You can tell which commits matter.
Your AI agent can’t.
Twira gives your AI agent the same triage instinct you have when you scan a git log, every change rated RED, YELLOW or GREEN by the kind of file that changed and what is in it. Browse the queue. Rate a change before commit. Mark items reviewed.
“Reviewed the docs change as carefully as the auth change.”
No instinct for what mattered.
“Skipped the `.env.production` commit.”
Treated every commit the same.
“Spent twenty minutes on a stylesheet rename.”
Couldn’t triage by risk.
“Approved a Dockerfile change without flagging it.”
No notion that infrastructure files are different.
You have instinct. Your agent doesn’t. Twira gives it a triage scheme.
listRisk-rated recent changes. Filter by severity. See what needs review.
rateClassify any file change ad-hoc. RED, YELLOW, GREEN with a reason.
reviewMark an item handled. Drops out of the active queue.
Sensitivity scale
You ask
“Anything risky in the last 24 hours of commits?”
Twira instantly
- pulls recent commits from git history
- classifies each by file path (auth, crypto, CI, lockfiles → RED)
- cross-checks content patterns (private keys, password strings)
- groups by severity
- excludes anything already marked reviewed
Three RED, eight YELLOW, the rest GREEN. You review the three.
How the agent uses this
Agent calls `risk` via MCP. `action: "list" / "review" / "rate"`. Severities RED / YELLOW / GREEN.
When you reach for it
- Morning triage, `twira risk list --severity RED` shows everything that landed overnight that deserves a look.
- Pre-merge sanity check, rate the change before pushing the PR (`twira risk rate path/to/file.ts --change-type M`).
- PR review prioritisation, when a PR touches 30 files, Risk tells you which 3 to read first.
- Mark an item reviewed (`twira risk review <id>`) so the next morning’s list stays clean.
See it work
$ twira risk list --severity REDTechnical depth, for engineers who want it
In your editor
You scan a git log and your eyebrow twitches at the right commits. `auth.ts` makes you pause. `README.md` does not. `.env.production` makes you stop scrolling. Years of pattern-matching from your engineering brain, applied unconsciously every time you read a diff. You do not even think about it.
What Risk does
Risk gives your AI agent the same triage instinct, made deterministic. Every change is classified by path keywords (auth, crypto, CI, lockfiles → RED; API, config, payments, migrations → YELLOW; tests, docs, styles → GREEN) and content patterns (private keys, password strings, tokens). Three actions: `list` shows risk-rated recent changes (filterable, reviewed-or-not); `rate` classifies a single file change ad-hoc (useful before commit, before a PR); `review` marks an item handled so it drops out of the active queue.
How it actually works
Risk is the lightweight triage view that lives alongside the heavier Diagnose surface. While Diagnose runs a full detector pipeline against your code, Risk rates **recent changes from git history** by severity, RED, YELLOW, GREEN, so you can spot the hotspots before doing a deeper inspection.
Three actions cover the full workflow. **`list`** browses risk-rated recent changes, filtered by severity, with the ability to include or exclude already-reviewed items. **`review`** marks a risk item as inspected so it stops showing in your daily list. **`rate`** is the one-off helper for rating a file change before it’s been committed, paste in a path and a change type (added / modified / deleted / renamed) and you get a severity rating without needing the change to be in git yet.
Risk is intentionally cheap to use. The agent can call it as a fast pre-flight before deciding whether to suggest a refactor (RED = pause, get human review). You can call it yourself as a tab of your morning routine, what landed in the codebase overnight, which of those changes need eyes. It pairs naturally with Diagnose: Risk tells you *where* to look closer, Diagnose tells you *what specifically* is wrong.
Built on the same git history every developer already has access to, no special enrichment, no proprietary data sources. The risk severity calculation is deterministic and explainable: the same git log gives the same rating, every time.
What it isn’t
- Risk classifies by path keywords and content patterns, not by analysing semantic intent. It tells you what KIND of file changed, not what the change actually DOES.
- RED, YELLOW and GREEN classify the kind of file at risk, not the certainty that something is broken. A RED commit may be fine; a GREEN commit may break things. The label is a triage hint, not a verdict.
- `list` reads risk items already in the database, populated when the indexer processes git history. `rate` works on any file right now without needing a commit.
- Free tier. No Pro gate, no licence check. Same severity scheme as Impact and Diagnose so the colours mean the same thing across every tool.
One install. Your agent will know the difference in the first session.
$ curl -fsSL twira.com/install.sh | sh