@windyroad/risk-scorer
v0.17.0
Published
Pipeline risk scoring, commit/push gates, and secret leak detection
Maintainers
Readme
@windyroad/risk-scorer
Pipeline risk scoring, commit/push gates, and secret leak detection for Claude Code. Scores every change for risk and blocks high-risk commits and pushes before they happen. Maturity: Experimental (suite-bootstrap window; 2047 invocations / 30d).
Part of Windy Road Agent Plugins.
What It Does
The risk-scorer plugin brings ISO 31000-aligned risk management to your AI coding workflow. It:
- Scores risk on every edit, assessing cumulative pipeline risk as changes build up
- Gates commits -- blocks
git commitwhen cumulative risk exceeds your policy threshold - Gates pushes -- blocks
git pushfor high-risk changesets (usenpm run push:watchinstead) - Detects secrets -- scans edits for API keys, tokens, passwords, and other credentials before they're written
- Reviews plans -- scores implementation plans for risk before you start building
- Gates outbound prose -- reviews
gh issue/prbodies, security advisories, npm publish content, and.changeset/*.mddrafts for confidential-information leaks before they reach external surfaces
All thresholds are configurable through your project's RISK-POLICY.md.
Install
npx @windyroad/risk-scorerRestart Claude Code after installing.
Usage
The plugin works automatically once installed. On first run in a project without a risk policy, it blocks edits and directs you to generate one:
/wr-risk-scorer:update-policyThis creates a RISK-POLICY.md tailored to your project, defining impact levels, likelihood scales, risk appetite, and the risk matrix -- all aligned to ISO 31000.
How It Works
| Hook | Trigger | What it does |
|------|---------|-------------|
| risk-score.sh | Every prompt | Injects risk scoring context |
| secret-leak-gate.sh | Edit or Write | Blocks writes containing secrets |
| wip-risk-gate.sh | Edit or Write | Blocks edits if WIP risk hasn't been assessed |
| risk-policy-enforce-edit.sh | Edit or Write | Blocks edits if no RISK-POLICY.md exists |
| git-push-gate.sh | Bash (git push) | Blocks direct git push; requires npm run push:watch |
| risk-score-commit-gate.sh | Bash (git commit) | Blocks commits when risk exceeds threshold |
| risk-score-plan-enforce.sh | ExitPlanMode | Ensures plans are risk-scored before execution |
| plan-risk-guidance.sh | EnterPlanMode | Injects risk guidance into plan mode |
| external-comms-gate.sh | Bash, Edit, Write | Gates outbound prose (gh issue/pr, gh api .../security-advisories, npm publish, .changeset/*.md) on confidential-information leak review |
| wip-risk-mark.sh | After edit | Records WIP risk assessment |
| risk-score-mark.sh | Agent completes | Marks risk review as done; writes external-comms marker on wr-risk-scorer:external-comms PASS |
| risk-hash-refresh.sh | After Bash | Refreshes content hashes |
| risk-slide-marker.sh | Agent or Bash | Slides the review marker forward across non-edit operations so an active review session is not invalidated by intervening Bash or sub-agent calls |
Agents
The plugin includes six specialised agents:
| Agent | Purpose |
|-------|---------|
| wr-risk-scorer:agent | Routes to the appropriate mode-specific agent |
| wr-risk-scorer:wip | Assesses cumulative risk after each edit |
| wr-risk-scorer:pipeline | Scores pipeline actions (commit, push, release) |
| wr-risk-scorer:plan | Reviews implementation plans for risk |
| wr-risk-scorer:policy | Validates RISK-POLICY.md for ISO 31000 compliance |
| wr-risk-scorer:external-comms | Reviews drafts of outbound prose (gh issues/PRs, advisories, npm publish, changeset bodies) for confidential-information leaks per RISK-POLICY.md |
| wr-risk-scorer:inbound-report | Reviews inbound third-party reports (problem-report issues, Q&A discussions, security-advisory submissions) for Request-risk + Fix-risk per RISK-POLICY.md § Inbound Report Risk Classes — sibling of :external-comms (NOT extension). Consumed by the assessment-pipeline (P079 / ADR-062). Serves the report-without-pre-classifying acknowledgement (verdict-on-close) and the mechanical-stage carve-out. |
On-demand assessment skills
| Skill | Purpose |
|-------|---------|
| /wr-risk-scorer:assess-wip | WIP risk nudge for the current uncommitted diff |
| /wr-risk-scorer:assess-release | Pipeline risk assessment for the unpushed queue (pre-satisfies the commit gate) |
| /wr-risk-scorer:assess-external-comms | External-comms leak review for a draft outbound body (pre-satisfies the external-comms gate) |
| /wr-risk-scorer:assess-inbound-report | Inbound-report risk review for a third-party submission — two-axis (Request-risk + Fix-risk) classification per RISK-POLICY.md (P079 / ADR-062). Serves on-demand assessment and pre-flight governance checks. |
| /wr-risk-scorer:create-risk | Create a standing-risk register entry (interactive authoring; orchestrator-driven prefilled invocation via --slug / --prefill flags per ADR-059) |
| /wr-risk-scorer:bootstrap-catalog | Bootstrap docs/risks/ register from existing .risk-reports/ corpus per ADR-059 — walks reports, dedupes by ADR-056 slug, emits one R<NNN>-<slug>.active.md per unique slug. Idempotent. Auto-triggers from /install-updates Step 6.5.1 when register is empty + RISK-POLICY.md present + .risk-reports/ non-empty |
| /wr-risk-scorer:update-policy | Generate or update RISK-POLICY.md |
Internal-use wrapper skills
These wrappers exist so consumer SKILLs can invoke the scoring agents via the Skill tool with skill: wr-risk-scorer:<name> per ADR-015's Confirmation literal phrasing. End users should invoke the /wr-risk-scorer:assess-* skills above; the wrappers are internal plumbing.
| Wrapper skill | Purpose |
|---------------|---------|
| wr-risk-scorer:pipeline | Skill-tool wrapper around the wr-risk-scorer:pipeline agent (consumer: /wr-risk-scorer:assess-release) |
| wr-risk-scorer:wip | Skill-tool wrapper around the wr-risk-scorer:wip agent (consumer: /wr-risk-scorer:assess-wip) |
| wr-risk-scorer:external-comms | Skill-tool wrapper around the wr-risk-scorer:external-comms agent (consumer: /wr-risk-scorer:assess-external-comms) |
External-comms gate
The external-comms-gate.sh hook intercepts outbound prose tool calls and the
.changeset/*.md author surface so confidential-information leaks are caught
before they reach a public or vendor-private channel.
Gated surfaces:
gh issue create/gh issue comment/gh issue editgh pr create/gh pr comment/gh pr editgh api .../security-advisoriesandgh api .../commentsnpm publishPreToolUse:WriteandPreToolUse:Editon.changeset/*.md(P073 — gated at author time, before the changeset body lands in CHANGELOG.md and every published npm tarball)
Behaviour:
- A hybrid regex pre-filter (
hooks/lib/leak-detect.sh) catches high-confidence leak shapes (credentials, business-context-paired financial figures and user-counts) and denies immediately with the matched class. - Anything not pre-filtered is delegated to the
wr-risk-scorer:external-commssubagent for context-aware review againstRISK-POLICY.mdConfidential Information classes. The PostToolUse marker hook writes a per-draft marker onEXTERNAL_COMMS_RISK_VERDICT: PASS. - If
RISK-POLICY.mdis absent, the gate runs in advisory-only mode and permits the call (graceful adoption).
There is no env override of the gate (the BYPASS_RISK_GATE knob was removed —
P377/RFC-029). Clear the gate by reducing risk to within appetite, or — for a
false-positive leak flag — by letting the reviewer re-judge. A genuine gate
misfire is recovered per ADR-048 (documented recovery), not an env bypass.
The canonical hook lives at packages/shared/hooks/external-comms-gate.sh and
is synced into each consumer plugin via scripts/sync-external-comms-gate.sh
per ADR-017 (CI runs npm run check:external-comms-gate to detect drift).
Updating and Uninstalling
npx @windyroad/risk-scorer --update
npx @windyroad/risk-scorer --uninstall