Skip to content

titan-gate: flat blast-radius threshold false-positives on additive-only changes to high-fan-in core functions #1740

Description

@carlos-alm

Found during Titan FORGE (phase 7, 2026-07-02)

Severity: Low-Medium (process friction, not incorrect analysis)

Problem

`.claude/skills/titan-gate/SKILL.md` Step 8 fails any staged change whose transitive blast radius exceeds 30 callers, computed from `codegraph diff-impact --staged`. This is a flat, diff-agnostic threshold: it fires identically whether the diff adds new call edges (real risk) or is purely additive/behavior-preserving (e.g., replacing inline literals with named `DEFAULTS` constants, no new/changed/removed call edges).

Concretely: `src/infrastructure/config.ts`'s `resolveSecrets` is reachable only through `loadConfig`, which nearly every CLI command calls — so it structurally has ~87 transitive callers regardless of what changes inside it. Any future edit to this function (or others like it: single entry points on the "spine" of the call graph) will always fail Step 8, even risk-free ones.

Suggestion

Differentiate blast-radius severity by whether the diff changes the call graph shape:

  • If the diff adds/removes/rewires call edges → keep current threshold behavior (this is exactly what blast-radius should catch).
  • If the diff is edge-neutral (same call sites, same signatures, e.g. literal→constant substitution, internal-only logic changes with no new callees) → the existing 87-caller fan-in is pre-existing risk already accepted by the codebase, not risk introduced by this commit. Consider computing "new blast radius introduced by this diff" (delta vs. the pre-diff graph) rather than raw absolute transitive-caller count.

Impact

Blocks legitimate low-risk refactors to core/widely-used files (config loading, and likely other central utilities) with a FAIL that requires manual override every time, rather than surfacing only for changes that actually add risk.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions