Core Features
Risk Scoring
How the risk score is calculated and how to configure thresholds for your team.
Scoring algorithm
The risk score is a weighted composite of four factors derived from the dependency graph and the current PR's change delta. The score ranges from 0 to 100.
| Factor | Default weight | Description |
|---|---|---|
| Blast radius | 40% | Count of downstream services transitively affected by the changed code |
| Change volume | 25% | Lines changed in files that are on direct dependency paths |
| Test coverage delta | 20% | Reduction in code coverage for affected paths in this PR vs. base branch |
| Dependency depth | 15% | Maximum graph distance from changed node to leaf services |
Score levels
| Score range | Level | Default action |
|---|---|---|
0 – 30 | LOW | PR check passes. No additional review required. |
31 – 65 | MEDIUM | PR check passes with warning. Second reviewer requested. Slack notification sent. |
66 – 100 | HIGH | PR check fails. Merge blocked until override from authorized engineer. |
Custom thresholds
Adjust thresholds in buildpath.yaml:
risk_threshold:
block_merge: 70 # Score >= this blocks merge (default: 66)
require_review: 40 # Score >= this requests second reviewer (default: 31)
risk_weights: # Optional: override factor weights
blast_radius: 0.50 # Must sum to 1.0
change_volume: 0.20
test_coverage_delta: 0.20
dependency_depth: 0.10Override flow
When a PR is blocked (HIGH risk), an authorized engineer can issue an override:
$ buildpath override --pr 1847 --reason "Low-traffic endpoint, safe to deploy during off-peak"
Override recorded. PR unblocked for next 4 hours.Override actions are recorded in the audit log, visible in the Buildpathio web dashboard.