Ripple Risk
How we score downstream impact of every file change using import graph analysis.
The Ripple Risk analyzer builds a dependency graph of your codebase using tree-sitter AST parsing, then scores every file the agent edited by how many other files depend on it.
What it detects
- Edits to high-fan-out modules (used by 20+ files) without test coverage.
- Changes to shared utilities, config files, or type definitions.
- Modifications to public API surfaces consumed downstream.
How it works
We parse every import/require/include statement in your repository to build a directed graph. Each edited file gets a ripple score based on how many files transitively depend on it. Higher scores mean a bug here would cascade further.
Severity levels
- Critical — edited file has 20+ downstream dependents and no test changes in the session.
- Warning — edited file has 5–19 downstream dependents.
- Info — low-impact leaf file edits.