Blast-Radius Gate FAIL

Deterministic verdict from fixed Orbit graph queries at 4312a13498 — same MR, same answer. The graph decides; prose only explains.

Reading this against the live project? A post-merge run can momentarily report PASS / radius 0: GitLab's Orbit index transiently de-indexes a project right after a merge to main, so the changed-definition query comes back empty. That cold-index reading is exactly what a snapshot-pinned gate is built to survive — the canonical verdict is this report, reproduced byte-for-byte from the committed snapshot and pinned by the evidence SHA below, not whatever the index happens to hold this second.

Evidence SHA cfa80c93af4cfa67ca3ac52c77443bb662081cfc2c3643e85a3409e1c9126f98 — the verdict is pinned to a committed snapshot of the exact graph reads behind it. A post-merge de-indexed replay reproduces the same reads and the same verdict; any drift changes this token.

Summary

changed definitionsapp.db.execute_query
blast radius (≤3 hops)6 definitions — lower bound: CALLS edges, Python only
covered by tests2
uncovered impact4 (67%)
labelblast-radius::medium
edge typesCALLS

Blast radius

app.db.execute_query (hop 0, changed)app.db.execute_queryapp.models.order.load_orders (hop 1, covered)….models.order.load_ordersapp.models.user.load_user (hop 1, uncovered)app.models.user.load_userapp.api.handlers.handle_refund (hop 2, uncovered)…pi.handlers.handle_refundapp.services.billing.calculate_total (hop 2, covered)…s.billing.calculate_totalapp.services.billing.charge_user (hop 2, uncovered)…vices.billing.charge_userapp.api.handlers.handle_checkout (hop 3, uncovered)….handlers.handle_checkout

changedcovereduncovered impact — every red node is an unguarded path out of the change.

This SVG is laid out from the sorted impact_graph (x = hop column, y = fqn rank) — no force-directed jitter, no timestamps. It is a pure function of the graph SHA, so it is byte-identical to the diagram the CLI and CI produce from the same gate-report.json (evidence SHA cfa80c93af4cfa67ca3ac52c77443bb662081cfc2c3643e85a3409e1c9126f98).

Impacted definitions

definitionhops from changetested?
app.models.order.load_orders1✓ yes
app.models.user.load_user1✗ no
app.api.handlers.handle_refund2✗ no
app.services.billing.calculate_total2✓ yes
app.services.billing.charge_user2✗ no
app.api.handlers.handle_checkout3✗ no

How to pass this gate

2 test(s) close all 4 gaps:

  1. write a test for app.api.handlers.handle_checkout → closes app.api.handlers.handle_checkout, app.models.user.load_user, app.services.billing.charge_user
  2. write a test for app.api.handlers.handle_refund → closes app.api.handlers.handle_refund

Query fingerprints (replayable proof)

sha256rowsnodesedges
41a8283d31b89893254
e5d85eb3b527728e254
096c5e1ba8ae1415232
ab833a240d14d6cd353
d85cc105b180264f343
99d11276bcc435b7143
f141ed521efd5ea2121
8ec4e1fa0aacd5ee121
c5751cf82838b181232