@windyroad/risk-scorer 0.3.2-preview.77 → 0.3.3-preview.81

package/agents/test/risk-scorer-commit-verdict.bats

@@ -0,0 +1,66 @@
+#!/usr/bin/env bats
+# Doc-lint guard: wip.md and assess-wip SKILL.md must define the
+# RISK_VERDICT: COMMIT extension per ADR-016.
+#
+# Structural assertion — Permitted Exception to the source-grep ban (ADR-005 / P011).
+# These tests assert that the agent and skill specification documents conform to
+# the COMMIT verdict contract introduced by P024 / ADR-016.
+#
+# Cross-reference:
+#   P024: docs/problems/024-risk-scorer-wip-flag-uncommitted-completed-work.open.md
+#   ADR-016: docs/decisions/016-wip-verdict-commit-for-completed-governance-work.proposed.md
+#   ADR-013: docs/decisions/013-structured-user-interaction-for-governance-decisions.proposed.md
+#   @jtbd JTBD-002 (ship with confidence)
+#   @jtbd JTBD-001 (enforce governance without slowing down)
+
+setup() {
+  AGENTS_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)"
+  WIP_FILE="${AGENTS_DIR}/wip.md"
+  SKILL_DIR="$(cd "${AGENTS_DIR}/../skills/assess-wip" && pwd)"
+  SKILL_FILE="${SKILL_DIR}/SKILL.md"
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# wip.md — COMMIT verdict definition
+# ──────────────────────────────────────────────────────────────────────────────
+
+@test "wip.md defines RISK_VERDICT: COMMIT as a third verdict type" {
+  # ADR-016 §Verdict Contract: COMMIT is distinct from CONTINUE and PAUSE.
+  # The agent prompt must name this verdict so the LLM knows to emit it.
+  run grep -n "RISK_VERDICT:.*COMMIT\|RISK_VERDICT: COMMIT" "$WIP_FILE"
+  [ "$status" -eq 0 ]
+}
+
+@test "wip.md defines RISK_COMMIT_REASON: output field" {
+  # ADR-016 §Verdict Contract: COMMIT verdict must include a one-line reason
+  # so the calling skill can surface a meaningful message to the user.
+  run grep -n "RISK_COMMIT_REASON" "$WIP_FILE"
+  [ "$status" -eq 0 ]
+}
+
+@test "wip.md defines governance-artefact detection heuristic for COMMIT verdict" {
+  # ADR-016 §Detection Heuristic: COMMIT fires only when all uncommitted changes
+  # are in governance artefact paths (docs/problems/, packages/*/skills/).
+  # This guards against false-positive COMMIT signals on mixed diffs.
+  run grep -in "governance.artefact\|governance artefact\|docs/problems\|packages/\*/skills" "$WIP_FILE"
+  [ "$status" -eq 0 ]
+}
+
+@test "wip.md COMMIT verdict is only emitted when risk is within appetite" {
+  # ADR-016 §Detection Heuristic criterion 1: risk must be ≤ 4 for COMMIT to fire.
+  # Above-appetite changes must be PAUSE regardless of governance-artefact status.
+  # Look for the explicit appetite gate in the COMMIT detection section specifically.
+  run grep -in "PAUSE.*governance\|governance.*PAUSE\|appetite.*COMMIT\|COMMIT.*appetite\|COMMIT.*within\|within.*COMMIT" "$WIP_FILE"
+  [ "$status" -eq 0 ]
+}
+
+# ──────────────────────────────────────────────────────────────────────────────
+# assess-wip SKILL.md — COMMIT verdict handling
+# ──────────────────────────────────────────────────────────────────────────────
+
+@test "assess-wip SKILL.md handles RISK_VERDICT: COMMIT distinctly from CONTINUE/PAUSE" {
+  # ADR-016 §Consequences: assess-wip Step 4 must surface RISK_VERDICT: COMMIT
+  # as a prominent suggestion to commit, not treat it the same as CONTINUE.
+  run grep -n "COMMIT\|commit.*now\|commit now" "$SKILL_FILE"
+  [ "$status" -eq 0 ]
+}

package/agents/wip.md

@@ -70,6 +70,32 @@ Do NOT emit free-text suggestions as prose. The structured block is the only out
 
 The verdict is `RISK_VERDICT: PAUSE`. This blocks the next edit until the risk is addressed.
 
+### Completed-Work Detection (RISK_VERDICT: COMMIT)
+
+After assessing the risk profile, check whether uncommitted changes represent **completed governance work** that should be committed immediately to reduce WIP pipeline risk (ADR-016).
+
+**Governance-artefact detection heuristic**: Check `git status --short` and `git diff HEAD --name-only`. If ALL uncommitted files fall within these paths:
+- `docs/problems/*.md`
+- `packages/*/skills/**/*.md`
+- `packages/*/skills/**/*.bats`
+- `docs/decisions/*.md`
+
+AND cumulative risk is **within appetite** (≤ 4), AND at least one completion signal is present:
+- A problem file diff contains "Fix Released" or a status transition keyword (`.known-error.md`, `.closed.md`)
+- A SKILL.md was modified alongside a problem file update
+
+→ Emit `RISK_VERDICT: COMMIT` instead of `RISK_VERDICT: CONTINUE`.
+
+**Appetite gate**: If cumulative risk exceeds appetite, emit `RISK_VERDICT: PAUSE` regardless of governance artefact status — PAUSE takes precedence over COMMIT.
+
+**False-positive safeguard**: If ANY uncommitted file is outside governance artefact paths (e.g., `.ts`, `.js`, `.sh`, `.mjs`, `package.json`), do NOT emit COMMIT — the diff is mixed WIP and the heuristic cannot safely distinguish completed from in-progress work. Emit CONTINUE or PAUSE normally.
+
+**Format when COMMIT is emitted**:
+```
+RISK_VERDICT: COMMIT
+RISK_COMMIT_REASON: <one-line description of the completed governance work detected>
+```
+
 ## Control Discovery
 
 For each control claimed to reduce risk, name the specific test file/scenario. If you cannot name it, it provides 0 reduction.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/risk-scorer",
-  "version": "0.3.2-preview.77",
+  "version": "0.3.3-preview.81",
   "description": "Pipeline risk scoring, commit/push gates, and secret leak detection",
   "bin": {
     "windyroad-risk-scorer": "./bin/install.mjs"

package/skills/assess-wip/SKILL.md

@@ -53,9 +53,18 @@ Wait for the subagent to complete.
 
 ### 4. Present results
 
-Present the WIP risk nudge to the user. The wip subagent provides guidance and recommendations, not a formal gate score. Highlight:
-- The highest-risk files or change patterns identified
-- Any recommendations to reduce risk before committing
-- Whether a full pipeline assessment (`assess-release`) is recommended before committing
+Present the WIP risk nudge to the user. The wip subagent provides guidance and recommendations, not a formal gate score.
+
+**Check `RISK_VERDICT` from the subagent output and handle each case distinctly:**
+
+- **`RISK_VERDICT: CONTINUE`**: changes are in-progress and within risk appetite. Highlight the highest-risk files or change patterns; note whether a full pipeline assessment (`assess-release`) is recommended before committing.
+
+- **`RISK_VERDICT: PAUSE`**: risk exceeds appetite. Prominently surface the `RISK_REMEDIATIONS:` block. Explain each remediation clearly. Do NOT suggest committing until remediations are addressed.
+
+- **`RISK_VERDICT: COMMIT`** (ADR-016): the uncommitted diff consists entirely of completed governance work (problem fixes, SKILL.md updates, closed problem transitions) and risk is within appetite. Present a prominent commit-now suggestion:
+  > "The uncommitted changes look like completed governance work. Commit now to reduce WIP and feed the pipeline."
+  > *Reason: `<RISK_COMMIT_REASON from subagent>`*
+  
+  Use `AskUserQuestion` to offer: "Commit completed governance work now?" — Yes (user confirms and runs `git commit`) or "Not yet" (user defers).
 
 $ARGUMENTS