1. Review auth middleware changes carefully. The auth.ts file was modified with no corresponding test changes. Manually verify session handling, token validation, and redirect logic.
2. Rotate exposed credentials immediately. A secret-like literal (token= pattern) was detected in the diff. If this is a real credential, rotate it and move it to a secrets manager.
3. Verify dependency changes. package.json has additions/updates. Run npm audit and check the lockfile for unexpected resolutions.
4. Add or update tests. Source files were changed without test changes. Add regression tests before merge.
5. Review config changes. .env.example was modified. Verify no real secrets are committed and that defaults are appropriate.
Merge Recommendation
⛔ Do Not Merge — High Risk
Risk score 63/100 exceeds the high-risk threshold (50). Review all 5 flags before proceeding. This diff touches auth paths and contains possible secret literals.
CI Policy Example
# .github/workflows/risk-gate.yml
- name: AI Change Risk Gate
run: python agent_change_risk_auditor.py audit --diff diff.patch
# Exit code 1 on high risk → blocks merge
Run this audit on your own AI-generated diffs
Local Python CLI — no cloud, no API keys, under 1 second per diff.