@windyroad/risk-scorer 0.4.2 → 0.5.0-preview.270

package/.claude-plugin/plugin.json

@@ -1,5 +1,5 @@
 {
   "name": "wr-risk-scorer",
-  "version": "0.4.2",
+  "version": "0.5.0",
   "description": "Pipeline risk scoring, commit/push/release gates for Claude Code"
 }

package/agents/pipeline.md

@@ -179,17 +179,19 @@ When a pipeline run identifies a **register-worthy risk shape**, emit a structur
 2. **Confidentiality disclosure** — the Confidential Information Disclosure check (below) flagged business metrics (revenue, user counts, pricing, client names, traffic volumes) in the diff. Confidentiality leaks are standing-risk-shaped even after the immediate remediation.
 3. **User-stated precondition** — the User-Stated Preconditions Check (below) flagged an unmet paired capability as a standalone Risk item. Unmet preconditions are standing-risk-shaped because the dependency gap persists until the paired capability ships.
 
-### Format (bulleted-list shape, multi-hint capable)
+### Format (3-column bulleted-list shape, multi-hint capable) — ADR-056
 
-A single pipeline run MAY surface more than one register-worthy shape (e.g. both an above-appetite residual AND a confidentiality leak). Emit one bullet per triggered condition:
+A single pipeline run MAY surface more than one register-worthy shape (e.g. both an above-appetite residual AND a confidentiality leak). Emit one bullet per triggered condition. The PREFERRED format is 3-column with an explicit risk-slug:
 
 ```
 RISK_REGISTER_HINT:
-- above-appetite-residual | <one-line prefill describing the risk>
-- confidentiality-disclosure | <one-line prefill citing what was flagged>
-- user-stated-precondition | <one-line prefill citing the unmet precondition>
+- above-appetite-residual | <risk-slug> | <one-line prefill describing the risk>
+- confidentiality-disclosure | <risk-slug> | <one-line prefill citing what was flagged>
+- user-stated-precondition | <risk-slug> | <one-line prefill citing the unmet precondition>
 ```
 
+The hook accepts BOTH the 3-column shape (preferred) and the legacy 2-column shape (`<reason-tag> | <prose>`) for backward compatibility per ADR-056's dual-parse contract. When emitting the legacy shape, the hook derives the slug from the reason-tag plus the prose prefix. Always prefer the 3-column shape so the slug is agent-computed and stable across runs.
+
 ### Reason-tag vocabulary (enumerated — reserved)
 
 The first column is one of exactly three reserved tags. Do NOT invent new tags; open new tickets to extend the vocabulary.
@@ -200,7 +202,26 @@ The first column is one of exactly three reserved tags. Do NOT invent new tags;
 | `confidentiality-disclosure` | Business metric or client detail flagged in diff | Confidential Information Disclosure |
 | `user-stated-precondition` | Paired capability unmet; standalone Risk item | User-Stated Preconditions Check |
 
-The second column is free-form prose — a one-line prefill the orchestrator can pass to `/wr-risk-scorer:create-risk` as the initial risk title and description.
+### Risk-slug column (NEW — ADR-056)
+
+The second column is a filename-safe kebab-case identifier the agent computes from the risk's canonical shape. The slug is the dedupe key — N reports producing the same slug collapse to ONE register entry (per the user direction *"for each risk in .risk-reports there should be something in the risk register"*).
+
+Slug computation rules:
+
+1. Lowercase, hyphen-separated.
+2. Drop articles (the, a, an), prepositions in long phrases, and trailing date markers.
+3. Stable across pipeline runs: identical risk shape → identical slug. Do NOT include timestamps, session IDs, or commit SHAs in the slug.
+4. Maximum 60 characters; truncate at word boundary if longer.
+5. If slug computation is genuinely ambiguous (rare), fall back to `<reason-tag>-<noun-phrase>` form.
+
+Examples:
+- `cumulative-residual-commit-layer-above-appetite` (above-appetite-residual)
+- `revenue-figures-leaked-in-changeset` (confidentiality-disclosure)
+- `cross-plugin-version-mismatch-precondition-unmet` (user-stated-precondition)
+
+### Prefill column
+
+The third column is free-form prose — a one-line prefill carried into the eventual register entry's Description field. Keep it concise (≤ 1 line).
 
 ### Consumption semantics (post-loop)
 

package/bin/wr-risk-scorer-drain-register-queue

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+exec "$(dirname "$0")/../scripts/drain-register-queue.sh" "$@"

package/hooks/risk-score-mark.sh

@@ -77,7 +77,89 @@ if echo "$SUBAGENT" | grep -qE 'risk-scorer.pipeline'; then
   REPORT_DIR=".risk-reports"
   mkdir -p "$REPORT_DIR"
   TIMESTAMP=$(date -u +%Y-%m-%dT%H-%M-%S)
-  echo "$AGENT_OUTPUT" > "${REPORT_DIR}/${TIMESTAMP}-commit.md"
+  REPORT_PATH="${REPORT_DIR}/${TIMESTAMP}-commit.md"
+  echo "$AGENT_OUTPUT" > "$REPORT_PATH"
+
+  # ---------------------------------------------------------------------------
+  # Risk register queue (ADR-056 Phase 2a)
+  # Parse RISK_REGISTER_HINT: bullets and append one JSONL line each to
+  # .afk-run-state/risk-register-queue.jsonl. Consumer skills (work-problems,
+  # manage-problem, install-updates, assess-release) drain the queue in
+  # subsequent iters per ADR-014 commit-grain discipline.
+  #
+  # Dual-parse contract: accept BOTH 3-col (preferred, agent-emitted slug) and
+  # 2-col legacy shapes for backward compatibility while in-flight prompt
+  # caches transition.
+  #
+  # Best-effort: errors are swallowed (queue persistence is recoverable via
+  # Phase 3 backfill from .risk-reports/). ADR-045 Pattern 2: silent on stdout.
+  # ---------------------------------------------------------------------------
+  {
+    QUEUE_DIR=".afk-run-state"
+    QUEUE_FILE="${QUEUE_DIR}/risk-register-queue.jsonl"
+    HINT_BLOCK=$(echo "$AGENT_OUTPUT" | awk '
+      /^RISK_REGISTER_HINT:[[:space:]]*$/ { in_block=1; next }
+      in_block && /^[[:space:]]*$/ { in_block=0; next }
+      in_block && /^[A-Z_]+:/ { in_block=0; next }
+      in_block && /^- / { print }
+    ')
+    if [ -n "$HINT_BLOCK" ]; then
+      mkdir -p "$QUEUE_DIR"
+      QUEUE_TS=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+      while IFS= read -r BULLET; do
+        [ -n "$BULLET" ] || continue
+        # Strip leading "- " marker
+        PAYLOAD="${BULLET#- }"
+        PAYLOAD="${PAYLOAD#-}"
+        PAYLOAD="${PAYLOAD# }"
+        # Count pipe-separated columns (handle 2-col vs 3-col)
+        N_PIPES=$(echo "$PAYLOAD" | awk -F'|' '{print NF-1}')
+        case "$N_PIPES" in
+          1)
+            # 2-col legacy: <reason-tag> | <prose>
+            REASON=$(echo "$PAYLOAD" | awk -F'|' '{gsub(/^[ \t]+|[ \t]+$/, "", $1); print $1}')
+            SLUG_FROM=$(echo "$PAYLOAD" | awk -F'|' '{gsub(/^[ \t]+|[ \t]+$/, "", $2); print $2}')
+            PREFILL="$SLUG_FROM"
+            SLUG_SOURCE="derived"
+            # Derive slug: reason-tag + first 5 word-stems of prose, kebab, ≤60 chars
+            SLUG_BODY=$(echo "$SLUG_FROM" | tr '[:upper:]' '[:lower:]' \
+              | sed -E 's/[^a-z0-9 ]+/ /g; s/\b(the|a|an|is|of|to|in|for|on|at|by|and|or)\b//g; s/[[:space:]]+/ /g; s/^ //; s/ $//' \
+              | awk '{out=""; for(i=1;i<=NF && i<=5;i++){out = out (i==1?"":"-") $i} print out}')
+            SLUG="${REASON}-${SLUG_BODY}"
+            SLUG=$(echo "$SLUG" | cut -c1-60)
+            ;;
+          2|*)
+            # 3-col preferred: <reason-tag> | <slug> | <prose>
+            REASON=$(echo "$PAYLOAD" | awk -F'|' '{gsub(/^[ \t]+|[ \t]+$/, "", $1); print $1}')
+            SLUG=$(echo "$PAYLOAD" | awk -F'|' '{gsub(/^[ \t]+|[ \t]+$/, "", $2); print $2}')
+            PREFILL=$(echo "$PAYLOAD" | awk -F'|' '{ for(i=3;i<=NF;i++){printf "%s%s", (i==3?"":"|"), $i} print "" }' \
+              | sed -E 's/^[ \t]+//; s/[ \t]+$//')
+            SLUG_SOURCE="agent"
+            ;;
+        esac
+        # Validate reason-tag is one of three reserved values; skip otherwise
+        case "$REASON" in
+          above-appetite-residual|confidentiality-disclosure|user-stated-precondition) ;;
+          *) continue ;;
+        esac
+        # Skip if slug or prefill is empty (malformed bullet)
+        [ -n "$SLUG" ] && [ -n "$PREFILL" ] || continue
+        # Append JSONL line via python3 to ensure proper escaping
+        python3 -c "
+import json, sys
+print(json.dumps({
+  'ts': '$QUEUE_TS',
+  'session_id': '$SESSION_ID',
+  'report_path': '$REPORT_PATH',
+  'reason_tag': '$REASON',
+  'risk_slug': '$SLUG',
+  'slug_source': '$SLUG_SOURCE',
+  'prefill': sys.argv[1],
+}))
+" "$PREFILL" >> "$QUEUE_FILE" 2>/dev/null || true
+      done <<< "$HINT_BLOCK"
+    fi
+  } 2>/dev/null || true
 fi
 
 # ---------------------------------------------------------------------------

package/hooks/test/risk-score-mark-register-queue.bats

@@ -0,0 +1,253 @@
+#!/usr/bin/env bats
+
+# Tests for the RISK_REGISTER_HINT queue-write extension to risk-score-mark.sh
+# (ADR-056 Phase 2a). Verifies the PostToolUse:Agent hook parses the
+# RISK_REGISTER_HINT block from pipeline-agent output and appends one JSONL
+# line per valid bullet to .afk-run-state/risk-register-queue.jsonl.
+#
+# Behavioural fixtures per ADR-052: each test pipes a mock agent output to
+# the hook and asserts on side-effects (queue file content / shape / silence).
+# No structural grep against source.
+#
+# Cross-references:
+#   ADR-056: docs/decisions/056-risk-register-back-channel-write-contract.proposed.md
+#   ADR-045: hook injection budget Pattern 2 (silent on stdout)
+#   P033:    docs/problems/033-no-persistent-risk-register.known-error.md (driver)
+#   P110:    pipeline back-channel hint (consumer of this contract)
+
+setup() {
+  SCRIPT_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)"
+  HOOK="$SCRIPT_DIR/risk-score-mark.sh"
+  ORIG_DIR="$PWD"
+  TEST_DIR=$(mktemp -d)
+  cd "$TEST_DIR"
+  TMPDIR="$TEST_DIR/tmp"
+  export TMPDIR
+  mkdir -p "$TMPDIR"
+  SESSION_ID="test-session-$$"
+  RDIR="$TMPDIR/claude-risk-${SESSION_ID}"
+  QUEUE_FILE="$TEST_DIR/.afk-run-state/risk-register-queue.jsonl"
+}
+
+teardown() {
+  cd "$ORIG_DIR"
+  rm -rf "$TEST_DIR"
+}
+
+# Build mock PostToolUse:Agent JSON envelope and pipe to the hook.
+run_hook() {
+  local subagent="$1"
+  local agent_output="$2"
+  python3 -c "
+import json, sys
+print(json.dumps({
+  'tool_name': 'Agent',
+  'session_id': '${SESSION_ID}',
+  'tool_input': {'subagent_type': '${subagent}'},
+  'tool_response': {'content': [{'type': 'text', 'text': sys.stdin.read()}]}
+}))" <<<"$agent_output" | bash "$HOOK"
+}
+
+# Capture hook stdout (separate from filesystem side-effects).
+run_hook_capture_stdout() {
+  local subagent="$1"
+  local agent_output="$2"
+  python3 -c "
+import json, sys
+print(json.dumps({
+  'tool_name': 'Agent',
+  'session_id': '${SESSION_ID}',
+  'tool_input': {'subagent_type': '${subagent}'},
+  'tool_response': {'content': [{'type': 'text', 'text': sys.stdin.read()}]}
+}))" <<<"$agent_output" | bash "$HOOK"
+}
+
+# ---------------------------------------------------------------------------
+# 3-column (preferred) parse path
+# ---------------------------------------------------------------------------
+
+@test "3-col hint with one above-appetite bullet → one JSONL line, slug_source=agent" {
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=12 push=8 release=4
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | cumulative-residual-commit-layer-above-appetite | Cumulative residual reached 12/25 due to mass-edit across 17 files."
+  [ -f "$QUEUE_FILE" ]
+  LINE_COUNT=$(wc -l < "$QUEUE_FILE")
+  [ "$LINE_COUNT" -eq 1 ]
+  REASON=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['reason_tag'])" < "$QUEUE_FILE")
+  SLUG=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['risk_slug'])" < "$QUEUE_FILE")
+  SOURCE=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['slug_source'])" < "$QUEUE_FILE")
+  PREFILL=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['prefill'])" < "$QUEUE_FILE")
+  [ "$REASON" = "above-appetite-residual" ]
+  [ "$SLUG" = "cumulative-residual-commit-layer-above-appetite" ]
+  [ "$SOURCE" = "agent" ]
+  [[ "$PREFILL" == *"mass-edit across 17 files"* ]]
+}
+
+@test "3-col hint with three bullets → three JSONL lines in order, all slug_source=agent" {
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=10 push=8 release=5
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | cumulative-residual-above-appetite | Above-appetite residual.
+- confidentiality-disclosure | revenue-figures-leaked | Revenue figures in changeset.
+- user-stated-precondition | paired-capability-unmet | Pair B not yet shipped."
+  LINE_COUNT=$(wc -l < "$QUEUE_FILE")
+  [ "$LINE_COUNT" -eq 3 ]
+  TAGS=$(python3 -c "
+import json
+with open('$QUEUE_FILE') as f:
+    for line in f:
+        print(json.loads(line)['reason_tag'])
+")
+  EXPECTED="above-appetite-residual
+confidentiality-disclosure
+user-stated-precondition"
+  [ "$TAGS" = "$EXPECTED" ]
+  ALL_AGENT=$(python3 -c "
+import json
+with open('$QUEUE_FILE') as f:
+    src = [json.loads(line)['slug_source'] for line in f]
+print(all(s == 'agent' for s in src))
+")
+  [ "$ALL_AGENT" = "True" ]
+}
+
+@test "3-col hint includes report_path matching the just-written .risk-reports file" {
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=10 push=5 release=2
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | example-slug | Example."
+  REPORT_PATH=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['report_path'])" < "$QUEUE_FILE")
+  [[ "$REPORT_PATH" == .risk-reports/*-commit.md ]]
+  [ -f "$REPORT_PATH" ]
+}
+
+# ---------------------------------------------------------------------------
+# 2-column legacy parse path (backward compatibility)
+# ---------------------------------------------------------------------------
+
+@test "2-col legacy hint → JSONL line with derived slug, slug_source=derived" {
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=12 push=8 release=4
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | Cumulative residual risk for commit layer."
+  [ -f "$QUEUE_FILE" ]
+  LINE_COUNT=$(wc -l < "$QUEUE_FILE")
+  [ "$LINE_COUNT" -eq 1 ]
+  SOURCE=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['slug_source'])" < "$QUEUE_FILE")
+  SLUG=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['risk_slug'])" < "$QUEUE_FILE")
+  [ "$SOURCE" = "derived" ]
+  # Derived slug starts with reason-tag prefix
+  [[ "$SLUG" == above-appetite-residual-* ]]
+  # Derived slug is filename-safe (lowercase, kebab, no spaces)
+  [[ "$SLUG" =~ ^[a-z0-9-]+$ ]]
+}
+
+@test "2-col legacy hint: same prefill produces same derived slug across runs" {
+  PREFILL_TEXT="Cumulative residual risk for commit layer."
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=12 push=8 release=4
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | $PREFILL_TEXT"
+  SLUG_1=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['risk_slug'])" < "$QUEUE_FILE")
+  rm -f "$QUEUE_FILE"
+  sleep 1  # ensure different timestamp on second .risk-reports write
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=12 push=8 release=4
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | $PREFILL_TEXT"
+  SLUG_2=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['risk_slug'])" < "$QUEUE_FILE")
+  [ "$SLUG_1" = "$SLUG_2" ]
+}
+
+@test "Mixed 3-col and 2-col bullets in same block → both shapes appended with correct slug_source" {
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=10 push=5 release=2
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | preferred-slug | First risk.
+- confidentiality-disclosure | Second risk in legacy shape."
+  LINE_COUNT=$(wc -l < "$QUEUE_FILE")
+  [ "$LINE_COUNT" -eq 2 ]
+  SOURCES=$(python3 -c "
+import json
+with open('$QUEUE_FILE') as f:
+    for line in f:
+        print(json.loads(line)['slug_source'])
+")
+  EXPECTED="agent
+derived"
+  [ "$SOURCES" = "$EXPECTED" ]
+}
+
+# ---------------------------------------------------------------------------
+# Silence + no-op paths
+# ---------------------------------------------------------------------------
+
+@test "no hint emitted (silent-pass) → queue file is not created" {
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=2 push=2 release=1
+RISK_BYPASS: reducing"
+  [ ! -f "$QUEUE_FILE" ]
+}
+
+@test "empty agent output → no queue file, no crash" {
+  run_hook "wr-risk-scorer:pipeline" ""
+  [ ! -f "$QUEUE_FILE" ]
+}
+
+@test "malformed hint bullet (invalid reason-tag) is skipped; valid bullet appended" {
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=10 push=5 release=2
+
+RISK_REGISTER_HINT:
+- not-a-real-tag | bogus-slug | Should be skipped.
+- above-appetite-residual | valid-slug | Should be kept."
+  LINE_COUNT=$(wc -l < "$QUEUE_FILE")
+  [ "$LINE_COUNT" -eq 1 ]
+  SLUG=$(python3 -c "import json,sys; print(json.loads(sys.stdin.readline())['risk_slug'])" < "$QUEUE_FILE")
+  [ "$SLUG" = "valid-slug" ]
+}
+
+# ---------------------------------------------------------------------------
+# Append semantics (queue is append-only; dedupe is drain-step concern)
+# ---------------------------------------------------------------------------
+
+@test "two consecutive hook runs with same hint → six JSONL lines (queue is append-only)" {
+  HINT="RISK_SCORES: commit=10 push=5 release=2
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | slug-a | First.
+- confidentiality-disclosure | slug-b | Second.
+- user-stated-precondition | slug-c | Third."
+  run_hook "wr-risk-scorer:pipeline" "$HINT"
+  sleep 1
+  run_hook "wr-risk-scorer:pipeline" "$HINT"
+  LINE_COUNT=$(wc -l < "$QUEUE_FILE")
+  [ "$LINE_COUNT" -eq 6 ]
+}
+
+# ---------------------------------------------------------------------------
+# Directory creation
+# ---------------------------------------------------------------------------
+
+@test ".afk-run-state/ absent → hook creates it; queue file written" {
+  [ ! -d ".afk-run-state" ]
+  run_hook "wr-risk-scorer:pipeline" "RISK_SCORES: commit=10 push=5 release=2
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | example | Example."
+  [ -d ".afk-run-state" ]
+  [ -f "$QUEUE_FILE" ]
+}
+
+# ---------------------------------------------------------------------------
+# ADR-045 Pattern 2: silent on stdout
+# ---------------------------------------------------------------------------
+
+@test "hook stdout is empty on queue-write success (ADR-045 Pattern 2)" {
+  STDOUT=$(run_hook_capture_stdout "wr-risk-scorer:pipeline" "RISK_SCORES: commit=10 push=5 release=2
+
+RISK_REGISTER_HINT:
+- above-appetite-residual | quiet-slug | Quiet please.")
+  [ -z "$STDOUT" ]
+  # Verify the side-effect did happen
+  [ -f "$QUEUE_FILE" ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/risk-scorer",
-  "version": "0.4.2",
+  "version": "0.5.0-preview.270",
   "description": "Pipeline risk scoring, commit/push gates, and secret leak detection",
   "bin": {
     "windyroad-risk-scorer": "./bin/install.mjs"
@@ -24,6 +24,7 @@
     "hooks/",
     "skills/",
     ".claude-plugin/",
-    "lib/"
+    "lib/",
+    "scripts/"
   ]
 }

package/scripts/drain-register-queue.sh

@@ -0,0 +1,287 @@
+#!/usr/bin/env bash
+# packages/risk-scorer/scripts/drain-register-queue.sh
+#
+# Drains .afk-run-state/risk-register-queue.jsonl into docs/risks/
+# register entries per ADR-056 (Phase 2b consumer-skill drain contract).
+#
+# The Phase 2a hook (risk-score-mark.sh) enqueues one JSONL line per
+# RISK_REGISTER_HINT bullet emitted by wr-risk-scorer:pipeline. This script
+# is invoked by consumer skills (this iter: /wr-itil:work-problems Step 6.4)
+# to materialise queued hints into docs/risks/R<NNN>-<slug>.active.md files.
+#
+# Usage:
+#   drain-register-queue.sh [<project-root>]
+#
+# Default <project-root> is $(pwd).
+#
+# Behaviour:
+#   - Idempotent: empty queue OR missing docs/risks/ → no-op exit 0.
+#   - Dedupe by risk_slug — N hints for same slug → 1 register file with
+#     N Evidence Log entries (per user direction "for each risk in
+#     .risk-reports there should be something in the register").
+#   - New risks: minted as R<NNN>-<slug>.active.md with auto-scaffolded
+#     status, ADR-026 sentinels for ungrounded scoring fields.
+#   - Existing risks (slug match): Evidence Log appended; scoring untouched.
+#   - README Register table updated with one row per new risk (ADR-056 §3d).
+#   - Files staged via `git add` — caller commits per ADR-014.
+#   - Queue truncated only on successful drain. No-op cases preserve queue.
+#
+# Stdout (key=value, caller-parseable):
+#   entries_drained=N           — total JSONL lines processed
+#   new_risks_created=N         — new R<NNN> files written
+#   evidence_appended=N         — slug-matched existing files updated
+#   next_action=commit-staged|none — caller's commit decision
+#
+# Exit codes:
+#   0 — success or no-op
+#   non-zero — hard failure (template missing, write error, git failure)
+#
+# @adr ADR-056 (queue-and-drain contract; Phase 2b consumer drain)
+# @adr ADR-026 (not estimated — no prior data sentinel for ungrounded scoring)
+# @adr ADR-019 (ticket-creator dual-source ID via local-max + origin-max)
+# @adr ADR-049 (resolved via bin/wr-risk-scorer-drain-register-queue shim)
+# @adr ADR-052 (behavioural-fixture coverage at scripts/test/drain-register-queue.bats)
+# @problem P033 (Phase 2b)
+
+set -uo pipefail
+
+PROJECT_ROOT="${1:-$(pwd)}"
+QUEUE_FILE="${PROJECT_ROOT}/.afk-run-state/risk-register-queue.jsonl"
+RISKS_DIR="${PROJECT_ROOT}/docs/risks"
+TEMPLATE_FILE="${RISKS_DIR}/TEMPLATE.md"
+README_FILE="${RISKS_DIR}/README.md"
+
+emit_no_op() {
+  echo "entries_drained=0"
+  echo "new_risks_created=0"
+  echo "evidence_appended=0"
+  echo "next_action=none"
+}
+
+if [ ! -f "$QUEUE_FILE" ] || [ ! -s "$QUEUE_FILE" ]; then
+  emit_no_op
+  exit 0
+fi
+
+if [ ! -d "$RISKS_DIR" ] || [ ! -f "$TEMPLATE_FILE" ] || [ ! -f "$README_FILE" ]; then
+  emit_no_op
+  exit 0
+fi
+
+LOCAL_MAX=$(ls "$RISKS_DIR"/R*.md 2>/dev/null \
+  | sed 's|.*/||' | grep -oE '^R[0-9]+' | sed 's/^R//' | sort -n | tail -1 || true)
+LOCAL_MAX="${LOCAL_MAX:-0}"
+
+ORIGIN_MAX=$(cd "$PROJECT_ROOT" && git ls-tree --name-only origin/main docs/risks/ 2>/dev/null \
+  | sed 's|^docs/risks/||' | grep -oE '^R[0-9]+' | sed 's/^R//' | sort -n | tail -1 || true)
+ORIGIN_MAX="${ORIGIN_MAX:-0}"
+
+# Force base-10 — bash arithmetic treats leading-zero values as octal,
+# so R099 → 099 → "value too great for base" without the 10# prefix.
+NEXT_ID=$(( (10#$LOCAL_MAX > 10#$ORIGIN_MAX ? 10#$LOCAL_MAX : 10#$ORIGIN_MAX) + 1 ))
+
+DRAIN_RESULT=$(python3 - "$QUEUE_FILE" "$RISKS_DIR" "$TEMPLATE_FILE" "$README_FILE" "$NEXT_ID" "$PROJECT_ROOT" <<'PYEOF'
+import json
+import os
+import re
+import sys
+from collections import OrderedDict
+from datetime import datetime
+
+queue_file, risks_dir, template_file, readme_file, next_id_str, project_root = sys.argv[1:7]
+next_id = int(next_id_str)
+
+hints = []
+with open(queue_file, 'r', encoding='utf-8') as f:
+    for line in f:
+        line = line.strip()
+        if not line:
+            continue
+        try:
+            entry = json.loads(line)
+        except json.JSONDecodeError:
+            continue
+        if not all(k in entry for k in ('risk_slug', 'reason_tag', 'prefill', 'report_path')):
+            continue
+        hints.append(entry)
+
+if not hints:
+    print("entries_drained=0")
+    print("new_risks_created=0")
+    print("evidence_appended=0")
+    print("next_action=none")
+    sys.exit(0)
+
+groups = OrderedDict()
+for h in hints:
+    slug = h['risk_slug']
+    if slug not in groups:
+        groups[slug] = []
+    groups[slug].append(h)
+
+existing = {}
+for fn in os.listdir(risks_dir):
+    if fn in ('README.md', 'TEMPLATE.md'):
+        continue
+    m = re.match(r'^R(\d+)-(.+)\.active\.md$', fn)
+    if m:
+        existing[m.group(2)] = fn
+
+today = datetime.utcnow().strftime('%Y-%m-%d')
+
+new_risks = []
+appended_evidence = []
+
+for slug, group in groups.items():
+    evidence_lines = [
+        f"- {h['ts']}: fired in `{h['report_path']}` (reason: {h['reason_tag']})"
+        for h in group
+    ]
+    evidence_block = "\n".join(evidence_lines)
+
+    if slug in existing:
+        fn = existing[slug]
+        path = os.path.join(risks_dir, fn)
+        with open(path, 'r', encoding='utf-8') as f:
+            content = f.read()
+        if "## Evidence Log" in content:
+            content = re.sub(
+                r'(## Evidence Log\n(?:.*?\n)*?)(\n## |\Z)',
+                lambda m: m.group(1).rstrip() + "\n" + evidence_block + "\n" + m.group(2),
+                content,
+                count=1,
+                flags=re.DOTALL,
+            )
+        else:
+            new_section = f"\n## Evidence Log\n\nAuto-populated from `.risk-reports/` via Phase 2b drain.\n\n{evidence_block}\n"
+            if "## Change Log" in content:
+                content = content.replace("## Change Log", new_section + "\n## Change Log", 1)
+            else:
+                content = content.rstrip() + "\n" + new_section
+        with open(path, 'w', encoding='utf-8') as f:
+            f.write(content)
+        appended_evidence.append((fn, [h['report_path'] for h in group]))
+    else:
+        rid = f"R{next_id:03d}"
+        next_id += 1
+        fn = f"{rid}-{slug}.active.md"
+        path = os.path.join(risks_dir, fn)
+        prefill = next((h['prefill'] for h in group if h.get('prefill')), '(no description provided)')
+        sentinel = "not estimated — no prior data"
+        title = slug.replace('-', ' ').title()
+        body = f"""# Risk {rid}: {title}
+
+**Status**: Active (auto-scaffolded — pending review)
+**Category**: <!-- pending review — auto-scaffolded from pipeline hint -->
+**Identified**: {today}
+**Owner**: pending review
+**Last reviewed**: {today}
+**Next review**: {today}
+**Curation**: pending review (auto-scaffolded {today})
+
+## Description
+
+{prefill}
+
+> Auto-scaffolded by the Phase 2b drain (ADR-056) from a `wr-risk-scorer:pipeline`
+> RISK_REGISTER_HINT bullet. The description is the agent's prefill; scoring
+> fields below carry the ADR-026 ungrounded-output sentinel until human curation.
+
+## Inherent Risk
+
+Impact × Likelihood *before* controls.
+
+- **Impact**: {sentinel}
+- **Likelihood**: {sentinel}
+- **Inherent Score**: {sentinel}
+- **Inherent Band**: {sentinel}
+
+## Controls
+
+- pending review — controls to be enumerated during curation.
+
+## Residual Risk
+
+Impact × Likelihood *after* controls.
+
+- **Impact**: {sentinel}
+- **Likelihood**: {sentinel}
+- **Residual Score**: {sentinel}
+- **Residual Band**: {sentinel}
+- **Within appetite?**: pending — scoring not estimated
+
+## Treatment
+
+pending review — treatment decision deferred until scoring is curated.
+
+## Monitoring
+
+- **Trigger to re-assess**: any new pipeline hint with this risk_slug
+- **Metrics**: count of `.risk-reports/` entries citing this slug
+
+## Related
+
+- Criteria: `RISK-POLICY.md`
+- Realised-as: <!-- link to docs/problems/P<NNN> when known -->
+- Treatment ADRs: <!-- link to docs/decisions/ADR-<NNN> when treatment lands -->
+
+## Evidence Log
+
+Auto-populated from `.risk-reports/` via Phase 2b drain.
+
+{evidence_block}
+
+## Change Log
+
+- {today}: Auto-scaffolded by Phase 2b drain (ADR-056). Pending human curation.
+"""
+        with open(path, 'w', encoding='utf-8') as f:
+            f.write(body)
+        new_risks.append((rid, slug, fn, prefill))
+
+if new_risks:
+    with open(readme_file, 'r', encoding='utf-8') as f:
+        readme = f.read()
+    rows = []
+    for rid, slug, fn, prefill in new_risks:
+        title = slug.replace('-', ' ').title()
+        rows.append(f"| [{rid}]({fn}) | {title} | pending | — | — | pending | pending | {today} |")
+    new_rows_block = "\n".join(rows) + "\n"
+    if "## Retired" in readme:
+        readme = readme.replace("## Retired", new_rows_block + "\n## Retired", 1)
+    else:
+        readme = readme.rstrip() + "\n" + new_rows_block
+    with open(readme_file, 'w', encoding='utf-8') as f:
+        f.write(readme)
+
+print(f"entries_drained={len(hints)}")
+print(f"new_risks_created={len(new_risks)}")
+print(f"evidence_appended={len(appended_evidence)}")
+if new_risks or appended_evidence:
+    print("next_action=commit-staged")
+else:
+    print("next_action=none")
+PYEOF
+)
+PY_STATUS=$?
+
+if [ "$PY_STATUS" -ne 0 ]; then
+  echo "$DRAIN_RESULT"
+  exit "$PY_STATUS"
+fi
+
+echo "$DRAIN_RESULT"
+
+ENTRIES_DRAINED=$(echo "$DRAIN_RESULT" | grep -E '^entries_drained=' | cut -d= -f2)
+NEW_RISKS=$(echo "$DRAIN_RESULT" | grep -E '^new_risks_created=' | cut -d= -f2)
+EVIDENCE_APPENDED=$(echo "$DRAIN_RESULT" | grep -E '^evidence_appended=' | cut -d= -f2)
+
+if [ "${NEW_RISKS:-0}" != "0" ] || [ "${EVIDENCE_APPENDED:-0}" != "0" ]; then
+  (cd "$PROJECT_ROOT" && git add docs/risks 2>/dev/null) || true
+fi
+
+if [ "${ENTRIES_DRAINED:-0}" != "0" ]; then
+  : > "$QUEUE_FILE"
+fi
+
+exit 0

package/scripts/test/drain-register-queue.bats

@@ -0,0 +1,282 @@
+#!/usr/bin/env bats
+# Behavioural-fixture coverage for packages/risk-scorer/scripts/drain-register-queue.sh
+# per ADR-052 (behavioural tests default) and ADR-056 (Phase 2b drain contract).
+#
+# The drain script consumes .afk-run-state/risk-register-queue.jsonl (produced
+# by risk-score-mark.sh per ADR-056 Phase 2a) and materialises register entries
+# in docs/risks/. The script is invoked by consumer skills (this iter:
+# /wr-itil:work-problems Step 6.4); subsequent iters wire additional consumers.
+
+setup() {
+  REPO_ROOT="$(cd "$(dirname "$BATS_TEST_FILENAME")/../../../.." && pwd)"
+  SCRIPT="$REPO_ROOT/packages/risk-scorer/scripts/drain-register-queue.sh"
+  SHIM="$REPO_ROOT/packages/risk-scorer/bin/wr-risk-scorer-drain-register-queue"
+  WORK_DIR="$(mktemp -d)"
+  cd "$WORK_DIR"
+  # Minimal git setup — drain script does origin-max lookup via git ls-tree
+  git init --quiet
+  git config user.email "drain-test@example.com"
+  git config user.name "Drain Test"
+  git commit --quiet --allow-empty -m "init"
+  # Mock template + README
+  mkdir -p docs/risks .afk-run-state
+  cp "$REPO_ROOT/docs/risks/TEMPLATE.md" docs/risks/TEMPLATE.md
+  cp "$REPO_ROOT/docs/risks/README.md" docs/risks/README.md
+  cp "$REPO_ROOT/docs/risks/R001-confidential-info-leak-via-public-repo-push.active.md" docs/risks/
+  git add docs/risks
+  git commit --quiet -m "seed risks"
+}
+
+teardown() {
+  cd /
+  rm -rf "$WORK_DIR"
+}
+
+@test "shim wrapper exists and is executable" {
+  [ -x "$SHIM" ]
+}
+
+@test "shim resolves canonical script (not exit 127)" {
+  run "$SHIM" "$WORK_DIR"
+  [ "$status" -ne 127 ]
+}
+
+@test "empty queue → no-op, exit 0, no writes (ADR-056 idempotent)" {
+  : > .afk-run-state/risk-register-queue.jsonl
+  before_count=$(find docs/risks -name 'R*.active.md' 2>/dev/null | wc -l | tr -d ' ')
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=0$'
+  echo "$output" | grep -q '^next_action=none$'
+  after_count=$(find docs/risks -name 'R*.active.md' 2>/dev/null | wc -l | tr -d ' ')
+  [ "$before_count" = "$after_count" ]
+}
+
+@test "missing queue file → no-op, exit 0" {
+  rm -f .afk-run-state/risk-register-queue.jsonl
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=0$'
+}
+
+@test "missing docs/risks/ → no-op, exit 0 (Phase 1 scaffold not yet fired)" {
+  rm -rf docs/risks
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/x.md","reason_tag":"above-appetite-residual","risk_slug":"foo","slug_source":"agent","prefill":"prose"}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=0$'
+}
+
+@test "single hint, no existing match → creates R<NNN>-<slug>.active.md" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/2026-05-03T14-00-00-commit.md","reason_tag":"above-appetite-residual","risk_slug":"cumulative-residual-commit","slug_source":"agent","prefill":"Cumulative residual at commit hit High band."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=1$'
+  echo "$output" | grep -q '^new_risks_created=1$'
+  echo "$output" | grep -q '^next_action=commit-staged$'
+  # R002 because R001 already exists in the seeded README
+  [ -f docs/risks/R002-cumulative-residual-commit.active.md ]
+  grep -q 'Status.*Active.*auto-scaffolded.*pending review' docs/risks/R002-cumulative-residual-commit.active.md
+  grep -q 'Curation.*pending review' docs/risks/R002-cumulative-residual-commit.active.md
+  grep -q 'not estimated.*no prior data' docs/risks/R002-cumulative-residual-commit.active.md
+  grep -q 'Cumulative residual at commit hit High band' docs/risks/R002-cumulative-residual-commit.active.md
+}
+
+@test "single hint creates README Register table row (ADR-056 step 3d)" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/x.md","reason_tag":"above-appetite-residual","risk_slug":"my-test-risk","slug_source":"agent","prefill":"Test risk prose."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  # README must contain a row for the new risk in the Register table
+  grep -qE '\| \[R002\]\(R002-my-test-risk\.active\.md\) \|' docs/risks/README.md
+  # Stub scoring renders as em-dash columns
+  grep -qE 'R002.*my-test-risk.*\|.*—.*\|.*—.*\|.*pending' docs/risks/README.md
+}
+
+@test "multiple hints with same slug → one register file, multiple Evidence Log lines" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r1.md","reason_tag":"above-appetite-residual","risk_slug":"shared-slug","slug_source":"agent","prefill":"First mention."}
+{"ts":"2026-05-03T14:01:00Z","session_id":"s1","report_path":".risk-reports/r2.md","reason_tag":"above-appetite-residual","risk_slug":"shared-slug","slug_source":"agent","prefill":"Second mention."}
+{"ts":"2026-05-03T14:02:00Z","session_id":"s2","report_path":".risk-reports/r3.md","reason_tag":"above-appetite-residual","risk_slug":"shared-slug","slug_source":"agent","prefill":"Third mention."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=3$'
+  echo "$output" | grep -q '^new_risks_created=1$'
+  # Exactly one register file
+  [ "$(find docs/risks -name 'R*-shared-slug.active.md' | wc -l | tr -d ' ')" = "1" ]
+  # Evidence Log section cites all three reports
+  grep -q '.risk-reports/r1.md' docs/risks/R*-shared-slug.active.md
+  grep -q '.risk-reports/r2.md' docs/risks/R*-shared-slug.active.md
+  grep -q '.risk-reports/r3.md' docs/risks/R*-shared-slug.active.md
+}
+
+@test "two distinct slugs in same queue → two register files with sequential IDs" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r1.md","reason_tag":"above-appetite-residual","risk_slug":"first-slug","slug_source":"agent","prefill":"First risk."}
+{"ts":"2026-05-03T14:01:00Z","session_id":"s1","report_path":".risk-reports/r2.md","reason_tag":"confidentiality-disclosure","risk_slug":"second-slug","slug_source":"agent","prefill":"Second risk."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=2$'
+  echo "$output" | grep -q '^new_risks_created=2$'
+  [ -f docs/risks/R002-first-slug.active.md ]
+  [ -f docs/risks/R003-second-slug.active.md ]
+}
+
+@test "existing match → appends Evidence Log only, no new file, no scoring change (ADR-056 step 3b)" {
+  # Pre-seed an existing risk file with this slug
+  cat > docs/risks/R042-known-risk.active.md <<'EOF'
+# Risk R042: Known Risk
+
+**Status**: Active
+**Category**: operational
+**Identified**: 2026-04-01
+**Owner**: solo-developer
+**Last reviewed**: 2026-04-01
+**Next review**: 2026-10-01
+
+## Description
+
+Pre-existing curated risk.
+
+## Inherent Risk
+
+- **Impact**: 3 (Moderate)
+- **Likelihood**: 2 (Unlikely)
+- **Inherent Score**: 6
+- **Inherent Band**: Medium
+
+## Controls
+
+- **control-x** — does the thing. Implemented in path/x.
+
+## Residual Risk
+
+- **Impact**: 2 (Minor)
+- **Likelihood**: 2 (Unlikely)
+- **Residual Score**: 4
+- **Residual Band**: Low
+- **Within appetite?**: Yes
+
+## Treatment
+
+Mitigate. Justified.
+
+## Monitoring
+
+- **Trigger to re-assess**: never
+- **Metrics**: none
+
+## Related
+
+- Criteria: `RISK-POLICY.md`
+
+## Change Log
+
+- 2026-04-01: Initial identification.
+EOF
+
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/new-fire.md","reason_tag":"above-appetite-residual","risk_slug":"known-risk","slug_source":"agent","prefill":"Fired again."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^entries_drained=1$'
+  echo "$output" | grep -q '^new_risks_created=0$'
+  echo "$output" | grep -q '^evidence_appended=1$'
+  # Existing file untouched on scoring lines
+  grep -q 'Inherent Score.*: 6$' docs/risks/R042-known-risk.active.md
+  grep -q 'Residual Score.*: 4$' docs/risks/R042-known-risk.active.md
+  # Evidence Log section now exists
+  grep -q '.risk-reports/new-fire.md' docs/risks/R042-known-risk.active.md
+  # No R<NNN+1> file created
+  [ ! -f docs/risks/R002-known-risk.active.md ]
+}
+
+@test "queue truncated on success" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r1.md","reason_tag":"above-appetite-residual","risk_slug":"truncate-test","slug_source":"agent","prefill":"prose."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  # Queue file is empty after success
+  [ ! -s .afk-run-state/risk-register-queue.jsonl ]
+}
+
+@test "queue NOT truncated on no-op (no docs/risks/ dir)" {
+  rm -rf docs/risks
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r1.md","reason_tag":"above-appetite-residual","risk_slug":"preserve-on-skip","slug_source":"agent","prefill":"prose."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  # Queue preserved when drain skips — Phase 1 scaffolding may land later
+  [ -s .afk-run-state/risk-register-queue.jsonl ]
+}
+
+@test "stdout key=value shape (caller-parseable)" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r.md","reason_tag":"above-appetite-residual","risk_slug":"shape-test","slug_source":"agent","prefill":"prose."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  # All four required keys present
+  echo "$output" | grep -qE '^entries_drained=[0-9]+$'
+  echo "$output" | grep -qE '^new_risks_created=[0-9]+$'
+  echo "$output" | grep -qE '^evidence_appended=[0-9]+$'
+  echo "$output" | grep -qE '^next_action=(commit-staged|none)$'
+}
+
+@test "files staged after successful drain (ready for caller commit)" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r.md","reason_tag":"above-appetite-residual","risk_slug":"stage-test","slug_source":"agent","prefill":"prose."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  # Caller should be able to git commit immediately
+  staged=$(git diff --cached --name-only)
+  echo "$staged" | grep -q 'docs/risks/R002-stage-test.active.md'
+  echo "$staged" | grep -q 'docs/risks/README.md'
+}
+
+@test "origin-max collision avoidance (ADR-019 ticket-creator dual-source ID)" {
+  # Simulate origin/main having higher R-numbers than local. The drain script
+  # MUST consult origin-max so parallel adopter sessions don't mint duplicate IDs.
+  # We mock by creating a branch with R099 file then resetting local but keeping
+  # the ref reachable as origin/main.
+  cat > docs/risks/R099-future-risk.active.md <<'EOF'
+# Risk R099: Future risk
+EOF
+  git add docs/risks/R099-future-risk.active.md
+  git commit --quiet -m "high-id"
+  git update-ref refs/remotes/origin/main HEAD
+  git rm --quiet docs/risks/R099-future-risk.active.md
+  git commit --quiet -m "remove from local"
+  # Now local-max sees only R001 (from seeded README) but origin-max should see R099
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r.md","reason_tag":"above-appetite-residual","risk_slug":"collision-guard","slug_source":"agent","prefill":"prose."}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  # Next ID must be R100, not R002
+  [ -f docs/risks/R100-collision-guard.active.md ]
+  [ ! -f docs/risks/R002-collision-guard.active.md ]
+}
+
+@test "malformed JSONL line skipped, valid lines processed" {
+  cat > .afk-run-state/risk-register-queue.jsonl <<EOF
+not-json-at-all
+{"ts":"2026-05-03T14:00:00Z","session_id":"s1","report_path":".risk-reports/r.md","reason_tag":"above-appetite-residual","risk_slug":"good-line","slug_source":"agent","prefill":"valid prose."}
+{"ts":"bad","incomplete":true}
+EOF
+  run bash "$SCRIPT" "$WORK_DIR"
+  [ "$status" -eq 0 ]
+  echo "$output" | grep -q '^new_risks_created=1$'
+  [ -f docs/risks/R002-good-line.active.md ]
+}