Skip to content

hidetzu/riskcheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github
.github
 
 
cmd
cmd
 
 
internal
internal
 
 
specs
specs
 
 
.gitignore
.gitignore
 
 
.riskcheck.yaml.example
.riskcheck.yaml.example
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

riskcheck

CI Go Report Card Go Reference Release License: MIT

Quantify code change risk in one command. Get a score, not a gut feeling.

riskcheck --base origin/main | claude -p "Review the high-risk areas"

What riskcheck does

  • Analyze git diff and calculate a risk score (0-100) for your changes
  • Explain why the change is risky with concrete reasons
  • Per-file risk scoring — know exactly which files need attention
  • Output structured JSON — ready to pipe into AI tools or CI pipelines
  • Customizable via .riskcheck.yaml for team-specific rules

Quick Start

go install github.com/hidetzu/riskcheck@latest
riskcheck init              # Generate .riskcheck.yaml (optional)
riskcheck --base origin/main

Signals

riskcheck detects the following risk signals:

Signal Description Default Weight
large_change Too many files changed +10
high_insertions Too many lines added +10
high_deletions Too many lines deleted +5
hotspot Frequently changed files (last 90 days) +10
no_test_change Production code changed without test updates +15
security_module Security-related paths modified (auth, crypto, etc.) +20
core_module Core business logic paths modified (config, payment, etc.) +20
high_complexity High cyclomatic complexity (external input) +15
low_coverage Low test coverage (external input) +10

Output Examples

JSON (default)

$ riskcheck --base origin/main
{
  "score": 55,
  "level": "medium",
  "summary": {
    "files_changed": 5,
    "insertions": 120,
    "deletions": 30
  },
  "reasons": [
    "security module modified (src/auth/login.go)",
    "no test updates for changed files",
    "hotspot file touched (src/auth/login.go changed 8 times in last 90 days ago)"
  ],
  "files": [
    {
      "path": "src/auth/login.go",
      "risk": 0.75,
      "signals": ["hotspot", "security_module"]
    },
    {
      "path": "src/config/app.go",
      "risk": 0.5,
      "signals": ["core_module"]
    },
    {
      "path": "src/handler/home.go",
      "risk": 0,
      "signals": []
    }
  ]
}

Text

$ riskcheck --base origin/main --format text
Risk Score: 55 / 100 (medium)

Files changed: 5
Insertions:    120
Deletions:     30

Reasons:
  - security module modified (src/auth/login.go)
  - no test updates for changed files
  - hotspot file touched (src/auth/login.go changed 8 times in last 90 days ago)

High-risk files:
  0.75  src/auth/login.go  [hotspot, security_module]
  0.50  src/config/app.go  [core_module]

Usage

riskcheck [flags]

Flags:
  --base              Comparison base (default: "origin/main")
  --target            Comparison target (default: "." working tree)
  --format            Output format: json, text (default: "json")
  --config            Config file path (default: ".riskcheck.yaml")
  --complexity-file   Path to complexity JSON file (optional)
  --coverage-file     Path to coverage JSON file (optional)
  -h, --help          Help
  -v, --version       Version

Exit Codes

Code Meaning
0 Low risk (score 0-39)
1 Medium or high risk (score 40-100)
2 Error

Configuration

Generate a config file with riskcheck init, then customize:

signals:
  security_module:
    weight: 25
    paths:
      - auth/
      - secrets/
      - oauth/
  core_module:
    paths:
      - payments/
      - orders/
  hotspot:
    since: "30 days ago"
    threshold: 3

test_patterns:
  - "*_test.go"
  - "*_spec.rb"

External Tool Integration

Feed complexity or coverage data from external tools:

# Complexity (e.g., from gocyclo, lizard)
riskcheck --base origin/main --complexity-file complexity.json

# Coverage (e.g., from go test -coverprofile, JaCoCo)
riskcheck --base origin/main --coverage-file coverage.json

Input JSON format:

// complexity.json
[{"path": "src/main.go", "complexity": 15}]

// coverage.json
[{"path": "src/main.go", "coverage": 45.2}]

AI Integration

# Pipe to Claude for review
riskcheck --base origin/main | claude -p "Review the high-risk areas in this change"

# Use in CI with jq
SCORE=$(riskcheck --base origin/main | jq '.score')
if [ "$SCORE" -gt 70 ]; then
  echo "High risk change detected"
fi

Development

make build    # Build binary
make test     # Run all tests with -v -race
make lint     # golangci-lint
make vet      # go vet
make clean    # Remove bin/

Roadmap

See specs/roadmap.md for the full implementation plan.

  • v0.1.0 — Initial public release. Bundles git diff scoring, hotspot/test detection with per-file risk, and team-specific configuration with external tool integration (Step1 + Step2 + Step3).
  • v0.2.0+ — Post-public iteration based on real-world feedback (Step4: TBD).
  • v1.0.0 — Stable API, battle-tested with real projects.

License

MIT

About

A CLI that scores the risk of your code changes

Topics

git go cli ci risk-analysis developer-tools code-review

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 — initial public release Latest
May 4, 2026

Packages

 
 
 

Contributors

Languages