Documentation Index
Fetch the complete documentation index at: https://docs.getunblocked.com/llms.txt
Use this file to discover all available pages before exploring further.
Code Review Risk Assessment adds a risk signal to Unblocked’s automated pull request reviews.
You define the kinds of changes your team considers risky, and Unblocked scores each PR against those policies.
Teams can use that score to approve routine changes faster while keeping human reviewers focused on work that needs closer judgment.
How it works
Risk assessment runs after Unblocked completes a pull request review without finding any issues.
At that point, Unblocked reads the risk policy file from your repository’s default branch and checks the PR changes against each policy.
It then adds a report with a risk score — lowest, low, medium, high, or highest — and an explanation for the score.
Unblocked uses the policy from the default branch, not policy changes proposed in the PR.
This keeps the risk score tied to the rules your team has already accepted.
If the risk score is low or lowest, Unblocked approves the pull request.
For higher-risk changes, Unblocked posts the report without approval so reviewers can see what needs attention.
Setup
Risk assessment is enabled per repository. To turn it on for a repository, add a policy file that describes which kinds of changes your team considers risky.
Create a risk policy file
Create a risk policy file in the root of your Git repository..unblocked/risk-policies.yaml
Populate the policy file
Add repository context and policies using the examples and schema below.
Commit the policy file
Commit and push the file to the default branch.
Sample policies
Start with a small set of policies that cover the changes your team wants
to treat with extra care. Write each policy so it can be evaluated on its
own, without relying on another policy or an external definition.
If you need to add general guidance or background information, add it to
the optional context section.
# .unblocked/risk-policies.yaml
context: >
This repository includes customer authentication and billing code.
Changes to either area should be reviewed carefully.
policies:
- policy: Authentication changes
risk: highest
criteria: >
The PR changes sign-in, session management, permissions,
or authentication tokens.
- policy: Database changes
risk: high
criteria: >
The PR changes database schema, migrations, ORM models,
or destructive data operations.
- policy: Dependency updates
risk: medium
criteria: >
The PR updates runtime dependencies, lockfiles, build plugins,
or generated clients.
Schema
The policy file is YAML. It can include optional repository context and
one or more independent policies. Each policy names a kind of change and
the risk Unblocked should assign when it matches.
title: Unblocked Risk Policies
type: object
required:
- policies
additionalProperties: false
properties:
context:
description: >
Optional repository background for interpreting policies.
Use this for stable domain context, key systems,
ownership boundaries, or terminology.
type: string
minLength: 2
maxLength: 4000
policies:
description: >
Risk policies evaluated against a pull request.
Each policy is evaluated independently. When multiple
policies match, Unblocked uses the highest risk.
type: array
minItems: 1
items:
type: object
required:
- policy
- risk
- criteria
additionalProperties: false
properties:
policy:
description: >
Short, human-readable name for this policy.
This is shown in review output and settings.
type: string
minLength: 2
maxLength: 80
risk:
description: >
Risk level assigned when this policy matches.
When multiple policies match, Unblocked uses the
highest risk.
type: string
enum:
- lowest
- low
- medium
- high
- highest
criteria:
description: >
Self-contained condition for when this policy applies.
Describe only the PR changes that should trigger it.
type: string
minLength: 2
maxLength: 2000
