier 2 (no sem, no gauntlet): Trace callers of changed functions with rg (or grep):

   # Prefer rg for speed; fall back to grep
   if command -v rg &>/dev/null; then
     git diff --name-only HEAD | while read f; do
       stem="${f%.*}"; stem="${stem##*/}"
       [ -z "$stem" ] && continue  # skip dotfiles (.gitignore etc.)
       rg -l "$stem" . 2>/dev/null
     done | sort -u
   else
     git diff --name-only HEAD | while read f; do
       stem="${f%.*}"; stem="${stem##*/}"
       [ -z "$stem" ] && continue  # skip dotfiles (.gitignore etc.)
       grep -rl "$stem" . 2>/dev/null
     done | sort -u
   fi
   

   Note: this searches all file types. For Python-only projects, add --type py to rg or --include="*.py" to grep to reduce false positives.

3. Display results in priority order:

   Format the output as a table:

   Risk  | Node                    | File          | Reason
   0.85  | auth.py::verify_token   | auth.py:45    | untested, security
   0.62  | db.py::execute_query    | db.py:112     | high fan-in
   0.41  | api.py::handle_request  | api.py:78     | flow participant
   

4. Highlight untested functions: List any affected functions that lack test coverage (no TESTED_BY edge).

5. Show overall risk: Display the overall risk level (low/medium/high) based on the maximum risk score.

6. Suggest actions:

   • For high-risk nodes: "Consider adding tests before merging"
   • For security-sensitive nodes: "Review authentication and authorization logic carefully"
   • For high-fan-in nodes: "Changes here affect many callers; verify backward compatibility"

Risk Scoring Model

Five weighted factors (sum capped at 1.0):