npm - @windyroad/risk-scorer - Versions diffs - 0.2.0 - Mend

@windyroad/risk-scorer 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/.claude-plugin/plugin.json +5 -0
package/agents/agent.md +21 -0
package/agents/pipeline.md +152 -0
package/agents/plan.md +85 -0
package/agents/policy.md +43 -0
package/agents/wip.md +79 -0
package/bin/install.mjs +42 -0
package/hooks/git-push-gate.sh +117 -0
package/hooks/hooks.json +24 -0
package/hooks/lib/gate-helpers.sh +174 -0
package/hooks/lib/pipeline-state.sh +318 -0
package/hooks/lib/risk-gate.sh +85 -0
package/hooks/plan-risk-guidance.sh +52 -0
package/hooks/risk-hash-refresh.sh +28 -0
package/hooks/risk-policy-enforce-edit.sh +42 -0
package/hooks/risk-policy-reset-marker.sh +17 -0
package/hooks/risk-score-commit-gate.sh +64 -0
package/hooks/risk-score-mark.sh +120 -0
package/hooks/risk-score-plan-enforce.sh +31 -0
package/hooks/risk-score-reset.sh +17 -0
package/hooks/risk-score.sh +29 -0
package/hooks/secret-leak-gate.sh +72 -0
package/hooks/test/risk-gate.bats +107 -0
package/hooks/wip-risk-gate.sh +44 -0
package/hooks/wip-risk-mark.sh +32 -0
package/package.json +28 -0
package/skills/wr:risk-policy/SKILL.md +178 -0

package/hooks/risk-policy-enforce-edit.sh ADDED Viewed

@@ -0,0 +1,42 @@
+#!/bin/bash
+# PreToolUse hook: Denies Edit/Write to RISK-POLICY.md unless the
+# /risk-policy skill has been engaged (marker file exists).
+# Mirrors: architect-enforce-edit.sh
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_enable_err_trap
+_parse_input
+FILE_PATH=$(_get_file_path)
+SESSION_ID=$(_get_session_id)
+if [ -z "$SESSION_ID" ] || [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+# Only gate RISK-POLICY.md
+BASENAME=$(basename "$FILE_PATH")
+if [ "$BASENAME" != "RISK-POLICY.md" ]; then
+  exit 0
+fi
+# Check for marker
+MARKER="$(_risk_dir "$SESSION_ID")/policy-reviewed"
+if [ -f "$MARKER" ]; then
+  exit 0
+fi
+cat <<'EOF'
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "BLOCKED: Cannot edit RISK-POLICY.md directly. Run the /risk-policy skill first -- it enforces ISO 31000 compliance (reads the risk-scorer contract, discovers project context, checks for incidents, validates with you, and smoke-tests the result). Use the Skill tool with skill: \"risk-policy\"."
+  }
+}
+EOF
+exit 0

package/hooks/risk-policy-reset-marker.sh ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Stop hook: Clears risk-policy session marker.
+# Mirrors: architect-reset-marker.sh
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_parse_input
+SESSION_ID=$(_get_session_id)
+if [ -n "$SESSION_ID" ]; then
+  RDIR=$(_risk_dir "$SESSION_ID")
+  rm -f "${RDIR}/policy-reviewed" "${RDIR}/plan-reviewed"
+fi
+exit 0

package/hooks/risk-score-commit-gate.sh ADDED Viewed

@@ -0,0 +1,64 @@
+#!/bin/bash
+# PreToolUse hook: Denies git commit when risk policy is stale,
+# commit risk score is missing/expired/drifted/above threshold.
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/risk-gate.sh"
+_enable_err_trap
+_parse_input
+TOOL_NAME=$(_get_tool_name)
+[ "$TOOL_NAME" = "Bash" ] || exit 0
+COMMAND=$(_get_command)
+echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*git commit' || exit 0
+SESSION_ID=$(_get_session_id)
+[ -n "$SESSION_ID" ] || exit 0
+# RISK-POLICY.md must exist and not be stale (>14 days)
+if [ ! -f "RISK-POLICY.md" ] || [ ! -s "RISK-POLICY.md" ]; then
+    risk_gate_deny "Commit blocked: RISK-POLICY.md is missing. Run /risk-policy to create it before committing."
+    exit 0
+fi
+POLICY_STALE=$(python3 -c "
+from datetime import date
+import re
+try:
+    text = open('RISK-POLICY.md').read()
+    m = re.search(r'Last reviewed:\*{0,2}\s*(\d{4}-\d{2}-\d{2})', text)
+    if m:
+        reviewed = date.fromisoformat(m.group(1))
+        print('yes' if (date.today() - reviewed).days > 14 else 'no')
+    else:
+        print('no')
+except:
+    print('no')
+" 2>/dev/null || echo "no")
+if [ "$POLICY_STALE" = "yes" ]; then
+    risk_gate_deny "Commit blocked: RISK-POLICY.md is stale (last reviewed over 2 weeks ago). Run /risk-policy to update it before committing."
+    exit 0
+fi
+# Clean tree bypass
+RDIR=$(_risk_dir "$SESSION_ID")
+if [ -f "${RDIR}/clean" ]; then
+    exit 0
+fi
+# Risk-reducing/neutral bypass
+if [ -f "${RDIR}/reducing-commit" ]; then
+    rm -f "${RDIR}/reducing-commit"
+    exit 0
+fi
+# Gate check: existence, TTL, drift, threshold
+if ! check_risk_gate "$SESSION_ID" "commit"; then
+    risk_gate_deny "Commit blocked: ${RISK_GATE_REASON} To proceed: (1) stage files with git add, (2) delegate to risk-scorer-pipeline (subagent_type: 'risk-scorer-pipeline') to assess cumulative pipeline risk. If the commit is risk-neutral or risk-reducing, the scorer will create a bypass marker."
+    exit 0
+fi
+exit 0

package/hooks/risk-score-mark.sh ADDED Viewed

@@ -0,0 +1,120 @@
+#!/bin/bash
+# PostToolUse:Agent hook: Deterministically writes all risk score files,
+# verdict markers, and bypass markers by parsing structured output from
+# risk-scorer agents. This is the ONLY place score files are written —
+# agents output structured markers, this hook writes the files.
+#
+# Handles: risk-scorer-pipeline, risk-scorer-plan, risk-scorer-wip, risk-scorer-policy
+# Replaces: risk-policy-mark-reviewed.sh (which had fragile P001 backup parsing)
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_enable_err_trap
+_parse_input
+TOOL_NAME=$(_get_tool_name)
+[ "$TOOL_NAME" = "Agent" ] || exit 0
+SUBAGENT=$(_get_subagent_type)
+SESSION_ID=$(_get_session_id)
+[ -n "$SESSION_ID" ] || exit 0
+# Only handle risk-scorer agents
+case "$SUBAGENT" in
+  *risk-scorer*) ;;
+  *) exit 0 ;;
+esac
+AGENT_OUTPUT=$(_get_tool_output)
+RDIR=$(_risk_dir "$SESSION_ID")
+# ---------------------------------------------------------------------------
+# Pipeline scorer: write commit/push/release scores + bypass markers
+# ---------------------------------------------------------------------------
+if echo "$SUBAGENT" | grep -qE 'risk-scorer-pipeline'; then
+  # Parse RISK_SCORES: commit=N push=N release=N
+  SCORES_LINE=$(echo "$AGENT_OUTPUT" | grep -E '^RISK_SCORES:' | tail -1) || true
+  if [ -n "$SCORES_LINE" ]; then
+    COMMIT=$(echo "$SCORES_LINE" | grep -oE 'commit=[0-9]+' | cut -d= -f2) || true
+    PUSH=$(echo "$SCORES_LINE" | grep -oE 'push=[0-9]+' | cut -d= -f2) || true
+    RELEASE=$(echo "$SCORES_LINE" | grep -oE 'release=[0-9]+' | cut -d= -f2) || true
+    [ -n "$COMMIT" ] && printf '%s' "$COMMIT" > "${RDIR}/commit"
+    [ -n "$PUSH" ] && printf '%s' "$PUSH" > "${RDIR}/push"
+    [ -n "$RELEASE" ] && printf '%s' "$RELEASE" > "${RDIR}/release"
+  fi
+  # Parse RISK_BYPASS: reducing|incident
+  BYPASS_LINE=$(echo "$AGENT_OUTPUT" | grep -E '^RISK_BYPASS:' | tail -1) || true
+  if [ -n "$BYPASS_LINE" ]; then
+    BYPASS_TYPE=$(echo "$BYPASS_LINE" | sed 's/^RISK_BYPASS:[[:space:]]*//' | tr -d '[:space:]')
+    case "$BYPASS_TYPE" in
+      reducing)
+        touch "${RDIR}/reducing-commit"
+        touch "${RDIR}/reducing-push"
+        touch "${RDIR}/reducing-release"
+        ;;
+      incident)
+        touch "${RDIR}/incident-release"
+        ;;
+    esac
+  fi
+  # Refresh pipeline state hash so drift detection matches scoring time
+  CURRENT_HASH=$("$SCRIPT_DIR/lib/pipeline-state.sh" --hash-inputs 2>/dev/null | _hashcmd | cut -d' ' -f1)
+  if [ -n "$CURRENT_HASH" ]; then
+    echo "$CURRENT_HASH" > "${RDIR}/state-hash"
+  fi
+  # Save report to .risk-reports/
+  REPORT_DIR=".risk-reports"
+  mkdir -p "$REPORT_DIR"
+  TIMESTAMP=$(date -u +%Y-%m-%dT%H-%M-%S)
+  echo "$AGENT_OUTPUT" > "${REPORT_DIR}/${TIMESTAMP}-commit.md"
+fi
+# ---------------------------------------------------------------------------
+# Plan scorer: write plan-reviewed marker on PASS
+# ---------------------------------------------------------------------------
+if echo "$SUBAGENT" | grep -qE 'risk-scorer-plan'; then
+  VERDICT_LINE=$(echo "$AGENT_OUTPUT" | grep -E '^RISK_VERDICT:' | tail -1) || true
+  VERDICT=$(echo "$VERDICT_LINE" | sed 's/^RISK_VERDICT:[[:space:]]*//' | tr -d '[:space:]')
+  case "$VERDICT" in
+    PASS) touch "${RDIR}/plan-reviewed" ;;
+    FAIL) ;; # Do NOT create marker — plan must be revised
+    *) ;; # Unknown verdict — fail closed
+  esac
+  # Refresh pipeline state hash
+  CURRENT_HASH=$("$SCRIPT_DIR/lib/pipeline-state.sh" --hash-inputs 2>/dev/null | _hashcmd | cut -d' ' -f1)
+  if [ -n "$CURRENT_HASH" ]; then
+    echo "$CURRENT_HASH" > "${RDIR}/state-hash"
+  fi
+fi
+# ---------------------------------------------------------------------------
+# WIP scorer: write wip-reviewed marker (unblocks next edit)
+# ---------------------------------------------------------------------------
+if echo "$SUBAGENT" | grep -qE 'risk-scorer-wip'; then
+  # WIP assessment was done — unblock next edit regardless of CONTINUE/PAUSE
+  # (PAUSE is advisory guidance to the user, not a hard gate)
+  touch "${RDIR}/wip-reviewed"
+fi
+# ---------------------------------------------------------------------------
+# Policy scorer: write policy-reviewed marker on PASS
+# ---------------------------------------------------------------------------
+if echo "$SUBAGENT" | grep -qE 'risk-scorer-policy'; then
+  VERDICT_LINE=$(echo "$AGENT_OUTPUT" | grep -E '^RISK_VERDICT:' | tail -1) || true
+  VERDICT=$(echo "$VERDICT_LINE" | sed 's/^RISK_VERDICT:[[:space:]]*//' | tr -d '[:space:]')
+  case "$VERDICT" in
+    PASS) touch "${RDIR}/policy-reviewed" ;;
+    FAIL) ;; # Do NOT create marker — policy must be revised
+    *) ;; # Unknown verdict — fail closed
+  esac
+fi
+exit 0

package/hooks/risk-score-plan-enforce.sh ADDED Viewed

@@ -0,0 +1,31 @@
+#!/bin/bash
+# PreToolUse hook: Denies ExitPlanMode until risk-scorer has reviewed
+# the plan and given PASS. Mirrors architect-plan-enforce.sh pattern.
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_enable_err_trap
+_parse_input
+SESSION_ID=$(_get_session_id)
+[ -n "$SESSION_ID" ] || exit 0
+# Check for risk plan review marker
+MARKER="$(_risk_dir "$SESSION_ID")/plan-reviewed"
+if [ -f "$MARKER" ]; then
+  exit 0
+fi
+cat <<'EOF'
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "BLOCKED: Risk-scorer must review the plan before exiting plan mode. Delegate to risk-scorer-plan (subagent_type: 'risk-scorer-plan') to review the plan file for risk, including projected release risk."
+  }
+}
+EOF
+exit 0

package/hooks/risk-score-reset.sh ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Stop hook: Clears risk score temp files on session end.
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_parse_input
+SESSION_ID=$(_get_session_id)
+if [ -n "$SESSION_ID" ]; then
+    # Remove the entire session-scoped directory
+    RDIR="${TMPDIR:-/tmp}/claude-risk-${SESSION_ID}"
+    rm -rf "$RDIR"
+fi
+exit 0

package/hooks/risk-score.sh ADDED Viewed

@@ -0,0 +1,29 @@
+#!/bin/bash
+# UserPromptSubmit hook: No-op.
+# Risk scoring is triggered by Edit/Write (WIP nudge gate) and gated actions
+# (commit/push/release gates). This hook is retained only for the session
+# marker lifecycle — creating the WIP marker so the first edit isn't blocked.
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_parse_input
+SESSION_ID=$(_get_session_id)
+[ -n "$SESSION_ID" ] || exit 0
+# Create WIP marker so first edit of the session isn't blocked
+RDIR=$(_risk_dir "$SESSION_ID")
+WIP_MARKER="${RDIR}/wip-reviewed"
+if [ ! -f "$WIP_MARKER" ]; then
+    touch "$WIP_MARKER"
+fi
+# Rotate old risk reports (keep last 7 days)
+if [ -d ".risk-reports" ]; then
+    find .risk-reports -name '*.md' -mtime +7 -delete 2>/dev/null || true
+fi
+exit 0

package/hooks/secret-leak-gate.sh ADDED Viewed

@@ -0,0 +1,72 @@
+#!/bin/bash
+# PreToolUse hook: Blocks Edit/Write if content contains secret patterns.
+# Mitigates WR-R2 (Secret leakage risk).
+set -euo pipefail
+INPUT=$(cat)
+# Extract the content being written — check both "new_string" (Edit) and "content" (Write)
+CONTENT=$(echo "$INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    tool_input = data.get('tool_input', {})
+    text = tool_input.get('new_string', '') + tool_input.get('content', '')
+    print(text)
+except:
+    print('')
+" 2>/dev/null || echo "")
+if [ -z "$CONTENT" ]; then
+    exit 0
+fi
+# Check for secret patterns
+MATCHED=""
+# AWS access keys
+if echo "$CONTENT" | grep -qE 'AKIA[0-9A-Z]{16}'; then
+    MATCHED="AWS access key"
+fi
+# Private keys
+if echo "$CONTENT" | grep -qE 'BEGIN[[:space:]]+(RSA|DSA|EC|OPENSSH|PGP)?[[:space:]]*PRIVATE KEY'; then
+    MATCHED="private key"
+fi
+# GitHub tokens
+if echo "$CONTENT" | grep -qE 'gh[pousr]_[A-Za-z0-9_]{36,}'; then
+    MATCHED="GitHub token"
+fi
+# Generic API key/secret/token assignments with actual values (not variable references)
+if echo "$CONTENT" | grep -qEi '(api_key|api_secret|auth_key|auth_token|secret_key)[[:space:]]*[=:][[:space:]]*["\x27][A-Za-z0-9+/=_-]{16,}'; then
+    MATCHED="API key/secret assignment"
+fi
+# Cloudflare auth key pattern (specific to this project's legacy scripts)
+if echo "$CONTENT" | grep -qE 'X-Auth-Key:[[:space:]]*[A-Za-z0-9]{30,}'; then
+    MATCHED="Cloudflare auth key"
+fi
+# Netlify auth token
+if echo "$CONTENT" | grep -qE 'NETLIFY_AUTH_TOKEN[[:space:]]*[=:][[:space:]]*["\x27][A-Za-z0-9_-]{16,}'; then
+    MATCHED="Netlify auth token"
+fi
+if [ -n "$MATCHED" ]; then
+    cat <<EOF
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "BLOCKED (WR-R2): Detected probable $MATCHED in file content. Do not write secrets to files — use environment variables or CI secrets instead."
+  }
+}
+EOF
+    exit 0
+fi
+# No secrets detected — allow
+exit 0

package/hooks/test/risk-gate.bats ADDED Viewed

@@ -0,0 +1,107 @@
+#!/usr/bin/env bats
+# Tests for .claude/hooks/lib/risk-gate.sh
+setup() {
+  HOOKS_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)"
+  source "$HOOKS_DIR/lib/gate-helpers.sh"
+  source "$HOOKS_DIR/lib/risk-gate.sh"
+  TEST_SESSION="bats-test-$$-${BATS_TEST_NUMBER}"
+  RDIR=$(_risk_dir "$TEST_SESSION")
+  SCORE_FILE="${RDIR}/commit"
+  HASH_FILE="${RDIR}/state-hash"
+  export RISK_TTL=5
+  rm -f "$SCORE_FILE" "$HASH_FILE"
+}
+teardown() {
+  rm -rf "${TMPDIR:-/tmp}/claude-risk-${TEST_SESSION}"
+}
+# Helper: call check_risk_gate directly (not via run) so RISK_GATE_REASON is visible
+assert_gate_denies() {
+  local session="$1" action="$2" expected_reason="$3"
+  RISK_GATE_REASON=""
+  if check_risk_gate "$session" "$action"; then
+    echo "Expected gate to deny but it allowed"
+    return 1
+  fi
+  if [[ "$RISK_GATE_REASON" != *"$expected_reason"* ]]; then
+    echo "Expected reason to contain '$expected_reason' but got: $RISK_GATE_REASON"
+    return 1
+  fi
+}
+assert_gate_allows() {
+  local session="$1" action="$2"
+  if ! check_risk_gate "$session" "$action"; then
+    echo "Expected gate to allow but it denied: $RISK_GATE_REASON"
+    return 1
+  fi
+}
+@test "missing score file denies" {
+  assert_gate_denies "$TEST_SESSION" "commit" "No commit risk score found"
+}
+@test "score file with PENDING denies (non-numeric)" {
+  printf 'PENDING' > "$SCORE_FILE"
+  assert_gate_denies "$TEST_SESSION" "commit" "invalid value"
+}
+@test "score 4 allows (below threshold)" {
+  printf '4' > "$SCORE_FILE"
+  assert_gate_allows "$TEST_SESSION" "commit"
+}
+@test "score 5 denies (at threshold)" {
+  printf '5' > "$SCORE_FILE"
+  assert_gate_denies "$TEST_SESSION" "commit" "5/25"
+}
+@test "score 8 denies (above threshold)" {
+  printf '8' > "$SCORE_FILE"
+  assert_gate_denies "$TEST_SESSION" "commit" "8/25"
+}
+@test "score 1 allows (very low)" {
+  printf '1' > "$SCORE_FILE"
+  assert_gate_allows "$TEST_SESSION" "commit"
+}
+@test "expired score file denies" {
+  printf '3' > "$SCORE_FILE"
+  # Backdate mtime by 10 seconds (TTL is 5)
+  touch -t "$(date -v-10S +%Y%m%d%H%M.%S 2>/dev/null || date -d '10 seconds ago' +%Y%m%d%H%M.%S 2>/dev/null)" "$SCORE_FILE"
+  assert_gate_denies "$TEST_SESSION" "commit" "expired"
+}
+@test "fresh score file allows" {
+  printf '3' > "$SCORE_FILE"
+  touch "$SCORE_FILE"
+  assert_gate_allows "$TEST_SESSION" "commit"
+}
+@test "drift detection: hash mismatch denies" {
+  printf '3' > "$SCORE_FILE"
+  touch "$SCORE_FILE"
+  echo "oldhash123" > "$HASH_FILE"
+  assert_gate_denies "$TEST_SESSION" "commit" "drift"
+}
+@test "no hash file skips drift check (backwards compat)" {
+  printf '3' > "$SCORE_FILE"
+  touch "$SCORE_FILE"
+  rm -f "$HASH_FILE"
+  assert_gate_allows "$TEST_SESSION" "commit"
+}
+@test "risk_gate_deny outputs valid JSON" {
+  run risk_gate_deny "Test reason"
+  [ "$status" -eq 0 ]
+  echo "$output" | python3 -c "import sys, json; json.load(sys.stdin)" 2>/dev/null
+  [[ "$output" == *"permissionDecision"* ]]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"Test reason"* ]]
+}

package/hooks/wip-risk-gate.sh ADDED Viewed

@@ -0,0 +1,44 @@
+#!/bin/bash
+# PreToolUse hook: Blocks Edit/Write on non-doc files until WIP risk
+# assessment has been completed by the risk-scorer in WIP nudge mode.
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_enable_err_trap
+_parse_input
+TOOL_NAME=$(_get_tool_name)
+case "$TOOL_NAME" in
+  Edit|Write) ;;
+  *) exit 0 ;;
+esac
+FILE_PATH=$(_get_file_path)
+[ -n "$FILE_PATH" ] || exit 0
+# Skip doc/governance files
+if _is_doc_file "$FILE_PATH"; then
+    exit 0
+fi
+SESSION_ID=$(_get_session_id)
+[ -n "$SESSION_ID" ] || exit 0
+MARKER="$(_risk_dir "$SESSION_ID")/wip-reviewed"
+if [ -f "$MARKER" ]; then
+    exit 0
+fi
+cat <<'EOF'
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "WIP risk assessment required. Delegate to risk-scorer-wip (subagent_type: 'risk-scorer-wip') to assess cumulative pipeline risk for changes so far."
+  }
+}
+EOF
+exit 0

package/hooks/wip-risk-mark.sh ADDED Viewed

@@ -0,0 +1,32 @@
+#!/bin/bash
+# PostToolUse hook: Manages the WIP-reviewed marker.
+# - After Edit/Write on non-doc files: clears the marker (blocks next edit)
+# - After Agent (risk-scorer) completion: creates the marker (unblocks next edit)
+set -euo pipefail
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "$SCRIPT_DIR/lib/gate-helpers.sh"
+_enable_err_trap
+_parse_input
+TOOL_NAME=$(_get_tool_name)
+SESSION_ID=$(_get_session_id)
+[ -n "$SESSION_ID" ] || exit 0
+MARKER="$(_risk_dir "$SESSION_ID")/wip-reviewed"
+case "$TOOL_NAME" in
+  Edit|Write)
+    FILE_PATH=$(_get_file_path)
+    [ -n "$FILE_PATH" ] || exit 0
+    if ! _is_doc_file "$FILE_PATH"; then
+        rm -f "$MARKER"
+    fi
+    ;;
+  # Agent case handled by risk-score-mark.sh
+esac
+exit 0

package/package.json ADDED Viewed

@@ -0,0 +1,28 @@
+{
+  "name": "@windyroad/risk-scorer",
+  "version": "0.2.0",
+  "description": "Pipeline risk scoring, commit/push gates, and secret leak detection",
+  "bin": {
+    "windyroad-risk-scorer": "./bin/install.mjs"
+  },
+  "type": "module",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/windyroad/agent-plugins.git",
+    "directory": "packages/risk-scorer"
+  },
+  "keywords": [
+    "claude-code",
+    "claude-code-plugin",
+    "ai-agent",
+    "ai-coding"
+  ],
+  "files": [
+    "bin/",
+    "agents/",
+    "hooks/",
+    "skills/",
+    ".claude-plugin/"
+  ]
+}