[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-79676":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":15,"stars7d":15,"stars30d":15,"stars90d":15,"forks30d":15,"starsTrendScore":15,"compositeScore":16,"rankGlobal":10,"rankLanguage":10,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":10,"pushedAt":10,"updatedAt":37,"readmeContent":38,"aiSummary":39,"trendingCount":15,"starSnapshotCount":15,"syncStatus":40,"lastSyncTime":41,"discoverSource":42},79676,"ImpactGuard","daedalus\u002FImpactGuard","daedalus","ImpactGuard — Lightweight multi-language API impact analyzer","",null,"Python",112,19,1,0,3.9,"MIT License",false,"master",true,[22,23,24,25,26,27,28,29,30,31,32,33,34,35,36],"ast","automatic-patching","call-graph","cicd-integration","commit-analysis","diff","git","impact-analysis","multi-language-support","patch","pre-commit-hooks","risk-assessment","runtime-tracing","signature-extraction","tree-siter","2026-06-12 02:03:54","# **ImpactGuard** — Lightweight multi-language API impact analyzer\n\n\u003Cimg src=\"logo.png\" width=\"300px\">\n\n[![PyPI](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fv\u002Fimpactguard.svg)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fimpactguard\u002F)\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fpyversions\u002Fimpactguard.svg)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fimpactguard\u002F)\n[![Actions status](https:\u002F\u002Fgithub.com\u002Fdaedalus\u002Fimpactguard\u002Fworkflows\u002FCI\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fdaedalus\u002Fimpactguard\u002Factions)\n[![Ruff](https:\u002F\u002Fimg.shields.io\u002Fendpoint?url=https:\u002F\u002Fraw.githubusercontent.com\u002Fastral-sh\u002Fruff\u002Fmain\u002Fassets\u002Fbadge\u002Fv2.json)](https:\u002F\u002Fgithub.com\u002Fastral-sh\u002Fruff)\n[![Ask DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg)](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard)\n[![Website](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fwebsite-impactguard.dev-blue)](http:\u002F\u002Fimpactguard.dev)\n\n## Overview\n\nImpactGuard is a lightweight API impact analyzer that supports Python, TypeScript, JavaScript, Java, Kotlin, Go, Rust, Swift, C, C++, C#, Ruby, Haskell, and Zig. It is designed to maintain API stability by tracking function signatures across commits, detecting breaking changes, and analyzing call-site impact using both static and runtime techniques.\n\nIt provides a quantitative risk framework to help developers understand the consequences of code changes before they are merged.\n\n### Core Capabilities\n\n- **Multi-language Extraction**: Automatically extracts function signatures from Python (`ast`), TypeScript, JavaScript, Java, Kotlin, Go, Rust, Swift, C, C++, C#, Ruby, Haskell, and Zig via tree-sitter grammars (with regex fallback)\n- **Semantic API Diffing**: Classifies changes into a taxonomy of breaking (e.g., removing positional arguments) vs. non-breaking (e.g., adding optional keyword-only arguments)\n- **Impact Analysis**: Correlates signature changes with static call-site extraction and optional runtime tracing to identify affected downstream code\n- **Risk Assessment**: Quantifies the danger of a change using the **S × E × C × λ** (Severity × Exposure × Confidence × Lambda) model\n- **Automated Remediation**: Generates format-preserving patches using LibCST to fix broken call sites\n\n### System Components\n\n| Component | Module | Description |\n|-----------|--------|-------------|\n| Signature Extraction | `extract_signatures.py` | AST-based extraction of function metadata |\n| Signature Comparison | `compare_signatures.py` | Semantic diffing of API changes |\n| Call-Site Analysis | `extract_calls.py`, `analyze_module.py` | Static call-site extraction and resolution |\n| Impact Analysis | `impact_analysis.py` | Correlates changes with call sites |\n| Risk Model | `risk_model.py` | S × E × C × λ risk scoring |\n| Risk Gate | `risk_gate.py`, `enforce_gate.py` | CI enforcement engine |\n| Runtime Intelligence | `trace_calls.py`, `trace_calls_prod.py`, `runtime_intelligence.py` | Python tracers plus language-agnostic runtime normalization |\n| Patch Generation | `cst_patch.py`, `patch_generator.py` | Format-preserving automated fixes |\n| Reporting | `generate_report.py` | Static HTML report generation |\n| Robustness Evaluation | `tools\u002Frobustness_evaluator.py` | Composite robustness score, fragility index, diversity |\n| CLI | `cli.py` | Command-line interface |\n\n---\n\n## Language Support\n\n| Language | Extensions | Extraction Backend | Signature Extraction | Call-Site Extraction | Type Annotations | Optional Dependency | Status |\n|----------|------------|--------------------|:--------------------:|:--------------------:|:----------------:|---------------------|--------|\n| **Python** | `.py` | `ast` (stdlib) | Yes | Yes | Yes | — | Stable |\n| **TypeScript** | `.ts`, `.tsx` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **JavaScript** | `.js`, `.mjs`, `.cjs` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | No (no native annotations) | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Java** | `.java` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Kotlin** | `.kt`, `.kts` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Go** | `.go` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Rust** | `.rs` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Swift** | `.swift` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **C** | `.c`, `.h` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **C++** | `.cpp`, `.hpp`, `.cc`, `.cxx`, `.hxx` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **C#** | `.cs` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Ruby** | `.rb` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | No (no native annotations) | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Haskell** | `.hs`, `.lhs` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes (type signatures) | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n| **Zig** | `.zig` | tree-sitter (preferred) \u002F regex fallback | Yes | Yes | Yes \u002F partial | `pip install \"impactguard[languages]\"` | Stable (tree-sitter) · Best-effort (regex) |\n\n> **Note:** All tree-sitter backends require `tree-sitter>=0.23` plus the corresponding grammar package\n> (e.g. `tree-sitter-java>=0.23`), installed together via `pip install \"impactguard[languages]\"`.\n> When those packages are absent, ImpactGuard automatically falls back to regex-based extraction and\n> emits a `UserWarning`.\n>\n> **Suppression:** All languages that use C-style comments support `\u002F\u002F impactguard: ignore` on or\n> immediately before a function definition. Python uses `# impactguard: ignore`. Ruby uses\n> `# impactguard: ignore`. Haskell uses `-- impactguard: ignore`.\n>\n> **Adding new languages:** Implement the [`LanguageExtractor`](src\u002Fimpactguard\u002Flanguages\u002Fbase.py)\n> protocol and register the extractor with [`register()`](src\u002Fimpactguard\u002Flanguages\u002Fregistry.py).\n> Third-party packages can contribute extractors automatically by declaring an entry point in the\n> `impactguard.languages` group — see [Plugin \u002F Extension API](#plugin--extension-api) below.\n\n---\n\n## Quick Start\n\n### Installation\n\n**Prerequisites:**\n\n- Python 3.11 or higher\n- Dependencies: `libcst` for concrete syntax tree manipulations\n- For git hooks: `pre-commit>=4.6.0`, `pyyaml>=6.0`\n\n```bash\n# Install from PyPI\npip install impactguard\n\n# Install with tree-sitter language support (TypeScript, JavaScript, Java, Kotlin, Go, Rust, Swift, C, C++, C#, Ruby, Haskell, Zig)\npip install \"impactguard[languages]\"\n\n# Or install for development\ngit clone https:\u002F\u002Fgithub.com\u002Fdaedalus\u002FImpactGuard.git\ncd ImpactGuard\npip install -e \".[test]\"\n```\n\n### Project Layout\n\n| Path | Description |\n|------|-------------|\n| `src\u002Fimpactguard\u002F` | Core package containing the analysis logic, risk model, and CLI |\n| `extract_signatures.py` | Utility for extracting function metadata into JSON\u002FText |\n| `extract_calls.py` | AST-based call site extractor |\n| `impact_analysis.py` | Logic for correlating signatures with call sites |\n| `risk_gate.py` | The CI-ready enforcement engine |\n| `trace_calls.py` | Runtime instrumentation for capturing live execution data |\n| `SPEC.md` | Technical specification and public API |\n\nThe full pipeline can be executed using the `impactguard` CLI:\n\n```bash\n# 1. Extract signatures and calls (Python — uses stdlib ast)\nimpactguard extract $(git ls-files '*.py') > .signatures.json\nimpactguard extract-calls $(git ls-files '*.py') > .calls.json\n\n# Extract from other supported languages (requires impactguard[languages])\nimpactguard extract $(git ls-files '*.java' '*.go' '*.rs' '*.ts' '*.js' '*.kt' '*.swift' '*.cs' '*.rb' '*.hs' '*.zig') > .signatures.json\nimpactguard extract-calls $(git ls-files '*.java' '*.go' '*.rs' '*.ts' '*.js' '*.kt' '*.swift' '*.cs' '*.rb' '*.hs' '*.zig') > .calls.json\n\n# 2. Capture runtime exposure (optional)\n# Python projects can emit runtime data directly:\nimpactguard trace dump .runtime_calls.json\n# Other languages can write equivalent JSON (list\u002Fmap\u002Fenvelope) and reuse the same pipeline\n\n# 3. Compare and analyze risk\nimpactguard risk diff.txt .runtime_calls.json report.json\n\n# 4. Generate the report\nimpactguard report report.json api_report.html\n```\n\nOr use the Python API:\n```python\nfrom impactguard import run_pipeline\n\nresult = run_pipeline(\n old_files=[\"old_version\u002F\"],\n new_files=[\"new_version\u002F\"],\n runtime_path=\"runtime.json\", # optional\n output_dir=\"report.html\" # optional\n)\nprint(f\"Breaking changes: {len(result['comparison']['breaking'])}\")\n```\n\n---\n\n## Core Analysis Pipeline\n\nImpactGuard operates as a **pipe-and-filter architecture** where artifacts from one stage inform the next.\n\n### 1. Signature Extraction\n\nThe first stage involves deep inspection of source files. For Python, the `ast` stdlib module is used to walk the Abstract Syntax Tree. For all other supported languages (TypeScript, JavaScript, Java, Kotlin, Go, Rust, Swift, C, C++, C#, Ruby, Haskell, Zig) tree-sitter grammars provide accurate, battle-tested AST parsing with a regex fallback when tree-sitter packages are absent. Every supported language produces the same schema: Fully Qualified Name (FQN), parameters, defaults, and decorators\u002Fannotations.\n\n- **Key Component:** `extract_signatures.py` (Python) · `src\u002Fimpactguard\u002Flanguages\u002F` (all languages)\n- **Output:** `.signatures.json`\n- **Role:** Establishes the baseline of the API surface\n\n### 2. Signature Comparison\n\nOnce two snapshots of a codebase exist (e.g., `HEAD` vs `main`), the `compare` utility performs a semantic diff. Unlike a standard text-based diff, this stage understands Python's parameter rules. It categorizes changes into **Breaking** (e.g., removing a parameter, reordering positional arguments) and **Non-breaking** (e.g., adding an optional keyword argument).\n\n- **Key Component:** `compare_signatures.py`\n- **Output:** A structured list of semantic changes\n- **Role:** Identifies exactly how the API contract has evolved\n- **New:** The `compare` command now supports comparing source files directly (auto-extracts signatures)\n\n### 3. Call-Site and Module Analysis\n\nTo understand the \"blast radius\" of a change, ImpactGuard must find where the modified functions are actually used. This is achieved through two complementary approaches:\n\n1. **Lightweight Extraction:** Rapidly finding call nodes in the AST\n2. **Deep Module Analysis:** Tracking imports and assignments to resolve method calls to their actual definitions (FQN resolution)\n\n- **Key Components:** `extract_calls.py` and `analyze_module.py`\n- **Output:** `.calls.json`\n- **Role:** Maps the internal dependency graph of the codebase\n\n### 4. Impact Analysis\n\nThe final stage of the core pipeline, `analyze`, correlates the detected API changes with the discovered call sites. It validates whether the arguments passed at a specific call site still satisfy the requirements of the new function signature. If runtime data is available, it is integrated here to provide context on how often a specific impacted path is actually executed.\n\n- **Key Component:** `impact_analysis.py`\n- **Input:** Signature diffs, call-site data, and optional runtime traces\n- **Role:** Pinpoints exactly which lines of code are broken by a change\n\n---\n\n### Examples of Changes\n\n#### Non-Breaking Changes\nThese changes do NOT break existing callers:\n\n- **Adding optional parameters**: `def foo(a, b=1)` → `def foo(a, b=1, c=0)` (no callers need to change)\n- **Adding keyword-only arguments**: `def foo(a)` → `def foo(a, *, debug=False)` (existing callers unaffected)\n- **Adding new functions\u002Fclasses**: Entirely new APIs that don't affect existing code\n- **Adding `*args` or `**kwargs`**: `def foo(a)` → `def foo(a, *args)` (backward compatible)\n\n#### Breaking Changes\nThese changes WILL break existing callers:\n\n- **Removing required parameters**: `def foo(a, b)` → `def foo(a)` (callers passing `b` will fail)\n- **Reordering positional arguments**: `def foo(a, b)` → `def foo(b, a)` (callers' positional args swap)\n- **Removing functions\u002Fmethods**: Any callable that's removed entirely\n- **Changing parameter types**: `def foo(a: int)` → `def foo(a: str)` (type safety breaks)\n\n---\n\n## Risk Model and Enforcement\n\nThe **Risk Model and Enforcement** subsystem is the decision-making engine of ImpactGuard. It transforms raw signature changes and runtime telemetry into actionable risk levels (`HIGH`, `MEDIUM`, `LOW`, or `UNKNOWN`). These levels are then used to automatically block or permit CI\u002FCD pipelines based on the potential impact on consumers.\n\n### The S × E × C × λ Risk Framework\n\nThe core logic resides in `risk_model.py`. It quantifies risk by evaluating three distinct dimensions, scaled by a tuneable sensitivity multiplier λ:\n\n| Component | Code Entity | Description |\n|-----------|-------------|-------------|\n| **Severity (S)** | `get_severity()` | Score (0.1 to 1.0) based on change type (e.g., `REMOVED` = 1.0, `ADDED` = 0.1) |\n| **Exposure (E)** | `exposure()` | Logarithmic scale mapping call counts to a 0.0-1.0 range |\n| **Confidence (C)** | `confidence()` | Measures data reliability based on sample size against a threshold |\n| **Lambda (λ)** | `--lambda` \u002F `lambda_` | Sensitivity multiplier (default 1.0). Values >1 increase sensitivity; values \u003C1 decrease it |\n| **Classification** | `classify()` | Uses a decision tree to assign the final risk label |\n\n**Exposure Calculation:** `min(1.0, log(1 + count) \u002F log(1 + max_count))`\n\n**Sensitivity Tuning:**\n- `--lambda=2` — doubles effective severity, making ImpactGuard more sensitive (more changes flagged HIGH\u002FMEDIUM)\n- `--lambda=0.5` — halves effective severity, making ImpactGuard less sensitive (fewer changes flagged HIGH\u002FMEDIUM)\n\n### CI Enforcement\n\nThe risk assessment is operationalized through `risk_gate.py` and `enforce_gate.py`:\n\n1. **Risk Gate Execution**: `risk_gate.py` contains the `run()` function which parses the diff and runtime data to generate a comprehensive `report.json`\n2. **Gate Enforcement**: `enforce_gate.py` consumes this report:\n - If any item is flagged as `HIGH` risk → exits with code `1` (blocks build)\n - If `UNKNOWN` risks are detected → issues a warning but allows build (exit code `0`)\n\n---\n\n## Runtime Tracing\n\nThe **Runtime Tracing** subsystem provides dynamic analysis capabilities to complement ImpactGuard's static analysis pipeline. By observing actual execution patterns, the system captures \"Exposure\" data which is used by the `risk_model.py` to weight the impact of breaking changes.\n\n### Development Tracer (`trace_calls.py`)\n\nDesigned for test suites and local execution where performance is less critical than data accuracy. It uses an `@trace` decorator to capture not just call counts, but also signature metadata like argument counts and keyword argument names.\n\n- **Key Mechanism:** Uses `inspect.signature(func).bind_partial(*args, **kwargs)` to validate and record invocations\n- **Integration:** Commonly used via `install_tracer()` in test fixtures\n\n### Production Sampler (`trace_calls_prod.py`)\n\nOptimized for minimal overhead in live environments. It employs a probabilistic sampling strategy (default 1%) to capture a representative subset of traffic.\n\n- **Sampling Logic:** Only records data if `random.random() \u003C SAMPLE_RATE`\n- **Background Flushing:** Periodically flushes captured counts to disk (default every 10 seconds)\n\n### Language-Agnostic Runtime Inputs (`runtime_intelligence.py`)\n\nImpactGuard's risk and impact stages accept runtime observations from any language as long as they can be serialized to JSON. Supported shapes include the existing Python tracer list format, single observation objects, map-style payloads such as `{\"pkg::fn\": 12}`, and envelope objects like `{\"runtime\": [...]}`. Names are normalized across separators such as `:`, `::`, `\u002F`, and `#`, so non-Python collectors can contribute exposure\u002Fconfidence data without using the Python decorators.\n\n| Feature | Development Tracer | Production Sampler |\n|---------|-------------------|-------------------|\n| **Primary Goal** | Deep visibility \u002F Test coverage | Low overhead monitoring |\n| **Data Captured** | Counts + Arg structure | Call Counts only |\n| **Sampling** | 100% (No sampling) | 1% (Adjustable) |\n| **Storage Trigger** | Manual `dump()` call | Periodic `flush()` (10s interval) |\n\n---\n\n## Patch Generation and Remediation\n\nThe Patch Generation subsystem transforms identified impact risks into actionable code fixes. It provides a multi-tiered approach to remediation, ranging from high-level suggestions to precise, format-preserving code transformations using Concrete Syntax Trees (CST).\n\n### Patch Suggestion and Diff-Based Patching\n\nThe system first generates high-level suggestions based on the nature of the breaking change. For simple scenarios, it employs a naive line-based patching strategy using Python's `difflib`.\n\n- **Logic Location**: `suggest_fixes.py` analyzes issues to recommend actions\n- **Naive Patching**: `patch_generator.py` uses `difflib.unified_diff` for simple string replacement\n\n### CST-Based Patching (`cst_patch.py`)\n\nTo handle complex code structures, ImpactGuard utilizes `LibCST`. Unlike standard AST, a Concrete Syntax Tree preserves formatting, comments, and whitespace.\n\n- **Transformers**: Uses `AddDefaultTransformer` to modify function signatures and `FixCallTransformer` to inject missing arguments into call sites\n- **Safety**: Gracefully falls back to simpler methods if `libcst` is not installed\n\n### Patch Confidence Scoring\n\nEvery generated patch is assigned a confidence score (0.0 to 1.0) to determine if it can be auto-applied:\n\n1. **Target Certainty (T)**: How sure we are that we found the correct line\n2. **Structural Safety (S)**: Is the change a simple default addition or a risky positional reorder?\n3. **Semantic Risk (R)**: Does the change affect required parameters?\n4. **Complexity Penalty (C)**: Is the code heavily decorated or nested?\n\n---\n\n## CLI Reference\n\nThe `impactguard` command-line tool is the primary entry point for developers and automation scripts.\n\n### Usage\n\n```\nimpactguard [-h] [--version]\n {extract,compare,analyze,risk,report,enforce,suggest,patch,extract-calls,trace,check,check-diff,check-commit,check-commits,install-hooks,generate-changelog,baseline,semver,report-markdown,feedback,history} ...\n\nImpactGuard - API impact analyzer for Python\n\npositional arguments:\n {extract,compare,analyze,risk,report,enforce,suggest,patch,extract-calls,trace,check,check-diff,check-commit,check-commits,install-hooks,generate-changelog,baseline,semver,report-markdown,feedback,history}\n Available commands\n extract Extract function signatures from source files\n compare Compare signature snapshots or source files directly\n analyze Analyze impact on call sites\n risk Run risk analysis\n report Generate HTML report\n enforce Enforce gate - block on HIGH risk\n suggest Generate fix suggestions from risk report\n patch Generate CST-based patches\n extract-calls Extract call sites from source files\n trace Runtime tracing\n check Run full ImpactGuard pipeline check\n check-diff Run full pipeline on a unified diff \u002F patch file\n check-commit Run full pipeline on a single git commit vs its parent\n check-commits Compare two git commits\n install-hooks Install git hooks for ImpactGuard\n generate-changelog Generate changelog from signature diffs\n baseline Manage ImpactGuard signature baselines\n semver Suggest semver bump from two signature snapshots\n report-markdown Generate markdown PR comment from risk report JSON\n feedback Manage patch-outcome feedback for confidence calibration\n history Manage tagged release-history baselines\n\noptions:\n -h, --help show this help message and exit\n --version show program's version number and exit\n```\n\n### Pipeline Mode (Recommended)\n\n```bash\n# Compare two versions of your code\nimpactguard old_version\u002F new_version\u002F\n\n# Compare two git commits directly\nimpactguard check-commits HEAD~1 HEAD\n\n# Compare specific files between commits\nimpactguard check-commits HEAD~1 HEAD --files src\u002Fmodule.py src\u002Futils.py\n\n# Generate patch files for suggested fixes\nimpactguard check --suggest-patch old.py new.py\n\n# Show how old file would look if patched (requires --suggest-patch)\nimpactguard check --suggest-patch --show-patch old.py new.py\n```\n\n**Patch Generation Flags:**\n- `--suggest-patch`: Generate and save patch files to `patches\u002F` directory\n- `--show-patch`: Display patched content inline (depends on `--suggest-patch`)\n\n### Individual Commands (Advanced)\n\n```bash\nimpactguard extract file1.py file2.py\nimpactguard compare old_sigs.json new_sigs.json\n# Or compare source files directly (auto-extracts signatures):\nimpactguard compare old.py new.py\nimpactguard analyze signatures.json calls.json runtime.json\nimpactguard risk diff.txt runtime.json output.json\nimpactguard report risk.json output.html\nimpactguard trace install mypackage\nimpactguard trace dump runtime.json\nimpactguard install-hooks . --both # Install git hooks\n```\n\n### Git Hooks Installation\n\nImpactGuard uses the `pre-commit` framework to manage git hooks with proper YAML configuration.\n\n```bash\n# Install both pre-commit and post-commit hooks\nimpactguard install-hooks .\n\n# Install only pre-commit hook\nimpactguard install-hooks . --pre\n\n# Install only post-commit hook\nimpactguard install-hooks . --post\n\n# Install hooks + GitHub Actions workflow\nimpactguard install-hooks . --install-github-workflow\n```\n\nThe `install-hooks` command:\n1. Creates\u002Fupdates `.pre-commit-config.yaml` with ImpactGuard hooks (using PyYAML for proper formatting)\n2. Runs `pre-commit install` and `pre-commit install --hook-type post-commit`\n3. Optionally generates `.github\u002Fworkflows\u002Fimpactguard.yml` for CI\u002FCD\n\n**Hook behavior:**\n- **Pre-commit**: Runs full ImpactGuard pipeline (`check-diff --pipe`) on staged changes\n- **Post-commit**: Runs `check-commit HEAD` + updates signature tracking\n\n---\n\n## Python Library API\n\nThe `impactguard` package exports its core functionality for programmatic integration.\n\n### Pipeline (Recommended)\n\n```python\nfrom impactguard import run_pipeline, quick_check, run_pipeline_git, ImpactGuard\n\n# Full pipeline - extract, compare, analyze, risk, report\nresult = run_pipeline(\n old_files=[\"src\u002F\"],\n new_files=[\"src\u002F\"],\n runtime_path=\"runtime.json\",\n output_dir=\"report.html\",\n suggest_patch=True, # Generate patch files\n show_patch=True, # Display patched content inline\n)\n\n# Quick comparison only (extract + compare)\nchanges = quick_check(\"old\u002F\", \"new\u002F\")\nprint(f\"Breaking: {len(changes['comparison']['breaking'])}\")\n\n# Compare git commits\nresult = run_pipeline_git(\n old_ref=\"HEAD~1\",\n new_ref=\"HEAD\",\n files=[\"src\u002Fmodule.py\"],\n suggest_patch=True,\n show_patch=True,\n)\n\n# Use ImpactGuard class for more control\nguard = ImpactGuard()\nreport = guard.check(\"old\u002F\", \"new\u002F\", output=\"report.html\")\n```\n\n**Patch Generation Parameters:**\n- `suggest_patch=True`: Generate and save patch files to `patches\u002F` directory\n- `show_patch=True`: Display how old file would look if patched (requires `suggest_patch=True`)\n\n### Individual Components (Advanced)\n\n```python\nfrom impactguard import extract, compare, analyze_impact\n\n# Extract signatures from Python files\nsignatures = extract([\"src\u002Fmodule.py\", \"src\u002Fother.py\"])\n\n# Extract from other supported languages (tree-sitter backend)\nsignatures = extract([\"src\u002Fmain.go\", \"src\u002Futils.go\"])\nsignatures = extract([\"src\u002Flib.rs\", \"src\u002Fmain.rs\"])\n\n# Compare two signature snapshots or source files directly\nresult = compare(\"old_sigs.json\", \"new_sigs.json\")\n# Or compare source files directly (auto-extracts signatures):\nresult = compare(\"old.py\", \"new.py\")\nprint(f\"Breaking changes: {len(result['breaking'])}\")\n\n# Analyze impact on call sites\nissues = analyze_impact(\"signatures.json\", \"calls.json\", \"runtime.json\")\n```\n\n---\n\n## Git Hooks and Workflow Integration\n\nImpactGuard integrates deeply into the standard Git development workflow using the `pre-commit` framework.\n\n### Pre-Commit Hook (Full Pipeline Check)\n\nRuns the complete ImpactGuard pipeline on staged changes before allowing a commit:\n\n```bash\nimpactguard check-diff --pipe --runtime .runtime_calls.json\n```\n\nThis catches breaking changes early, before they enter the commit history.\n\n### Post-Commit Hook (Signature Tracking)\n\nAfter each commit, the post-commit hook:\n1. Runs `check-commit HEAD` to analyze the committed changes\n2. Updates `.signatures.txt` with current function signatures\n\n### GitHub Actions Workflow\n\nGenerate a ready-to-use CI workflow with:\n\n```bash\nimpactguard install-hooks . --install-github-workflow\n```\n\nThis creates `.github\u002Fworkflows\u002Fimpactguard.yml` that:\n- Triggers on push\u002FPR to `main`\u002F`master`\n- Runs `check-commits` for pull requests\n- Runs `check-commit` for direct pushes\n- Uses `impactguard[all]` for full language support\n\n### Console Scripts\n\nThe hooks use these entry points (automatically configured):\n- `impactguard-check-staged` → runs pipeline on staged diff\n- `impactguard-post-commit-hook` → runs post-commit analysis\n\n---\n\n## CI\u002FCD and Release Infrastructure\n\n### CI Pipeline\n\nThe CI pipeline is defined in `.github\u002Fworkflows\u002Fci.yml` and executes on all pushes and pull requests targeting the `master` branch. It consists of three parallel jobs:\n\n- **Test Matrix:** Executes `pytest` across Python versions 3.11, 3.12, and 3.13\n- **Static Analysis (Linting):** Runs `ruff`, `prospector`, `semgrep`, and `mypy`\n- **Build Verification:** Ensures the package can be successfully built via `twine check`\n\n### Packaging and Release\n\nImpactGuard uses modern Python packaging standards with `hatchling` as the build backend.\n\n**Dependency Groups:**\n| Group | Purpose | Key Tools |\n|-------|---------|-----------|\n| `dev` | General development | `hatch`, `pip-api` |\n| `test` | Automated testing | `pytest`, `hypothesis` |\n| `lint` | Static analysis | `ruff`, `mypy`, `semgrep` |\n\n**Release Automation:**\n\n- **Version Management:** Uses `bumpversion` to maintain consistency across `pyproject.toml` and `src\u002Fimpactguard\u002F__init__.py`\n- **Automated Publishing:** The `pypi-publish.yml` workflow triggers on GitHub Release events to build and publish to PyPI using Trusted Publishers (OIDC)\n\n---\n\n## Testing\n\nThe ImpactGuard test suite ensures the reliability of the signature extraction pipeline, the accuracy of the risk model, and the stability of the CLI. The project maintains a strict quality gate, requiring a minimum of 80% code coverage.\n\n### Test Architecture\n\n1. **Unit Tests**: Isolated testing of individual modules (extraction, comparison, patching)\n2. **Integration Tests**: End-to-end CLI flows and public API surface validation\n3. **Coverage Enforcement**: Automated checks to ensure the codebase meets the 80% threshold\n\n### Test Fixtures\n\n| Fixture | Description |\n|---------|-------------|\n| `sample_signature_data` | Returns a list of dictionaries representing serialized function signatures |\n| `sample_signatures_file` | Creates a temporary `.json` file containing signature data |\n| `sample_python_file` | Generates a temporary `.py` file with functions and classes |\n| `runtime_data_file` | Provides a temporary JSON file simulating tracer output |\n\n---\n\n## How It Works\n\n1. **Signature Extraction** — Parses Python AST (stdlib) or tree-sitter grammars (TypeScript, JavaScript, Java, Kotlin, Go, Rust, Swift, C, C++, C#, Ruby, Haskell, Zig) to extract function signatures with full structural information\n2. **API Diff** — Compares signature snapshots to detect removed functions, added required args, positional reordering, and other breaking changes\n3. **Call-Site Analysis** — Combines signature data with call-site extraction to predict which callers will break\n4. **Runtime Validation** — Instruments functions during test runs to record actual call patterns\n5. **Pipeline Orchestrator** — Connects all components in one unified workflow (`run_pipeline()`)\n6. **Git Integration** — Compare any two git commits directly (`run_pipeline_git()`)\n\n---\n\n## Intermediate Artifacts\n\nThe pipeline relies on standardized JSON schemas to pass data between filters:\n\n| Artifact | Producer | Consumer | Description |\n|----------|-----------|----------|-------------|\n| `.signatures.json` | `extract_signatures.py` | `compare_signatures.py`, `impact_analysis.py` | Function metadata including arguments, defaults, and line numbers |\n| `.calls.json` | `extract_calls.py` | `impact_analysis.py` | Static call sites mapped by caller and callee |\n| `.runtime_calls.json` | `trace_calls.py` | `impact_analysis.py`, `risk_gate.py` | Frequency and argument data from execution |\n| `report.json` | `risk_gate.py` | `generate_report.py`, `suggest_fixes.py` | Final risk classifications (HIGH\u002FMEDIUM\u002FLOW) |\n\n---\n\n## Self-Testing (Dogfooding)\n\nImpactGuard has been **tested on itself** to validate its own API changes:\n\n```bash\n# Extract signatures from own codebase\n$ impactguard extract src\u002Fimpactguard\u002F*.py\n✓ Extracted 98 function signatures\n\n# Detect non-breaking change (added optional parameter)\n✓ Correctly classified as \"Non-breaking changes: 1\"\n\n# Detect breaking change (removed required parameter)\n✓ Correctly classified as \"Breaking changes: 1\"\n\n# Run full pipeline on itself\n$ impactguard check-commits HEAD~5 HEAD\n✓ Pipeline orchestrator completed successfully\n✓ Generated HTML report with risk analysis\n```\n\n---\n\n## Quality Standards\n\nImpactGuard follows strict quality gates:\n\n- **Ruff** — 0 issues (formatting + linting)\n- **MyPy** — 0 errors (strict mode)\n- **Prospector** — 0 warnings\n- **Semgrep** — 0 findings\n- **Coverage** — ≥80% (target)\n- **Tests** — All passing\n\n---\n\n## Glossary\n\n### Core Concepts\n\n- **Signature**: A structured representation of a callable's interface, including positional arguments, keyword-only arguments, variadic arguments, and return type. Supported for Python, TypeScript, JavaScript, Java, Kotlin, Go, Rust, Swift, C, C++, C#, Ruby, Haskell, and Zig.\n- **FQName (Fully Qualified Name)**: A unique identifier in `file_path:function_name` format (e.g., `src\u002Fauth.py:login`)\n- **Breaking Change**: A modification that prevents existing callers from executing correctly (e.g., `REMOVED`, `REQUIRED_POSITIONAL_ADDED`, `POSITIONAL_REORDER`)\n\n### Risk Framework (S × E × C × λ)\n\n- **Severity (S)**: The technical impact of the change type (0.1 to 1.0)\n- **Exposure (E)**: How often the function is called, calculated logarithmically\n- **Confidence (C)**: The reliability of runtime data based on sample size\n- **Lambda (λ)**: Sensitivity multiplier (default 1.0); tune via `--lambda`\n\n### Patching\n\n- **CST (Concrete Syntax Tree)**: Unlike AST, preserves formatting, comments, and whitespace\n- **Patch Confidence**: A score from 0.0 to 1.0 representing the likelihood that an automated fix is correct\n\n---\n\n## Direct Competitors (Python API analysis space)\n\nThe table below compares ImpactGuard against the tools most commonly used for Python API change management, static analysis, and release automation. As of 2026-05, to our knowledge:\n\n| Feature | **ImpactGuard** | **griffe** | **python-semantic-release** | **commitizen** | **pyright \u002F mypy** |\n|---|---|---|---|---|---|\n| AST-based signature extraction | ✅ Full — Python (`ast`), TypeScript\u002FJavaScript\u002FJava\u002FKotlin\u002FGo\u002FRust\u002FSwift\u002FC\u002FC++\u002FC#\u002FRuby\u002FHaskell\u002FZig (tree-sitter) | ✅ Full (Python) | ❌ | ❌ | ✅ (internal only) |\n| Breaking-change detection | ✅ Semantic diff (added \u002F removed \u002F modified) | ✅ | ❌ Code-unaware | ❌ Code-unaware | ⚠️ Type errors only |\n| Call-site impact analysis | ✅ Static call-site traversal | ❌ | ❌ | ❌ | ❌ |\n| Runtime call tracing | ✅ (test + production sampler) | ❌ | ❌ | ❌ | ❌ |\n| Risk scoring (S × E × C × λ model) | ✅ | ❌ | ❌ | ❌ | ❌ |\n| Transitive impact tracking | ✅ | ❌ | ❌ | ❌ | ❌ |\n| Semver bump recommendation | ✅ From code diff | ⚠️ Partial (griffe-diff) | ✅ From commit msgs | ✅ From commit msgs | ❌ |\n| Changelog generation | ✅ From signature diff | ⚠️ Via mkdocs plugin | ✅ From commit msgs | ✅ From commit msgs | ❌ |\n| HTML report | ✅ | ❌ | ❌ | ❌ | ❌ |\n| Patch generation (CST-based) | ✅ Formatting-preserving | ❌ | ❌ | ❌ | ⚠️ Quickfix only |\n| Patch confidence scoring | ✅ | ❌ | ❌ | ❌ | ❌ |\n| Baseline management | ✅ Save \u002F compare \u002F diff | ⚠️ Via snapshots | ❌ | ❌ | ❌ |\n| CI enforcement gate | ✅ Blocks on HIGH \u002F UNKNOWN | ❌ | ✅ (release gate) | ✅ (lint gate) | ✅ (type gate) |\n| Git hook integration | ✅ Pre + post commit | ❌ | ❌ | ✅ | ❌ |\n| Config file (TOML) | ✅ `impactguard.toml` | ✅ | ✅ | ✅ | ✅ |\n| Watch mode (live re-run) | ✅ `--watch` | ❌ | ❌ | ❌ | ✅ |\n| No network required | ✅ | ✅ | ❌ (PyPI \u002F git) | ❌ (git) | ✅ |\n\n### Ecosystem-adjacent tools\n\n| Tool | Domain | Overlap with ImpactGuard | What ImpactGuard adds |\n|---|---|---|---|\n| **griffe** | Python API docs + diff | Closest alternative — extracts signatures, detects breaking changes | Call-site analysis, runtime tracing, risk model, patch generation |\n| **python-semantic-release** | Automated releases + semver | Semver bumps from conventional commits | Code-level proof, not just commit message convention |\n| **commitizen** | Conventional commits + changelog | Changelog generation, git hooks | Actual API-level analysis and enforcement |\n| **bump2version \u002F bumpversion** | Version string management | Version bumping | All analysis features |\n| **mypy \u002F pyright** | Static type checking | Detects type-incompatible changes | Call-site impact, risk scoring, runtime data integration |\n| **japicmp \u002F apidiff (Go\u002FJava)** | API compatibility in Java \u002F Go | Direct conceptual analog in other languages | Python + TypeScript + Java + Go + Rust + C\u002FC++ + Ruby support, runtime tracing, patch generation |\n\n### ImpactGuard's unique differentiators\n\n1. **Risk scoring (S × E × C × λ)** — No competitor combines severity, exposure (call count), and confidence into a single risk score.\n2. **Runtime + static fusion** — Merges static call-site analysis with actual runtime call counts from test runs to give empirically grounded risk levels.\n3. **Transitive impact** — Tracks callers of callers, not just direct call sites.\n4. **CST-based patch generation** — Suggests and previews source patches that preserve original formatting; no competitor does this in the API-change domain.\n5. **Patch confidence scoring** — Quantifies how safe an automated fix is before applying it.\n6. **Fully offline** — No network access, no database; embeds entirely in a Python project.\n\n---\n\n## Robustness Evaluator (`tools\u002Frobustness_evaluator.py`)\n\nThe **Robustness Evaluator** computes a composite project-level **Robustness Score (R)** from test-suite metrics, placing extra emphasis on adversarial test performance. It also reports an **Adversarial Fragility Index (F)** that isolates how much adversarial inputs specifically degrade the system.\n\n### Metrics\n\n| Metric | Formula | Description |\n|--------|---------|-------------|\n| **R** | `C × (α × P_a + (1−α) × P_n) × S` | Composite Robustness Score — overall health in [0, 1] |\n| **R_d** | `C × D × (α × P_a + (1−α) × P_n) × S` | R with category diversity penalty |\n| **F** | `max(0, (P_n - P_a) \u002F P_n)` | Fragility Index — bounded to [0, 1] |\n| **D** | `mean(pass_rate_i)` | Weighted diversity (mean pass rate across categories) |\n| **S** | `sample_penalty` | Sample size penalty (1.0 when n ≥ 10, decreases for small samples) |\n\n**Input symbols:**\n\n| Symbol | Meaning |\n|--------|---------|\n| `C` | Coverage ratio (0 – 1) |\n| `α` | Adversarial weight; recommended 0.5 (general), 0.65 (security), 0.75 (red-team) |\n| `P_a` | Adversarial pass rate (`passing_adv \u002F n_adversarial`) |\n| `P_n` | Normal pass rate (`passing_norm \u002F n_normal`) |\n\n**Robustness labels:** EXCELLENT (≥ 0.80) · GOOD (≥ 0.65) · FAIR (≥ 0.45) · POOR (\u003C 0.45)\n- **Floor:** If `P_a \u003C 0.3`, robustness label is capped to **POOR** regardless of score\n\n**Fragility labels:** ROBUST (F ≤ 0.10) · MODERATE (≤ 0.25) · BRITTLE (≤ 0.50) · VERY_BRITTLE (> 0.50)\n- **Bounded:** F is clamped to [0, 1]; when `P_a ≥ P_n`, F = 0.0 (not brittle)\n\n**Sample size penalty:** Applied when adversarial or normal sample \u003C 10 tests (linear ramp from 0.3 to 1.0)\n\nThe tool enforces a **minimum 25% adversarial coverage** requirement (exits with code 0, outputs warning to stderr).\n\n### Adversarial Budget Allocation\n\n| Category | Target % of adversarial budget | Example |\n|----------|--------------------------------|---------|\n| Boundary\u002Fedge cases | 30% | Inputs at decision boundaries |\n| Semantic perturbation | 25% | Same meaning, different form |\n| Evasion\u002Fobfuscation | 25% | Encoding tricks, reformulation |\n| Compositional attacks | 20% | Multi-step, chained inputs |\n\n### Usage\n\n**Python API:**\n\n```python\nfrom tools.robustness_evaluator import evaluate_robustness, CategoryStats\n\nresult = evaluate_robustness(\n n_total=1054,\n n_adversarial=425,\n passing_adv=424,\n passing_norm=629,\n coverage=0.57,\n alpha=0.65, # security context\n categories=[\n CategoryStats(\"boundary\", 28, 28, difficulty=1.0), # hard\n CategoryStats(\"semantic\", 22, 22, difficulty=0.5), # medium\n CategoryStats(\"evasion\", 24, 24, difficulty=1.0), # hard\n CategoryStats(\"compositional\", 19, 19, difficulty=0.8), # hard\n ],\n)\n\nprint(f\"R = {result.robustness_score:.4f} [{result.robustness_label}]\")\nprint(f\"F = {result.fragility_index:.4f} [{result.fragility_label}]\")\nprint(f\"R_d = {result.robustness_score_with_diversity:.4f} (with diversity)\")\nprint(f\"S = {result.sample_penalty:.2f} (sample penalty)\")\n```\n\n**CLI (human-readable report) — empirical run from current test suite:**\n\n```bash\npython tools\u002Frobustness_evaluator.py \\\n --n-total 1054 \\\n --n-adversarial 425 \\\n --passing-adv 424 \\\n --passing-norm 629 \\\n --coverage 0.57 \\\n --alpha 0.65 \\\n --categories '[{\"name\":\"boundary\",\"total\":28,\"passing\":28,\"difficulty\":1.0},\n {\"name\":\"semantic\",\"total\":22,\"passing\":22,\"difficulty\":0.5},\n {\"name\":\"evasion\",\"total\":24,\"passing\":24,\"difficulty\":1.0},\n {\"name\":\"compositional\",\"total\":19,\"passing\":19,\"difficulty\":0.8}]'\n```\n\n**CLI (JSON output for CI pipelines):**\n\n```bash\npython tools\u002Frobustness_evaluator.py --n-total 1054 --n-adversarial 425 \\\n --passing-adv 424 --passing-norm 629 --coverage 0.57 --json\n```\n\n**Empirical output (measured from actual test runs):**\n\n```\n===========================================================\n ImpactGuard — Robustness Evaluation Report\n===========================================================\n\n── Test Composition ──────────────────────────────────────\n Total tests : 1054\n Adversarial tests : 425\n Normal tests : 629\n Adversarial ratio : 40.3% ✓\n\n── Pass Rates ────────────────────────────────────────────\n P_adversarial (P_a): 0.998\n P_normal (P_n): 1.000\n Coverage (C) : 0.570\n Alpha (α) : 0.65\n Diversity (D) : 1.000\n\n── Primary Metrics ───────────────────────────────────────\n Robustness Score (R) : 0.5691 [FAIR]\n Sample Penalty (S) : 1.00\n Robustness + Diversity (R_d) : 0.5691\n Fragility Index (F) : 0.0000 [ROBUST]\n\n── Category Breakdown ────────────────────────────────────\n boundary 28\u002F28 (100%) ●●●●●●●●●●●●●●●●●●●●●●●●●●\n semantic 22\u002F22 (100%) ●●●●●●●●●●●●●●●●●●●●●●\n evasion 24\u002F24 (100%) ●●●●●●●●●●●●●●●●●●●●●●●●\n compositional 19\u002F19 (100%) ●●●●●●●●●●●●●●●●●●●\n\n===========================================================\n```\n\n**Low sample size output example:**\n\n```\n── Primary Metrics ───────────────────────────────────────\n Robustness Score (R) : 0.0774 [POOR]\n Sample Penalty (S) : 0.19 (small sample)\n\n⚠ WARNING: Low coverage (\u003C30%) - consider adding tests\n\n============================================================\n ImpactGuard — Robustness Evaluation Report\n============================================================\n\n── Test Composition ──────────────────────────────────────\n Total tests : 1054\n Adversarial tests : 425\n Normal tests : 629\n Adversarial ratio : 40.3% ✓\n\n── Pass Rates ────────────────────────────────────────────\n P_adversarial (P_a): 0.998\n P_normal (P_n): 1.000\n Coverage (C) : 0.570\n Alpha (α) : 0.65\n Diversity (D) : 1.000\n\n── Primary Metrics ───────────────────────────────────────\n Robustness Score (R) : 0.5691 [FAIR]\n Robustness + Diversity (R_d) : 0.5691\n Fragility Index (F) : 0.0024 [ROBUST]\n\n── Category Breakdown ────────────────────────────────────\n boundary 28\u002F28 (100%) ●●●●●●●●●●●●●●●●●●●●●●●●●●●●\n semantic 22\u002F22 (100%) ●●●●●●●●●●●●●●●●●●●●●●\n evasion 24\u002F24 (100%) ●●●●●●●●●●●●●●●●●●●●●●●●\n compositional 19\u002F19 (100%) ●●●●●●●●●●●●●●●●●●●\n\n============================================================\n```\n\n---\n\n## Further Documentation\n\nFor deeper exploration of specific subsystems, refer to the [DeepWiki documentation](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard):\n\n- [Getting Started](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F1.1-getting-started)\n- [Architecture and Data Flow](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F1.2-architecture-and-data-flow)\n- [Core Analysis Pipeline](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F2-core-analysis-pipeline)\n- [Risk Model and Enforcement](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F3-risk-model-and-enforcement)\n- [Runtime Tracing](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F4-runtime-tracing)\n- [Patch Generation and Remediation](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F5-patch-generation-and-remediation)\n- [CLI and Public API](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F6-cli-and-public-api)\n- [Git Hooks and Workflow Integration](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F7-git-hooks-and-workflow-integration)\n- [CI\u002FCD and Release Infrastructure](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F8-cicd-and-release-infrastructure)\n- [Testing](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F9-testing)\n- [Glossary](https:\u002F\u002Fdeepwiki.com\u002Fdaedalus\u002FImpactGuard\u002F10-glossary)\n","ImpactGuard 是一个轻量级的多语言API影响分析工具。它支持Python、TypeScript、JavaScript等多种编程语言,通过静态和运行时技术追踪函数签名的变化,检测破坏性变更,并分析调用点的影响。其核心功能包括自动提取函数签名、语义API差异分类、影响分析以及基于S × E × C × λ模型的风险评估。此外,ImpactGuard还能自动生成格式保持的补丁来修复受影响的代码。适用于需要在代码合并前确保API稳定性的开发场景,如持续集成\u002F持续部署(CI\u002FCD)流程中作为预提交检查或风险控制门使用。",2,"2026-06-11 03:58:15","CREATED_QUERY"]