Risk Levels

Zeno uses four severity levels: Critical, High, Medium, and Low. Risk is always consequence-based — what happens if a bad change reaches production.

Critical

A bad change can cause:

• Authentication bypass
• Payment failure
• Data loss or corruption
• Security exposure
• Irreversible writes
• Production outage

Critical is rare. Zeno reserves it for paths where the blast radius is severe and often irreversible.

High

A bad change can cause:

• User-facing flow failure
• External API or webhook breakage
• Environment secret exposure
• Form submission or data write failure
• Business logic failure that reaches users

High issues are usually reversible, but they affect users or external systems directly.

Medium

A bad change can cause:

• Localized failure that is easy to detect and recover from
• Degraded behavior in complex or large files
• Maintainability problems that compound over time

Medium signals flag technical debt and complexity, not immediate production risk.

Low

A bad change affects:

• Isolated, presentational, or cosmetic code
• Utility functions with no external dependencies
• Simple, well-contained logic with no behavioral consequence

Low-risk files are generally safe to clean up with confidence.

What does NOT make something Critical

Zeno will not mark a file Critical solely because:

• The file is large
• The file has no tests
• The file uses browser globals
• The file has no exports
• The code is messy or hard to read

These are maintainability signals, not severity signals. A messy file is at most Medium until its specific behavior carries severe production consequence.