@windyroad/risk-scorer 0.2.0

package/hooks/lib/gate-helpers.sh

@@ -0,0 +1,174 @@
+#!/bin/bash
+# Shared portable helpers for gate enforcement hooks.
+# Sourced by architect-gate.sh, risk-gate.sh, and all hook scripts.
+# Provides: _mtime, _hashcmd, _doc_exclusions, _err_trap, _get_*
+
+# ---------------------------------------------------------------------------
+# Portable utilities
+# ---------------------------------------------------------------------------
+
+# Portable mtime: tries GNU stat, falls back to macOS stat
+_mtime() { stat -c%Y "$1" 2>/dev/null || /usr/bin/stat -f%m "$1" 2>/dev/null || echo 0; }
+
+# Portable hash: tries md5sum, falls back to md5 -r, then shasum
+_hashcmd() { md5sum 2>/dev/null || md5 -r 2>/dev/null || shasum 2>/dev/null; }
+
+# Paths excluded from pipeline state hashing and docs-only detection.
+_doc_exclusions() {
+    echo ':!docs/' ':!.risk-reports/' ':!.changeset/' ':!governance/' ':!.claude/plans/' ':!CLAUDE.md' ':!AGENTS.md' ':!PRINCIPLES.md' ':!DECISION-MANAGEMENT.md' ':!AGENTIC_RISK_REGISTER.md' ':!PROBLEM-MANAGEMENT.md'
+}
+
+# ---------------------------------------------------------------------------
+# ERR trap: outputs diagnostic JSON on hook errors (P010)
+# Usage: source gate-helpers.sh at top of hook, then call _enable_err_trap
+# ---------------------------------------------------------------------------
+
+_enable_err_trap() {
+    trap '_err_trap_handler "$BASH_SOURCE" "$LINENO" "$BASH_COMMAND"' ERR
+}
+
+_err_trap_handler() {
+    local script="$1" line="$2" cmd="$3"
+    local name
+    name=$(basename "$script" 2>/dev/null || echo "$script")
+    # Output diagnostic as systemMessage so it's visible in conversation
+    cat <<EOF
+{
+  "systemMessage": "Hook error in ${name} at line ${line}: ${cmd}"
+}
+EOF
+}
+
+# ---------------------------------------------------------------------------
+# JSON input parsing: standardised helpers replacing inline python3
+# Each reads from _HOOK_INPUT (set by the hook before calling these)
+# ---------------------------------------------------------------------------
+
+# Store hook input for reuse by parsing helpers
+_HOOK_INPUT=""
+
+_parse_input() {
+    _HOOK_INPUT=$(cat)
+}
+
+_get_tool_name() {
+    echo "$_HOOK_INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('tool_name', ''))
+except:
+    print('')
+" 2>/dev/null || echo ""
+}
+
+_get_session_id() {
+    echo "$_HOOK_INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('session_id', ''))
+except:
+    print('')
+" 2>/dev/null || echo ""
+}
+
+_get_command() {
+    echo "$_HOOK_INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('tool_input', {}).get('command', ''))
+except:
+    print('')
+" 2>/dev/null || echo ""
+}
+
+_get_file_path() {
+    echo "$_HOOK_INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    ti = data.get('tool_input', {})
+    print(ti.get('file_path', ti.get('path', '')))
+except:
+    print('')
+" 2>/dev/null || echo ""
+}
+
+_get_subagent_type() {
+    echo "$_HOOK_INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('tool_input', {}).get('subagent_type', ''))
+except:
+    print('')
+" 2>/dev/null || echo ""
+}
+
+_get_user_prompt() {
+    echo "$_HOOK_INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('user_prompt', ''))
+except:
+    print('')
+" 2>/dev/null || echo ""
+}
+
+_get_tool_output() {
+    echo "$_HOOK_INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    # PostToolUse provides tool_response (dict with content array), not tool_output
+    tr = data.get('tool_response', {})
+    if isinstance(tr, dict):
+        content = tr.get('content', [])
+        if isinstance(content, list):
+            texts = [c.get('text', '') for c in content if isinstance(c, dict) and c.get('type') == 'text']
+            if texts:
+                print('\n'.join(texts))
+                sys.exit(0)
+    # Fallback for older/different hook formats
+    print(data.get('tool_output', ''))
+except:
+    print('')
+" 2>/dev/null || echo ""
+}
+
+# ---------------------------------------------------------------------------
+# Session-scoped tmp directory for risk files
+# ---------------------------------------------------------------------------
+
+# Returns the session-scoped directory for risk temp files.
+# Creates the directory if it doesn't exist.
+# Usage: DIR=$(_risk_dir "$SESSION_ID"); echo "1" > "$DIR/commit"
+_risk_dir() {
+  local sid="$1"
+  local dir="${TMPDIR:-/tmp}/claude-risk-${sid}"
+  mkdir -p "$dir"
+  echo "$dir"
+}
+
+# ---------------------------------------------------------------------------
+# Non-doc file detection for WIP gating
+# ---------------------------------------------------------------------------
+
+_is_doc_file() {
+    local file_path="$1"
+    local EXCL
+    EXCL=$(_doc_exclusions)
+    for pattern in $EXCL; do
+        local clean="${pattern#:!}"
+        case "$file_path" in
+            *"$clean"*) return 0 ;;
+        esac
+    done
+    case "$file_path" in
+        *.claude/*|*.risk-reports/*|*RISK-POLICY.md) return 0 ;;
+    esac
+    return 1
+}

package/hooks/lib/pipeline-state.sh

@@ -0,0 +1,318 @@
+#!/bin/bash
+# Standalone script: Gathers pipeline state and outputs structured text to stdout.
+# Usage: pipeline-state.sh [--uncommitted] [--unpushed] [--unreleased] [--stale] [--all] [--hash-inputs]
+# No network calls (no gh commands). Local git operations only.
+
+set -euo pipefail
+
+# Source shared helpers for _doc_exclusions
+_PIPELINE_STATE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$_PIPELINE_STATE_DIR/gate-helpers.sh"
+
+# --- Parse flags ---
+SHOW_UNCOMMITTED=false
+SHOW_UNPUSHED=false
+SHOW_UNRELEASED=false
+SHOW_STALE=false
+SHOW_HASH_INPUTS=false
+
+for arg in "$@"; do
+    case "$arg" in
+        --uncommitted) SHOW_UNCOMMITTED=true ;;
+        --unpushed)    SHOW_UNPUSHED=true ;;
+        --unreleased)  SHOW_UNRELEASED=true ;;
+        --stale)       SHOW_STALE=true ;;
+        --hash-inputs) SHOW_HASH_INPUTS=true ;;
+        --all)
+            SHOW_UNCOMMITTED=true
+            SHOW_UNPUSHED=true
+            SHOW_UNRELEASED=true
+            SHOW_STALE=true
+            ;;
+    esac
+done
+
+# --- Fast hash inputs mode: output only metadata for drift detection hash ---
+# NOTE: Do NOT include `git status --porcelain` (changes on staging) or
+# `git rev-parse HEAD` (changes on commit). Both cause false drift detection.
+# Use diff --stat which reflects actual content changes only.
+if [ "$SHOW_HASH_INPUTS" = true ]; then
+    # Single stable diff: all local changes (staged + committed) vs remote.
+    # This is stable across commit and push operations — content moves between
+    # pipeline stages (staged → committed → pushed) without changing the hash.
+    # Previous approach used git diff HEAD + git diff origin/main..HEAD which
+    # broke on every commit because content shifted between the two diffs.
+    # Exclude docs/governance paths from hash — they cannot affect the running application
+    EXCL=$(_doc_exclusions)
+    if git rev-parse --verify origin/main >/dev/null 2>&1; then
+        eval "git diff origin/main --stat -- $EXCL" 2>/dev/null || true
+    elif git rev-parse --verify origin/master >/dev/null 2>&1; then
+        eval "git diff origin/master --stat -- $EXCL" 2>/dev/null || true
+    else
+        eval "git diff HEAD --stat -- $EXCL" 2>/dev/null || true
+    fi
+    # Changeset count (affects release/changeset risk)
+    if [ -d ".changeset" ]; then
+        find .changeset -name '*.md' -not -name 'README.md' 2>/dev/null | wc -l | tr -d ' '
+    fi
+    exit 0
+fi
+
+# --- Noise filter: lockfiles, binary assets, OS junk ---
+NOISE='(package-lock\.json|yarn\.lock|pnpm-lock\.yaml|bun\.lockb|Gemfile\.lock|Pipfile\.lock|poetry\.lock|composer\.lock|Cargo\.lock|go\.sum|shrinkwrap\.json|\.DS_Store|node_modules|\.png$|\.svg$|\.jpg$|\.jpeg$|\.gif$|\.ico$|\.woff2?$|\.ttf$|\.eot$)'
+
+# --- File categorisation ---
+categorise_files() {
+    python3 -c "
+import sys
+cats = {
+    'hooks': [], 'config': [], 'ci': [], 'ui': [], 'styles': [],
+    'content': [], 'generated': [], 'skills': [], 'docs': [],
+    'tests': [], 'lib': [], 'agents': [], 'other': []
+}
+for line in sys.stdin:
+    f = line.strip()
+    if not f:
+        continue
+    if '.claude/hooks/' in f:
+        cats['hooks'].append(f)
+    elif '.claude/agents/' in f:
+        cats['agents'].append(f)
+    elif '.claude/skills/' in f:
+        cats['skills'].append(f)
+    elif '.claude/' in f or f.endswith(('.json', '.toml', '.yml', '.yaml', '.mjs', '.cjs')) and '/' not in f:
+        cats['config'].append(f)
+    elif '.github/' in f:
+        cats['ci'].append(f)
+    elif f.endswith(('.tsx', '.jsx', '.html', '.vue', '.svelte')):
+        cats['ui'].append(f)
+    elif f.endswith(('.scss', '.css', '.less')):
+        cats['styles'].append(f)
+    elif f.endswith(('.md', '.mdx')):
+        if 'generated' in f or 'architecture' in f:
+            cats['generated'].append(f)
+        elif 'articles/' in f or 'content/' in f or 'posts/' in f:
+            cats['content'].append(f)
+        else:
+            cats['docs'].append(f)
+    elif 'generated/' in f:
+        cats['generated'].append(f)
+    elif f.endswith(('.test.ts', '.test.tsx', '.spec.ts', '.spec.tsx')):
+        cats['tests'].append(f)
+    elif f.endswith(('.ts', '.js')):
+        cats['lib'].append(f)
+    else:
+        cats['other'].append(f)
+out = []
+for cat, files in cats.items():
+    if files:
+        out.append(f'  {cat}: {len(files)} file(s)')
+if out:
+    print('\n'.join(out))
+" 2>/dev/null || echo "  (could not categorise)"
+}
+
+# --- Section: Uncommitted changes ---
+if [ "$SHOW_UNCOMMITTED" = true ]; then
+    DIFF_STAT=$(git diff HEAD --stat -- . \
+        ':(exclude)package-lock.json' ':(exclude)yarn.lock' \
+        ':(exclude)pnpm-lock.yaml' ':(exclude)bun.lockb' \
+        ':(exclude)Gemfile.lock' ':(exclude)Pipfile.lock' \
+        ':(exclude)poetry.lock' ':(exclude)composer.lock' \
+        ':(exclude)Cargo.lock' ':(exclude)go.sum' \
+        ':(exclude)shrinkwrap.json' 2>/dev/null || echo "")
+    DIFF_NAMES=$(git diff HEAD --name-only 2>/dev/null | grep -vE "$NOISE" || echo "")
+    UNTRACKED=$(git ls-files --others --exclude-standard 2>/dev/null | grep -vE "$NOISE" || true)
+
+    echo "=== UNCOMMITTED CHANGES ==="
+    if [ -n "$DIFF_STAT" ]; then
+        echo "Tracked changes (git diff HEAD --stat):"
+        echo "$DIFF_STAT"
+        echo ""
+        # Include actual diff content for risk assessment
+        DIFF_CONTENT=$(git diff HEAD -- . \
+            ':(exclude)package-lock.json' ':(exclude)yarn.lock' \
+            ':(exclude)pnpm-lock.yaml' ':(exclude)bun.lockb' \
+            ':(exclude)Gemfile.lock' ':(exclude)Pipfile.lock' \
+            ':(exclude)poetry.lock' ':(exclude)composer.lock' \
+            ':(exclude)Cargo.lock' ':(exclude)go.sum' \
+            ':(exclude)shrinkwrap.json' 2>/dev/null || echo "")
+        if [ -n "$DIFF_CONTENT" ]; then
+            echo "Diff content:"
+            echo "$DIFF_CONTENT"
+            echo ""
+        fi
+    fi
+    if [ -n "$UNTRACKED" ]; then
+        UNTRACKED_COUNT=$(echo "$UNTRACKED" | wc -l | tr -d ' ')
+        echo "Untracked files (${UNTRACKED_COUNT}):"
+        echo "$UNTRACKED"
+        echo ""
+    fi
+    if [ -z "$DIFF_NAMES" ] && [ -z "$UNTRACKED" ]; then
+        echo "No uncommitted changes."
+        echo ""
+    else
+        ALL_FILES=""
+        if [ -n "$DIFF_NAMES" ]; then
+            ALL_FILES="$DIFF_NAMES"
+        fi
+        if [ -n "$UNTRACKED" ]; then
+            if [ -n "$ALL_FILES" ]; then
+                ALL_FILES="${ALL_FILES}"$'\n'"${UNTRACKED}"
+            else
+                ALL_FILES="$UNTRACKED"
+            fi
+        fi
+        echo "Categories:"
+        echo "$ALL_FILES" | categorise_files
+        echo ""
+    fi
+fi
+
+# --- Detect default remote branch ---
+DEFAULT_BRANCH=""
+if git rev-parse --verify origin/main >/dev/null 2>&1; then
+    DEFAULT_BRANCH="origin/main"
+elif git rev-parse --verify origin/master >/dev/null 2>&1; then
+    DEFAULT_BRANCH="origin/master"
+fi
+
+# --- Section: Unpushed changes ---
+if [ "$SHOW_UNPUSHED" = true ]; then
+    echo "=== UNPUSHED CHANGES ==="
+
+    if [ -n "$DEFAULT_BRANCH" ]; then
+        UNPUSHED_LOG=$(git log --oneline $DEFAULT_BRANCH..HEAD 2>/dev/null || echo "")
+        UNPUSHED_STAT=$(git diff --stat $DEFAULT_BRANCH..HEAD -- . \
+            ':(exclude)package-lock.json' ':(exclude)yarn.lock' \
+            ':(exclude)pnpm-lock.yaml' ':(exclude)bun.lockb' \
+            ':(exclude)Gemfile.lock' ':(exclude)Pipfile.lock' \
+            ':(exclude)poetry.lock' ':(exclude)composer.lock' \
+            ':(exclude)Cargo.lock' ':(exclude)go.sum' \
+            ':(exclude)shrinkwrap.json' 2>/dev/null || echo "")
+        UNPUSHED_NAMES=$(git diff --name-only $DEFAULT_BRANCH..HEAD 2>/dev/null | grep -vE "$NOISE" || echo "")
+        UNPUSHED_COUNT=$(git rev-list --count $DEFAULT_BRANCH..HEAD 2>/dev/null || echo "0")
+
+        if [ "$UNPUSHED_COUNT" -eq 0 ]; then
+            echo "No unpushed commits."
+        else
+            echo "Unpushed commits (${UNPUSHED_COUNT}):"
+            echo "$UNPUSHED_LOG"
+            echo ""
+            if [ -n "$UNPUSHED_STAT" ]; then
+                echo "Accumulated unpushed diff:"
+                echo "$UNPUSHED_STAT"
+                echo ""
+                UNPUSHED_DIFF=$(git diff $DEFAULT_BRANCH..HEAD -- . \
+                    ':(exclude)package-lock.json' ':(exclude)yarn.lock' \
+                    ':(exclude)pnpm-lock.yaml' ':(exclude)bun.lockb' \
+                    ':(exclude)Gemfile.lock' ':(exclude)Pipfile.lock' \
+                    ':(exclude)poetry.lock' ':(exclude)composer.lock' \
+                    ':(exclude)Cargo.lock' ':(exclude)go.sum' \
+                    ':(exclude)shrinkwrap.json' 2>/dev/null || echo "")
+                if [ -n "$UNPUSHED_DIFF" ]; then
+                    echo "Unpushed diff content:"
+                    echo "$UNPUSHED_DIFF"
+                    echo ""
+                fi
+            fi
+            if [ -n "$UNPUSHED_NAMES" ]; then
+                echo "Unpushed categories:"
+                echo "$UNPUSHED_NAMES" | categorise_files
+            fi
+        fi
+    else
+        echo "No remote tracking branch (origin/main and origin/master not found)."
+    fi
+    echo ""
+fi
+
+# --- Section: Unreleased changes ---
+if [ "$SHOW_UNRELEASED" = true ]; then
+    echo "=== UNRELEASED CHANGES ==="
+
+    # Count pending changesets
+    CHANGESET_COUNT=0
+    if [ -d ".changeset" ]; then
+        CHANGESET_COUNT=$(find .changeset -name '*.md' -not -name 'README.md' 2>/dev/null | wc -l | tr -d ' ')
+    fi
+
+    # Check if origin/publish exists
+    if git rev-parse --verify origin/publish >/dev/null 2>&1; then
+        UNRELEASED_STAT=$(git diff --stat origin/publish..$DEFAULT_BRANCH -- . \
+            ':(exclude)package-lock.json' ':(exclude)yarn.lock' \
+            ':(exclude)pnpm-lock.yaml' ':(exclude)bun.lockb' \
+            ':(exclude)Gemfile.lock' ':(exclude)Pipfile.lock' \
+            ':(exclude)poetry.lock' ':(exclude)composer.lock' \
+            ':(exclude)Cargo.lock' ':(exclude)go.sum' \
+            ':(exclude)shrinkwrap.json' 2>/dev/null || echo "")
+        UNRELEASED_NAMES=$(git diff --name-only origin/publish..$DEFAULT_BRANCH 2>/dev/null | grep -vE "$NOISE" || echo "")
+
+        if [ -z "$UNRELEASED_STAT" ] && [ "$CHANGESET_COUNT" -eq 0 ]; then
+            echo "No unreleased changes."
+        else
+            if [ "$CHANGESET_COUNT" -gt 0 ]; then
+                echo "Pending changesets: ${CHANGESET_COUNT}"
+            fi
+            if [ -n "$UNRELEASED_STAT" ]; then
+                echo "Accumulated unreleased diff (origin/publish..$DEFAULT_BRANCH):"
+                echo "$UNRELEASED_STAT"
+                echo ""
+                UNRELEASED_DIFF=$(git diff origin/publish..$DEFAULT_BRANCH -- . \
+                    ':(exclude)package-lock.json' ':(exclude)yarn.lock' \
+                    ':(exclude)pnpm-lock.yaml' ':(exclude)bun.lockb' \
+                    ':(exclude)Gemfile.lock' ':(exclude)Pipfile.lock' \
+                    ':(exclude)poetry.lock' ':(exclude)composer.lock' \
+                    ':(exclude)Cargo.lock' ':(exclude)go.sum' \
+                    ':(exclude)shrinkwrap.json' 2>/dev/null || echo "")
+                if [ -n "$UNRELEASED_DIFF" ]; then
+                    echo "Unreleased diff content:"
+                    echo "$UNRELEASED_DIFF"
+                    echo ""
+                fi
+            fi
+            if [ -n "$UNRELEASED_NAMES" ]; then
+                echo "Unreleased categories:"
+                echo "$UNRELEASED_NAMES" | categorise_files
+            fi
+        fi
+    else
+        echo "No publish branch (origin/publish not found)."
+        if [ "$CHANGESET_COUNT" -gt 0 ]; then
+            echo "Pending changesets: ${CHANGESET_COUNT}"
+        fi
+    fi
+    echo ""
+fi
+
+# --- Section: Stale files ---
+if [ "$SHOW_STALE" = true ]; then
+    echo "=== STALE FILES ==="
+
+    STALE_FILES=$(git diff --name-only HEAD 2>/dev/null | python3 -c "
+import sys, os, time
+threshold = time.time() - 86400
+stale = []
+for line in sys.stdin:
+    f = line.strip()
+    if not f or not os.path.isfile(f):
+        continue
+    try:
+        if os.path.getmtime(f) < threshold:
+            stale.append(f)
+    except OSError:
+        pass
+if stale:
+    print('\n'.join(stale))
+" 2>/dev/null || echo "")
+
+    if [ -n "$STALE_FILES" ]; then
+        STALE_COUNT=$(echo "$STALE_FILES" | wc -l | tr -d ' ')
+        echo "Modified files uncommitted for over 24h (${STALE_COUNT}):"
+        echo "$STALE_FILES"
+    else
+        echo "No stale files."
+    fi
+    echo ""
+fi

package/hooks/lib/risk-gate.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+# Shared gate logic for risk scoring enforcement hooks.
+# Sourced by risk-score-commit-gate.sh, git-push-gate.sh, risk-score-plan-enforce.sh.
+# Provides: check_risk_gate, risk_gate_deny
+
+# Source shared portable helpers (_mtime, _hashcmd)
+_RISK_GATE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$_RISK_GATE_DIR/gate-helpers.sh"
+
+# Check risk gate for a given action. Returns 0 if allowed, 1 if denied.
+# Sets RISK_GATE_REASON on failure with human-readable message.
+# Usage: check_risk_gate "$SESSION_ID" "commit"
+check_risk_gate() {
+  local SESSION_ID="$1"
+  local ACTION="$2"
+  local RDIR
+  RDIR=$(_risk_dir "$SESSION_ID")
+  local SCORE_FILE="${RDIR}/${ACTION}"
+  local HASH_FILE="${RDIR}/state-hash"
+  local TTL_SECONDS="${RISK_TTL:-1800}"
+
+  # 1. Score file must exist (fail-closed)
+  if [ ! -f "$SCORE_FILE" ]; then
+    RISK_GATE_REASON="No ${ACTION} risk score found. The risk-scorer agent must run first. It runs automatically on each prompt."
+    return 1
+  fi
+
+  # 2. TTL check — score file mtime must be within TTL
+  local NOW=$(date +%s)
+  local SCORE_TIME=$(_mtime "$SCORE_FILE")
+  local AGE=$(( NOW - SCORE_TIME ))
+  if [ "$AGE" -ge "$TTL_SECONDS" ]; then
+    RISK_GATE_REASON="Risk score expired (${AGE}s old, TTL ${TTL_SECONDS}s). Stage all files with git add first, then submit a new prompt — the scorer runs automatically. Then call git commit in that response."
+    return 1
+  fi
+
+  # 3. Drift detection — pipeline state hash must match
+  # The hash is computed from git diff HEAD --stat at prompt submit time.
+  # If you staged files AFTER the prompt, the hash will differ.
+  # Fix: stage everything BEFORE submitting the prompt, then commit in the response.
+  if [ -f "$HASH_FILE" ]; then
+    local STORED_HASH=$(cat "$HASH_FILE")
+    local CURRENT_HASH
+    CURRENT_HASH=$("$_RISK_GATE_DIR/pipeline-state.sh" --hash-inputs 2>/dev/null | _hashcmd | cut -d' ' -f1)
+    if [ "$STORED_HASH" != "$CURRENT_HASH" ]; then
+      RISK_GATE_REASON="Pipeline state drift: git diff changed between scoring and ${ACTION}. The hash is computed at prompt submit time. If you staged files (git add) after the prompt, re-submit: stage all files first, then submit a new prompt, then commit in that response."
+      return 1
+    fi
+  fi
+  # No hash file = backward compat, skip drift check
+
+  # 4. Read and validate score
+  local SCORE=$(cat "$SCORE_FILE" 2>/dev/null || echo "")
+  if ! echo "$SCORE" | grep -qE '^[0-9]+(\.[0-9]+)?$'; then
+    RISK_GATE_REASON="Risk score file contains an invalid value. Re-run the risk-scorer agent."
+    return 1
+  fi
+
+  # 5. Threshold check
+  local DENIED=$(python3 -c "
+score = float('$SCORE')
+print('yes' if score >= 5 else 'no')
+" 2>/dev/null || echo "no")
+
+  if [ "$DENIED" = "yes" ]; then
+    RISK_GATE_REASON="${ACTION} risk score ${SCORE}/25 (Medium or above). Reduce changes or address outstanding risk first, then re-run the risk-scorer agent."
+    return 1
+  fi
+
+  return 0
+}
+
+# Emit fail-closed deny JSON for PreToolUse hooks.
+risk_gate_deny() {
+  local REASON="$1"
+  cat <<EOF
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "$REASON"
+  }
+}
+EOF
+}

package/hooks/plan-risk-guidance.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+# PreToolUse hook: Fires on EnterPlanMode to inject release risk context.
+# Provides preemptive guidance so the plan author knows the unreleased queue
+# state and release risk before writing the plan.
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_enable_err_trap
+
+_parse_input
+
+SESSION_ID=$(_get_session_id)
+
+# --- Gather pipeline state summary ---
+UNRELEASED_SUMMARY=""
+if [ -x "$SCRIPT_DIR/lib/pipeline-state.sh" ]; then
+  UNRELEASED_SUMMARY=$("$SCRIPT_DIR/lib/pipeline-state.sh" --unreleased 2>/dev/null | head -20 || echo "Unable to determine unreleased changes.")
+fi
+
+# --- Check for existing release risk score ---
+RELEASE_SCORE="not yet scored"
+RDIR=$(_risk_dir "$SESSION_ID")
+RELEASE_SCORE_FILE="${RDIR}/release"
+if [ -n "$SESSION_ID" ] && [ -f "$RELEASE_SCORE_FILE" ]; then
+  SCORE_VAL=$(cat "$RELEASE_SCORE_FILE" 2>/dev/null || echo "")
+  if [[ "$SCORE_VAL" =~ ^[0-9]+$ ]]; then
+    RELEASE_SCORE="${SCORE_VAL}/25"
+  fi
+fi
+
+# --- Read appetite from RISK-POLICY.md ---
+APPETITE="5"
+if [ -f "RISK-POLICY.md" ]; then
+  EXTRACTED=$(grep -oP 'Threshold:\s*\K[0-9]+' RISK-POLICY.md 2>/dev/null | head -1 || echo "")
+  if [ -n "$EXTRACTED" ]; then
+    APPETITE="$EXTRACTED"
+  fi
+fi
+
+# --- Emit guidance (allow — advisory only, not a gate) ---
+cat <<EOF
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "allow",
+    "systemMessage": "RELEASE RISK GUIDANCE FOR PLANNING:\nThe unreleased queue currently contains:\n${UNRELEASED_SUMMARY}\n\nCurrent release risk score: ${RELEASE_SCORE}.\nRisk appetite threshold: ${APPETITE} (Medium).\n\nYour plan MUST account for projected release risk. If the plan's proposed changes would push projected release risk above appetite when combined with the existing unreleased queue, the plan MUST include one or more of:\n- Release the current unreleased queue first (before implementing the plan)\n- Split the plan into smaller batches that keep projected release risk within appetite\n- Include specific risk-reducing steps (additional tests, rollback procedures)\n\nThe risk-scorer will assess projected release risk at ExitPlanMode and FAIL plans that exceed appetite without a release strategy."
+  }
+}
+EOF
+exit 0

package/hooks/risk-hash-refresh.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# PostToolUse:Bash hook — refreshes the pipeline state hash after git add.
+# Eliminates the "stage before prompt" protocol: when files are staged within
+# a prompt, the hash stays current so the commit gate doesn't detect false drift.
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+
+_parse_input
+
+COMMAND=$(_get_command)
+
+# Only act on commands that change git state
+echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*git (add|commit|stash|reset|checkout|restore)' || exit 0
+
+SESSION_ID=$(_get_session_id)
+[ -n "$SESSION_ID" ] || exit 0
+
+RDIR=$(_risk_dir "$SESSION_ID")
+HASH_FILE="${RDIR}/state-hash"
+[ -f "$HASH_FILE" ] || exit 0  # No hash file yet — scorer hasn't run
+
+CURRENT_HASH=$("$SCRIPT_DIR/lib/pipeline-state.sh" --hash-inputs 2>/dev/null | _hashcmd | cut -d' ' -f1)
+if [ -n "$CURRENT_HASH" ]; then
+  echo "$CURRENT_HASH" > "$HASH_FILE"
+fi
+
+exit 0