Skip to main content

🚀 Beta: All Pro and Team features are free. Install on GitHub →

API Risk · Impact Analysis

What is API Blast Radius?

API blast radius is the measure of how far a breaking API change propagates: how many downstream services, consumers, and AI agents are affected when a contract changes.

Why does blast radius matter more than just detecting a break?

A diff tells you what changed; blast radius tells you how far the damage reaches - the difference between a warning and a priority.

Two changes can be structurally identical and still carry very different risk. Removing a field from an internal endpoint nobody calls is a footnote. Removing the same field from a payments endpoint consumed by many services and agents is an incident waiting to happen. A plain diff treats them the same; blast radius does not.

Blast radius turns a flat list of changes into a ranking of what needs attention first. Instead of asking only did something break, it answers who breaks, how many of them, and how badly - which is what lets a team triage a pull request instead of reading every line of it.

How is blast radius calculated?

Blast radius is derived deterministically from the change and the surrounding contract - the same inputs always produce the same result.

The inputs are conceptual, not a single magic number:

  • Downstream consumer count: how many services and clients depend on the affected endpoint.
  • Endpoint sensitivity: how critical the endpoint is - a payments or auth route weighs more than a health check.
  • Coupling across changes: how many changes are bundled into one pull request, which widens the surface at risk.
  • Agent workflow impact: whether the change touches paths that AI agent workflows rely on.

CodeRifts combines these into a reproducible measure. The exact scoring formula is intentionally not published, but it is stable and auditable - the same change always scores the same way, rather than depending on who is reviewing it.

What is a high blast radius change?

A high blast radius change reaches many dependents at once. Consider renaming a single field on a /payments endpoint:

What the diff shows What the blast radius shows
One field renamed on /payments Five dependents break on deploy: three downstream services and two agent workflows

The diff is a one-line change. The blast radius is five broken dependents on a revenue-critical path. That is the difference between a low-priority note and a change that should not merge without a migration plan.

How does CodeRifts surface blast radius?

CodeRifts reports blast radius in the pull request verdict, next to the risk score and the incident cost estimate. It is one of the four risk dimensions the verdict scores, so it is always computed, not an optional add-on.

Two caller-declared signals can tighten the assessment - target sensitivity and scope. They are tightening-only: they can raise the blast radius when a caller declares that a change touches a sensitive or wide-reaching surface, but they never lower it. The whole result is deterministic and part of the same Ed25519-signed verdict, so the same change always yields the same blast radius, and any party can verify the receipt.

Because it is reproducible, blast radius is something a team can put a policy on: gate merges above a threshold, route high-radius changes to an owner, or simply sort a review queue by how far each change reaches.