npm - siesa-agents - Versions diffs - 2.1.1 → 2.1.3-dev.0 - Mend

siesa-agents 2.1.1 → 2.1.3-dev.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (147) hide show

package/README.md +83 -83
package/bin/install.js +400 -399
package/bin/prepare-publish.js +26 -26
package/bin/restore-folders.js +26 -26
package/bmad-core/agent-teams/team-all.yaml +15 -15
package/bmad-core/agent-teams/team-fullstack.yaml +19 -19
package/bmad-core/agent-teams/team-ide-minimal.yaml +11 -11
package/bmad-core/agent-teams/team-no-ui.yaml +14 -14
package/bmad-core/agents/analyst.md +84 -84
package/bmad-core/agents/architect.md +94 -94
package/bmad-core/agents/backend-agent.md +189 -189
package/bmad-core/agents/bmad-master.md +110 -110
package/bmad-core/agents/bmad-orchestrator.md +147 -147
package/bmad-core/agents/dev.md +81 -81
package/bmad-core/agents/frontend-agent.md +168 -168
package/bmad-core/agents/pm.md +84 -84
package/bmad-core/agents/po.md +79 -79
package/bmad-core/agents/qa.md +91 -91
package/bmad-core/agents/sm.md +65 -65
package/bmad-core/agents/ux-expert.md +69 -69
package/bmad-core/checklists/architect-checklist.md +440 -440
package/bmad-core/checklists/backend-checklist.md +142 -142
package/bmad-core/checklists/change-checklist.md +184 -184
package/bmad-core/checklists/frontend-checklist.md +105 -105
package/bmad-core/checklists/pm-checklist.md +372 -372
package/bmad-core/checklists/po-master-checklist.md +434 -434
package/bmad-core/checklists/story-dod-checklist.md +96 -96
package/bmad-core/checklists/story-draft-checklist.md +155 -155
package/bmad-core/core-config.yaml +22 -22
package/bmad-core/data/backend-standards.md +439 -439
package/bmad-core/data/bmad-kb.md +809 -809
package/bmad-core/data/brainstorming-techniques.md +38 -38
package/bmad-core/data/elicitation-methods.md +156 -156
package/bmad-core/data/frontend-standards.md +323 -323
package/bmad-core/data/technical-preferences.md +5 -5
package/bmad-core/data/test-levels-framework.md +148 -148
package/bmad-core/data/test-priorities-matrix.md +174 -174
package/bmad-core/enhanced-ide-development-workflow.md +248 -248
package/bmad-core/install-manifest.yaml +230 -230
package/bmad-core/tasks/advanced-elicitation.md +119 -119
package/bmad-core/tasks/apply-qa-fixes.md +150 -150
package/bmad-core/tasks/brownfield-create-epic.md +162 -162
package/bmad-core/tasks/brownfield-create-story.md +149 -149
package/bmad-core/tasks/correct-course.md +72 -72
package/bmad-core/tasks/create-brownfield-story.md +314 -314
package/bmad-core/tasks/create-component.md +102 -102
package/bmad-core/tasks/create-deep-research-prompt.md +280 -280
package/bmad-core/tasks/create-doc.md +103 -103
package/bmad-core/tasks/create-entity.md +132 -132
package/bmad-core/tasks/create-feature.md +90 -90
package/bmad-core/tasks/create-next-story.md +114 -114
package/bmad-core/tasks/create-service.md +117 -117
package/bmad-core/tasks/create-use-case.md +140 -140
package/bmad-core/tasks/document-project.md +345 -345
package/bmad-core/tasks/execute-checklist.md +88 -88
package/bmad-core/tasks/facilitate-brainstorming-session.md +138 -138
package/bmad-core/tasks/generate-ai-frontend-prompt.md +53 -53
package/bmad-core/tasks/index-docs.md +175 -175
package/bmad-core/tasks/kb-mode-interaction.md +77 -77
package/bmad-core/tasks/nfr-assess.md +345 -345
package/bmad-core/tasks/qa-gate.md +163 -163
package/bmad-core/tasks/review-story.md +316 -316
package/bmad-core/tasks/risk-profile.md +355 -355
package/bmad-core/tasks/scaffold-backend.md +110 -110
package/bmad-core/tasks/scaffold-frontend.md +78 -78
package/bmad-core/tasks/shard-doc.md +187 -187
package/bmad-core/tasks/test-design.md +176 -176
package/bmad-core/tasks/trace-requirements.md +266 -266
package/bmad-core/tasks/validate-next-story.md +136 -136
package/bmad-core/templates/architecture-tmpl.yaml +662 -662
package/bmad-core/templates/brainstorming-output-tmpl.yaml +156 -156
package/bmad-core/templates/brownfield-architecture-tmpl.yaml +477 -477
package/bmad-core/templates/brownfield-prd-tmpl.yaml +281 -281
package/bmad-core/templates/competitor-analysis-tmpl.yaml +307 -307
package/bmad-core/templates/front-end-architecture-tmpl.yaml +258 -258
package/bmad-core/templates/front-end-spec-tmpl.yaml +350 -350
package/bmad-core/templates/fullstack-architecture-tmpl.yaml +824 -824
package/bmad-core/templates/market-research-tmpl.yaml +253 -253
package/bmad-core/templates/prd-tmpl.yaml +203 -203
package/bmad-core/templates/project-brief-tmpl.yaml +222 -222
package/bmad-core/templates/qa-gate-tmpl.yaml +103 -103
package/bmad-core/templates/story-tmpl.yaml +138 -138
package/bmad-core/user-guide.md +530 -530
package/bmad-core/utils/bmad-doc-template.md +327 -327
package/bmad-core/utils/workflow-management.md +71 -71
package/bmad-core/workflows/brownfield-fullstack.yaml +298 -298
package/bmad-core/workflows/brownfield-service.yaml +188 -188
package/bmad-core/workflows/brownfield-ui.yaml +198 -198
package/bmad-core/workflows/greenfield-fullstack.yaml +241 -241
package/bmad-core/workflows/greenfield-service.yaml +207 -207
package/bmad-core/workflows/greenfield-ui.yaml +236 -236
package/bmad-core/working-in-the-brownfield.md +606 -606
package/claude/commands/BMad/agents/analyst.md +88 -0
package/claude/commands/BMad/agents/architect.md +89 -0
package/claude/commands/BMad/agents/backend.md +188 -0
package/claude/commands/BMad/agents/bmad-master.md +114 -0
package/claude/commands/BMad/agents/bmad-orchestrator.md +151 -0
package/claude/commands/BMad/agents/dev.md +85 -0
package/claude/commands/BMad/agents/frontend.md +151 -0
package/claude/commands/BMad/agents/pm.md +88 -0
package/claude/commands/BMad/agents/po.md +83 -0
package/claude/commands/BMad/agents/qa.md +95 -0
package/claude/commands/BMad/agents/sm.md +69 -0
package/claude/commands/BMad/agents/ux-expert.md +73 -0
package/claude/commands/BMad/tasks/advanced-elicitation.md +123 -0
package/claude/commands/BMad/tasks/apply-qa-fixes.md +154 -0
package/claude/commands/BMad/tasks/brownfield-create-epic.md +166 -0
package/claude/commands/BMad/tasks/brownfield-create-story.md +153 -0
package/claude/commands/BMad/tasks/correct-course.md +76 -0
package/claude/commands/BMad/tasks/create-brownfield-story.md +318 -0
package/claude/commands/BMad/tasks/create-deep-research-prompt.md +284 -0
package/claude/commands/BMad/tasks/create-doc.md +107 -0
package/claude/commands/BMad/tasks/create-next-story.md +118 -0
package/claude/commands/BMad/tasks/document-project.md +349 -0
package/claude/commands/BMad/tasks/execute-checklist.md +92 -0
package/claude/commands/BMad/tasks/facilitate-brainstorming-session.md +142 -0
package/claude/commands/BMad/tasks/generate-ai-frontend-prompt.md +57 -0
package/claude/commands/BMad/tasks/index-docs.md +179 -0
package/claude/commands/BMad/tasks/kb-mode-interaction.md +81 -0
package/claude/commands/BMad/tasks/nfr-assess.md +349 -0
package/claude/commands/BMad/tasks/qa-gate.md +167 -0
package/claude/commands/BMad/tasks/review-story.md +320 -0
package/claude/commands/BMad/tasks/risk-profile.md +359 -0
package/claude/commands/BMad/tasks/shard-doc.md +191 -0
package/claude/commands/BMad/tasks/test-design.md +180 -0
package/claude/commands/BMad/tasks/trace-requirements.md +270 -0
package/claude/commands/BMad/tasks/validate-next-story.md +140 -0
package/claude/hooks/file-restriction-hook.py +51 -0
package/claude/hooks/track-agent.py +67 -0
package/claude/settings.local.json +56 -0
package/github/b-mad-expert.md +742 -742
package/github/chatmodes/analyst.chatmode.md +89 -89
package/github/chatmodes/architect.chatmode.md +97 -97
package/github/chatmodes/backend.chatmode.md +194 -194
package/github/chatmodes/bmad-master.chatmode.md +115 -115
package/github/chatmodes/bmad-orchestrator.chatmode.md +152 -152
package/github/chatmodes/dev.chatmode.md +86 -86
package/github/chatmodes/frontend.chatmode.md +157 -157
package/github/chatmodes/pm.chatmode.md +89 -89
package/github/chatmodes/po.chatmode.md +84 -84
package/github/chatmodes/qa.chatmode.md +96 -96
package/github/chatmodes/sm.chatmode.md +70 -70
package/github/chatmodes/ux-expert.chatmode.md +74 -74
package/index.js +9 -9
package/package.json +37 -36
package/vscode/mcp.json +11 -11
package/vscode/settings.json +12 -12

package/bmad-core/tasks/risk-profile.md CHANGED Viewed

@@ -1,355 +1,355 @@
-<!-- Powered by BMAD™ Core -->
-# risk-profile
-Generate a comprehensive risk assessment matrix for a story implementation using probability × impact analysis.
-## Inputs
-```yaml
-required:
-  - story_id: '{epic}.{story}' # e.g., "1.3"
-  - story_path: 'docs/stories/{epic}.{story}.*.md'
-  - story_title: '{title}' # If missing, derive from story file H1
-  - story_slug: '{slug}' # If missing, derive from title (lowercase, hyphenated)
-```
-## Purpose
-Identify, assess, and prioritize risks in the story implementation. Provide risk mitigation strategies and testing focus areas based on risk levels.
-## Risk Assessment Framework
-### Risk Categories
-**Category Prefixes:**
-- `TECH`: Technical Risks
-- `SEC`: Security Risks
-- `PERF`: Performance Risks
-- `DATA`: Data Risks
-- `BUS`: Business Risks
-- `OPS`: Operational Risks
-1. **Technical Risks (TECH)**
-   - Architecture complexity
-   - Integration challenges
-   - Technical debt
-   - Scalability concerns
-   - System dependencies
-2. **Security Risks (SEC)**
-   - Authentication/authorization flaws
-   - Data exposure vulnerabilities
-   - Injection attacks
-   - Session management issues
-   - Cryptographic weaknesses
-3. **Performance Risks (PERF)**
-   - Response time degradation
-   - Throughput bottlenecks
-   - Resource exhaustion
-   - Database query optimization
-   - Caching failures
-4. **Data Risks (DATA)**
-   - Data loss potential
-   - Data corruption
-   - Privacy violations
-   - Compliance issues
-   - Backup/recovery gaps
-5. **Business Risks (BUS)**
-   - Feature doesn't meet user needs
-   - Revenue impact
-   - Reputation damage
-   - Regulatory non-compliance
-   - Market timing
-6. **Operational Risks (OPS)**
-   - Deployment failures
-   - Monitoring gaps
-   - Incident response readiness
-   - Documentation inadequacy
-   - Knowledge transfer issues
-## Risk Analysis Process
-### 1. Risk Identification
-For each category, identify specific risks:
-```yaml
-risk:
-  id: 'SEC-001' # Use prefixes: SEC, PERF, DATA, BUS, OPS, TECH
-  category: security
-  title: 'Insufficient input validation on user forms'
-  description: 'Form inputs not properly sanitized could lead to XSS attacks'
-  affected_components:
-    - 'UserRegistrationForm'
-    - 'ProfileUpdateForm'
-  detection_method: 'Code review revealed missing validation'
-```
-### 2. Risk Assessment
-Evaluate each risk using probability × impact:
-**Probability Levels:**
-- `High (3)`: Likely to occur (>70% chance)
-- `Medium (2)`: Possible occurrence (30-70% chance)
-- `Low (1)`: Unlikely to occur (<30% chance)
-**Impact Levels:**
-- `High (3)`: Severe consequences (data breach, system down, major financial loss)
-- `Medium (2)`: Moderate consequences (degraded performance, minor data issues)
-- `Low (1)`: Minor consequences (cosmetic issues, slight inconvenience)
-### Risk Score = Probability × Impact
-- 9: Critical Risk (Red)
-- 6: High Risk (Orange)
-- 4: Medium Risk (Yellow)
-- 2-3: Low Risk (Green)
-- 1: Minimal Risk (Blue)
-### 3. Risk Prioritization
-Create risk matrix:
-```markdown
-## Risk Matrix
-| Risk ID  | Description             | Probability | Impact     | Score | Priority |
-| -------- | ----------------------- | ----------- | ---------- | ----- | -------- |
-| SEC-001  | XSS vulnerability       | High (3)    | High (3)   | 9     | Critical |
-| PERF-001 | Slow query on dashboard | Medium (2)  | Medium (2) | 4     | Medium   |
-| DATA-001 | Backup failure          | Low (1)     | High (3)   | 3     | Low      |
-```
-### 4. Risk Mitigation Strategies
-For each identified risk, provide mitigation:
-```yaml
-mitigation:
-  risk_id: 'SEC-001'
-  strategy: 'preventive' # preventive|detective|corrective
-  actions:
-    - 'Implement input validation library (e.g., validator.js)'
-    - 'Add CSP headers to prevent XSS execution'
-    - 'Sanitize all user inputs before storage'
-    - 'Escape all outputs in templates'
-  testing_requirements:
-    - 'Security testing with OWASP ZAP'
-    - 'Manual penetration testing of forms'
-    - 'Unit tests for validation functions'
-  residual_risk: 'Low - Some zero-day vulnerabilities may remain'
-  owner: 'dev'
-  timeline: 'Before deployment'
-```
-## Outputs
-### Output 1: Gate YAML Block
-Generate for pasting into gate file under `risk_summary`:
-**Output rules:**
-- Only include assessed risks; do not emit placeholders
-- Sort risks by score (desc) when emitting highest and any tabular lists
-- If no risks: totals all zeros, omit highest, keep recommendations arrays empty
-```yaml
-# risk_summary (paste into gate file):
-risk_summary:
-  totals:
-    critical: X # score 9
-    high: Y # score 6
-    medium: Z # score 4
-    low: W # score 2-3
-  highest:
-    id: SEC-001
-    score: 9
-    title: 'XSS on profile form'
-  recommendations:
-    must_fix:
-      - 'Add input sanitization & CSP'
-    monitor:
-      - 'Add security alerts for auth endpoints'
-```
-### Output 2: Markdown Report
-**Save to:** `qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md`
-```markdown
-# Risk Profile: Story {epic}.{story}
-Date: {date}
-Reviewer: Quinn (Test Architect)
-## Executive Summary
-- Total Risks Identified: X
-- Critical Risks: Y
-- High Risks: Z
-- Risk Score: XX/100 (calculated)
-## Critical Risks Requiring Immediate Attention
-### 1. [ID]: Risk Title
-**Score: 9 (Critical)**
-**Probability**: High - Detailed reasoning
-**Impact**: High - Potential consequences
-**Mitigation**:
-- Immediate action required
-- Specific steps to take
-  **Testing Focus**: Specific test scenarios needed
-## Risk Distribution
-### By Category
-- Security: X risks (Y critical)
-- Performance: X risks (Y critical)
-- Data: X risks (Y critical)
-- Business: X risks (Y critical)
-- Operational: X risks (Y critical)
-### By Component
-- Frontend: X risks
-- Backend: X risks
-- Database: X risks
-- Infrastructure: X risks
-## Detailed Risk Register
-[Full table of all risks with scores and mitigations]
-## Risk-Based Testing Strategy
-### Priority 1: Critical Risk Tests
-- Test scenarios for critical risks
-- Required test types (security, load, chaos)
-- Test data requirements
-### Priority 2: High Risk Tests
-- Integration test scenarios
-- Edge case coverage
-### Priority 3: Medium/Low Risk Tests
-- Standard functional tests
-- Regression test suite
-## Risk Acceptance Criteria
-### Must Fix Before Production
-- All critical risks (score 9)
-- High risks affecting security/data
-### Can Deploy with Mitigation
-- Medium risks with compensating controls
-- Low risks with monitoring in place
-### Accepted Risks
-- Document any risks team accepts
-- Include sign-off from appropriate authority
-## Monitoring Requirements
-Post-deployment monitoring for:
-- Performance metrics for PERF risks
-- Security alerts for SEC risks
-- Error rates for operational risks
-- Business KPIs for business risks
-## Risk Review Triggers
-Review and update risk profile when:
-- Architecture changes significantly
-- New integrations added
-- Security vulnerabilities discovered
-- Performance issues reported
-- Regulatory requirements change
-```
-## Risk Scoring Algorithm
-Calculate overall story risk score:
-```text
-Base Score = 100
-For each risk:
-  - Critical (9): Deduct 20 points
-  - High (6): Deduct 10 points
-  - Medium (4): Deduct 5 points
-  - Low (2-3): Deduct 2 points
-Minimum score = 0 (extremely risky)
-Maximum score = 100 (minimal risk)
-```
-## Risk-Based Recommendations
-Based on risk profile, recommend:
-1. **Testing Priority**
-   - Which tests to run first
-   - Additional test types needed
-   - Test environment requirements
-2. **Development Focus**
-   - Code review emphasis areas
-   - Additional validation needed
-   - Security controls to implement
-3. **Deployment Strategy**
-   - Phased rollout for high-risk changes
-   - Feature flags for risky features
-   - Rollback procedures
-4. **Monitoring Setup**
-   - Metrics to track
-   - Alerts to configure
-   - Dashboard requirements
-## Integration with Quality Gates
-**Deterministic gate mapping:**
-- Any risk with score ≥ 9 → Gate = FAIL (unless waived)
-- Else if any score ≥ 6 → Gate = CONCERNS
-- Else → Gate = PASS
-- Unmitigated risks → Document in gate
-### Output 3: Story Hook Line
-**Print this line for review task to quote:**
-```text
-Risk profile: qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md
-```
-## Key Principles
-- Identify risks early and systematically
-- Use consistent probability × impact scoring
-- Provide actionable mitigation strategies
-- Link risks to specific test requirements
-- Track residual risk after mitigation
-- Update risk profile as story evolves
+<!-- Powered by BMAD™ Core -->
+# risk-profile
+Generate a comprehensive risk assessment matrix for a story implementation using probability × impact analysis.
+## Inputs
+```yaml
+required:
+  - story_id: '{epic}.{story}' # e.g., "1.3"
+  - story_path: 'docs/stories/{epic}.{story}.*.md'
+  - story_title: '{title}' # If missing, derive from story file H1
+  - story_slug: '{slug}' # If missing, derive from title (lowercase, hyphenated)
+```
+## Purpose
+Identify, assess, and prioritize risks in the story implementation. Provide risk mitigation strategies and testing focus areas based on risk levels.
+## Risk Assessment Framework
+### Risk Categories
+**Category Prefixes:**
+- `TECH`: Technical Risks
+- `SEC`: Security Risks
+- `PERF`: Performance Risks
+- `DATA`: Data Risks
+- `BUS`: Business Risks
+- `OPS`: Operational Risks
+1. **Technical Risks (TECH)**
+   - Architecture complexity
+   - Integration challenges
+   - Technical debt
+   - Scalability concerns
+   - System dependencies
+2. **Security Risks (SEC)**
+   - Authentication/authorization flaws
+   - Data exposure vulnerabilities
+   - Injection attacks
+   - Session management issues
+   - Cryptographic weaknesses
+3. **Performance Risks (PERF)**
+   - Response time degradation
+   - Throughput bottlenecks
+   - Resource exhaustion
+   - Database query optimization
+   - Caching failures
+4. **Data Risks (DATA)**
+   - Data loss potential
+   - Data corruption
+   - Privacy violations
+   - Compliance issues
+   - Backup/recovery gaps
+5. **Business Risks (BUS)**
+   - Feature doesn't meet user needs
+   - Revenue impact
+   - Reputation damage
+   - Regulatory non-compliance
+   - Market timing
+6. **Operational Risks (OPS)**
+   - Deployment failures
+   - Monitoring gaps
+   - Incident response readiness
+   - Documentation inadequacy
+   - Knowledge transfer issues
+## Risk Analysis Process
+### 1. Risk Identification
+For each category, identify specific risks:
+```yaml
+risk:
+  id: 'SEC-001' # Use prefixes: SEC, PERF, DATA, BUS, OPS, TECH
+  category: security
+  title: 'Insufficient input validation on user forms'
+  description: 'Form inputs not properly sanitized could lead to XSS attacks'
+  affected_components:
+    - 'UserRegistrationForm'
+    - 'ProfileUpdateForm'
+  detection_method: 'Code review revealed missing validation'
+```
+### 2. Risk Assessment
+Evaluate each risk using probability × impact:
+**Probability Levels:**
+- `High (3)`: Likely to occur (>70% chance)
+- `Medium (2)`: Possible occurrence (30-70% chance)
+- `Low (1)`: Unlikely to occur (<30% chance)
+**Impact Levels:**
+- `High (3)`: Severe consequences (data breach, system down, major financial loss)
+- `Medium (2)`: Moderate consequences (degraded performance, minor data issues)
+- `Low (1)`: Minor consequences (cosmetic issues, slight inconvenience)
+### Risk Score = Probability × Impact
+- 9: Critical Risk (Red)
+- 6: High Risk (Orange)
+- 4: Medium Risk (Yellow)
+- 2-3: Low Risk (Green)
+- 1: Minimal Risk (Blue)
+### 3. Risk Prioritization
+Create risk matrix:
+```markdown
+## Risk Matrix
+| Risk ID  | Description             | Probability | Impact     | Score | Priority |
+| -------- | ----------------------- | ----------- | ---------- | ----- | -------- |
+| SEC-001  | XSS vulnerability       | High (3)    | High (3)   | 9     | Critical |
+| PERF-001 | Slow query on dashboard | Medium (2)  | Medium (2) | 4     | Medium   |
+| DATA-001 | Backup failure          | Low (1)     | High (3)   | 3     | Low      |
+```
+### 4. Risk Mitigation Strategies
+For each identified risk, provide mitigation:
+```yaml
+mitigation:
+  risk_id: 'SEC-001'
+  strategy: 'preventive' # preventive|detective|corrective
+  actions:
+    - 'Implement input validation library (e.g., validator.js)'
+    - 'Add CSP headers to prevent XSS execution'
+    - 'Sanitize all user inputs before storage'
+    - 'Escape all outputs in templates'
+  testing_requirements:
+    - 'Security testing with OWASP ZAP'
+    - 'Manual penetration testing of forms'
+    - 'Unit tests for validation functions'
+  residual_risk: 'Low - Some zero-day vulnerabilities may remain'
+  owner: 'dev'
+  timeline: 'Before deployment'
+```
+## Outputs
+### Output 1: Gate YAML Block
+Generate for pasting into gate file under `risk_summary`:
+**Output rules:**
+- Only include assessed risks; do not emit placeholders
+- Sort risks by score (desc) when emitting highest and any tabular lists
+- If no risks: totals all zeros, omit highest, keep recommendations arrays empty
+```yaml
+# risk_summary (paste into gate file):
+risk_summary:
+  totals:
+    critical: X # score 9
+    high: Y # score 6
+    medium: Z # score 4
+    low: W # score 2-3
+  highest:
+    id: SEC-001
+    score: 9
+    title: 'XSS on profile form'
+  recommendations:
+    must_fix:
+      - 'Add input sanitization & CSP'
+    monitor:
+      - 'Add security alerts for auth endpoints'
+```
+### Output 2: Markdown Report
+**Save to:** `qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md`
+```markdown
+# Risk Profile: Story {epic}.{story}
+Date: {date}
+Reviewer: Quinn (Test Architect)
+## Executive Summary
+- Total Risks Identified: X
+- Critical Risks: Y
+- High Risks: Z
+- Risk Score: XX/100 (calculated)
+## Critical Risks Requiring Immediate Attention
+### 1. [ID]: Risk Title
+**Score: 9 (Critical)**
+**Probability**: High - Detailed reasoning
+**Impact**: High - Potential consequences
+**Mitigation**:
+- Immediate action required
+- Specific steps to take
+  **Testing Focus**: Specific test scenarios needed
+## Risk Distribution
+### By Category
+- Security: X risks (Y critical)
+- Performance: X risks (Y critical)
+- Data: X risks (Y critical)
+- Business: X risks (Y critical)
+- Operational: X risks (Y critical)
+### By Component
+- Frontend: X risks
+- Backend: X risks
+- Database: X risks
+- Infrastructure: X risks
+## Detailed Risk Register
+[Full table of all risks with scores and mitigations]
+## Risk-Based Testing Strategy
+### Priority 1: Critical Risk Tests
+- Test scenarios for critical risks
+- Required test types (security, load, chaos)
+- Test data requirements
+### Priority 2: High Risk Tests
+- Integration test scenarios
+- Edge case coverage
+### Priority 3: Medium/Low Risk Tests
+- Standard functional tests
+- Regression test suite
+## Risk Acceptance Criteria
+### Must Fix Before Production
+- All critical risks (score 9)
+- High risks affecting security/data
+### Can Deploy with Mitigation
+- Medium risks with compensating controls
+- Low risks with monitoring in place
+### Accepted Risks
+- Document any risks team accepts
+- Include sign-off from appropriate authority
+## Monitoring Requirements
+Post-deployment monitoring for:
+- Performance metrics for PERF risks
+- Security alerts for SEC risks
+- Error rates for operational risks
+- Business KPIs for business risks
+## Risk Review Triggers
+Review and update risk profile when:
+- Architecture changes significantly
+- New integrations added
+- Security vulnerabilities discovered
+- Performance issues reported
+- Regulatory requirements change
+```
+## Risk Scoring Algorithm
+Calculate overall story risk score:
+```text
+Base Score = 100
+For each risk:
+  - Critical (9): Deduct 20 points
+  - High (6): Deduct 10 points
+  - Medium (4): Deduct 5 points
+  - Low (2-3): Deduct 2 points
+Minimum score = 0 (extremely risky)
+Maximum score = 100 (minimal risk)
+```
+## Risk-Based Recommendations
+Based on risk profile, recommend:
+1. **Testing Priority**
+   - Which tests to run first
+   - Additional test types needed
+   - Test environment requirements
+2. **Development Focus**
+   - Code review emphasis areas
+   - Additional validation needed
+   - Security controls to implement
+3. **Deployment Strategy**
+   - Phased rollout for high-risk changes
+   - Feature flags for risky features
+   - Rollback procedures
+4. **Monitoring Setup**
+   - Metrics to track
+   - Alerts to configure
+   - Dashboard requirements
+## Integration with Quality Gates
+**Deterministic gate mapping:**
+- Any risk with score ≥ 9 → Gate = FAIL (unless waived)
+- Else if any score ≥ 6 → Gate = CONCERNS
+- Else → Gate = PASS
+- Unmitigated risks → Document in gate
+### Output 3: Story Hook Line
+**Print this line for review task to quote:**
+```text
+Risk profile: qa.qaLocation/assessments/{epic}.{story}-risk-{YYYYMMDD}.md
+```
+## Key Principles
+- Identify risks early and systematically
+- Use consistent probability × impact scoring
+- Provide actionable mitigation strategies
+- Link risks to specific test requirements
+- Track residual risk after mitigation
+- Update risk profile as story evolves