agentify risk

Score the diff's blast radius.

Risk turns the current diff (or anything since a ref) into a 0–100 score, an impacted-code list, and a prioritized regression-test queue. Implementation lives in src/core/risk.js · buildRiskReport(root, options).

flags next: skill
module src/core/risk.js neighbor depth MAX_NEIGHBOR_DISTANCE = 2 score helpers clampScore · riskLevel
flags

Flags parsed at the dispatcher.

--root

Override repo root (defaults to cwd).

--since

Score the diff since a git ref (e.g., origin/main). Without it, risk scores the working-tree diff against HEAD.

--json

Return the full JSON report instead of the compact terminal summary.

scoring

What goes into the 0–100 score.

Source: src/core/risk.js. The score combines changed-file weight, dependency fan-out, semantic centrality, impacted modules, and impacted-symbol surface — all clamped via clampScore.

0 35 70 100
none
low
medium
high
0

None

No changed-file contribution detected. Not a guarantee that nothing matters outside the index.

1–34

Low

Changes look isolated or test-focused per the indexed graph and semantic facts.

35–69

Medium

Dependency, semantic, or module surface area suggests focused regression tests are warranted.

70–100

High

Diff likely touches shared code or fan-out across modules. Run prioritized tests and inspect impacts before review.

json shape

Fields returned by --json.

From src/core/risk.js:539. Tag schema_version identifies the report format.

schema_version Report version constant RISK_SCHEMA_VERSION.
changed_files[] Path, git status, owning module, per-file score contribution.
risk Object with score and level from riskLevel(score).
impacted Modules, files, and symbols reached via import edges and semantic facts.
prioritized_test_commands[] Indexed test commands ranked by impacted-module proximity.
notes[] Includes a "no indexed test command covers the impacted modules" note when ranking is empty.
prereqs

Index must be fresh.

Risk reads .agentify/index.db. Run agentify scan or agentify up first; if no test command matches an impacted module, the report emits a note rather than claiming safety.