@windyroad/risk-scorer 0.11.2 → 0.11.3-preview.479

package/.claude-plugin/plugin.json

@@ -310,5 +310,5 @@
     }
   },
   "name": "wr-risk-scorer",
-  "version": "0.11.2"
+  "version": "0.11.3"
 }

package/hooks/external-comms-gate.sh

@@ -14,6 +14,14 @@
 #   - gh api .../comments                         (any REST surface accepting prose)
 #   - npm publish                                 (README / package metadata to npm)
 #   - PreToolUse:Write|Edit on .changeset/*.md    (P073 — gates author-time)
+#   - git commit -m / --message (incl. HEREDOC)   (P082 Phase 1 — commit message
+#                                                  body reaches every reader of git
+#                                                  log, PR commits tab, release-page
+#                                                  auto-notes, CHANGELOG. Editor
+#                                                  flow is out of scope per P082 SC1
+#                                                  — message is written to
+#                                                  .git/COMMIT_EDITMSG AFTER
+#                                                  PreToolUse, nothing to read.)
 #
 # Gate behaviour:
 #   1. BYPASS_RISK_GATE=1 short-circuits the gate (consistent with git-push-gate.sh).
@@ -144,20 +152,59 @@ except Exception:
             SURFACE="gh-api-comments"
         elif echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*npm publish(\s|$)'; then
             SURFACE="npm-publish"
+        elif echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*git commit(\s|$)'; then
+            # P082 Phase 1: gate `git commit -m / --message / HEREDOC` so commit
+            # message bodies are reviewed by the voice-tone + risk evaluators
+            # before they land in git log / PR commits tab / release notes /
+            # CHANGELOG. Editor flow (bare `git commit`) is out of scope per
+            # P082 SC1 — git writes .git/COMMIT_EDITMSG AFTER PreToolUse fires,
+            # so there's no body to extract at gate time. Skip silently when
+            # neither -m nor --message is present.
+            if echo "$COMMAND" | grep -qE '(\s|^)(-m|--message)(\s|=)'; then
+                SURFACE="git-commit-message"
+            else
+                exit 0
+            fi
         else
             exit 0
         fi
 
-        # Best-effort body extraction: --body 'TEXT' or --body "TEXT" or --field summary='TEXT'.
-        # When absent (npm publish, --body-file), DRAFT="" is acceptable: the agent will
-        # be invoked with command context and read whatever body source the call uses.
+        # Best-effort body extraction. Order matters — most-specific first.
+        #
+        #   HEREDOC first: `git commit -m "$(cat <<'EOF'\n...\nEOF\n)"` is the
+        #     AI-dominant form. Must precede --body "..." / -m "..." because
+        #     those would otherwise match the literal `$(cat <<'EOF'...EOF)`
+        #     text as the body, defeating the marker key match against the
+        #     subagent's <draft> body.
+        #   Then --body / --field for the gh + npm + security-advisories surfaces.
+        #   Then -m / --message for git commit (single-line literal forms).
+        #
+        # When absent (npm publish, --body-file, editor flow already filtered),
+        # DRAFT="" is acceptable: the agent will be invoked with command
+        # context and read whatever body source the call uses.
         DRAFT=$(printf '%s' "$COMMAND" | python3 -c "
 import sys, re
 cmd = sys.stdin.read()
-# Match --body '...' or --body \"...\" or --field summary='...'
-for pat in [r\"--body[= ]'([^']*)'\", r'--body[= ]\"([^\"]*)\"',
-            r\"--field [a-zA-Z_]+='([^']*)'\", r'--field [a-zA-Z_]+=\"([^\"]*)\"']:
-    m = re.search(pat, cmd)
+# (pattern, flags) — first match wins.
+patterns = [
+    # HEREDOC body — matches a here-doc with EOF delimiter (quoted or
+    # unquoted). The literal '<<' is written as the char-class pair
+    # [<][<] so bash's command-substitution parser does NOT mis-parse
+    # this regex as a real here-doc operator (P082 implementation note).
+    # DOTALL so the body can span newlines.
+    (r\"[<][<]\s*['\\\"]?EOF['\\\"]?\s*\n(.*?)\nEOF\", re.DOTALL),
+    # gh issue/pr + npm publish --body 'TEXT' / --body \"TEXT\" (existing).
+    (r\"--body[= ]'([^']*)'\", 0),
+    (r'--body[= ]\"([^\"]*)\"', 0),
+    # gh api --field summary='TEXT' / --field summary=\"TEXT\" (existing).
+    (r\"--field [a-zA-Z_]+='([^']*)'\", 0),
+    (r'--field [a-zA-Z_]+=\"([^\"]*)\"', 0),
+    # git commit -m / --message single-line literal forms (P082 Phase 1).
+    (r\"(?:-m|--message)[= ]'([^']*)'\", 0),
+    (r'(?:-m|--message)[= ]\"([^\"]*)\"', 0),
+]
+for pat, flags in patterns:
+    m = re.search(pat, cmd, flags)
     if m:
         print(m.group(1))
         break

package/hooks/test/external-comms-gate.bats

@@ -224,3 +224,95 @@ run_hook() {
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
+
+# ---------------------------------------------------------------------------
+# P082 Phase 1 — git commit message surface (risk evaluator).
+# Commit messages reach git log / PR commits tab / release notes /
+# CHANGELOG. The risk evaluator gates the body for leak patterns
+# (credentials, prod URLs, business-context-paired financials/user counts)
+# AND defers structured leak-free drafts to the wr-risk-scorer:external-comms
+# subagent. Editor flow (bare `git commit`) is out of scope per P082 SC1.
+# ---------------------------------------------------------------------------
+
+@test "P082: git commit -m with leak-shaped credential body denies via leak pre-filter" {
+  INPUT=$(build_bash_input "git commit -m \"docs: token=${GH_TOKEN_LIKE}\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+  [[ "$output" == *"GitHub token"* ]] || [[ "$output" == *"credential"* ]]
+}
+
+@test "P082: git commit -m with leak-free body denies and delegates to risk evaluator" {
+  INPUT=$(build_bash_input "git commit -m \"fix(foo): handle null input\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+  [[ "$output" == *"wr-risk-scorer:external-comms"* ]]
+}
+
+@test "P082: git commit --amend -m is intercepted (P082 SC2)" {
+  INPUT=$(build_bash_input "git commit --amend -m \"rewritten subject\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+}
+
+@test "P082: git commit HEREDOC body is intercepted and the body becomes the marker key" {
+  # Build a HEREDOC-shaped command. The hook regex pulls the body BETWEEN
+  # the <<'EOF' opener and the closing EOF marker — the extracted DRAFT is
+  # the inner text, NOT the literal `$(cat <<'EOF' ... EOF)` wrapper.
+  BODY=$'feat(foo): add bar\n\nWe observed a build failure on Node 20.'
+  CMD=$'git commit -m "$(cat <<\'EOF\'\n'"$BODY"$'\nEOF\n)"'
+  INPUT=$(build_bash_input "$CMD")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+
+  # Pre-place the per-evaluator marker keyed on the extracted HEREDOC body
+  # + the git-commit-message surface; the second run must permit silently.
+  SURFACE="git-commit-message"
+  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
+  touch "${RDIR}/external-comms-risk-reviewed-${KEY}"
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: bare git commit (editor flow) is silently allowed per SC1" {
+  # No -m / --message → .git/COMMIT_EDITMSG doesn't exist at PreToolUse
+  # time. Phase 1 skip is pragmatic; the editor flow has user-eyeballs.
+  INPUT=$(build_bash_input "git commit")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: git merge is silently allowed (not a git commit verb, SC3)" {
+  INPUT=$(build_bash_input "git merge --no-ff feature-branch")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: BYPASS_RISK_GATE=1 short-circuits the git commit gate" {
+  INPUT=$(build_bash_input "git commit -m \"fix(foo): handle null input\"")
+  run bash -c "cd '$TEST_PROJECT_DIR' && BYPASS_RISK_GATE=1 printf '%s' \"\$1\" | BYPASS_RISK_GATE=1 '$HOOK'" _ "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: per-evaluator marker keyed on (body, git-commit-message) permits the call" {
+  BODY="docs(retro): close iter 3 ask-hygiene trail"
+  SURFACE="git-commit-message"
+  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
+  touch "${RDIR}/external-comms-risk-reviewed-${KEY}"
+
+  INPUT=$(build_bash_input "git commit -m \"$BODY\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/risk-scorer",
-  "version": "0.11.2",
+  "version": "0.11.3-preview.479",
   "description": "Pipeline risk scoring, commit/push gates, and secret leak detection",
   "bin": {
     "windyroad-risk-scorer": "./bin/install.mjs"

package/scripts/drain-register-queue.sh

@@ -48,7 +48,6 @@ set -uo pipefail
 PROJECT_ROOT="${1:-$(pwd)}"
 QUEUE_FILE="${PROJECT_ROOT}/.afk-run-state/risk-register-queue.jsonl"
 RISKS_DIR="${PROJECT_ROOT}/docs/risks"
-TEMPLATE_FILE="${RISKS_DIR}/TEMPLATE.md"
 README_FILE="${RISKS_DIR}/README.md"
 
 emit_no_op() {
@@ -63,7 +62,7 @@ if [ ! -f "$QUEUE_FILE" ] || [ ! -s "$QUEUE_FILE" ]; then
   exit 0
 fi
 
-if [ ! -d "$RISKS_DIR" ] || [ ! -f "$TEMPLATE_FILE" ] || [ ! -f "$README_FILE" ]; then
+if [ ! -d "$RISKS_DIR" ] || [ ! -f "$README_FILE" ]; then
   emit_no_op
   exit 0
 fi
@@ -80,7 +79,7 @@ ORIGIN_MAX="${ORIGIN_MAX:-0}"
 # so R099 → 099 → "value too great for base" without the 10# prefix.
 NEXT_ID=$(( (10#$LOCAL_MAX > 10#$ORIGIN_MAX ? 10#$LOCAL_MAX : 10#$ORIGIN_MAX) + 1 ))
 
-DRAIN_RESULT=$(python3 - "$QUEUE_FILE" "$RISKS_DIR" "$TEMPLATE_FILE" "$README_FILE" "$NEXT_ID" "$PROJECT_ROOT" <<'PYEOF'
+DRAIN_RESULT=$(python3 - "$QUEUE_FILE" "$RISKS_DIR" "$README_FILE" "$NEXT_ID" "$PROJECT_ROOT" <<'PYEOF'
 import json
 import os
 import re
@@ -88,7 +87,7 @@ import sys
 from collections import OrderedDict
 from datetime import datetime
 
-queue_file, risks_dir, template_file, readme_file, next_id_str, project_root = sys.argv[1:7]
+queue_file, risks_dir, readme_file, next_id_str, project_root = sys.argv[1:6]
 next_id = int(next_id_str)
 
 hints = []
@@ -121,7 +120,7 @@ for h in hints:
 
 existing = {}
 for fn in os.listdir(risks_dir):
-    if fn in ('README.md', 'TEMPLATE.md'):
+    if fn == 'README.md':
         continue
     m = re.match(r'^R(\d+)-(.+)\.active\.md$', fn)
     if m:

package/scripts/test/drain-register-queue.bats

@@ -18,33 +18,13 @@ setup() {
   git config user.email "drain-test@example.com"
   git config user.name "Drain Test"
   git commit --quiet --allow-empty -m "init"
-  # Mock template + README + a single seeded R-file
-  # NOTE: TEMPLATE.md was wiped from canonical docs/risks/ per the 2026-05-04
-  # user direction ("FFS WIPE THE RXXX risks ... THEY ARE WRONG"; commit 8edaf7b).
-  # The drain script (ADR-056 Phase 2b) still gates on TEMPLATE.md existence at
-  # line 66 and accepts the path as an unused argument; the gate is vestigial
-  # but unchanged in this iter. Tests synthesise fixture-local TEMPLATE.md +
-  # an old-shape R001-...active.md inline so the drain contract is exercised
-  # end-to-end without depending on the canonical (post-wipe) state. The
-  # divergence between the drain script's expected R-file shape (.active.md
-  # with structured frontmatter) and the canonical post-wipe R-file shape
-  # (bare .md without status frontmatter, slug-only body) is captured as P171
-  # (docs/problems/171-drain-register-queue-script-and-tests-reference-
-  # obsolete-pre-wipe-r-file-shape.open.md). This synthetic-fixture pattern
-  # is the workaround until P171's fix lands.
+  # Seed README + a single R-file fixture matching the canonical .active.md
+  # shape. P171 resolved 2026-05-31: drain script's vestigial TEMPLATE.md gate
+  # was removed (it was a pre-wipe-direction residual). Canonical docs/risks/
+  # has NO TEMPLATE.md per the 2026-05-04 user direction (commit 8edaf7b) +
+  # the canonical .active.md suffix per commit 9b52610. Seeded R-file uses the
+  # canonical shape; tests no longer synthesize a fixture-local TEMPLATE.md.
   mkdir -p docs/risks .afk-run-state
-  cat > docs/risks/TEMPLATE.md <<'TEMPLATE_EOF'
-# Risk RNNN: <title>
-
-**Status**: Active
-**Category**: <category>
-**Identified**: <YYYY-MM-DD>
-**Owner**: <owner>
-
-## Description
-
-<description>
-TEMPLATE_EOF
   cp "$REPO_ROOT/docs/risks/README.md" docs/risks/README.md
   cat > docs/risks/R001-confidential-info-leak-via-public-repo-push.active.md <<'R001_EOF'
 # Risk R001: Confidential info leak via public repo push
@@ -325,3 +305,22 @@ EOF
   echo "$output" | grep -q '^new_risks_created=1$'
   [ -f docs/risks/R002-good-line.active.md ]
 }
+
+@test "drain succeeds against canonical (post-wipe) docs/risks/ with NO TEMPLATE.md (P171)" {
+  # P171 regression coverage. The 2026-05-04 wipe direction (commit 8edaf7b)
+  # removed TEMPLATE.md from canonical docs/risks/; commit 9b52610 then re-
+  # canonicalized the R-file suffix to .active.md. The drain script previously
+  # gated on TEMPLATE.md existence and would silent-no-op against the canonical
+  # (TEMPLATE.md-absent) state. This test asserts the gate is gone: a queue with
+  # one hint MUST materialize a register entry even without TEMPLATE.md.
+  rm -f docs/risks/TEMPLATE.md
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/p171.md","reason_tag":"above-appetite-residual","risk_slug":"p171-canonical-fire","slug_source":"agent","prefill":"Canonical post-wipe drain works without TEMPLATE.md."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=1$'
+  echo "$output" | grep -q '^new_risks_created=1$'
+  echo "$output" | grep -q '^next_action=commit-staged$'
+  [ -f docs/risks/R002-p171-canonical-fire.active.md ]
+}