Quick Start

This guide walks you through one complete workflow end to end: the Blast Radius recipe running on GitHub Actions. When you open a pull request, an agent maps the changed code to its real production usage and posts a 0–100 risk score as a PR comment.

It's the fastest way to see an agentic workflow in action. Once it's working, swap in any other recipe or runner from the rest of this section.

📘
What you'll need

A GitHub repository whose service(s) are instrumented with Hud and reporting production data.

A Hud MCP key — app.hud.io → Settings → API keys.

An Anthropic API key — console.anthropic.com. (Using AWS Bedrock instead? See model authentication in the FAQ.)

Step 1 — Copy the workflow files

From the github-actions-claude template, copy these three files into your repo, keeping the same paths:

.github/workflows/pr-blast-radius.yml      # the workflow + PR trigger
.github/actions/blast-radius/action.yml    # installs Claude CLI, configures Hud MCP, runs the prompt
.github/actions/blast-radius/blast-radius-prompt.txt   # the recipe prompt

The action.yml writes a .mcp.json that wires up the Hud MCP server, then runs the prompt against the PR diff.

Step 2 — Add your secrets

In GitHub: Settings → Secrets and variables → Actions → New repository secret. Add both:

Secret	Where it comes from
`HUD_MCP_KEY`	app.hud.io → Settings → API keys
`ANTHROPIC_API_KEY`	console.anthropic.com

🚧
Fork safety
This workflow uses the pull_request_target trigger so it can post comments and read secrets. That trigger runs in the context of your base branch with access to secrets, including on PRs from forks. Only enable it on repos where you trust contributors, or add an author/label guard. See running on pull requests safely.

Step 3 — Test it manually

Before wiring it to PRs, confirm it runs:

Go to Actions → PR Blast Radius → Run workflow.
Watch the logs. The agent will connect to Hud, resolve the changed functions, and produce a report.

If you see a blast-radius score in the run output, the plumbing works.

Step 4 — Open a pull request

Open (or update) a PR that touches instrumented code. Within a minute or two, the workflow runs and the agent posts a comment like this:

Blast Radius score posted as a PR comment

The comment includes:

A 0–100 Blast Radius Score and a risk level (Low / Medium / High / Critical).
Affected endpoints and functions, ranked by production traffic.
A score breakdown explaining the rating.

If the PR doesn't touch any Hud-tracked functions, the agent exits early and says so — no noise.

What just happened

PR opened
   │
   ▼
GitHub Actions runs the composite action
   │   • installs the Claude Code CLI
   │   • writes .mcp.json with your HUD_MCP_KEY
   ▼
Agent runs the blast-radius prompt
   │   • extracts changed function names from the diff
   │   • queries Hud for their production metrics
   │   • scores impact and ranks affected endpoints
   ▼
Agent posts the report as a PR comment

Next steps

Tune it. The prompt accepts a config block (lookback window, scoring weights, row limits). See the Recipe Catalog.
Pick a different runner. Prefer Cursor, gh-aw, or a scheduled Claude routine? See Choosing a Runner.
Add more recipes. Schedule a Weekly Report or gate deploys with a Rollback Check.
Check the FAQ. Cost, security, and scoping are covered in FAQ & Best Practices.

Need Help? Chat with our support team or email us at [email protected].