Found during Titan FORGE (phase 7, 2026-07-02)
Severity: Low-Medium (process friction, not incorrect analysis)
Problem
`.claude/skills/titan-gate/SKILL.md` Step 8 fails any staged change whose transitive blast radius exceeds 30 callers, computed from `codegraph diff-impact --staged`. This is a flat, diff-agnostic threshold: it fires identically whether the diff adds new call edges (real risk) or is purely additive/behavior-preserving (e.g., replacing inline literals with named `DEFAULTS` constants, no new/changed/removed call edges).
Concretely: `src/infrastructure/config.ts`'s `resolveSecrets` is reachable only through `loadConfig`, which nearly every CLI command calls — so it structurally has ~87 transitive callers regardless of what changes inside it. Any future edit to this function (or others like it: single entry points on the "spine" of the call graph) will always fail Step 8, even risk-free ones.
Suggestion
Differentiate blast-radius severity by whether the diff changes the call graph shape:
- If the diff adds/removes/rewires call edges → keep current threshold behavior (this is exactly what blast-radius should catch).
- If the diff is edge-neutral (same call sites, same signatures, e.g. literal→constant substitution, internal-only logic changes with no new callees) → the existing 87-caller fan-in is pre-existing risk already accepted by the codebase, not risk introduced by this commit. Consider computing "new blast radius introduced by this diff" (delta vs. the pre-diff graph) rather than raw absolute transitive-caller count.
Impact
Blocks legitimate low-risk refactors to core/widely-used files (config loading, and likely other central utilities) with a FAIL that requires manual override every time, rather than surfacing only for changes that actually add risk.
Found during Titan FORGE (phase 7, 2026-07-02)
Severity: Low-Medium (process friction, not incorrect analysis)
Problem
`.claude/skills/titan-gate/SKILL.md` Step 8 fails any staged change whose transitive blast radius exceeds 30 callers, computed from `codegraph diff-impact --staged`. This is a flat, diff-agnostic threshold: it fires identically whether the diff adds new call edges (real risk) or is purely additive/behavior-preserving (e.g., replacing inline literals with named `DEFAULTS` constants, no new/changed/removed call edges).
Concretely: `src/infrastructure/config.ts`'s `resolveSecrets` is reachable only through `loadConfig`, which nearly every CLI command calls — so it structurally has ~87 transitive callers regardless of what changes inside it. Any future edit to this function (or others like it: single entry points on the "spine" of the call graph) will always fail Step 8, even risk-free ones.
Suggestion
Differentiate blast-radius severity by whether the diff changes the call graph shape:
Impact
Blocks legitimate low-risk refactors to core/widely-used files (config loading, and likely other central utilities) with a FAIL that requires manual override every time, rather than surfacing only for changes that actually add risk.