npm - @windyroad/risk-scorer - Versions diffs - 0.3.6 → 0.4.0-preview.196 - Mend

@windyroad/risk-scorer 0.3.6 → 0.4.0-preview.196

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.claude-plugin/plugin.json +1 -1
package/agents/pipeline.md +41 -0
package/agents/test/risk-scorer-register-hint.bats +111 -0
package/package.json +1 -1

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
   "name": "wr-risk-scorer",
-  "version": "0.3.6",
+  "version": "0.4.0",
   "description": "Pipeline risk scoring, commit/push/release gates for Claude Code"
 }

package/agents/pipeline.md CHANGED Viewed

@@ -169,6 +169,47 @@ Include downstream back-pressure in the remediation list:
 Do NOT emit free-text "Your call:" or "consider splitting" prose. The structured `RISK_REMEDIATIONS:` block is the only output for above-appetite guidance.
+## Risk Register Hand-Off (Passive Trigger)
+When a pipeline run identifies a **register-worthy risk shape**, emit a structured `RISK_REGISTER_HINT:` block so the calling orchestrator can hand the finding off to `/wr-risk-scorer:create-risk` with pre-filled context. This is the passive trigger for the standing-risk register (`docs/risks/`) — it routes findings the pipeline already computes into the register without relying on the assistant remembering to invoke the create-risk skill (P110 / JTBD-001).
+### Trigger conditions (emit a hint when ANY fire)
+1. **Above-appetite residual** — any cumulative residual score exceeds appetite (> 4 per `RISK-POLICY.md`). A risk that breaches appetite on this change is a standing-risk candidate, not just a one-off remediation target.
+2. **Confidentiality disclosure** — the Confidential Information Disclosure check (below) flagged business metrics (revenue, user counts, pricing, client names, traffic volumes) in the diff. Confidentiality leaks are standing-risk-shaped even after the immediate remediation.
+3. **User-stated precondition** — the User-Stated Preconditions Check (below) flagged an unmet paired capability as a standalone Risk item. Unmet preconditions are standing-risk-shaped because the dependency gap persists until the paired capability ships.
+### Format (bulleted-list shape, multi-hint capable)
+A single pipeline run MAY surface more than one register-worthy shape (e.g. both an above-appetite residual AND a confidentiality leak). Emit one bullet per triggered condition:
+```
+RISK_REGISTER_HINT:
+- above-appetite-residual | <one-line prefill describing the risk>
+- confidentiality-disclosure | <one-line prefill citing what was flagged>
+- user-stated-precondition | <one-line prefill citing the unmet precondition>
+```
+### Reason-tag vocabulary (enumerated — reserved)
+The first column is one of exactly three reserved tags. Do NOT invent new tags; open new tickets to extend the vocabulary.
+| Tag | Meaning | Source section in this prompt |
+|---|---|---|
+| `above-appetite-residual` | Cumulative residual score > appetite | Above-Appetite Remediations |
+| `confidentiality-disclosure` | Business metric or client detail flagged in diff | Confidential Information Disclosure |
+| `user-stated-precondition` | Paired capability unmet; standalone Risk item | User-Stated Preconditions Check |
+The second column is free-form prose — a one-line prefill the orchestrator can pass to `/wr-risk-scorer:create-risk` as the initial risk title and description.
+### Consumption semantics (post-loop)
+The hint is consumed by the calling orchestrator **after** the ADR-042 auto-apply remediation loop converges (risk returns within appetite) or halts (Rule 5 exhaustion / user-aborted). Do NOT expect the hint to be consumed interleaved with remediation execution — if a remediation reduces the residual back within appetite, the above-appetite hint should still be recorded because the risk is standing even if this change is no longer in breach. The orchestrator decides whether to invoke `/wr-risk-scorer:create-risk` with the prefill or to defer to the user.
+### Silence guarantee (when no trigger fires)
+Do NOT emit `RISK_REGISTER_HINT:` when all cumulative scores are within appetite AND no confidentiality disclosure AND no user-stated-precondition fired. The hint is additive to the existing Below-Appetite Output Rule — a silent pass MUST remain silent. Do not emit an empty `RISK_REGISTER_HINT:` header with no bullets either — omit the block entirely.
 ## Confidential Information Disclosure
 Check diffs for business metrics (revenue, user counts, pricing, traffic volumes). Flag as a standalone risk if found.

package/agents/test/risk-scorer-register-hint.bats ADDED Viewed

@@ -0,0 +1,111 @@
+#!/usr/bin/env bats
+# Doc-lint guard: pipeline scorer MUST emit a structured RISK_REGISTER_HINT
+# block when a register-worthy risk shape is identified.
+#
+# Structural assertions — Permitted Exception to the source-grep ban (ADR-005 / P011).
+# These tests assert that the pipeline scorer's prompt defines the passive-trigger
+# contract required by P110. Agent prompts are specification documents; a
+# behavioural check of an LLM's output is out of scope for bats — the contract
+# document is what the PostToolUse hook and consuming orchestrator rely on.
+#
+# Background: P102 landed `/wr-risk-scorer:create-risk` as an on-demand
+# invocation surface for the risk register (docs/risks/). JTBD-001
+# (Enforce Governance Without Slowing Down) requires passive triggers that
+# fire "without a manual step" — assistant-remembering-to-invoke is the same
+# failure mode the job identifies as a pain point. P110 closes the gap by
+# having the pipeline scorer — which fires on every commit/push/release gate
+# — emit a structured hint line when it sees a register-worthy risk shape.
+# The calling orchestrator consumes the hint post-remediation-loop and
+# invokes /wr-risk-scorer:create-risk with pre-filled context.
+#
+# Cross-reference:
+#   P110:    docs/problems/110-risk-register-has-no-passive-trigger-slash-command-alone-partial-jtbd-001.open.md
+#   P102:    the parent ticket (slash-command MVP invocation surface)
+#   ADR-015: docs/decisions/015-on-demand-assessment-skills.proposed.md (Scorer Output Contract)
+#   ADR-013: docs/decisions/013-structured-user-interaction-for-governance-decisions.proposed.md
+#   ADR-042: docs/decisions/042-auto-apply-scorer-remediations-open-vocabulary.proposed.md (consumption timing)
+#   @jtbd JTBD-001 (enforce governance without slowing down — passive trigger)
+#   @jtbd JTBD-005 (invoke governance assessments on demand — composed via pre-filled create-risk)
+setup() {
+  AGENTS_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)"
+  PIPELINE="${AGENTS_DIR}/pipeline.md"
+}
+# ──────────────────────────────────────────────────────────────────────────────
+# Contract surface: RISK_REGISTER_HINT block exists and is documented
+# ──────────────────────────────────────────────────────────────────────────────
+@test "pipeline.md defines RISK_REGISTER_HINT block" {
+  # The structured hint line is the machine-readable passive-trigger contract.
+  run grep -q "RISK_REGISTER_HINT:" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}
+@test "pipeline.md RISK_REGISTER_HINT uses bulleted-list shape" {
+  # Multi-hint capable: a single pipeline run can surface both an
+  # above-appetite residual AND a confidentiality-disclosure risk.
+  # Shape parallels RISK_REMEDIATIONS: (list-valued), not RISK_BYPASS_REASON: (single).
+  run grep -qE "^RISK_REGISTER_HINT:[[:space:]]*$" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}
+# ──────────────────────────────────────────────────────────────────────────────
+# Trigger conditions: architect-approved three-trigger set
+# ──────────────────────────────────────────────────────────────────────────────
+@test "pipeline.md names above-appetite-residual trigger" {
+  # Trigger (a): any cumulative residual score > appetite.
+  run grep -q "above-appetite-residual" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}
+@test "pipeline.md names confidentiality-disclosure trigger" {
+  # Trigger (b): confidential information (client names, revenue, pricing) flagged.
+  # Composes with the existing "Confidential Information Disclosure" section.
+  run grep -q "confidentiality-disclosure" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}
+@test "pipeline.md names user-stated-precondition trigger" {
+  # Trigger (c): unmet user-stated precondition flagged as a Risk item.
+  # Composes with the existing "User-Stated Preconditions Check" section.
+  run grep -q "user-stated-precondition" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}
+# ──────────────────────────────────────────────────────────────────────────────
+# Consumption semantics: hint is consumed post-loop, not interleaved
+# ──────────────────────────────────────────────────────────────────────────────
+@test "pipeline.md documents post-loop consumption semantics" {
+  # Architect advisory: the hint is consumed by the orchestrator AFTER the
+  # ADR-042 auto-apply remediation loop converges (or Rule 5 halts), not
+  # interleaved — otherwise register entries would be created for risks the
+  # loop might have remediated away.
+  run grep -qiE "post.?loop|after.*remediation.*(converge|loop)|after.*auto.?apply" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}
+# ──────────────────────────────────────────────────────────────────────────────
+# Cross-reference: hint hands off to /wr-risk-scorer:create-risk
+# ──────────────────────────────────────────────────────────────────────────────
+@test "pipeline.md names the create-risk hand-off target" {
+  # The hint routes the consuming orchestrator to the MVP invocation surface
+  # from P102. Without the hand-off target, a hint line is undirected.
+  run grep -q "create-risk" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}
+# ──────────────────────────────────────────────────────────────────────────────
+# Silence guarantee: below appetite + no special triggers = no hint
+# ──────────────────────────────────────────────────────────────────────────────
+@test "pipeline.md documents no-hint silence when within appetite and no triggers fire" {
+  # JTBD-001 "without slowing down": no hint noise when nothing is
+  # register-worthy. This parallels the Below-Appetite Output Rule for
+  # RISK_REMEDIATIONS: and protects the solo-developer 60-second review budget.
+  run grep -qE "[Dd]o NOT emit.*RISK_REGISTER_HINT|[Oo]mit.*RISK_REGISTER_HINT|no hint|no.*RISK_REGISTER_HINT" "$PIPELINE"
+  [ "$status" -eq 0 ]
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/risk-scorer",
-  "version": "0.3.6",
+  "version": "0.4.0-preview.196",
   "description": "Pipeline risk scoring, commit/push gates, and secret leak detection",
   "bin": {
     "windyroad-risk-scorer": "./bin/install.mjs"