Blast Radius

Name: Blast Radius
Author: athola

athola/claude-night-market

Score merge risk and map what your diff touches—including gaps in test coverage—before you merge.

Install

npx skills add https://github.com/athola/claude-night-market --skill blast-radius

What is this skill?

Runs graph-based impact analysis via gauntlet graph_query.py with depth-2 affected-node mapping
Fallback tier uses git diff --stat plus grep import/call-site tracing when gauntlet is missing
Optional sem impact --json for function-level cross-file dependencies when sem is installed
Integrates imbue:review-core and structured-output for risk scoring and consistent reports
Hard prerequisite path: prompts /gauntlet-graph build when plugin exists but graph.db is absent

Adoption & trust: 1 installs on skills.sh; 304 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Recommended Skills

Improve Codebase Architecturemattpocock/skills

Improve Codebase Architecture is an agent skill that teaches how to deepen a cluster of shallow modules without breaking…226k installs·121k stars

Zoom Outmattpocock/skills

Lightweight meta-prompt skill that tells the agent to zoom out and deliver a domain-aligned overview of modules and call…181k installs·121k stars

Caveman Reviewjuliusbrussee/caveman

Formats code review as single actionable lines: location, problem, fix, with minimal noise.139k installs·70k stars

Requesting Code Reviewobra/superpowers

Requesting Code Review is an agent skill from the Superpowers collection that gives solo and indie builders a copy-ready…119k installs·221k stars

Receiving Code Reviewobra/superpowers

Superpowers methodology for agents receiving code review: prioritize technical correctness over social comfort, verify e…96.2k installs·221k stars

Request Refactor Planmattpocock/skills

request-refactor-plan is a structured agent workflow for solo and small-team maintainers who want refactors filed as act…30.5k installs·121k stars

Journey fit

Primary fit

Canonical shelf is Ship because the skill is explicitly framed for pre-merge impact review, not for ideation or post-launch growth work. Review is the right subphase: it produces an impact/risk picture of pending changes rather than running tests or scanning for CVEs alone.

Common Questions / FAQ

Is Blast Radius safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Blast Radius

# Blast Radius Analysis

Analyze the impact of current code changes using the
code knowledge graph.

## Prerequisites

This skill requires the **gauntlet** plugin for graph
data. Check if it's available:

```bash
GRAPH_QUERY=$(find ~/.claude/plugins -name "graph_query.py" -path "*/gauntlet/*" 2>/dev/null | head -1)
```

**If gauntlet is not installed** (GRAPH_QUERY is empty):
Fall back to a manual impact analysis using `git diff`
and `grep` to trace imports and call sites. Skip graph
steps and go directly to step 3 (manual mode).

**If gauntlet is installed but no graph.db exists**:
Tell the user: "Run `/gauntlet-graph build` first."

## Steps

1. **Show current changes**: Run `git diff --stat` to
   show the user what files changed.

2. **Run impact analysis** (requires gauntlet):
   ```bash
   python3 "$GRAPH_QUERY" \
       --action impact --base-ref HEAD --depth 2
   ```

   **Fallback tier 1 (sem available, no gauntlet)**:
   Use sem for cross-file dependency tracing:
   ```bash
   if command -v sem &>/dev/null; then
     sem impact --json <changed-file>
   fi
   ```

   This traces real function-level dependencies instead
   of filename matching. See `leyline:sem-integration`
   for detection patterns.

   **Fallback tier 2 (no sem, no gauntlet)**: Trace
   callers of changed functions with rg (or grep):
   ```bash
   # Prefer rg for speed; fall back to grep
   if command -v rg &>/dev/null; then
     git diff --name-only HEAD | while read f; do
       stem="${f%.*}"; stem="${stem##*/}"
       [ -z "$stem" ] && continue  # skip dotfiles (.gitignore etc.)
       rg -l "$stem" . 2>/dev/null
     done | sort -u
   else
     git diff --name-only HEAD | while read f; do
       stem="${f%.*}"; stem="${stem##*/}"
       [ -z "$stem" ] && continue  # skip dotfiles (.gitignore etc.)
       grep -rl "$stem" . 2>/dev/null
     done | sort -u
   fi
   ```

   Note: this searches all file types. For Python-only
   projects, add `--type py` to `rg` or `--include="*.py"`
   to `grep` to reduce false positives.

3. **Display results in priority order**:

   Format the output as a table:
   ```
   Risk  | Node                    | File          | Anchor                          | Reason
   0.85  | auth.py::verify_token   | auth.py:45    | `def verify_token(token):`      | untested, security
   0.62  | db.py::execute_query    | db.py:112     | `cursor.execute(query, params)` | high fan-in
   0.41  | api.py::handle_request  | api.py:78     | `def handle_request(req):`      | flow participant
   ```

   The `Anchor` column is the verbatim source text at the cited line.
   It lets a reviewer confirm the finding without re-running the tool.

4. **Highlight untested functions**: List any affected
   functions that lack test coverage (no TESTED_BY edge).

5. **Show overall risk**: Display the overall risk level
   (low/medium/high) based on the maximum risk score.

6. **Suggest actions**:
   - For high-risk nodes: "Consider adding tests before
     merging"
   - For security-sensitive nodes: "Review authentication
     and authorization logic carefully"
   - For high-fan-in nodes: "Changes here affect many
     callers; verify backward compatibility"

### Verify Findings Are Grounded (`blast-radius:findings-verified`)

Every finding must cite a real location and a verbatim anchor. Write
findings to `.review/findings.json` and confirm each citation resolves:

```bash
python plugins/imbue/scripts/citation_verifier.py \
  --findings .review/findings.json --repo-root .
```

Drop or label `UNVERIFIED` any finding the verifier fails (exit `1`); only
verified findings enter the report. See `Skill(im

What is this skill?

Runs graph-based impact analysis via gauntlet graph_query.py with depth-2 affected-node mapping

Fallback tier uses git diff --stat plus grep import/call-site tracing when gauntlet is missing

Optional sem impact --json for function-level cross-file dependencies when sem is installed

Integrates imbue:review-core and structured-output for risk scoring and consistent reports

Hard prerequisite path: prompts /gauntlet-graph build when plugin exists but graph.db is absent

Adoption & trust: 1 installs on skills.sh; 304 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Blast Radius

# Blast Radius Analysis

Analyze the impact of current code changes using the
code knowledge graph.

## Prerequisites

This skill requires the **gauntlet** plugin for graph
data. Check if it's available:

```bash
GRAPH_QUERY=$(find ~/.claude/plugins -name "graph_query.py" -path "*/gauntlet/*" 2>/dev/null | head -1)
```

**If gauntlet is not installed** (GRAPH_QUERY is empty):
Fall back to a manual impact analysis using `git diff`
and `grep` to trace imports and call sites. Skip graph
steps and go directly to step 3 (manual mode).

**If gauntlet is installed but no graph.db exists**:
Tell the user: "Run `/gauntlet-graph build` first."

## Steps

1. **Show current changes**: Run `git diff --stat` to
   show the user what files changed.

2. **Run impact analysis** (requires gauntlet):
   ```bash
   python3 "$GRAPH_QUERY" \
       --action impact --base-ref HEAD --depth 2
   ```

   **Fallback tier 1 (sem available, no gauntlet)**:
   Use sem for cross-file dependency tracing:
   ```bash
   if command -v sem &>/dev/null; then
     sem impact --json <changed-file>
   fi
   ```

   This traces real function-level dependencies instead
   of filename matching. See `leyline:sem-integration`
   for detection patterns.

   **Fallback tier 2 (no sem, no gauntlet)**: Trace
   callers of changed functions with rg (or grep):
   ```bash
   # Prefer rg for speed; fall back to grep
   if command -v rg &>/dev/null; then
     git diff --name-only HEAD | while read f; do
       stem="${f%.*}"; stem="${stem##*/}"
       [ -z "$stem" ] && continue  # skip dotfiles (.gitignore etc.)
       rg -l "$stem" . 2>/dev/null
     done | sort -u
   else
     git diff --name-only HEAD | while read f; do
       stem="${f%.*}"; stem="${stem##*/}"
       [ -z "$stem" ] && continue  # skip dotfiles (.gitignore etc.)
       grep -rl "$stem" . 2>/dev/null
     done | sort -u
   fi
   ```

   Note: this searches all file types. For Python-only
   projects, add `--type py` to `rg` or `--include="*.py"`
   to `grep` to reduce false positives.

3. **Display results in priority order**:

   Format the output as a table:
   ```
   Risk  | Node                    | File          | Anchor                          | Reason
   0.85  | auth.py::verify_token   | auth.py:45    | `def verify_token(token):`      | untested, security
   0.62  | db.py::execute_query    | db.py:112     | `cursor.execute(query, params)` | high fan-in
   0.41  | api.py::handle_request  | api.py:78     | `def handle_request(req):`      | flow participant
   ```

   The `Anchor` column is the verbatim source text at the cited line.
   It lets a reviewer confirm the finding without re-running the tool.

4. **Highlight untested functions**: List any affected
   functions that lack test coverage (no TESTED_BY edge).

5. **Show overall risk**: Display the overall risk level
   (low/medium/high) based on the maximum risk score.

6. **Suggest actions**:
   - For high-risk nodes: "Consider adding tests before
     merging"
   - For security-sensitive nodes: "Review authentication
     and authorization logic carefully"
   - For high-fan-in nodes: "Changes here affect many
     callers; verify backward compatibility"

### Verify Findings Are Grounded (`blast-radius:findings-verified`)

Every finding must cite a real location and a verbatim anchor. Write
findings to `.review/findings.json` and confirm each citation resolves:

```bash
python plugins/imbue/scripts/citation_verifier.py \
  --findings .review/findings.json --repo-root .
```

Drop or label `UNVERIFIED` any finding the verifier fails (exit `1`); only
verified findings enter the report. See `Skill(im

Install

What is this skill?

Recommended Skills

Journey fit

Is Blast Radius safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Blast Radius safe to install?

SKILL.md