@windyroad/risk-scorer 0.11.3 → 0.12.0-preview.512

package/.claude-plugin/plugin.json

@@ -310,5 +310,5 @@
     }
   },
   "name": "wr-risk-scorer",
-  "version": "0.11.3"
+  "version": "0.12.0"
 }

package/bin/wr-risk-scorer-drain-register-queue

@@ -1,2 +1,51 @@
 #!/usr/bin/env bash
-exec "$(dirname "$0")/../scripts/drain-register-queue.sh" "$@"
+# Generated by scripts/sync-shim-wrappers.sh from
+# packages/shared/lib/shim-wrapper-template.sh. DO NOT EDIT individual
+# shim files in packages/*/bin/wr-* directly; edit the template + run
+# `npm run sync:shim-wrappers` to regenerate.
+#
+# Resolution (ADR-080):
+#   1. If the wrapper's parent dir is semver-shaped, treat as installed-
+#      cache execution and resolve to the highest-version sibling's
+#      scripts/ entry below.
+#   2. Otherwise (parent dir is e.g. `architect`), treat as source-
+#      monorepo execution and dispatch to own scripts/. The source-repo-
+#      guard `exec` is the anchor parsed by
+#      packages/retrospective/scripts/check-tarball-shipped-shims.sh.
+#   3. If the cache parent contains zero semver-shaped siblings, exit
+#      127 with a stderr message naming the cache parent (per SQ-080-2).
+#
+# @adr ADR-080 (highest-version-wins shim wrapper plugin scaffold)
+# @adr ADR-049 (plugin-bundled scripts resolve via bin/ on $PATH — amended)
+# @problem P343 (mid-session staleness window)
+
+set -euo pipefail
+
+SHIM_DIR="$(cd "$(dirname "$0")" && pwd)"
+OWN_VERSION_DIR="$(dirname "$SHIM_DIR")"
+OWN_VERSION_NAME="$(basename "$OWN_VERSION_DIR")"
+CACHE_PARENT="$(dirname "$OWN_VERSION_DIR")"
+
+SEMVER_RE='^[0-9]+\.[0-9]+\.[0-9]+([-+][0-9A-Za-z.-]+)?$'
+
+# Source-repo guard: own parent dir is NOT semver → dispatch to own scripts/.
+if ! [[ "$OWN_VERSION_NAME" =~ $SEMVER_RE ]]; then
+  exec "$SHIM_DIR/../scripts/drain-register-queue.sh" "$@"
+fi
+
+# Cache execution: pick the highest-semver sibling under CACHE_PARENT.
+HIGHEST=""
+while IFS= read -r dir; do
+  name="$(basename "$dir")"
+  [[ "$name" =~ $SEMVER_RE ]] || continue
+  if [[ -z "$HIGHEST" ]] || [[ "$(printf '%s\n%s\n' "$HIGHEST" "$name" | sort -V | tail -1)" == "$name" ]]; then
+    HIGHEST="$name"
+  fi
+done < <(find "$CACHE_PARENT" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+
+if [[ -z "$HIGHEST" ]]; then
+  printf 'wr-shim: no cached versions in %s\n' "$CACHE_PARENT" >&2
+  exit 127
+fi
+
+exec "$CACHE_PARENT/$HIGHEST/scripts/drain-register-queue.sh" "$@"

package/bin/wr-risk-scorer-evaluate-graduation

@@ -1,2 +1,51 @@
 #!/usr/bin/env bash
-exec "$(dirname "$0")/../scripts/evaluate-graduation.sh" "$@"
+# Generated by scripts/sync-shim-wrappers.sh from
+# packages/shared/lib/shim-wrapper-template.sh. DO NOT EDIT individual
+# shim files in packages/*/bin/wr-* directly; edit the template + run
+# `npm run sync:shim-wrappers` to regenerate.
+#
+# Resolution (ADR-080):
+#   1. If the wrapper's parent dir is semver-shaped, treat as installed-
+#      cache execution and resolve to the highest-version sibling's
+#      scripts/ entry below.
+#   2. Otherwise (parent dir is e.g. `architect`), treat as source-
+#      monorepo execution and dispatch to own scripts/. The source-repo-
+#      guard `exec` is the anchor parsed by
+#      packages/retrospective/scripts/check-tarball-shipped-shims.sh.
+#   3. If the cache parent contains zero semver-shaped siblings, exit
+#      127 with a stderr message naming the cache parent (per SQ-080-2).
+#
+# @adr ADR-080 (highest-version-wins shim wrapper plugin scaffold)
+# @adr ADR-049 (plugin-bundled scripts resolve via bin/ on $PATH — amended)
+# @problem P343 (mid-session staleness window)
+
+set -euo pipefail
+
+SHIM_DIR="$(cd "$(dirname "$0")" && pwd)"
+OWN_VERSION_DIR="$(dirname "$SHIM_DIR")"
+OWN_VERSION_NAME="$(basename "$OWN_VERSION_DIR")"
+CACHE_PARENT="$(dirname "$OWN_VERSION_DIR")"
+
+SEMVER_RE='^[0-9]+\.[0-9]+\.[0-9]+([-+][0-9A-Za-z.-]+)?$'
+
+# Source-repo guard: own parent dir is NOT semver → dispatch to own scripts/.
+if ! [[ "$OWN_VERSION_NAME" =~ $SEMVER_RE ]]; then
+  exec "$SHIM_DIR/../scripts/evaluate-graduation.sh" "$@"
+fi
+
+# Cache execution: pick the highest-semver sibling under CACHE_PARENT.
+HIGHEST=""
+while IFS= read -r dir; do
+  name="$(basename "$dir")"
+  [[ "$name" =~ $SEMVER_RE ]] || continue
+  if [[ -z "$HIGHEST" ]] || [[ "$(printf '%s\n%s\n' "$HIGHEST" "$name" | sort -V | tail -1)" == "$name" ]]; then
+    HIGHEST="$name"
+  fi
+done < <(find "$CACHE_PARENT" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+
+if [[ -z "$HIGHEST" ]]; then
+  printf 'wr-shim: no cached versions in %s\n' "$CACHE_PARENT" >&2
+  exit 127
+fi
+
+exec "$CACHE_PARENT/$HIGHEST/scripts/evaluate-graduation.sh" "$@"

package/bin/wr-risk-scorer-extract-risks-from-reports

@@ -1,3 +1,51 @@
 #!/usr/bin/env bash
-# Shim: dispatches to the canonical script body per ADR-049 ($PATH-resolved bin/).
-exec "$(dirname "$(readlink -f "${BASH_SOURCE[0]:-$0}")")/../scripts/extract-risks-from-reports.sh" "$@"
+# Generated by scripts/sync-shim-wrappers.sh from
+# packages/shared/lib/shim-wrapper-template.sh. DO NOT EDIT individual
+# shim files in packages/*/bin/wr-* directly; edit the template + run
+# `npm run sync:shim-wrappers` to regenerate.
+#
+# Resolution (ADR-080):
+#   1. If the wrapper's parent dir is semver-shaped, treat as installed-
+#      cache execution and resolve to the highest-version sibling's
+#      scripts/ entry below.
+#   2. Otherwise (parent dir is e.g. `architect`), treat as source-
+#      monorepo execution and dispatch to own scripts/. The source-repo-
+#      guard `exec` is the anchor parsed by
+#      packages/retrospective/scripts/check-tarball-shipped-shims.sh.
+#   3. If the cache parent contains zero semver-shaped siblings, exit
+#      127 with a stderr message naming the cache parent (per SQ-080-2).
+#
+# @adr ADR-080 (highest-version-wins shim wrapper plugin scaffold)
+# @adr ADR-049 (plugin-bundled scripts resolve via bin/ on $PATH — amended)
+# @problem P343 (mid-session staleness window)
+
+set -euo pipefail
+
+SHIM_DIR="$(cd "$(dirname "$0")" && pwd)"
+OWN_VERSION_DIR="$(dirname "$SHIM_DIR")"
+OWN_VERSION_NAME="$(basename "$OWN_VERSION_DIR")"
+CACHE_PARENT="$(dirname "$OWN_VERSION_DIR")"
+
+SEMVER_RE='^[0-9]+\.[0-9]+\.[0-9]+([-+][0-9A-Za-z.-]+)?$'
+
+# Source-repo guard: own parent dir is NOT semver → dispatch to own scripts/.
+if ! [[ "$OWN_VERSION_NAME" =~ $SEMVER_RE ]]; then
+  exec "$SHIM_DIR/../scripts/extract-risks-from-reports.sh" "$@"
+fi
+
+# Cache execution: pick the highest-semver sibling under CACHE_PARENT.
+HIGHEST=""
+while IFS= read -r dir; do
+  name="$(basename "$dir")"
+  [[ "$name" =~ $SEMVER_RE ]] || continue
+  if [[ -z "$HIGHEST" ]] || [[ "$(printf '%s\n%s\n' "$HIGHEST" "$name" | sort -V | tail -1)" == "$name" ]]; then
+    HIGHEST="$name"
+  fi
+done < <(find "$CACHE_PARENT" -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
+
+if [[ -z "$HIGHEST" ]]; then
+  printf 'wr-shim: no cached versions in %s\n' "$CACHE_PARENT" >&2
+  exit 127
+fi
+
+exec "$CACHE_PARENT/$HIGHEST/scripts/extract-risks-from-reports.sh" "$@"

package/hooks/external-comms-gate.sh

@@ -14,6 +14,14 @@
 #   - gh api .../comments                         (any REST surface accepting prose)
 #   - npm publish                                 (README / package metadata to npm)
 #   - PreToolUse:Write|Edit on .changeset/*.md    (P073 — gates author-time)
+#   - git commit -m / --message (incl. HEREDOC)   (P082 Phase 1 — commit message
+#                                                  body reaches every reader of git
+#                                                  log, PR commits tab, release-page
+#                                                  auto-notes, CHANGELOG. Editor
+#                                                  flow is out of scope per P082 SC1
+#                                                  — message is written to
+#                                                  .git/COMMIT_EDITMSG AFTER
+#                                                  PreToolUse, nothing to read.)
 #
 # Gate behaviour:
 #   1. BYPASS_RISK_GATE=1 short-circuits the gate (consistent with git-push-gate.sh).
@@ -144,20 +152,59 @@ except Exception:
             SURFACE="gh-api-comments"
         elif echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*npm publish(\s|$)'; then
             SURFACE="npm-publish"
+        elif echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*git commit(\s|$)'; then
+            # P082 Phase 1: gate `git commit -m / --message / HEREDOC` so commit
+            # message bodies are reviewed by the voice-tone + risk evaluators
+            # before they land in git log / PR commits tab / release notes /
+            # CHANGELOG. Editor flow (bare `git commit`) is out of scope per
+            # P082 SC1 — git writes .git/COMMIT_EDITMSG AFTER PreToolUse fires,
+            # so there's no body to extract at gate time. Skip silently when
+            # neither -m nor --message is present.
+            if echo "$COMMAND" | grep -qE '(\s|^)(-m|--message)(\s|=)'; then
+                SURFACE="git-commit-message"
+            else
+                exit 0
+            fi
         else
             exit 0
         fi
 
-        # Best-effort body extraction: --body 'TEXT' or --body "TEXT" or --field summary='TEXT'.
-        # When absent (npm publish, --body-file), DRAFT="" is acceptable: the agent will
-        # be invoked with command context and read whatever body source the call uses.
+        # Best-effort body extraction. Order matters — most-specific first.
+        #
+        #   HEREDOC first: `git commit -m "$(cat <<'EOF'\n...\nEOF\n)"` is the
+        #     AI-dominant form. Must precede --body "..." / -m "..." because
+        #     those would otherwise match the literal `$(cat <<'EOF'...EOF)`
+        #     text as the body, defeating the marker key match against the
+        #     subagent's <draft> body.
+        #   Then --body / --field for the gh + npm + security-advisories surfaces.
+        #   Then -m / --message for git commit (single-line literal forms).
+        #
+        # When absent (npm publish, --body-file, editor flow already filtered),
+        # DRAFT="" is acceptable: the agent will be invoked with command
+        # context and read whatever body source the call uses.
         DRAFT=$(printf '%s' "$COMMAND" | python3 -c "
 import sys, re
 cmd = sys.stdin.read()
-# Match --body '...' or --body \"...\" or --field summary='...'
-for pat in [r\"--body[= ]'([^']*)'\", r'--body[= ]\"([^\"]*)\"',
-            r\"--field [a-zA-Z_]+='([^']*)'\", r'--field [a-zA-Z_]+=\"([^\"]*)\"']:
-    m = re.search(pat, cmd)
+# (pattern, flags) — first match wins.
+patterns = [
+    # HEREDOC body — matches a here-doc with EOF delimiter (quoted or
+    # unquoted). The literal '<<' is written as the char-class pair
+    # [<][<] so bash's command-substitution parser does NOT mis-parse
+    # this regex as a real here-doc operator (P082 implementation note).
+    # DOTALL so the body can span newlines.
+    (r\"[<][<]\s*['\\\"]?EOF['\\\"]?\s*\n(.*?)\nEOF\", re.DOTALL),
+    # gh issue/pr + npm publish --body 'TEXT' / --body \"TEXT\" (existing).
+    (r\"--body[= ]'([^']*)'\", 0),
+    (r'--body[= ]\"([^\"]*)\"', 0),
+    # gh api --field summary='TEXT' / --field summary=\"TEXT\" (existing).
+    (r\"--field [a-zA-Z_]+='([^']*)'\", 0),
+    (r'--field [a-zA-Z_]+=\"([^\"]*)\"', 0),
+    # git commit -m / --message single-line literal forms (P082 Phase 1).
+    (r\"(?:-m|--message)[= ]'([^']*)'\", 0),
+    (r'(?:-m|--message)[= ]\"([^\"]*)\"', 0),
+]
+for pat, flags in patterns:
+    m = re.search(pat, cmd, flags)
     if m:
         print(m.group(1))
         break

package/hooks/test/external-comms-gate.bats

@@ -224,3 +224,95 @@ run_hook() {
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
+
+# ---------------------------------------------------------------------------
+# P082 Phase 1 — git commit message surface (risk evaluator).
+# Commit messages reach git log / PR commits tab / release notes /
+# CHANGELOG. The risk evaluator gates the body for leak patterns
+# (credentials, prod URLs, business-context-paired financials/user counts)
+# AND defers structured leak-free drafts to the wr-risk-scorer:external-comms
+# subagent. Editor flow (bare `git commit`) is out of scope per P082 SC1.
+# ---------------------------------------------------------------------------
+
+@test "P082: git commit -m with leak-shaped credential body denies via leak pre-filter" {
+  INPUT=$(build_bash_input "git commit -m \"docs: token=${GH_TOKEN_LIKE}\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+  [[ "$output" == *"GitHub token"* ]] || [[ "$output" == *"credential"* ]]
+}
+
+@test "P082: git commit -m with leak-free body denies and delegates to risk evaluator" {
+  INPUT=$(build_bash_input "git commit -m \"fix(foo): handle null input\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+  [[ "$output" == *"wr-risk-scorer:external-comms"* ]]
+}
+
+@test "P082: git commit --amend -m is intercepted (P082 SC2)" {
+  INPUT=$(build_bash_input "git commit --amend -m \"rewritten subject\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+}
+
+@test "P082: git commit HEREDOC body is intercepted and the body becomes the marker key" {
+  # Build a HEREDOC-shaped command. The hook regex pulls the body BETWEEN
+  # the <<'EOF' opener and the closing EOF marker — the extracted DRAFT is
+  # the inner text, NOT the literal `$(cat <<'EOF' ... EOF)` wrapper.
+  BODY=$'feat(foo): add bar\n\nWe observed a build failure on Node 20.'
+  CMD=$'git commit -m "$(cat <<\'EOF\'\n'"$BODY"$'\nEOF\n)"'
+  INPUT=$(build_bash_input "$CMD")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"git-commit-message"* ]]
+
+  # Pre-place the per-evaluator marker keyed on the extracted HEREDOC body
+  # + the git-commit-message surface; the second run must permit silently.
+  SURFACE="git-commit-message"
+  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
+  touch "${RDIR}/external-comms-risk-reviewed-${KEY}"
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: bare git commit (editor flow) is silently allowed per SC1" {
+  # No -m / --message → .git/COMMIT_EDITMSG doesn't exist at PreToolUse
+  # time. Phase 1 skip is pragmatic; the editor flow has user-eyeballs.
+  INPUT=$(build_bash_input "git commit")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: git merge is silently allowed (not a git commit verb, SC3)" {
+  INPUT=$(build_bash_input "git merge --no-ff feature-branch")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: BYPASS_RISK_GATE=1 short-circuits the git commit gate" {
+  INPUT=$(build_bash_input "git commit -m \"fix(foo): handle null input\"")
+  run bash -c "cd '$TEST_PROJECT_DIR' && BYPASS_RISK_GATE=1 printf '%s' \"\$1\" | BYPASS_RISK_GATE=1 '$HOOK'" _ "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P082: per-evaluator marker keyed on (body, git-commit-message) permits the call" {
+  BODY="docs(retro): close iter 3 ask-hygiene trail"
+  SURFACE="git-commit-message"
+  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
+  touch "${RDIR}/external-comms-risk-reviewed-${KEY}"
+
+  INPUT=$(build_bash_input "git commit -m \"$BODY\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/risk-scorer",
-  "version": "0.11.3",
+  "version": "0.12.0-preview.512",
   "description": "Pipeline risk scoring, commit/push gates, and secret leak detection",
   "bin": {
     "windyroad-risk-scorer": "./bin/install.mjs"