Concepts

Risk score

The 0–100 number Bedrock posts at the top of every review. Here's how it's computed and what each band means.

The bands

0–24 — additive only, low blast radius. Auto-approved on Team plans.
25–49 — additive but touches hot paths. Posts as review.
50–79 — destructive or relationship change. Always posts as review.
80–100 — destructive in same migration as a dependent change. Posts as blocked.

How it's computed

Risk is the weighted sum of per-change severities, modulated by blast radius and rollout safety. Roughly:

typescript· 6 lines · 187b

risk =
    sum(change.severity * change.weight)
  + 12 * referencesInHotPaths(authBilling)
  + 18 * (irreversible ? 1 : 0)
  +  8 * (noBackfill ? 1 : 0)
  -  6 * (hasFeatureFlag ? 1 : 0);

Tunable

On Team and Enterprise you can override weights and thresholds in bedrock.yml. See policy reference.