S
SkillsMD 发现、学习和掌握最新的 AI 技术 Skills。基于真实社区数据,为开发者提供最权威的 AI 工具导航。
关于 聚焦 AI 技术 Skills 每周数据更新 中英双语文档 © 2026 SkillsMD. All rights reserved.
影响分析技能:结构化变更影响评估流程,预防代码变更风险 | SkillsMD
首页 / Skills / impact-analysis 影响分析技能:结构化变更影响评估流程,预防代码变更风险 impact-analysis by aakash-dhar/claude-skills
npx skills add https://github.com/aakash-dhar/claude-skills --skill impact-analysis🇨🇳 中文介绍 影响分析技能
在分析拟议变更的影响时,请遵循此结构化流程。目标是在任何人编写一行代码之前,全面映射其影响范围——尽早发现问题远比在生产环境中发现要便宜得多。
重要提示 :始终将输出保存为项目根目录下 project-decisions/ 目录中的 Markdown 文件。如果该目录不存在,请创建它。
0. 输出设置
# 如果 project-decisions 目录不存在,则创建它
mkdir -p project-decisions
# 文件将保存为:
# project-decisions/YYYY-MM-DD-impact-[kebab-case-topic].md
1. 理解拟议的变更
解析请求
从问题或讨论中提取:
变更内容是什么? — 具体的代码、系统、API、数据库、服务或流程为什么要变更? — 新功能、错误修复、重构、迁移、弃用期望的结果是什么? — 变更后应该有什么不同什么不会改变? — 明确指出保持不变的内容
变更类型分类
变更类型 典型影响范围 风险等级 配置变更 狭窄 — 单一服务 🟢 低 错误修复 狭窄 — 单一函数/模块
🇺🇸 English Impact Analysis Skill
When analyzing the impact of a proposed change, follow this structured process. The goal is to map the full blast radius before anyone writes a line of code — catching surprises early is far cheaper than catching them in production.
IMPORTANT : Always save the output as a markdown file in the project-decisions/ directory at the project root. Create the directory if it doesn't exist.
0. Output Setup
# Create project-decisions directory if it doesn't exist
mkdir -p project-decisions
# File will be saved as:
# project-decisions/YYYY-MM-DD-impact-[kebab-case-topic].md
1. Understand the Proposed Change
Parse the Request
Extract from the question or discussion:
What's changing? — specific code, system, API, database, service, or processWhy is it changing? — new feature, bug fix, refactor, migration, deprecationWhat's the desired outcome? — what should be different after the changeWhat's NOT changing? — explicitly call out what stays the same
Classify the Change Type
广告位招租
在这里展示您的产品或服务
触达数万 AI 开发者,精准高效
联系我们 新功能(增量的) 狭窄到中等 — 新代码,不改变现有内容 🟡 中等
API 变更(向后兼容) 中等 — 消费者可能需要更新 🟡 中等
API 变更(破坏性的) 广泛 — 所有消费者必须更新 🔴 高
数据库模式变更 广泛 — 查询、模型、迁移、数据回填 🔴 高
服务迁移/替换 广泛 — 集成、配置、监控、操作手册 🔴 高
基础设施变更 广泛 — 部署、网络、DNS、密钥 🔴 高
身份验证/授权变更 非常广泛 — 每个需要身份验证的端点 🔴 严重
数据模型/领域变更 非常广泛 — 应用的每一层 🔴 严重
2. 映射影响范围
2a. 代码级影响 # 查找所有引用变更代码的文件
grep -rn "[changing-module-or-function]" --include="*.ts" --include="*.js" --include="*.py" --include="*.go" --include="*.java" --include="*.rb" --include="*.php" src/ app/ lib/ 2>/dev/null | grep -v "node_modules\|\.git\|test\|spec\|mock"
# 查找变更模块的所有导入
grep -rn "import.*from.*[module]\|require.*[module]\|from [module] import" --include="*.ts" --include="*.js" --include="*.py" src/ app/ 2>/dev/null | grep -v "node_modules\|\.git"
# 统计受影响文件数量
grep -rln "[changing-module-or-function]" --include="*.ts" --include="*.js" --include="*.py" src/ app/ 2>/dev/null | grep -v "node_modules\|\.git" | wc -l
# 查找下游依赖(使用变更代码的代码又被谁使用)
# 构建两级依赖链
for file in $(grep -rln "[module]" --include="*.ts" --include="*.js" src/ 2>/dev/null | grep -v "node_modules"); do
basename "$file"
grep -rln "$(basename $file .ts)\|$(basename $file .js)" --include="*.ts" --include="*.js" src/ 2>/dev/null | grep -v "node_modules" | sed 's/^/ → /'
done
# 检查重新导出(变更可能通过桶文件传播)
grep -rn "export.*from.*[module]\|module\.exports.*require.*[module]" --include="*.ts" --include="*.js" src/ 2>/dev/null | grep -v "node_modules"
# 查找接口/类型使用情况(TypeScript)
grep -rn "interface\|type " [changing-file] 2>/dev/null | while read line; do
typename=$(echo "$line" | grep -oP '(?:interface|type)\s+\K\w+')
echo "Type: $typename"
grep -rn "$typename" --include="*.ts" --include="*.tsx" src/ 2>/dev/null | grep -v "node_modules" | wc -l
echo " references"
done
2b. API 影响 # 查找使用变更代码的 API 路由
grep -rn "[module-or-function]" --include="*.ts" --include="*.js" --include="*.py" src/api/ src/routes/ app/api/ 2>/dev/null
# 列出受影响路由文件中的所有端点
for file in $(grep -rln "[module]" src/api/ src/routes/ 2>/dev/null); do
echo "=== $file ==="
grep -n "router\.\(get\|post\|put\|delete\|patch\)\|app\.\(get\|post\|put\|delete\|patch\)\|@app\.route\|@GetMapping\|@PostMapping" "$file" 2>/dev/null
done
# 检查 API 版本控制
find . -path "*/api/v*" -o -path "*/v1/*" -o -path "*/v2/*" 2>/dev/null | head -20
# 检查 OpenAPI/Swagger 规范
find . -name "openapi*" -o -name "swagger*" -o -name "*.api.yaml" -o -name "*.api.json" 2>/dev/null | head -10
# 检查 API 消费者(外部客户端、移动应用、其他服务)
grep -rn "fetch\|axios\|http\.\|HttpClient\|requests\." --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[affected-endpoint]"
2c. 数据库影响 # 查找与变更相关的模型/模式
grep -rn "model\|schema\|entity\|@Entity\|@Table\|class.*Model\|class.*Schema" --include="*.ts" --include="*.js" --include="*.py" --include="*.java" src/db/ src/models/ src/entities/ app/models/ 2>/dev/null | grep -i "[keyword]"
# 查找引用受影响表/列的所有查询
grep -rn "SELECT\|INSERT\|UPDATE\|DELETE\|FROM\|JOIN\|WHERE" --include="*.ts" --include="*.js" --include="*.py" --include="*.sql" src/ 2>/dev/null | grep -i "[table-or-column]"
# 查找引用受影响模型的 ORM 查询
grep -rn "findOne\|findMany\|findAll\|create\|update\|delete\|where\|include\|select" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[model]"
# 检查现有迁移
ls -la src/db/migrations/ db/migrations/ migrations/ prisma/migrations/ 2>/dev/null | tail -10
# 检查迁移历史数量
find . -path "*/migrations/*" -name "*.ts" -o -name "*.js" -o -name "*.py" -o -name "*.sql" 2>/dev/null | wc -l
# 检查引用该表的视图、函数、触发器
grep -rn "CREATE VIEW\|CREATE FUNCTION\|CREATE TRIGGER" --include="*.sql" . 2>/dev/null | grep -i "[table]"
# 检查受影响列上的索引
grep -rn "INDEX\|@@index\|add_index\|createIndex" --include="*.ts" --include="*.js" --include="*.py" --include="*.sql" --include="*.prisma" src/ prisma/ 2>/dev/null | grep -i "[column]"
2d. 服务与集成影响 # 查找与变更相关的外部服务调用
grep -rn "fetch\|axios\|http\.\|requests\.\|HttpClient\|RestTemplate" --include="*.ts" --include="*.js" --include="*.py" --include="*.java" src/ 2>/dev/null | grep -i "[service-keyword]"
# 查找消息队列生产者/消费者
grep -rn "publish\|subscribe\|emit\|on(\|producer\|consumer\|queue\|topic\|channel" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[keyword]"
# 查找 Webhook 端点
grep -rn "webhook\|callback\|notify" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null
# 查找 gRPC/protobuf 定义
find . -name "*.proto" 2>/dev/null | xargs grep -l "[keyword]" 2>/dev/null
# 查找 GraphQL 模式引用
grep -rn "type \|input \|query \|mutation \|subscription " --include="*.graphql" --include="*.gql" . 2>/dev/null | grep -i "[keyword]"
# 检查共享库/包(单体仓库)
cat package.json 2>/dev/null | grep -E "workspace|lerna|nx|turbo"
find . -name "package.json" -maxdepth 3 | xargs grep -l "[module]" 2>/dev/null
2e. 基础设施影响 # 检查 Docker 配置
grep -rn "[keyword]" Dockerfile docker-compose.yml docker-compose.yaml 2>/dev/null
# 检查 CI/CD 流水线
grep -rn "[keyword]" .github/workflows/*.yml .gitlab-ci.yml Jenkinsfile bitbucket-pipelines.yml 2>/dev/null
# 检查环境配置
grep -rn "[keyword]" .env.example .env.sample .env.template 2>/dev/null
grep -rn "[keyword]" --include="*.yaml" --include="*.yml" --include="*.toml" --include="*.ini" config/ infra/ k8s/ terraform/ 2>/dev/null
# 检查 Kubernetes 清单
grep -rn "[keyword]" --include="*.yaml" --include="*.yml" k8s/ kubernetes/ helm/ 2>/dev/null
# 检查 Terraform/基础设施即代码
grep -rn "[keyword]" --include="*.tf" --include="*.tfvars" terraform/ infra/ 2>/dev/null
# 检查 nginx/反向代理配置
grep -rn "[keyword]" --include="*.conf" --include="*.nginx" . 2>/dev/null
# 检查监控/告警配置
grep -rn "[keyword]" --include="*.yaml" --include="*.yml" --include="*.json" monitoring/ alerts/ datadog/ grafana/ 2>/dev/null
2f. 测试影响 # 查找覆盖变更代码的测试
grep -rn "[module-or-function]" --include="*.test.*" --include="*.spec.*" --include="test_*" --include="*_test.*" . 2>/dev/null | grep -v "node_modules"
# 统计受影响测试文件数量
grep -rln "[module-or-function]" --include="*.test.*" --include="*.spec.*" --include="test_*" . 2>/dev/null | grep -v "node_modules" | wc -l
# 查找可能中断的端到端/集成测试
grep -rn "[keyword]" --include="*.test.*" --include="*.spec.*" --include="*.cy.*" tests/e2e/ tests/integration/ cypress/ playwright/ 2>/dev/null
# 查找引用受影响代码的测试夹具/模拟
grep -rn "[keyword]" --include="*.ts" --include="*.js" --include="*.py" tests/fixtures/ tests/mocks/ tests/helpers/ __mocks__/ 2>/dev/null
2g. 文档影响 # 查找引用变更代码的文档
grep -rn "[keyword]" --include="*.md" --include="*.mdx" --include="*.rst" --include="*.txt" docs/ README.md CONTRIBUTING.md 2>/dev/null
# 查找 API 文档
grep -rn "[keyword]" --include="*.yaml" --include="*.json" --include="*.md" docs/api/ openapi/ swagger/ 2>/dev/null
# 查找内联文档
grep -rn "@see\|@link\|@deprecated\|@since" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[keyword]"
# 查找引用此区域的 ADR/决策记录
grep -rn "[keyword]" --include="*.md" docs/adr/ docs/decisions/ project-decisions/ 2>/dev/null
3. 依赖关系图
直接依赖(第 1 级) 变更代码所依赖的内容(上游):
- [dependency 1] — [如何使用]
- [dependency 2] — [如何使用]
依赖变更代码的内容(下游):
- [dependent 1] — [如何使用此代码]
- [dependent 2] — [如何使用此代码]
传递依赖(第 2 级) 依赖于第 1 级依赖项的内容:
- [dependent 1] → [level 2 dependent]
- [dependent 2] → [level 2 dependent]
可视化依赖关系图 ┌─────────────┐
│ 变更 │
│ 组件 │
└──────┬──────┘
│
┌────────────┼────────────┐
│ │ │
┌─────▼─────┐ ┌───▼─────┐ ┌───▼─────┐
│ 服务 A │ │ API │ │ 工作器 │
│ (直接) │ │ (直接) │ │ (直接) │
└─────┬──────┘ └───┬─────┘ └───┬─────┘
│ │ │
┌────▼────┐ ┌───▼────┐ ┌───▼────┐
│前端 │ │移动应用 │ │报表服务 │
│(间接) │ │(间接) │ │(间接) │
└─────────┘ └────────┘ └────────┘
4. 破坏性变更检测
API 破坏性变更 变更 是否破坏性? 影响 移除端点 🔴 是 所有消费者必须更新 从响应中移除字段 🔴 是 依赖该字段的消费者将中断 重命名字段 🔴 是 所有消费者必须更新字段引用 更改字段类型 🔴 是 消费者的类型解析将失败 向请求添加必填字段 🔴 是 缺少该字段的现有调用将失败 向请求添加可选字段 🟢 否 向后兼容 向响应添加字段 🟢 否 消费者应忽略未知字段 添加新端点 🟢 否 增量添加,不影响现有代码 更改错误格式 🟡 可能 如果消费者解析错误消息 更改状态码 🟡 可能 如果消费者检查特定状态码 更改分页格式 🔴 是 所有使用分页的消费者中断 添加速率限制 🟡 可能 高流量消费者可能受影响
数据库破坏性变更 变更 是否破坏性? 影响 添加可为空的列 🟢 否 现有查询不受影响 添加没有默认值的非空列 🔴 是 INSERT 语句失败 移除列 🔴 是 引用该列的 SELECT、INSERT 失败 重命名列 🔴 是 引用该列的所有查询失败 更改列类型 🟡 可能 取决于类型兼容性 添加表 🟢 否 增量添加 移除表 🔴 是 引用该表的所有查询失败 添加索引 🟢 否 性能改进,不改变行为 移除索引 🟡 可能 性能下降,可能超时 添加约束 🟡 可能 现有数据可能违反约束 更改主键 🔴 是 外键、连接、所有引用中断
共享库破坏性变更 变更 是否破坏性? 影响 移除导出的函数 🔴 是 所有导入者失败 更改函数签名 🔴 是 所有调用者必须更新 更改返回类型 🔴 是 所有使用返回值的消费者中断 添加可选参数 🟢 否 向后兼容 更改默认值 🟡 可能 依赖默认值的调用者行为改变 移除导出的类型 🔴 是 TypeScript 消费者编译失败 更改枚举值 🔴 是 switch 语句和比较中断
5. 团队与人员影响
需要通知谁 团队/人员 原因 所需行动 [前端团队] API 合约变更 更新 API 调用 [移动团队] API 合约变更 更新应用,需要新版本发布 [DevOps] 基础设施变更 更新配置、流水线 [QA] 测试计划变更 更新测试用例,回归测试 [产品] 功能行为变更 更新文档,通知客户 [安全] 身份验证/数据变更 安全审查 [支持] 面向用户的变更 更新操作手册,培训团队 [数据团队] 模式变更 更新查询、仪表板、报告 [合作伙伴团队] API 变更 协调迁移时间线
沟通计划 | 时间 | 谁 | 渠道 | 消息 |
|------|-----|---------|---------|
| 开始前 | [team] | Slack #engineering | 提醒:我们将变更 X |
| 部署前 | [team] | Slack #deploys | 迁移计划,预期停机时间 |
| 部署期间 | [team] | Slack #incidents | 状态更新 |
| 部署后 | [team] | Slack #engineering | 完成,需要关注什么 |
| 验证后 | [stakeholders] | 邮件 | 变更摘要 |
6. 迁移与发布策略
如果存在破坏性变更 推荐发布策略:
阶段 1:准备(在任何变更上线前)
- [ ] 通知受影响的团队/消费者并提供时间线
- [ ] 为逐步发布创建功能标志
- [ ] 为受影响的端点/服务设置监控
- [ ] 准备回滚计划
阶段 2:向后兼容(首先部署)
- [ ] 在旧代码旁边添加新代码
- [ ] 同时支持新旧格式
- [ ] 部署并验证新代码正常工作
阶段 3:迁移(逐步切换)
- [ ] 逐个将消费者迁移到新格式
- [ ] 监控每个消费者的错误率
- [ ] 保持旧代码路径作为回退方案
阶段 4:清理(所有消费者迁移后)
- [ ] 移除旧代码路径
- [ ] 移除功能标志
- [ ] 更新文档
- [ ] 关闭迁移工单
回滚计划 如果出现问题:
触发条件:[触发回滚的条件]
- 错误率超过 X%
- 延迟超过 Xms p99
- 检测到数据不一致
- 客户报告超过 X 个
回滚步骤:
1. [将部署回滚到先前版本]
2. [如果数据库变更,运行向下迁移]
3. [如果配置/环境变量变更,恢复它们]
4. [通知受影响的团队]
5. [调查根本原因]
预计回滚时间:[X 分钟]
回滚期间数据丢失风险:[无 / 可能 — 描述]
7. 风险矩阵
影响 vs 可能性 可能性
低 中 高
┌────────┬─────────┬─────────┐
高 │ 🟡 │ 🟠 │ 🔴 │
│ 监控 │ 计划 │ 缓解 │
影 ──────┼────────┼─────────┼─────────┤
响 中 │ 🟢 │ 🟡 │ 🟠 │
│ 接受 │ 监控 │ 计划 │
响 ──────┼────────┼─────────┼─────────┤
低 │ 🟢 │ 🟢 │ 🟡 │
│ 接受 │ 接受 │ 监控 │
└────────┴─────────┴─────────┘
风险登记册
| 风险 | 可能性 | 影响 | 评分 | 缓解措施 | 负责人 ---|---|---|---|---|---|---
8. 按变更类型划分的检查清单
API 变更检查清单
所有消费者已识别并通知
定义了向后兼容期
确定了 API 版本控制策略
更新了 OpenAPI/Swagger 规范
更新了客户端 SDK(如果有)
审查了速率限制
记录了错误响应
更新了集成测试
更新了 API 文档
添加了变更日志条目
安排了移动应用发布(如果适用)
数据库变更检查清单
迁移是可逆的(向上和向下)
在生产规模数据上测试了迁移
估计了迁移时间(分钟?小时?)
安排了停机窗口(如果需要)
定义了回填策略(如果添加非空列)
为 WHERE/JOIN 中使用的新列规划了索引
更新了 ORM 模型
识别并更新了受影响的查询
识别了受影响的报告/仪表板
迁移前验证了备份
服务迁移检查清单
映射了所有集成点
验证了功能对等性(新服务具备旧服务的所有功能)
迁移了配置(环境变量、密钥)
配置了监控和告警
更新了操作手册
规划了 DNS/路由变更
记录了回滚程序
数据迁移计划(如果适用)
对新服务进行了负载测试
团队接受了新服务培训
基础设施变更检查清单
识别了所有受影响的服务
记录了配置变更
如果需要,轮换了密钥/凭据
更新了 CI/CD 流水线
更新了监控仪表板
审查了告警阈值
更新了灾难恢复计划
审查了容量规划
审查了安全组/防火墙规则
考虑了 DNS 传播时间
共享库变更检查清单
识别了所有消费者(grep 查找导入)
确定了语义版本号提升(主版本/次版本/修订版本)
在 CHANGELOG 中记录了破坏性变更
为破坏性变更编写了迁移指南
使用新版本测试了消费者
发布到包注册表
更新并部署了消费者
输出文档模板 保存到 project-decisions/YYYY-MM-DD-impact-[topic].md:
# 影响分析:[拟议变更的标题]
**日期:** YYYY-MM-DD
**请求者:** [姓名]
**分析者:** [姓名]
**变更类型:** [功能 / 迁移 / 重构 / 基础设施 / API 变更]
**风险等级:** [🟢 低 / 🟡 中等 / 🟠 高 / 🔴 严重]
---
## 拟议变更
[清晰描述变更内容及原因]
## 影响范围摘要
| 区域 | 影响级别 | 详情 |
|------|-------------|---------|
| **源代码** | X 个文件 | [列出关键文件] |
| **API 端点** | X 个端点 | [列出受影响的端点] |
| **数据库** | X 个表/列 | [列出受影响的表] |
| **服务** | X 个服务 | [列出受影响的服务] |
| **基础设施** | [是/否] | [变更内容] |
| **测试** | X 个测试文件 | [需要更新的测试] |
| **文档** | X 个文档 | [需要更新的文档] |
| **受影响的团队** | X 个团队 | [列出团队] |
| **外部消费者** | X 个消费者 | [列出消费者] |
## 依赖关系图
[显示受影响组件及其关系的 ASCII 图]
## 破坏性变更
| 变更 | 类型 | 受影响方 | 迁移路径 |
|--------|------|---------------|----------------|
| [变更 1] | API / DB / 库 | [消费者] | [如何迁移] |
## 按区域划分的影响
### 代码影响
[受影响文件、函数、模块的详情]
### API 影响
[受影响端点、请求/响应变更的详情]
### 数据库影响
[模式变更、迁移、数据回填的详情]
### 基础设施影响
[配置、部署、监控变更的详情]
### 团队影响
[需要通知谁,他们需要做什么]
## 风险评估
| 风险 | 可能性 | 影响 | 缓解措施 |
|------|-----------|--------|------------|
| [风险 1] | 高/中/低 | 高/中/低 | [方法] |
## 发布策略
[如果存在破坏性变更,分阶段发布计划]
## 回滚计划
[如果出现问题,如何回滚]
## 检查清单
[基于变更类型的相关检查清单]
## 建议
**是否进行:[是 / 有条件进行 / 需要更多分析 / 否]**
[推理和条件]
## 后续步骤
1. [ ] [行动项 1]
2. [ ] [行动项 2]
3. [ ] [行动项 3]
---
## 决策日志
| 日期 | 事件 | 执行人 |
|------|-------|----|
| YYYY-MM-DD | 请求影响分析 | [姓名] |
| YYYY-MM-DD | 分析完成 | [姓名] |
| YYYY-MM-DD | 决策:[进行/推迟/拒绝] | [姓名] |
保存后,更新 project-decisions 索引:
# 更新 README.md 索引
echo "# 项目决策\n" > project-decisions/README.md
echo "| 日期 | 决策 | 类型 | 状态 |" >> project-decisions/README.md
echo "|------|----------|------|--------|" >> project-decisions/README.md
for f in project-decisions/2*.md; do
date=$(basename "$f" | cut -d'-' -f1-3)
title=$(head -1 "$f" | sed 's/^# //' | sed 's/^Impact Analysis: //' | sed 's/^Tech Decision: //')
type="影响分析"
echo "$f" | grep -q "impact" || type="技术决策"
status=$(grep "^**Status:**\|^**Proceed:**" "$f" | head -1 | sed 's/.*: //' | sed 's/\*//g')
echo "| $date | [$title](./$(basename $f)) | $type | $status |" >> project-decisions/README.md
done
适应规则
始终保存到文件 — 每次分析都持久化在 project-decisions/ 中根据变更规模调整 — 小的配置变更进行 1 页分析,重大迁移进行完整处理详尽分析影响范围 — 标记误报比遗漏真实依赖更好扫描实际代码库 — 不要猜测,使用 grep包含传递依赖 — 依赖你正在变更的内容的依赖量化 — "15 个文件受影响" 而不是 "一些文件受影响"识别最可怕的风险 — 首先关注可能出错最严重的情况始终包含回滚 — 每次变更都需要回退方法考虑时机 — 相同的变更在平静的一周可能没问题,但在流量高峰期间可能风险很高考虑数据 — 代码可以立即回滚,数据变更不能
总结
影响范围 — 一行摘要(例如,"影响 3 个服务,15 个文件,2 个 API 端点,1 个数据库表")风险等级 — 🟢 低 / 🟡 中等 / 🟠 高 / 🔴 严重破坏性变更 — 数量和摘要需要通知的团队 — 谁需要提前知晓最大风险 — 最重要的单一风险建议 — 进行 / 有条件进行 / 需要探索 / 不进行文件保存位置 — 确认文档位置 Config change Narrow — one service 🟢 Low Bug fix Narrow — one function/module 🟢 Low New feature (additive) Narrow to medium — new code, no existing changes 🟡 Medium API change (backward compatible) Medium — consumers may need updates 🟡 Medium API change (breaking) Wide — all consumers must update 🔴 High Database schema change Wide — queries, models, migrations, backfill 🔴 High Service migration/replacement Wide — integrations, config, monitoring, runbooks 🔴 High Shared library update Wide — all consumers of the library 🟠 High Infrastructure change Wide — deployment, networking, DNS, secrets 🔴 High Authentication/authorization change Very wide — every authenticated endpoint 🔴 Critical Data model/domain change Very wide — every layer of the application 🔴 Critical
2. Map the Blast Radius
2a. Code-Level Impact # Find all files that reference the changing code
grep -rn "[changing-module-or-function]" --include="*.ts" --include="*.js" --include="*.py" --include="*.go" --include="*.java" --include="*.rb" --include="*.php" src/ app/ lib/ 2>/dev/null | grep -v "node_modules\|\.git\|test\|spec\|mock"
# Find all imports of the changing module
grep -rn "import.*from.*[module]\|require.*[module]\|from [module] import" --include="*.ts" --include="*.js" --include="*.py" src/ app/ 2>/dev/null | grep -v "node_modules\|\.git"
# Count affected files
grep -rln "[changing-module-or-function]" --include="*.ts" --include="*.js" --include="*.py" src/ app/ 2>/dev/null | grep -v "node_modules\|\.git" | wc -l
# Find downstream dependencies (what uses the thing that uses the changing code)
# Build a two-level dependency chain
for file in $(grep -rln "[module]" --include="*.ts" --include="*.js" src/ 2>/dev/null | grep -v "node_modules"); do
basename "$file"
grep -rln "$(basename $file .ts)\|$(basename $file .js)" --include="*.ts" --include="*.js" src/ 2>/dev/null | grep -v "node_modules" | sed 's/^/ → /'
done
# Check for re-exports (the change may propagate through barrel files)
grep -rn "export.*from.*[module]\|module\.exports.*require.*[module]" --include="*.ts" --include="*.js" src/ 2>/dev/null | grep -v "node_modules"
# Find interface/type usages (TypeScript)
grep -rn "interface\|type " [changing-file] 2>/dev/null | while read line; do
typename=$(echo "$line" | grep -oP '(?:interface|type)\s+\K\w+')
echo "Type: $typename"
grep -rn "$typename" --include="*.ts" --include="*.tsx" src/ 2>/dev/null | grep -v "node_modules" | wc -l
echo " references"
done
2b. API Impact # Find API routes that use the changing code
grep -rn "[module-or-function]" --include="*.ts" --include="*.js" --include="*.py" src/api/ src/routes/ app/api/ 2>/dev/null
# List all endpoints in affected route files
for file in $(grep -rln "[module]" src/api/ src/routes/ 2>/dev/null); do
echo "=== $file ==="
grep -n "router\.\(get\|post\|put\|delete\|patch\)\|app\.\(get\|post\|put\|delete\|patch\)\|@app\.route\|@GetMapping\|@PostMapping" "$file" 2>/dev/null
done
# Check for API versioning
find . -path "*/api/v*" -o -path "*/v1/*" -o -path "*/v2/*" 2>/dev/null | head -20
# Check for OpenAPI/Swagger specs
find . -name "openapi*" -o -name "swagger*" -o -name "*.api.yaml" -o -name "*.api.json" 2>/dev/null | head -10
# Check for API consumers (external clients, mobile apps, other services)
grep -rn "fetch\|axios\|http\.\|HttpClient\|requests\." --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[affected-endpoint]"
2c. Database Impact # Find models/schemas related to the change
grep -rn "model\|schema\|entity\|@Entity\|@Table\|class.*Model\|class.*Schema" --include="*.ts" --include="*.js" --include="*.py" --include="*.java" src/db/ src/models/ src/entities/ app/models/ 2>/dev/null | grep -i "[keyword]"
# Find all queries that reference affected tables/columns
grep -rn "SELECT\|INSERT\|UPDATE\|DELETE\|FROM\|JOIN\|WHERE" --include="*.ts" --include="*.js" --include="*.py" --include="*.sql" src/ 2>/dev/null | grep -i "[table-or-column]"
# Find ORM queries referencing affected models
grep -rn "findOne\|findMany\|findAll\|create\|update\|delete\|where\|include\|select" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[model]"
# Check for existing migrations
ls -la src/db/migrations/ db/migrations/ migrations/ prisma/migrations/ 2>/dev/null | tail -10
# Check migration history count
find . -path "*/migrations/*" -name "*.ts" -o -name "*.js" -o -name "*.py" -o -name "*.sql" 2>/dev/null | wc -l
# Check for views, functions, triggers that reference the table
grep -rn "CREATE VIEW\|CREATE FUNCTION\|CREATE TRIGGER" --include="*.sql" . 2>/dev/null | grep -i "[table]"
# Check for indexes on affected columns
grep -rn "INDEX\|@@index\|add_index\|createIndex" --include="*.ts" --include="*.js" --include="*.py" --include="*.sql" --include="*.prisma" src/ prisma/ 2>/dev/null | grep -i "[column]"
2d. Service & Integration Impact # Find external service calls related to the change
grep -rn "fetch\|axios\|http\.\|requests\.\|HttpClient\|RestTemplate" --include="*.ts" --include="*.js" --include="*.py" --include="*.java" src/ 2>/dev/null | grep -i "[service-keyword]"
# Find message queue producers/consumers
grep -rn "publish\|subscribe\|emit\|on(\|producer\|consumer\|queue\|topic\|channel" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[keyword]"
# Find webhook endpoints
grep -rn "webhook\|callback\|notify" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null
# Find gRPC/protobuf definitions
find . -name "*.proto" 2>/dev/null | xargs grep -l "[keyword]" 2>/dev/null
# Find GraphQL schema references
grep -rn "type \|input \|query \|mutation \|subscription " --include="*.graphql" --include="*.gql" . 2>/dev/null | grep -i "[keyword]"
# Check for shared libraries/packages (monorepo)
cat package.json 2>/dev/null | grep -E "workspace|lerna|nx|turbo"
find . -name "package.json" -maxdepth 3 | xargs grep -l "[module]" 2>/dev/null
2e. Infrastructure Impact # Check Docker configuration
grep -rn "[keyword]" Dockerfile docker-compose.yml docker-compose.yaml 2>/dev/null
# Check CI/CD pipelines
grep -rn "[keyword]" .github/workflows/*.yml .gitlab-ci.yml Jenkinsfile bitbucket-pipelines.yml 2>/dev/null
# Check environment configuration
grep -rn "[keyword]" .env.example .env.sample .env.template 2>/dev/null
grep -rn "[keyword]" --include="*.yaml" --include="*.yml" --include="*.toml" --include="*.ini" config/ infra/ k8s/ terraform/ 2>/dev/null
# Check Kubernetes manifests
grep -rn "[keyword]" --include="*.yaml" --include="*.yml" k8s/ kubernetes/ helm/ 2>/dev/null
# Check Terraform/Infrastructure as Code
grep -rn "[keyword]" --include="*.tf" --include="*.tfvars" terraform/ infra/ 2>/dev/null
# Check nginx/reverse proxy config
grep -rn "[keyword]" --include="*.conf" --include="*.nginx" . 2>/dev/null
# Check monitoring/alerting config
grep -rn "[keyword]" --include="*.yaml" --include="*.yml" --include="*.json" monitoring/ alerts/ datadog/ grafana/ 2>/dev/null
2f. Test Impact # Find tests that cover the changing code
grep -rn "[module-or-function]" --include="*.test.*" --include="*.spec.*" --include="test_*" --include="*_test.*" . 2>/dev/null | grep -v "node_modules"
# Count affected test files
grep -rln "[module-or-function]" --include="*.test.*" --include="*.spec.*" --include="test_*" . 2>/dev/null | grep -v "node_modules" | wc -l
# Find e2e/integration tests that might break
grep -rn "[keyword]" --include="*.test.*" --include="*.spec.*" --include="*.cy.*" tests/e2e/ tests/integration/ cypress/ playwright/ 2>/dev/null
# Find test fixtures/mocks that reference affected code
grep -rn "[keyword]" --include="*.ts" --include="*.js" --include="*.py" tests/fixtures/ tests/mocks/ tests/helpers/ __mocks__/ 2>/dev/null
2g. Documentation Impact # Find docs referencing the changing code
grep -rn "[keyword]" --include="*.md" --include="*.mdx" --include="*.rst" --include="*.txt" docs/ README.md CONTRIBUTING.md 2>/dev/null
# Find API documentation
grep -rn "[keyword]" --include="*.yaml" --include="*.json" --include="*.md" docs/api/ openapi/ swagger/ 2>/dev/null
# Find inline documentation
grep -rn "@see\|@link\|@deprecated\|@since" --include="*.ts" --include="*.js" --include="*.py" src/ 2>/dev/null | grep -i "[keyword]"
# Find ADRs/decision records referencing this area
grep -rn "[keyword]" --include="*.md" docs/adr/ docs/decisions/ project-decisions/ 2>/dev/null
3. Dependency Graph
Direct Dependencies (Level 1) Things the changing code DEPENDS ON (upstream):
- [dependency 1] — [how it's used]
- [dependency 2] — [how it's used]
Things that DEPEND ON the changing code (downstream):
- [dependent 1] — [how it uses this code]
- [dependent 2] — [how it uses this code]
Transitive Dependencies (Level 2) Things that depend on Level 1 dependents:
- [dependent 1] → [level 2 dependent]
- [dependent 2] → [level 2 dependent]
Visual Dependency Map ┌─────────────┐
│ Changing │
│ Component │
└──────┬──────┘
│
┌────────────┼────────────┐
│ │ │
┌─────▼─────┐ ┌───▼─────┐ ┌───▼─────┐
│ Service A │ │ API │ │ Worker │
│ (direct) │ │ (direct)│ │ (direct)│
└─────┬──────┘ └───┬─────┘ └───┬─────┘
│ │ │
┌────▼────┐ ┌───▼────┐ ┌───▼────┐
│Frontend │ │Mobile │ │Reports │
│(indirect)│ │App │ │Service │
└─────────┘ │(indirect)│ │(indirect)│
└────────┘ └────────┘
4. Breaking Change Detection
API Breaking Changes Change Breaking? Impact Remove an endpoint 🔴 Yes All consumers must update Remove a field from response 🔴 Yes Consumers relying on field will break Rename a field 🔴 Yes All consumers must update field references Change field type 🔴 Yes Type parsing will fail for consumers Add required field to request 🔴 Yes Existing calls missing field will fail Add optional field to request 🟢 No Backward compatible Add field to response 🟢 No Consumers should ignore unknown fields Add new endpoint 🟢 No Additive, no existing code affected Change error format 🟡 Maybe If consumers parse error messages Change status codes 🟡 Maybe If consumers check specific codes Change pagination format 🔴 Yes All paginated consumers break Add rate limiting 🟡 Maybe High-volume consumers may be affected
Database Breaking Changes Change Breaking? Impact Add nullable column 🟢 No Existing queries unaffected Add non-nullable column without default 🔴 Yes INSERT statements fail Remove column 🔴 Yes SELECT, INSERT referencing column fail Rename column 🔴 Yes All queries referencing column fail Change column type 🟡 Maybe Depends on type compatibility Add table 🟢 No Additive Remove table 🔴 Yes All queries referencing table fail Add index 🟢 No Performance improvement, no behavior change Remove index 🟡 Maybe Performance degradation, possible timeouts Add constraint 🟡 Maybe Existing data may violate constraint Change primary key 🔴 Yes Foreign keys, joins, all references break
Shared Library Breaking Changes Change Breaking? Impact Remove exported function 🔴 Yes All importers fail Change function signature 🔴 Yes All callers must update Change return type 🔴 Yes All consumers of return value break Add optional parameter 🟢 No Backward compatible Change default value 🟡 Maybe Behavior change for callers relying on default Remove exported type 🔴 Yes TypeScript consumers fail to compile Change enum values 🔴 Yes Switch statements and comparisons break
5. Team & People Impact
Who Needs to Know Team/Person Why Action Needed [Frontend team] API contract changes Update API calls [Mobile team] API contract changes Update app, new release needed [DevOps] Infrastructure changes Update config, pipelines [QA] Test plan changes Update test cases, regression testing [Product] Feature behavior changes Update docs, notify customers [Security] Auth/data changes Security review [Support] User-facing changes Update runbooks, train team [Data team] Schema changes Update queries, dashboards, reports [Partner teams] API changes Coordinate migration timeline
Communication Plan | When | Who | Channel | Message |
|------|-----|---------|---------|
| Before starting | [team] | Slack #engineering | Heads up: we're changing X |
| Before deploy | [team] | Slack #deploys | Migration plan, expected downtime |
| During deploy | [team] | Slack #incidents | Status updates |
| After deploy | [team] | Slack #engineering | Completed, what to watch for |
| After validation | [stakeholders] | Email | Summary of changes |
6. Migration & Rollout Strategy
If Breaking Changes Exist Recommended rollout strategy:
Phase 1: Prepare (before any changes go live)
- [ ] Notify affected teams/consumers with timeline
- [ ] Create feature flag for gradual rollout
- [ ] Set up monitoring for affected endpoints/services
- [ ] Prepare rollback plan
Phase 2: Backward Compatible (deploy first)
- [ ] Add new code alongside old code
- [ ] Support both old and new format simultaneously
- [ ] Deploy and verify new code works
Phase 3: Migrate (gradual cutover)
- [ ] Migrate consumers one by one to new format
- [ ] Monitor error rates per consumer
- [ ] Keep old code path active as fallback
Phase 4: Cleanup (after all consumers migrated)
- [ ] Remove old code path
- [ ] Remove feature flag
- [ ] Update documentation
- [ ] Close migration tickets
Rollback Plan If something goes wrong:
Trigger: [What condition triggers a rollback]
- Error rate exceeds X%
- Latency exceeds Xms p99
- Data inconsistency detected
- Customer reports exceed X
Rollback steps:
1. [Revert deployment to previous version]
2. [Run down migration if database changed]
3. [Restore config/env vars if changed]
4. [Notify affected teams]
5. [Investigate root cause]
Estimated rollback time: [X minutes]
Data loss risk during rollback: [None / Possible — describe]
7. Risk Matrix
Impact vs Likelihood LIKELIHOOD
Low Medium High
┌────────┬─────────┬─────────┐
High │ 🟡 │ 🟠 │ 🔴 │
│ Monitor│ Plan │ Mitigate │
I ───────┼────────┼─────────┼─────────┤
M Medium │ 🟢 │ 🟡 │ 🟠 │
P │ Accept │ Monitor │ Plan │
A ───────┼────────┼─────────┼─────────┤
C Low │ 🟢 │ 🟢 │ 🟡 │
T │ Accept │ Accept │ Monitor │
└────────┴─────────┴─────────┘
Risk Register
| Risk | Likelihood | Impact | Score | Mitigation | Owner ---|---|---|---|---|---|---
8. Checklist by Change Type
API Change Checklist
All consumers identified and notified
Backward compatibility period defined
API versioning strategy determined
OpenAPI/Swagger spec updated
Client SDKs updated (if any)
Rate limits reviewed
Error responses documented
Integration tests updated
API documentation updated
Changelog entry added
Mobile app release scheduled (if applicable)
Database Change Checklist
Migration is reversible (up and down)
Migration tested on production-size data
Migration time estimated (minutes? hours?)
Downtime window scheduled (if needed)
Backfill strategy defined (if adding non-nullable columns)
Indexes planned for new columns used in WHERE/JOIN
ORM models updated
Affected queries identified and updated
Affected reports/dashboards identified
Backup verified before migration
Service Migration Checklist
All integration points mapped
Feature parity verified (new service does everything old one does)
Configuration migrated (env vars, secrets)
Monitoring and alerting configured
Runbooks updated
DNS/routing changes planned
Rollback procedure documented
Data migration plan (if applicable)
Load testing performed on new service
Team trained on new service
Infrastructure Change Checklist
All affected services identified
Configuration changes documented
Secrets/credentials rotated if needed
CI/CD pipelines updated
Monitoring dashboards updated
Alert thresholds reviewed
Disaster recovery plan updated
Capacity planning reviewed
Security group/firewall rules reviewed
DNS propagation time accounted for
Shared Library Change Checklist
All consumers identified (grep for imports)
Semantic version bump determined (major/minor/patch)
Breaking changes documented in CHANGELOG
Migration guide written for breaking changes
Consumers tested with new version
Published to package registry
Consumers updated and deployed
Output Document Template Save to project-decisions/YYYY-MM-DD-impact-[topic].md:
# Impact Analysis: [Title of the Proposed Change]
**Date:** YYYY-MM-DD
**Requested by:** [Name]
**Analyzed by:** [Name]
**Change type:** [Feature / Migration / Refactor / Infrastructure / API Change]
**Risk level:** [🟢 Low / 🟡 Medium / 🟠 High / 🔴 Critical]
---
## Proposed Change
[Clear description of what's changing and why]
## Blast Radius Summary
| Area | Impact Level | Details |
|------|-------------|---------|
| **Source code** | X files | [List key files] |
| **API endpoints** | X endpoints | [List affected endpoints] |
| **Database** | X tables/columns | [List affected tables] |
| **Services** | X services | [List affected services] |
| **Infrastructure** | [Yes/No] | [What changes] |
| **Tests** | X test files | [Tests that need updating] |
| **Documentation** | X docs | [Docs that need updating] |
| **Teams affected** | X teams | [List teams] |
| **External consumers** | X consumers | [List consumers] |
## Dependency Map
[ASCII diagram showing affected components and their relationships]
## Breaking Changes
| Change | Type | Who's Affected | Migration Path |
|--------|------|---------------|----------------|
| [Change 1] | API / DB / Library | [Consumer] | [How to migrate] |
## Impact by Area
### Code Impact
[Details of affected files, functions, modules]
### API Impact
[Details of affected endpoints, request/response changes]
### Database Impact
[Details of schema changes, migrations, data backfill]
### Infrastructure Impact
[Details of config, deployment, monitoring changes]
### Team Impact
[Who needs to know, what they need to do]
## Risk Assessment
| Risk | Likelihood | Impact | Mitigation |
|------|-----------|--------|------------|
| [Risk 1] | H/M/L | H/M/L | [Approach] |
## Rollout Strategy
[Phased rollout plan if breaking changes exist]
## Rollback Plan
[How to revert if things go wrong]
## Checklist
[Relevant checklist based on change type]
## Recommendation
**Proceed: [Yes / Yes with conditions / Needs more analysis / No]**
[Reasoning and conditions]
## Next Steps
1. [ ] [Action item 1]
2. [ ] [Action item 2]
3. [ ] [Action item 3]
---
## Decision Log
| Date | Event | By |
|------|-------|----|
| YYYY-MM-DD | Impact analysis requested | [Name] |
| YYYY-MM-DD | Analysis completed | [Name] |
| YYYY-MM-DD | Decision: [proceed/defer/reject] | [Name] |
After saving, update the project-decisions index:
# Update README.md index
echo "# Project Decisions\n" > project-decisions/README.md
echo "| Date | Decision | Type | Status |" >> project-decisions/README.md
echo "|------|----------|------|--------|" >> project-decisions/README.md
for f in project-decisions/2*.md; do
date=$(basename "$f" | cut -d'-' -f1-3)
title=$(head -1 "$f" | sed 's/^# //' | sed 's/^Impact Analysis: //' | sed 's/^Tech Decision: //')
type="Impact Analysis"
echo "$f" | grep -q "impact" || type="Tech Decision"
status=$(grep "^**Status:**\|^**Proceed:**" "$f" | head -1 | sed 's/.*: //' | sed 's/\*//g')
echo "| $date | [$title](./$(basename $f)) | $type | $status |" >> project-decisions/README.md
done
Adaptation Rules
Always save to file — every analysis gets persisted in project-decisions/Scale to the change — small config change gets 1-page analysis, major migration gets full treatmentBe exhaustive on blast radius — it's better to flag a false positive than miss a real dependencyScan the actual codebase — don't guess, grepInclude transitive dependencies — the thing that depends on the thing you're changingQuantify — "15 files affected" not "some files affected"Identify the scariest risk — lead with what could go most wrongAlways include rollback — every change needs a way backConsider timing — same change might be fine in a quiet week but risky during peak trafficThink about data — code can be reverted instantly, data changes cannot
Summary End every impact analysis with:
Blast radius — one-line summary (e.g., "Affects 3 services, 15 files, 2 API endpoints, 1 DB table")Risk level — 🟢 Low / 🟡 Medium / 🟠 High / 🔴 CriticalBreaking changes — count and summaryTeams to notify — who needs a heads upBiggest risk — single most important riskRecommendation — proceed / proceed with conditions / needs spike / don't proceedFile saved — confirm the document location React 组合模式指南:Vercel 组件架构最佳实践,提升代码可维护性
109,600 周安装
