Blast Radius
Runtime impact analysis that shows concrete damage before you confirm
Severity tells you how dangerous a command is. Blast radius tells you how wide the damage spreads. shellfirm computes real metrics at runtime so you see concrete impact numbers before confirming a risky command.
What blast radius computes
Depending on the check group, shellfirm runs quick system queries to measure the actual impact:
| Group | What is measured | Example output |
|---|---|---|
| fs | File count + total size | "Deletes ~347 files (12.4 MB) in ./src" |
| fs-strict | File count + total size | "Deletes directory with ~89 files (2.1 MB)" |
| git | Modified files, tracked files, commit count | "Resets 5 modified files" or "Force-pushes 12 commits to origin/main" |
| git-strict | Staged/unstaged file count | "Stages 23 files" |
| docker | Container, image, and volume counts | "Prunes up to 12 images, 3 containers, 2 volumes" |
| kubernetes | Resource count in namespace | "Deletes namespace 'staging' with 47 resources" |
Blast scopes
Each blast radius computation is assigned a scope that indicates the breadth of potential damage:
| Scope | Meaning | Examples |
|---|---|---|
| Resource | Single file, branch, or container | git branch -D feature-x, chmod 644 file.txt |
| Project | Repository, database, or application | git reset --hard, git push --force, rm -rf ./src |
| Namespace | Kubernetes namespace or resource group | kubectl delete ns staging |
| Machine | Entire local host | rm -rf /, docker system prune -a |
Scopes are ordered: Resource < Project < Namespace < Machine. When multiple checks match, the highest scope is reported.
How it looks in practice
When you type a command with blast radius support, the challenge prompt includes an extra line:
For git operations:
Enter to continue Esc to cancel ›For Docker:
Supported checks
Blast radius is computed for these specific check IDs:
Filesystem:
fs:recursively_delete-- counts files and total size at the target pathfs:move_to_dev_null-- reports the size of the file being destroyedfs:flush_file_content-- reports the size of the file being flushedfs:recursively_chmod-- counts files affected by recursive permission changefs:delete_find_files-- counts files under the find search pathfs-strict:any_deletion-- counts files/size for the deletion targetfs-strict:folder_deletion-- counts files/size for the directoryfs-strict:change_permissions-- counts files in the target directory
Git:
git:reset-- counts unstaged + staged modified filesgit:delete_all-- counts tracked filesgit:clean_force-- counts untracked files/directoriesgit:force_push-- counts commits ahead of remotegit:force_delete_branch-- names the branch being deletedgit:force_checkout-- counts files with uncommitted changesgit:filter_branch-- counts total commits being rewrittengit-strict:add_all-- counts files to be stagedgit-strict:commit_all-- counts files to be committed
Docker:
docker:system_prune_all-- counts images, containers, and volumesdocker:force_remove_all_containers-- counts running containersdocker:volume_prune-- counts unused volumesdocker:stop_all_containers-- counts running containers
Kubernetes:
kubernetes:delete_namespace-- counts resources in the namespace
3-second timeout with graceful degradation
Each blast radius computation runs with a 3-second timeout. This is deliberate:
- The user is already stopped at an interactive challenge prompt, so a brief pause is acceptable
- Operations like
findon large directories (e.g.,node_modules) need a moment - Most computations (
git,du,docker) complete in under 100ms
If any computation times out, fails, or produces unexpected output, blast radius is silently skipped. The challenge prompt is shown without the extra line. Blast radius never interferes with the core safety flow.
Configuration
Enable or disable blast radius globally in ~/.config/shellfirm/settings.yaml:
blast_radius: true # enabled by defaultOr open the interactive config editor:
shellfirm config editOr in ~/.config/shellfirm/settings.yaml:
blast_radius: true # defaultBlast radius in audit logs
When blast radius is computed, the scope and description are included in the audit log entry:
{
"event_id": "abc123",
"command": "rm -rf ./src",
"matched_ids": ["fs:recursively_delete"],
"severity": "Critical",
"outcome": "Denied",
"blast_radius_scope": "PROJECT",
"blast_radius_detail": "Deletes ~347 files (12.4 MB) in ./src"
}This makes audit logs more useful for incident investigation -- you can see not just what was attempted, but what the actual impact would have been.
Blast radius in MCP responses
When AI agents query shellfirm via MCP, blast radius data is included in the risk assessment:
{
"matched_rules": [
{
"id": "fs:recursively_delete",
"severity": "Critical",
"blast_radius_scope": "PROJECT",
"blast_radius_detail": "Deletes ~347 files (12.4 MB) in ./src"
}
],
"blast_radius_scope": "PROJECT",
"blast_radius_detail": "Deletes ~347 files (12.4 MB) in ./src"
}This gives agents concrete data to include in their decision-making and user-facing explanations.