Generate Risk with Context

Generate a comprehensive risk assessment that includes code context, dependency analysis, and blast radius calculations. This endpoint provides the most accurate risk scoring by analyzing how changes might impact your entire codebase.

Use Cases

Use this endpoint when you need to:

Assess risk of code changes before execution
Calculate blast radius of modifications
Analyze impact across file dependencies
Evaluate context complexity for AI tasks
Get comprehensive risk analysis for production deployments

Authentication

Authorization

string

required

Bearer token for API authentication. Format: Bearer YOUR_API_KEY

Request Body

prompt

string

required

The AI prompt or task description to assess for risk.Example: "Add error handling to the payment processing function"

context

object

required

Code context information for dependency and impact analysis.

Show Context Object

context.repo_full_name

string

required

Full repository name in format owner/repo. Used to retrieve dependency graph from database.Example: "company/payment-service"

context.current_file

string

required

Path to the file being modified relative to repository root.Example: "src/payments/processor.py"

context.other_files

array

Optional array of other relevant file paths that provide additional context.Example: ["src/payments/config.py", "tests/test_processor.py"]

weights

object

Optional custom weights for each risk factor. All weights should sum to 1.0. Weights are subject to your implementation requirements.

Show Weight Configuration

weights.data_sensitivity

number

Weight for data sensitivity score (0-1)

weights.input_clarity

number

Weight for input clarity score (0-1)

weights.blast_radius

number

Weight for blast radius score (0-1)

weights.context_complexity

number

Weight for context complexity score (0-1)

weights.legal_ip_risk

number

Weight for legal/IP risk score (0-1)

weights.model_hallucination

number

Weight for model hallucination risk score (0-1)

If some risk factors cannot be computed, the API automatically redistributes weights among available factors. The response includes both weights (actual used) and original_weights (your provided values).

Response

success

boolean

required

Indicates whether the request was successful

timestamp

string

required

ISO 8601 formatted timestamp of when the assessment was performed

overall_score

number

required

Aggregate risk score from 0.0 to 1.0 (decimal), where higher values indicate greater risk. Example: 0.65 means high risk.

overall_risk_level

string

required

Risk classification: "minimal", "low", "medium", "high", or "critical"

"minimal": score < 0.2
"low": 0.2 ≤ score < 0.4
"medium": 0.4 ≤ score < 0.6
"high": 0.6 ≤ score < 0.8
"critical": score ≥ 0.8

recommendations

array

required

List of action recommendations based on risk level:

"SAFE - Minimal risk"
"MONITOR - Low risk"
"REVIEW_RECOMMENDED - Some risk factors detected"
"REVIEW_REQUIRED - Significant risk factors present"
"BLOCK - High risk detected"

scores

object

required

Individual risk factor scores (0.0-1.0). Only includes successfully computed factors.

Show Risk Factor Scores

scores.data_sensitivity

number

Data sensitivity score (0.0-1.0)

scores.input_clarity

number

Input clarity score (0.0-1.0)

scores.blast_radius

number

Blast radius score (0.0-1.0) based on dependency analysis

Unavailable risk factors are not included in the scores object. Check unavailable_parameters for details on why factors were omitted.

computations

object

required

Detailed computation results for each risk factor including reasoning, evidence, and metrics

Show Computation Details

computations.blast_radius

object

Blast radius analysis

Show Blast Radius Object

computations.blast_radius.score

number

Blast radius score (0.0-1.0)

computations.blast_radius.reasoning

string

Explanation of blast radius calculation (if available from computation module)

computations.data_sensitivity

object

Data sensitivity analysis with score, risk_level, reasoning, and evidence

computations.input_clarity

object

Input clarity analysis with score and suggestions array

weights

object

required

The actual weights used in calculation after any automatic redistribution. May differ from original_weights if some factors were unavailable.

When factors are unavailable, weights are redistributed:

1 factor: gets 100%
2 factors: 65% and 35%
3 factors: 65%, 25%, and 10%

original_weights

object

required

The weights you provided (or defaults) before any redistribution. Use this to compare against weights to see if redistribution occurred.

prompt

string

required

Echo of the original prompt that was assessed

current_file

string

required

The file being modified

repo_full_name

string

required

The repository containing the file

available_parameters

array

List of parameter names that were successfully computed and included in the weighted score. Only present if some parameters were unavailable.

unavailable_parameters

object

Map of parameter names to reason strings explaining why they couldn’t be computed. Only present if some parameters were unavailable.Example: {"context_complexity": "module not available"}

curl -X POST 'https://app.orcho.ai/risk/api/v1/generate-risk-with-context' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "prompt": "Refactor the authentication middleware to support JWT tokens",
    "context": {
      "repo_full_name": "company/api-gateway",
      "current_file": "middleware/auth.py",
      "other_files": [
        "middleware/jwt_validator.py",
        "config/auth_settings.py",
        "tests/test_auth.py"
      ]
    },
    "weights": {
      "data_sensitivity": 0.25,
      "input_clarity": 0.35,
      "blast_radius": 0.40
    }
  }'

{
  "success": true,
  "timestamp": "2025-01-08T15:45:00Z",
  "prompt": "Refactor the authentication middleware to support JWT tokens",
  "current_file": "middleware/auth.py",
  "repo_full_name": "company/api-gateway",
  "overall_score": 0.5230,
  "overall_risk_level": "high",
  "recommendations": [
    "REVIEW_REQUIRED - Significant risk factors present"
  ],
  "scores": {
    "data_sensitivity": 0.45,
    "input_clarity": 0.35,
    "blast_radius": 0.72
  },
  "computations": {
    "data_sensitivity": {
      "score": 0.45,
      "risk_level": "medium",
      "reasoning": "Authentication middleware handles sensitive user credentials and session data",
      "evidence": ["Password handling", "Session tokens", "User authentication"]
    },
    "input_clarity": {
      "score": 0.35,
      "suggestions": [
        "Specify JWT library to use",
        "Define migration strategy",
        "Address backward compatibility"
      ]
    },
    "blast_radius": {
      "score": 0.72
    }
  },
  "weights": {
    "data_sensitivity": 0.10,
    "input_clarity": 0.25,
    "blast_radius": 0.65
  },
  "original_weights": {
    "data_sensitivity": 0.20,
    "input_clarity": 0.40,
    "blast_radius": 0.40
  }
}

Dependency Graph Requirements

This endpoint relies on dependency graph data to calculate blast radius. The dependency graph must be pre-loaded into the database for your repository.

If your repository’s dependency graph is not available, the API will still function but blast_radius calculations may be limited. Contact support to set up dependency graph generation for your repositories.

Blast Radius Calculation

Blast radius measures how many parts of your codebase could be affected by changes to the target file:

Identify direct dependencies

Find all files that directly import or depend on the current file

Traverse dependency chain

Follow dependencies recursively to identify indirect impacts

Calculate affected scope

Count total affected files and measure dependency depth

Generate risk score

Higher affected file counts and deeper dependency chains result in higher blast radius scores

Best Practices

When to use this endpoint

Use this endpoint for any code-related risk assessment:

Pre-commit checks: Assess changes before committing
Pull request validation: Evaluate PR impact automatically
CI/CD pipelines: Gate deployments based on risk scores
Code review assistance: Help reviewers prioritize high-risk changes
Production deployments: Require approval for high-risk changes

For non-code prompts, use the simpler Generate Risk endpoint.

Providing context effectively

Better context leads to more accurate risk assessments:

Always specify the repository: Use exact owner/repo format
Include related files: Add configuration, test, and dependent files to other_files
Keep files relevant: Only include files that provide meaningful context
Update dependency graphs regularly: Ensure your repository’s dependency graph is current

Example of good context:

{
  "repo_full_name": "mycompany/payment-api",
  "current_file": "src/billing/processor.py",
  "other_files": [
    "src/billing/config.py",
    "src/billing/models.py",
    "tests/test_billing.py"
  ]
}

Interpreting blast radius

Blast radius scores indicate potential impact on a 0.0-1.0 scale:

0.0 - 0.2: Isolated changes with minimal dependencies
0.21 - 0.4: Moderate impact on related components
0.41 - 0.6: Significant impact across multiple modules
0.61 - 0.8: High impact on core functionality
0.81 - 1.0: Critical changes affecting major systems

The blast radius score is the criticality score of the most critical file being modified. Higher scores indicate files that are heavily depended upon by other parts of the codebase.

Custom weights for code changes

Adjust weights based on your risk tolerance and priorities. Weights are subject to your implementation requirements.High-risk production systems:

{
  "blast_radius": 0.35,
  "data_sensitivity": 0.25,
  "input_clarity": 0.15,
  "context_complexity": 0.15,
  "legal_ip_risk": 0.05,
  "model_hallucination": 0.05
}

Experimental features:

{
  "input_clarity": 0.30,
  "model_hallucination": 0.25,
  "blast_radius": 0.20,
  "data_sensitivity": 0.15,
  "context_complexity": 0.10,
  "legal_ip_risk": 0.00
}

Security-focused:

{
  "data_sensitivity": 0.40,
  "legal_ip_risk": 0.25,
  "blast_radius": 0.20,
  "input_clarity": 0.10,
  "model_hallucination": 0.05,
  "context_complexity": 0.00
}

Handling high-risk scores

When you receive high-risk scores (≥ 0.6):

Review recommendations: Check the recommendations field for the risk level assessment
Consider manual review: High scores (0.6-0.79) and critical scores (≥ 0.8) warrant human oversight
Implement safeguards: Add feature flags, canary deployments, or rollback procedures
Break down changes: Split large changes into smaller, lower-risk modifications
Improve context: Provide more detailed prompts and additional context files

Never ignore high-risk scores (≥ 0.6) in production environments.

Integration Examples

Pre-commit Hook
GitHub Actions
CI/CD Pipeline

pre-commit-hook.py

#!/usr/bin/env python3
import sys
import requests
import subprocess

def get_changed_files():
    result = subprocess.run(
        ['git', 'diff', '--cached', '--name-only'],
        capture_output=True,
        text=True
    )
    return result.stdout.strip().split('\n')

def assess_risk(file_path, prompt):
    response = requests.post(
        'https://app.orcho.ai/risk/api/v1/generate-risk-with-context',
        headers={
            'Authorization': f'Bearer {API_KEY}',
            'Content-Type': 'application/json'
        },
        json={
            'prompt': prompt,
            'context': {
                'repo_full_name': 'mycompany/myrepo',
                'current_file': file_path
            }
        }
    )
    return response.json()

# Check each changed file
for file_path in get_changed_files():
    result = assess_risk(file_path, f'Modifying {file_path}')
    
    if result['overall_score'] > 0.75:
        print(f'HIGH RISK: {file_path} (score: {result["overall_score"]:.2f})')
        print('Recommendations:')
        for rec in result['recommendations']:
            print(f'  - {rec}')
        sys.exit(1)  # Block commit

sys.exit(0)  # Allow commit

.github/workflows/risk-assessment.yml

name: Risk Assessment

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  assess-risk:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Get changed files
        id: files
        run: |
          echo "files=$(git diff --name-only origin/main HEAD | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
      
      - name: Assess risk
        run: |
          for file in $(echo '${{ steps.files.outputs.files }}' | jq -r '.[]'); do
            response=$(curl -X POST 'https://api.orcho.ai/risk/api/v1/generate-risk-with-context' \
              -H 'Authorization: Bearer ${{ secrets.ORCHO_API_KEY }}' \
              -H 'Content-Type: application/json' \
              -d "{
                \"prompt\": \"PR changes to $file\",
                \"context\": {
                  \"repo_full_name\": \"${{ github.repository }}\",
                  \"current_file\": \"$file\"
                }
              }")
            
            score=$(echo $response | jq '.overall_score')
            if (( $(echo "$score > 0.5" | bc -l) )); then
              echo "::warning file=$file::High risk score: $score"
            fi
          done

ci-pipeline.py

import requests

def gate_deployment(environment, changes):
    """Gate deployment based on risk assessment"""
    
    # Higher thresholds for production
    threshold = 0.75 if environment == 'production' else 0.5
    
    for change in changes:
        result = requests.post(
            'https://api.orcho.ai/risk/api/v1/generate-risk-with-context',
            headers={
                'Authorization': f'Bearer {API_KEY}',
                'Content-Type': 'application/json'
            },
            json={
                'prompt': f'Deploy changes to {environment}',
                'context': {
                    'repo_full_name': 'mycompany/myapp',
                    'current_file': change['file'],
                    'other_files': change.get('related_files', [])
                },
                'weights': {
                    'blast_radius': 0.5,
                    'data_sensitivity': 0.3,
                    'input_clarity': 0.2
                }
            }
        ).json()
        
        if result['overall_score'] > threshold:
            return {
                'approved': False,
                'reason': f'Risk score {result["overall_score"]:.2f} exceeds threshold {threshold}',
                'recommendations': result['recommendations']
            }
    
    return {'approved': True}

# Use in deployment pipeline
deployment_gate = gate_deployment('production', changed_files)
if not deployment_gate['approved']:
    raise Exception(f'Deployment blocked: {deployment_gate["reason"]}')

Rate Limiting

This endpoint is subject to rate limiting. Dependency graph queries add processing overhead, so limits may be lower than the prompt-only endpoint.

Rate limit: 60 requests per minute per API key. For higher limits or batch processing, contact [email protected].

Getting Started

Risk Assessment Endpoints

Resources

Generate Risk with Context

Use Cases

Authentication

Request Body

Response

Dependency Graph Requirements

Blast Radius Calculation

Best Practices

Integration Examples

Rate Limiting

Getting Started

Risk Assessment Endpoints

Resources

​Use Cases

​Authentication

​Request Body

​Response

​Dependency Graph Requirements

​Blast Radius Calculation

​Best Practices

​Integration Examples

​Rate Limiting

Use Cases

Authentication

Request Body

Response

Dependency Graph Requirements

Blast Radius Calculation

Best Practices

Integration Examples

Rate Limiting