Touching auth.ts is not the same as touching utils/date.ts. Graph builds your import graph and scores every edit by how many files downstream could break.
What it catches
Files imported by 10+ modules get an elevated risk score — a small change here cascades across the codebase.
When the agent edits shared helpers, formatters, or types, every consumer is a potential regression site.
Security-sensitive files are always elevated regardless of fan-out count. Auth bugs don't need many dependents to hurt.
How it works
Parse the import graph
We statically parse every import and re-export in your codebase — no runtime, no build required.
Score modified files
Each file touched by the agent is scored by its depth in the dependency tree and number of direct importers.
Surface the hotspots
The top-risk files are highlighted in your report with a list of their dependents and a composite Graph score.
Example output
Graph
Highest-risk edit
src/lib/auth.ts
14 direct importers · 38 transitive dependents
Direct importers