@windyroad/risk-scorer 0.3.5 → 0.3.6-preview.192

package/.claude-plugin/plugin.json

@@ -1,5 +1,5 @@
 {
   "name": "wr-risk-scorer",
-  "version": "0.3.5",
+  "version": "0.3.6",
   "description": "Pipeline risk scoring, commit/push/release gates for Claude Code"
 }

package/agents/pipeline.md

@@ -149,9 +149,9 @@ exceeds appetite. The only sanctioned above-appetite output is the Risk Report
 structure, `RISK_SCORES: ...`, and the structured `RISK_REMEDIATIONS:` block
 defined below.
 
-Emit a structured `RISK_REMEDIATIONS:` block after the `RISK_SCORES:` line. This gives the calling skill machine-readable input for structured decision prompts.
+Emit a structured `RISK_REMEDIATIONS:` block after the `RISK_SCORES:` line. This gives the calling skill machine-readable input.
 
-Format (5 columns — machine-readable for structured AskUserQuestion prompts in calling skills):
+Format (5 columns):
 ```
 RISK_REMEDIATIONS:
 - R1 | <description of remediation> | <effort S/M/L> | <risk_delta -N> | <files affected>
@@ -161,6 +161,7 @@ RISK_REMEDIATIONS:
 Column definitions:
 - **effort**: estimated size of the remediation — S (< 1h, single file), M (1-4h, few files), L (> 4h, multiple files)
 - **risk_delta**: estimated reduction in residual risk if this remediation is applied (e.g., `-3` means risk drops by 3 points)
+- **description**: free-form prose. The agent reads this and decides what to do. No structured action_class column.
 
 Include downstream back-pressure in the remediation list:
 - **Commit**: If adding this commit would push the push queue risk >= 5, include a remediation to split the commit.

package/agents/plan.md

@@ -55,7 +55,7 @@ not policy-authorised — the only sanctioned FAIL output is the Plan Risk Repor
 the `RISK_VERDICT: FAIL` marker, and the structured `RISK_REMEDIATIONS:` block
 defined below.
 
-Emit a structured `RISK_REMEDIATIONS:` block after the verdict (5 columns — machine-readable for structured AskUserQuestion prompts in calling skills):
+Emit a structured `RISK_REMEDIATIONS:` block after the verdict (5 columns):
 ```
 RISK_REMEDIATIONS:
 - R1 | <description of what the plan must add/change> | <effort S/M/L> | <risk_delta -N> | <affected area>
@@ -64,8 +64,9 @@ RISK_REMEDIATIONS:
 Column definitions:
 - **effort**: estimated size of the remediation — S (< 1h, single file), M (1-4h, few files), L (> 4h, multiple files)
 - **risk_delta**: estimated reduction in residual risk if this remediation is applied
+- **description**: free-form prose. The agent reads this and decides what to do. No structured action_class column.
 
-Do NOT emit free-text "consider" or "you should" prose. The structured block is the only output for above-appetite guidance.
+Do NOT emit free-text "consider" or "you should" prose outside the structured block. The `RISK_REMEDIATIONS:` block is the only output for above-appetite guidance.
 
 ## Control Discovery
 

package/agents/test/risk-scorer-structured-remediations.bats

@@ -98,3 +98,26 @@ setup() {
   run grep -q "risk_delta" "$PLAN"
   [ "$status" -eq 0 ]
 }
+
+# ──────────────────────────────────────────────────────────────────────────────
+# P108: scorer writes prose descriptions; agent decides (ADR-042 Rule 2a)
+# ──────────────────────────────────────────────────────────────────────────────
+
+@test "pipeline.md RISK_REMEDIATIONS format has no action_class column" {
+  # ADR-042 Rule 2a: no structured action_class column. The agent reads
+  # the description and decides. Match only markdown-table column-header
+  # rows so prose mentions of "action_class" (e.g. "No structured
+  # action_class column.") do not trip the assertion (P114).
+  run grep -qE '^\| *action_class\b' "$PIPELINE"
+  [ "$status" -ne 0 ]
+}
+
+@test "wip.md RISK_REMEDIATIONS format has no action_class column" {
+  run grep -qE '^\| *action_class\b' "$WIP"
+  [ "$status" -ne 0 ]
+}
+
+@test "plan.md RISK_REMEDIATIONS format has no action_class column" {
+  run grep -qE '^\| *action_class\b' "$PLAN"
+  [ "$status" -ne 0 ]
+}

package/agents/wip.md

@@ -61,7 +61,7 @@ structured `RISK_REMEDIATIONS:` block defined below.
 
 Provide the assessment table, then emit a structured `RISK_REMEDIATIONS:` block with specific risk-reducing actions:
 
-Format (5 columns — machine-readable for structured AskUserQuestion prompts in calling skills):
+Format (5 columns):
 ```
 RISK_REMEDIATIONS:
 - R1 | Commit current changes to move WIP forward | S | -2 | <uncommitted files>
@@ -73,8 +73,9 @@ RISK_REMEDIATIONS:
 Column definitions:
 - **effort**: estimated size of the remediation — S (< 1h, single file), M (1-4h, few files), L (> 4h, multiple files)
 - **risk_delta**: estimated reduction in residual risk if this remediation is applied (e.g., `-3` means risk drops by 3 points)
+- **description**: free-form prose. The agent reads this and decides what to do. No structured action_class column.
 
-Do NOT emit free-text suggestions as prose. The structured block is the only output for above-appetite guidance.
+Do NOT emit free-text suggestions outside the structured block. The `RISK_REMEDIATIONS:` block is the only output for above-appetite guidance.
 
 The verdict is `RISK_VERDICT: PAUSE`. This blocks the next edit until the risk is addressed.
 

package/hooks/git-push-gate.sh

@@ -32,7 +32,7 @@ if echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*git push(\s|$)'; then
     exit 0
 fi
 
-# Gate push:watch on push risk score
+# Gate push:watch on push risk score (inherits three-band TTL via check_risk_gate — P090)
 if echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*npm run push:watch(\s|$)'; then
     if [ -n "$SESSION_ID" ]; then
         RDIR=$(_risk_dir "$SESSION_ID")
@@ -45,27 +45,12 @@ if echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*npm run push:watch(\s|$)'; then
         if [ -f "${RDIR}/clean" ]; then
             exit 0
         fi
-        PUSH_SCORE_FILE="${RDIR}/push"
-        if [ ! -f "$PUSH_SCORE_FILE" ]; then
-            risk_gate_deny "Push blocked: No push risk score found. Delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') to assess cumulative pipeline risk."
-            exit 0
-        fi
-        PUSH_NOW=$(date +%s)
-        PUSH_SCORE_TIME=$(_mtime "$PUSH_SCORE_FILE")
-        PUSH_AGE=$(( PUSH_NOW - PUSH_SCORE_TIME ))
-        PUSH_TTL="${RISK_TTL:-1800}"
-        if [ "$PUSH_AGE" -ge "$PUSH_TTL" ]; then
-            risk_gate_deny "Push blocked: Push risk score expired (${PUSH_AGE}s old, TTL ${PUSH_TTL}s). Delegate to risk-scorer to rescore."
-            exit 0
-        fi
-        PUSH_SCORE=$(cat "$PUSH_SCORE_FILE" 2>/dev/null || echo "")
-        if ! echo "$PUSH_SCORE" | grep -qE '^[0-9]+(\.[0-9]+)?$'; then
-            risk_gate_deny "Push blocked: Push risk score is not yet available (scoring in progress). Wait a moment and retry."
-            exit 0
-        fi
-        PUSH_DENIED=$(python3 -c "print('yes' if float('${PUSH_SCORE}') >= 5 else 'no')" 2>/dev/null || echo "no")
-        if [ "$PUSH_DENIED" = "yes" ]; then
-            risk_gate_deny "Push blocked: Push risk score ${PUSH_SCORE}/25 (Medium or above). To proceed: (1) release first via \`npm run release:watch\`, (2) split the push, or (3) add risk-reducing measures. If risk-neutral or risk-reducing, delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') — it will create a bypass marker."
+        if ! check_risk_gate "$SESSION_ID" "push"; then
+            if [ "$RISK_GATE_CATEGORY" = "threshold" ]; then
+                risk_gate_deny "Push blocked: Push risk score ${RISK_GATE_SCORE}/25 (Medium or above). To proceed: (1) release first via \`npm run release:watch\`, (2) split the push, or (3) add risk-reducing measures. If risk-neutral or risk-reducing, delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') — it will create a bypass marker."
+            else
+                risk_gate_deny "Push blocked: ${RISK_GATE_REASON}"
+            fi
             exit 0
         fi
     fi

package/hooks/lib/risk-gate.sh

@@ -9,6 +9,18 @@ source "$_RISK_GATE_DIR/gate-helpers.sh"
 
 # Check risk gate for a given action. Returns 0 if allowed, 1 if denied.
 # Sets RISK_GATE_REASON on failure with human-readable message.
+# Also sets RISK_GATE_CATEGORY ∈ {missing, expired, drift, invalid, threshold}
+# and RISK_GATE_SCORE (on threshold) for callers that customise deny messages.
+#
+# Implements the three-band TTL policy (P090, ADR-009 footnote):
+#   Band A: age < TTL/2        → pass silently (no slide).
+#   Band B: TTL/2 ≤ age < TTL  → if state-hash is invariant since the
+#                                scorer ran, pass AND slide the marker
+#                                forward (touch score file); bounded by
+#                                a 2×TTL hard-cap from the scorer-run
+#                                birth time stored in <action>-born.
+#                                If the hash drifted, halt as before.
+#   Band C: age ≥ TTL          → halt with the existing expired message.
 # Usage: check_risk_gate "$SESSION_ID" "commit"
 check_risk_gate() {
   local SESSION_ID="$1"
@@ -16,24 +28,37 @@ check_risk_gate() {
   local RDIR
   RDIR=$(_risk_dir "$SESSION_ID")
   local SCORE_FILE="${RDIR}/${ACTION}"
+  local BORN_FILE="${RDIR}/${ACTION}-born"
   local HASH_FILE="${RDIR}/state-hash"
-  local TTL_SECONDS="${RISK_TTL:-1800}"
+  local TTL_SECONDS="${RISK_TTL:-3600}"
+
+  RISK_GATE_CATEGORY=""
+  RISK_GATE_SCORE=""
 
   # 1. Score file must exist (fail-closed)
   if [ ! -f "$SCORE_FILE" ]; then
+    RISK_GATE_CATEGORY="missing"
     RISK_GATE_REASON="No ${ACTION} risk score found. Delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') to assess cumulative pipeline risk."
     return 1
   fi
 
-  # 2. TTL check — score file mtime must be within TTL
+  # 2. TTL — Band C hard expiry first
   local NOW=$(date +%s)
   local SCORE_TIME=$(_mtime "$SCORE_FILE")
   local AGE=$(( NOW - SCORE_TIME ))
   if [ "$AGE" -ge "$TTL_SECONDS" ]; then
+    RISK_GATE_CATEGORY="expired"
     RISK_GATE_REASON="Risk score expired (${AGE}s old, TTL ${TTL_SECONDS}s). Delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') to rescore."
     return 1
   fi
 
+  # Detect Band B candidacy (age in [TTL/2, TTL))
+  local HALF_TTL=$(( TTL_SECONDS / 2 ))
+  local BAND_B=0
+  if [ "$AGE" -ge "$HALF_TTL" ]; then
+    BAND_B=1
+  fi
+
   # 3. Drift detection — pipeline state hash must match
   # The hash is computed from git diff HEAD --stat at prompt submit time.
   # If you staged files AFTER the prompt, the hash will differ.
@@ -43,15 +68,34 @@ check_risk_gate() {
     local CURRENT_HASH
     CURRENT_HASH=$("$_RISK_GATE_DIR/pipeline-state.sh" --hash-inputs 2>/dev/null | _hashcmd | cut -d' ' -f1)
     if [ "$STORED_HASH" != "$CURRENT_HASH" ]; then
+      RISK_GATE_CATEGORY="drift"
       RISK_GATE_REASON="Pipeline state drift: working tree changed since the last ${ACTION} risk assessment. Delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') to rescore against the current state."
       return 1
     fi
+
+    # Band B + hash invariant: slide the marker forward, bounded by 2×TTL
+    # from the scorer-run birth time. The hard cap prevents an unchanged-but-
+    # perpetually-idle tree from riding a single marker indefinitely.
+    if [ "$BAND_B" = "1" ]; then
+      if [ -f "$BORN_FILE" ]; then
+        local BORN_TIME=$(_mtime "$BORN_FILE")
+        local BORN_AGE=$(( NOW - BORN_TIME ))
+        local HARD_CAP=$(( TTL_SECONDS * 2 ))
+        if [ "$BORN_AGE" -ge "$HARD_CAP" ]; then
+          RISK_GATE_CATEGORY="expired"
+          RISK_GATE_REASON="Risk score expired (${BORN_AGE}s total since scoring, hard cap ${HARD_CAP}s). Delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') to rescore."
+          return 1
+        fi
+      fi
+      touch "$SCORE_FILE"
+    fi
   fi
-  # No hash file = backward compat, skip drift check
+  # No hash file = backward compat, skip drift check and Band B slide
 
   # 4. Read and validate score
   local SCORE=$(cat "$SCORE_FILE" 2>/dev/null || echo "")
   if ! echo "$SCORE" | grep -qE '^[0-9]+(\.[0-9]+)?$'; then
+    RISK_GATE_CATEGORY="invalid"
     RISK_GATE_REASON="Risk score file contains an invalid value. Re-run the risk-scorer agent."
     return 1
   fi
@@ -63,6 +107,8 @@ print('yes' if score >= 5 else 'no')
 " 2>/dev/null || echo "no")
 
   if [ "$DENIED" = "yes" ]; then
+    RISK_GATE_CATEGORY="threshold"
+    RISK_GATE_SCORE="$SCORE"
     RISK_GATE_REASON="${ACTION} risk score ${SCORE}/25 (Medium or above). To proceed: (1) split the ${ACTION}, (2) add risk-reducing measures, or (3) for a LIVE INCIDENT, delegate to wr-risk-scorer:pipeline (subagent_type: 'wr-risk-scorer:pipeline') with incident context for an incident bypass."
     return 1
   fi

package/hooks/risk-score-mark.sh

@@ -42,9 +42,13 @@ if echo "$SUBAGENT" | grep -qE 'risk-scorer.pipeline'; then
     PUSH=$(echo "$SCORES_LINE" | grep -oE 'push=[0-9]+' | cut -d= -f2) || true
     RELEASE=$(echo "$SCORES_LINE" | grep -oE 'release=[0-9]+' | cut -d= -f2) || true
 
-    [ -n "$COMMIT" ] && printf '%s' "$COMMIT" > "${RDIR}/commit"
-    [ -n "$PUSH" ] && printf '%s' "$PUSH" > "${RDIR}/push"
-    [ -n "$RELEASE" ] && printf '%s' "$RELEASE" > "${RDIR}/release"
+    # Birth markers (<action>-born) capture the scorer-run timestamp. Band B
+    # of the three-band TTL policy (P090) uses them to enforce a 2×TTL
+    # hard-cap on sliding-window extension, so an unchanged-but-idle tree
+    # cannot ride a single score indefinitely.
+    [ -n "$COMMIT" ] && { printf '%s' "$COMMIT" > "${RDIR}/commit"; touch "${RDIR}/commit-born"; }
+    [ -n "$PUSH" ] && { printf '%s' "$PUSH" > "${RDIR}/push"; touch "${RDIR}/push-born"; }
+    [ -n "$RELEASE" ] && { printf '%s' "$RELEASE" > "${RDIR}/release"; touch "${RDIR}/release-born"; }
   fi
 
   # Parse RISK_BYPASS: reducing|incident

package/hooks/test/risk-gate.bats

@@ -105,3 +105,117 @@ assert_gate_allows() {
   [[ "$output" == *"deny"* ]]
   [[ "$output" == *"Test reason"* ]]
 }
+
+# ---------------------------------------------------------------------------
+# Three-band TTL policy (P090)
+# Band A: age < TTL/2 → pass silently, no slide
+# Band B: TTL/2 <= age < TTL → consult state-hash; if invariant, pass + slide
+#         the marker forward (touch score file) bounded by 2*TTL hard cap
+#         from the scorer-run birth time (<action>-born); if drifted, halt
+# Band C: age >= TTL → halt with existing "expired" message
+# ---------------------------------------------------------------------------
+
+# Helper: backdate file mtime by N seconds (portable between macOS and Linux)
+_backdate() {
+  local file="$1" seconds="$2"
+  local stamp
+  stamp=$(date -v-${seconds}S +%Y%m%d%H%M.%S 2>/dev/null \
+       || date -d "${seconds} seconds ago" +%Y%m%d%H%M.%S 2>/dev/null)
+  touch -t "$stamp" "$file"
+}
+
+# Helper: write a matching state-hash for the current working tree
+_write_matching_hash() {
+  local target="$1"
+  local hash
+  hash=$("$HOOKS_DIR/lib/pipeline-state.sh" --hash-inputs 2>/dev/null | _hashcmd | cut -d' ' -f1)
+  echo "$hash" > "$target"
+}
+
+@test "Band A (age < TTL/2): passes, does NOT slide the marker" {
+  printf '3' > "$SCORE_FILE"
+  touch "$SCORE_FILE"
+  rm -f "$HASH_FILE"
+  BEFORE_MTIME=$(_mtime "$SCORE_FILE")
+  sleep 1
+  assert_gate_allows "$TEST_SESSION" "commit"
+  AFTER_MTIME=$(_mtime "$SCORE_FILE")
+  [ "$BEFORE_MTIME" = "$AFTER_MTIME" ]
+}
+
+@test "Band B (TTL/2 <= age < TTL) with hash invariant: passes AND slides marker forward" {
+  printf '3' > "$SCORE_FILE"
+  _backdate "$SCORE_FILE" 3
+  _write_matching_hash "$HASH_FILE"
+  touch "${SCORE_FILE}-born"
+  BEFORE_MTIME=$(_mtime "$SCORE_FILE")
+  assert_gate_allows "$TEST_SESSION" "commit"
+  AFTER_MTIME=$(_mtime "$SCORE_FILE")
+  [ "$AFTER_MTIME" -gt "$BEFORE_MTIME" ]
+}
+
+@test "Band B with no hash file: passes but does NOT slide (no invariance proof)" {
+  printf '3' > "$SCORE_FILE"
+  _backdate "$SCORE_FILE" 3
+  rm -f "$HASH_FILE"
+  BEFORE_MTIME=$(_mtime "$SCORE_FILE")
+  sleep 1
+  assert_gate_allows "$TEST_SESSION" "commit"
+  AFTER_MTIME=$(_mtime "$SCORE_FILE")
+  [ "$BEFORE_MTIME" = "$AFTER_MTIME" ]
+}
+
+@test "Band B with hash mismatch: denies with drift (no slide)" {
+  printf '3' > "$SCORE_FILE"
+  _backdate "$SCORE_FILE" 3
+  echo "staleold" > "$HASH_FILE"
+  touch "${SCORE_FILE}-born"
+  BEFORE_MTIME=$(_mtime "$SCORE_FILE")
+  assert_gate_denies "$TEST_SESSION" "commit" "drift"
+  AFTER_MTIME=$(_mtime "$SCORE_FILE")
+  [ "$BEFORE_MTIME" = "$AFTER_MTIME" ]
+}
+
+@test "Band B with hard-cap exceeded (born-age >= 2*TTL): denies even if hash invariant" {
+  printf '3' > "$SCORE_FILE"
+  _backdate "$SCORE_FILE" 3
+  _write_matching_hash "$HASH_FILE"
+  touch "${SCORE_FILE}-born"
+  _backdate "${SCORE_FILE}-born" 12
+  assert_gate_denies "$TEST_SESSION" "commit" "expired"
+}
+
+@test "Band C (age >= TTL): denies regardless of hash invariance" {
+  printf '3' > "$SCORE_FILE"
+  _backdate "$SCORE_FILE" 10
+  _write_matching_hash "$HASH_FILE"
+  touch "${SCORE_FILE}-born"
+  assert_gate_denies "$TEST_SESSION" "commit" "expired"
+}
+
+@test "Band B denial exports RISK_GATE_CATEGORY=drift on hash mismatch" {
+  printf '3' > "$SCORE_FILE"
+  _backdate "$SCORE_FILE" 3
+  echo "staleold" > "$HASH_FILE"
+  RISK_GATE_CATEGORY=""
+  ! check_risk_gate "$TEST_SESSION" "commit"
+  [ "$RISK_GATE_CATEGORY" = "drift" ]
+}
+
+@test "Band C denial exports RISK_GATE_CATEGORY=expired" {
+  printf '3' > "$SCORE_FILE"
+  _backdate "$SCORE_FILE" 10
+  RISK_GATE_CATEGORY=""
+  ! check_risk_gate "$TEST_SESSION" "commit"
+  [ "$RISK_GATE_CATEGORY" = "expired" ]
+}
+
+@test "Threshold denial exports RISK_GATE_CATEGORY=threshold and RISK_GATE_SCORE" {
+  printf '7' > "$SCORE_FILE"
+  touch "$SCORE_FILE"
+  RISK_GATE_CATEGORY=""
+  RISK_GATE_SCORE=""
+  ! check_risk_gate "$TEST_SESSION" "commit"
+  [ "$RISK_GATE_CATEGORY" = "threshold" ]
+  [ "$RISK_GATE_SCORE" = "7" ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/risk-scorer",
-  "version": "0.3.5",
+  "version": "0.3.6-preview.192",
   "description": "Pipeline risk scoring, commit/push gates, and secret leak detection",
   "bin": {
     "windyroad-risk-scorer": "./bin/install.mjs"

package/skills/create-risk/SKILL.md

@@ -0,0 +1,172 @@
+---
+name: wr-risk-scorer:create-risk
+description: Create a new standing-risk entry in docs/risks/. Examines existing risks, gathers impact/likelihood/controls from the user, writes a file matching docs/risks/TEMPLATE.md, and updates the register index.
+allowed-tools: Read, Write, Edit, Bash, Glob, Grep, AskUserQuestion
+---
+
+# Risk Register Entry Generator
+
+Create a new standing-risk file in `docs/risks/` following the format defined by `docs/risks/TEMPLATE.md`. The register captures persistent risks (distinct from the ephemeral per-change reports in `.risk-reports/`), and its criteria come from `RISK-POLICY.md`.
+
+This skill is the invocation surface for populating the register (scaffolded by P033; populated per P102). Per ADR-015, it is a plugin-namespaced on-demand skill. Per ADR-014, the skill commits its own work.
+
+## Steps
+
+### 1. Discover existing risks
+
+Scan for existing risk files:
+- Glob `docs/risks/R*.md` (skip `README.md`, `TEMPLATE.md`)
+- Note the highest numbered risk to determine the next sequence number
+- Read any risks related to the topic being discussed (if the user has mentioned a topic)
+- If `docs/risks/` does not exist, explain that `/wr-risk-scorer:update-policy` must be run first (it ships the scaffolding) and stop
+
+### 2. Gather context from the user
+
+You MUST use the AskUserQuestion tool to collect context that cannot be derived. Do not proceed to step 3 until you have answers. Apply ADR-013 Rule 6 non-interactive defaults if the tool is unavailable (AFK mode): choose the most conservative option for each question and note auto-selection in the output.
+
+Auto-derive where possible (do not ask):
+- **ID number** — next free slot per step 3 (do not ask per `feedback_dont_ask_trivial_id_choices.md`).
+- **Today's date** — use the current date for `Identified` and `Last reviewed`.
+- **Category** — infer from description keywords where unambiguous: "token", "secret", "leak" → `infosec`; "install", "hook", "pipeline" → `operational`. Confirm only if ambiguous.
+- **Next review** — default to 6 months from today.
+
+Ask the user (one AskUserQuestion call with grouped questions):
+
+1. **What is the risk?** A short title and 1-2 paragraph description — what could go wrong, for whom, and why it matters. This is the condition, not the control.
+2. **Impact level (from `RISK-POLICY.md`)?** 1 Negligible · 2 Minor · 3 Moderate · 4 Significant · 5 Severe. Read the policy's Impact table to the user if they need the descriptions.
+3. **Likelihood level?** 1 Rare · 2 Unlikely · 3 Possible · 4 Likely · 5 Almost certain.
+4. **Existing controls?** Each control names what it does and where it is implemented (file path or `ADR-NNN`). If none, leave empty.
+5. **Residual impact and likelihood** (after controls). If controls are minimal, residual = inherent — do not fabricate reductions. Per ADR-026, quantitative reduction claims must cite evidence (test, hook gate, pipeline report). If no evidence, state "Residual same as inherent pending control evidence" in the Treatment section and set residual = inherent.
+6. **Treatment choice?** Accept · Mitigate · Transfer · Avoid. Include brief justification.
+7. **Owner?** Persona or role (e.g. `solo-developer`, `plugin-maintainer`, `tech-lead`).
+
+If the user has already provided this context in the conversation (e.g. as arguments, or as part of a pipeline-finding hand-off), use what they have given and only ask about what is missing.
+
+### 3. Determine sequence number and filename
+
+- Next number = **max of the local and origin highest risk numbers**, plus 1 (or 001 if none exist).
+- Filename: `R<NNN>-<kebab-case-title>.active.md`
+- Pad the number to 3 digits (001, 002, ... 010, 011, etc.)
+
+**Why compare against origin?** Per ADR-019 confirmation criterion 2, ticket-creator skills MUST re-check next-number assignment against `git ls-tree origin/<base>` before assigning. Without it, parallel sessions can mint the same ID for different risks, causing a destructive surgical rebase on push.
+
+```bash
+# Local-max number
+local_max=$(ls docs/risks/R*.md 2>/dev/null | sed 's/.*\///' | grep -oE '^R[0-9]+' | sed 's/^R//' | sort -n | tail -1)
+
+# Origin-max number — reads remote-tracking ref. `--name-only` required per P056
+# to avoid false-matches on blob SHAs.
+origin_max=$(git ls-tree --name-only origin/main docs/risks/ 2>/dev/null | sed 's|^docs/risks/||' | grep -oE '^R[0-9]+' | sed 's/^R//' | sort -n | tail -1)
+
+# Take the max of the two and increment.
+next=$(printf '%03d' $(( $(echo -e "${local_max:-0}\n${origin_max:-0}" | sort -n | tail -1) + 1 )))
+```
+
+If the local choice would have collided with an origin risk file created since the last fetch, the `git ls-tree` lookup catches it here and the renumber is automatic. Log the renumber in the user-facing report (e.g. "Bumped next risk number from R012 → R013 to avoid collision with origin").
+
+### 4. Compute scores and bands
+
+Use the Risk Matrix from `RISK-POLICY.md`:
+
+- **Inherent Score** = Impact × Likelihood
+- **Residual Score** = Impact × Likelihood (after controls)
+- **Band** (for each) per the Label Bands table: 1-2 Very Low · 3-4 Low · 5-9 Medium · 10-16 High · 17-25 Very High
+- **Within appetite?** = residual score ≤ `RISK-POLICY.md`'s appetite threshold (read the threshold at runtime; do not hardcode)
+
+### 5. Write the risk file
+
+Write the file to `docs/risks/` using the structure from `TEMPLATE.md`:
+
+```markdown
+# Risk R<NNN>: <Title>
+
+**Status**: Active
+**Category**: <infosec | operational | brand | delivery>
+**Identified**: <YYYY-MM-DD>
+**Owner**: <persona or role>
+**Last reviewed**: <YYYY-MM-DD>
+**Next review**: <YYYY-MM-DD + 6 months>
+
+## Description
+
+<1-2 paragraph description from step 2.>
+
+## Inherent Risk
+
+Impact × Likelihood *before* controls.
+
+- **Impact**: <level> (<label>)
+- **Likelihood**: <level> (<label>)
+- **Inherent Score**: <product>
+- **Inherent Band**: <band>
+
+## Controls
+
+- **<control-name>** — <what it does>. Implemented in <file path or ADR-NNN>.
+
+## Residual Risk
+
+Impact × Likelihood *after* controls.
+
+- **Impact**: <level> (<label>)
+- **Likelihood**: <level> (<label>)
+- **Residual Score**: <product>
+- **Residual Band**: <band>
+- **Within appetite?**: <Yes | No>
+
+## Treatment
+
+<Accept | Mitigate | Transfer | Avoid>. <Justification.>
+
+## Monitoring
+
+- **Trigger to re-assess**: <event or threshold>
+- **Metrics**: <if any>
+
+## Related
+
+- Criteria: `RISK-POLICY.md`
+- Realised-as: <links to `docs/problems/P<NNN>` if any>
+- Treatment ADRs: <links if any>
+- Personas affected: <links to `docs/jtbd/<persona>/persona.md`>
+
+## Change Log
+
+- <YYYY-MM-DD>: Initial identification.
+```
+
+### 6. Update the register index
+
+`docs/risks/README.md` has a **Register** table that MUST reflect the new risk. Append a row with the following columns:
+
+```
+| R<NNN> | <Title> | <Category> | <Inherent Score> | <Residual Score> | <Treatment verb> | <Owner> | <Next review date> |
+```
+
+This step is not optional: the README drifts from the register without it, and the ISO 27001 audit signal depends on the index being accurate.
+
+### 7. Confirm with the user
+
+Present the written file path, inherent/residual bands, and any `Within appetite?: No` flag. Ask via AskUserQuestion:
+
+1. Does the description accurately capture the risk?
+2. Are the inherent and residual scores defensible?
+3. Is the treatment choice appropriate for the residual band?
+4. Should the owner or next review date be adjusted?
+
+Apply any feedback by editing the file and re-updating the README row if scores/treatment change.
+
+### 8. Commit the risk (ADR-014)
+
+Per ADR-014, this skill commits its own work. Stage both files and commit:
+
+```bash
+git add docs/risks/R<NNN>-<title>.active.md docs/risks/README.md
+git commit -m "docs(risks): open R<NNN> <title>"
+```
+
+The commit message convention `docs(risks): open R<NNN> <title>` matches `docs/risks/README.md` step 6 and mirrors `docs(problems): open P<NNN>` used by `/wr-itil:manage-problem`.
+
+If the commit-gate pattern-matches `git commit` text and blocks, run `/wr-risk-scorer:assess-release` first to produce a fresh pipeline marker, then retry the commit.
+
+$ARGUMENTS