AI writes code faster than you can review it. See where you're needed and where AI can handle the rest.
Know which code would hurt the most if it broke.
LLM-assisted blast radius analysis for every file in your repo.
Quick Start Β·
How It Works Β·
Commands Β·
Models
Point it at any codebase. In under 2 minutes, you know:
- Where to focus: "sandbox.py handles isolation. Breakage causes container escapes." (score: 73, HIGH)
- What's safe: "theme.rs sets terminal colors. Breakage causes cosmetic issues." (score: 6, LOW)
- What to do: 2 senior reviewers + security scan, or auto-merge OK
Static analysis alone can't do this. A complexity counter sees auth.rs and theme.rs as "both Rust files." The LLM reads the code and understands that one is a security boundary and the other formats colors.
1. Install and set up:
go install github.com/zanetworker/highstakes/cmd/heatmap@latest
export OPENROUTER_API_KEY="sk-or-..."2. Analyze:
cd /path/to/repo
highstakes init && highstakes analyzeHeatmap generated: .heatmap/heatmap.json (305 files)
Heat Distribution:
π₯π₯π₯ CRITICAL: 0 files
π₯π₯ HIGH: 30 files
π₯ MEDIUM: 141 files
π’ LOW: 134 files
3. See results:
highstakes dashboard # Visual treemap + file explorer (opens browser)
highstakes # Terminal TUI
highstakes list --tier highNavigate the file tree with colored tier indicators. Select any file to see blast radius, impact dimensions, and review requirements.
Two views, one detail panel. Click any file to see blast radius reasoning, impact dimensions, and review requirements.
Treemap β blocks sized by code volume, colored by heat. Your eye goes to the big red blocks first.
Explorer β collapsible file tree sorted hottest-first, with heat bars and reasoning inline.
Both views respond to tier filters (Critical / High / Medium / Low), search, and size toggle (Lines vs Heat).
- Static analysis scans every source file for complexity, dependency centrality, import graph
- Git analysis measures change frequency, contributor count, commit patterns
- LLM assessment sends each file to an LLM: "if this code has a bug, what breaks?"
- Scoring combines LLM blast radius (40%) with static signals into a 0-100 heat score
- Tiering maps scores to review requirements
The LLM returns structured scores across four dimensions:
| Dimension | What It Measures |
|---|---|
| Security | Auth boundaries, crypto, sandbox isolation, access control |
| Data | PII handling, persistence, data integrity, schema |
| Availability | Service lifecycle, infrastructure, single points of failure |
| User | User-facing paths, API contracts, UX-critical flows |
| Factor | Weight | Source |
|---|---|---|
| LLM Blast Radius | 40% | Max of four impact dimensions |
| Dependency Centrality | 15% | Import graph analysis |
| Complexity | 15% | Cyclomatic + cognitive |
| Test Coverage Risk | 10% | Inverse of coverage |
| Incident History | 10% | Manual records |
| Change Frequency | 10% | Git churn |
| Tier | Score | Review Required |
|---|---|---|
| π₯π₯π₯ CRITICAL | 86-100 | 2 senior reviewers + security scan |
| π₯π₯ HIGH | 61-85 | 2 reviewers + integration tests |
| π₯ MEDIUM | 31-60 | 1 reviewer |
| π’ LOW | 0-30 | Auto-review safe |
highstakes init # Create .heatmap/ config
highstakes analyze # Full LLM analysis (~$0.15)
highstakes analyze --model z-ai/glm-5.2 # Different model
highstakes analyze --no-llm # Static only, no API keyhighstakes dashboard # HTML dashboard (browser)
heatmap # Terminal TUIhighstakes get <file> # Score + reasoning
highstakes list --tier high --limit 10 # Filter files
highstakes report # Distribution reportAll commands support --json for machine-readable output.
Example: heatmap get
$ highstakes get python/openshell/sandbox.py
python/openshell/sandbox.py π₯π₯ HIGH (score: 73)
Blast Radius (LLM-assessed):
Sandbox management and execution failures could compromise
isolation, leading to security breaches or service outage.
Reason: Sandbox isolation is a security boundary.
Security: 95 Data: 90 Availability: 90 User: 90
Risk Factors:
Dependency Centrality: 8 (1 imports)
Change Frequency: 0 (0 commits/90d)
Complexity: 100 (cyclomatic: 53)
Review: 2 reviewers, ~45 min, auto-merge blocked
Example: highstakes list --tier high
$ highstakes list --tier high --limit 5
π₯π₯ 73 python/openshell/sandbox.py Sandbox isolation breach risk
π₯π₯ 72 python/openshell/_proto/... Import failures in security-critical logic
π₯π₯ 69 crates/.../runtime.rs Host network misconfiguration, VM failures
π₯π₯ 67 crates/.../disposition.rs Corrupted security event values
π₯π₯ 65 crates/.../embedded_runtime.rs Complete loss of VM functionality
highstakes pr check # Score diff vs main
highstakes pr check --base dev --json # For CI pipelineshighstakes incident create --file src/auth.rs \
--severity high --description "Token bypass"
highstakes incident listRun highstakes github install to generate the workflow, or add it manually:
GitHub Action: PR triage comments
# .github/workflows/heatmap-triage.yml
name: HighStakes Triage
on:
pull_request:
types: [opened, synchronize, reopened]
permissions:
pull-requests: write
contents: read
jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: '1.25'
- name: Install heatmap
run: go install github.com/zanetworker/highstakes/cmd/heatmap@latest
- name: Analyze and check PR
env:
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
run: |
highstakes init
highstakes analyze
highstakes pr check --base origin/${{ github.base_ref }} --json > pr-risk.json
- name: Post risk comment
uses: actions/github-script@v7
with:
script: |
const risk = JSON.parse(require('fs').readFileSync('pr-risk.json','utf8'));
const e = {critical:'π₯π₯π₯',high:'π₯π₯',medium:'π₯',low:'π’'};
let body = '## '+e[risk.tier]+' HighStakes: '+risk.tier.toUpperCase()+'\n\n';
body += '| File | Score | Tier | Lines |\n|------|-------|------|-------|\n';
for (const f of risk.files_changed.sort((a,b)=>b.heat_score-a.heat_score))
body += '| '+f.path+' | '+f.heat_score+' | '+e[f.tier]+' '+f.tier+' | +'+f.lines_added+'/-'+f.lines_deleted+' |\n';
body += '\n**Review:** '+risk.review_requirements.min_reviewers+' reviewers';
if (risk.review_requirements.requires_senior) body += ' (senior)';
body += ', auto-merge: '+(risk.review_requirements.auto_merge?'β
':'β')+'\n';
const comments = await github.rest.issues.listComments({
owner:context.repo.owner, repo:context.repo.repo, issue_number:context.issue.number});
const existing = comments.data.find(c=>c.body.includes('HighStakes:'));
if (existing) await github.rest.issues.updateComment({
owner:context.repo.owner, repo:context.repo.repo, comment_id:existing.id, body});
else await github.rest.issues.createComment({
owner:context.repo.owner, repo:context.repo.repo, issue_number:context.issue.number, body});Block merge on HIGH/CRITICAL files
Add a required status check that fails when the PR touches high-risk files:
- name: Gate on risk tier
run: |
TIER=$(jq -r .tier pr-risk.json)
if [ "$TIER" = "critical" ] || [ "$TIER" = "high" ]; then
echo "::error::PR touches $TIER-tier files. Requires senior review before merge."
exit 1
fiThen in Settings > Branches > Branch protection rules, add triage as a required status check. PRs touching critical or high files cannot merge until the check passes (i.e., a senior reviewer approves and the step is skipped or overridden).
Use in any CI (GitLab, Jenkins, etc.)
The CLI is the interface. Any CI that can run a binary works:
# Install
go install github.com/zanetworker/highstakes/cmd/heatmap@latest
# Analyze (uses cache, only re-assesses changed files)
export OPENROUTER_API_KEY="$OPENROUTER_KEY"
highstakes init && highstakes analyze
# Check PR risk (exit code reflects tier)
highstakes pr check --base origin/main --json > risk.json
# Use the output
TIER=$(jq -r .tier risk.json)
SCORE=$(jq -r .heat_score risk.json)
FILES=$(jq -r '.files_changed | length' risk.json)
echo "PR risk: $TIER ($SCORE), $FILES files changed"
# Fail pipeline on high/critical
if [ "$TIER" = "critical" ] || [ "$TIER" = "high" ]; then
echo "Requires human review"
exit 1
fiWhat the PR comment looks like:
## π₯π₯ HighStakes: HIGH
| File | Heat | Tier | Lines |
|------|------|------|-------|
| β οΈ src/auth/oidc.rs | 63 | π₯π₯ HIGH | +45/-12 |
| β οΈ src/sandbox/proxy.rs | 63 | π₯π₯ HIGH | +8/-3 |
| β src/tui/theme.rs | 6 | π’ LOW | +2/-1 |
### β οΈ Circuit Breaker Signals
- Large diff (>500 lines)
### Review Requirements
- **Reviewers**: 2 (senior)
- **Security Scan**: Required
- **Auto-Merge**: β Blocked
- **Est. Review Time**: 60 minhighstakes agent-contextMachine-readable JSON of all commands, flags, exit codes, and models. Built for AI agents to discover the CLI surface programmatically.
One OpenRouter API key, any model. Assessments cached by content hash; re-runs only re-assess changed files.
| Model | Cost / 500 files | Best For |
|---|---|---|
deepseek/deepseek-v4-flash |
~$0.15 | Default, cheapest |
deepseek/deepseek-v4-pro |
~$0.50 | Best accuracy/dollar |
z-ai/glm-5.2 |
~$3-5 | Frontier open-weights |
openai/gpt-5.4-mini |
~$0.90 | Safest JSON |
google/gemini-3-flash |
~$0.50 | Fastest |
| Code | Meaning |
|---|---|
0 |
Success |
1 |
Internal error |
2 |
Invalid input |
3 |
External dependency failure |
4 |
Not found |
- Go 1.25+
- Git
OPENROUTER_API_KEY(optional with--no-llm)
- Agentic Code Review by Addy Osmani
- Semantically-Seeded Impact Analysis (Jun 2026)
- BitsAI-CR: Two-Stage Code Review at ByteDance
- c-CRAB: Code Review Agent Benchmark
- OpenSSF Criticality Score
MIT

