Touching `auth.ts` is not the same as touching `utils/date.ts`. Ripple Risk builds your import graph and scores every edit by how many files downstream could break.
What it catches
Files imported by 10+ modules get an elevated risk score. A small change here can cascade through your entire codebase.
When the agent edits shared helpers, formatters, or types, every consumer is a potential regression site.
Security-sensitive files are always elevated regardless of fan-out count. Auth bugs don't need many dependents to hurt.
How it works
Parse the import graph
We use tree-sitter to statically parse every import and re-export in your codebase — no runtime, no build required.
Score modified files
Each file touched by the agent is scored by its depth in the dependency tree and number of direct importers.
Surface the hotspots
The top-risk files are highlighted in your report with a list of their dependents and a composite Ripple Risk score.
Example output
Ripple Risk · High — 14 dependents
Highest-risk edit
src/lib/auth.ts
14 direct importers · 38 transitive dependents
Direct importers