Skip to content

fix(cli): propagate riskAssessment on review exec path (#802 Phase 3 A2-fix-4)#877

Merged
s977043 merged 1 commit into
mainfrom
fix/802-phase3-risk-assessment-propagation
May 22, 2026
Merged

fix(cli): propagate riskAssessment on review exec path (#802 Phase 3 A2-fix-4)#877
s977043 merged 1 commit into
mainfrom
fix/802-phase3-risk-assessment-propagation

Conversation

@s977043

@s977043 s977043 commented May 22, 2026

Copy link
Copy Markdown
Owner

Summary

Closes the final silent-skip item that the multi-perspective session review (Codex + Gemini) independently flagged as the most clear-cut remaining drop: runReviewPlan was hard-coding riskMap: undefined on the river review exec path, so riskAssessment never made it out of the plan layer and never reached generateReview's prompt context.

Multi-perspective review reference

Reviewer Score The riskAssessment finding
Codex 86/100 "riskAssessmentrunReviewPlanriskMap: undefined 固定で実質ドロップ"
Gemini 95/100 "riskAssessment の伝播漏れのみが唯一の明確な減点対象"

Both reviewers reached this conclusion independently. Treating it as the sixth silent-skip item closes the cleanup epoch cleanly.

Changes

File What
src/lib/review-plan.mjs New loadRiskMapImpl option (injectable, defaults to the canonical loadRiskMap); loads the optional risk map, forwards it to buildExecutionPlan, and passes plan.riskAssessment to generateReview
tests/cli-review-plan.test.mjs 5 new unit tests (forward, null-sentinel, load-failure, generateReview hand-off, undefined-fallback)
runners/github-action/dist/ Rebuilt with Node 22.22.2

Behaviour

  • Risk map missing on disk → loadRiskMap returns nullbuildExecutionPlan ignores it (backward-compatible no-risk behaviour).
  • Risk map malformed → ReviewPlanError, exit 3 (loud failure instead of silent drop — matches the silent-skip taxonomy goal).
  • Risk map present + valid → riskAssessment reaches generateReview so the LLM prompt and the verifier can act on per-file risk levels.

Silent-skip cleanup status

Field Closed by
availableContexts #865
availableDependencies #869
fileTypes / relatedADRs / reviewMode #871
riskAssessment this PR
--plan replay context-snapshot drift deferred to A2-3

Test plan

  • node --test tests/cli-review-plan.test.mjs (53/53 green, 5 new)
  • npm test (1087/1087 green)
  • markdownlint + prettier green
  • npm run build:action with Node 22.22.2

Follows: #864 (A2-1), #865 (A2-fix-1), #869 (A2-fix-2), #871 (A2-fix-3).

🤖 Generated with Claude Code

…A2-fix-4)

The final remaining silent-skip identified by the multi-perspective
session review (Codex + Gemini): runReviewPlan was hard-coding
riskMap: undefined when calling buildExecutionPlan, so the
riskAssessment that buildExecutionPlan would have produced never
appeared on the artifact, and never reached generateReview's prompt
on the exec path.

What changed
- runReviewPlan loads the optional risk map via loadRiskMap (default
  path .river/risk-map.yaml). Missing file => null (no behaviour
  change). Malformed file => ReviewPlanError so it fails loudly
  instead of dropping the risk signal silently.
- The loaded riskMap is forwarded to buildExecutionPlan, which already
  knew how to compute riskAssessment when given a non-null riskMap.
- plan.riskAssessment is forwarded to generateReview alongside
  fileTypes / relatedADRs / reviewMode (the analysis-context bundle
  finalised in A2-fix-3).
- loadRiskMapImpl is injectable so tests can drive the path without a
  fixture file on disk.

Tests
- 5 new unit tests cover happy path forwarding, null sentinel, load
  failure, generateReview hand-off, and the undefined-fallback when
  the plan omits riskAssessment.
- runners/github-action/dist rebuilt with Node 22.22.2.

Silent-skip cleanup status (post-A2-fix-4)
- availableContexts (#865)
- availableDependencies (#869)
- fileTypes / relatedADRs / reviewMode (#871)
- riskAssessment (this PR)
- --plan replay context-snapshot drift is the only remaining item,
  deferred to A2-3.

Multi-perspective review reference
- Codex 86/100: "riskAssessment が runReviewPlan で riskMap: undefined
  固定で実質ドロップ" 指摘
- Gemini 95/100: "riskAssessment の伝播漏れのみが唯一の明確な減点
  対象"
- 両者が独立に同じ点を 6 番目の silent-skip として指摘した。

Follows: #864 (A2-1), #865 (A2-fix-1), #869 (A2-fix-2), #871 (A2-fix-3).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@vercel

vercel Bot commented May 22, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ai-review-kit Ready Ready Preview, Comment May 22, 2026 3:30am

@github-actions

Copy link
Copy Markdown
Contributor

River Reviewer

  • フェーズ: midstream
  • LLM: skipped (dry-run enabled)
  • Planner: off
  • Impact tags: javascript, observability, reliability, tests
  • 変更ファイル数: 4
  • トークン見積もり: 19444

選択されたスキル (1)

  • rr-midstream-logging-observability-001
スキップされたスキル (84)
  • adversarial-review: routing skill: not an executable review skill
  • river-reviewer-architecture: routing skill: not an executable review skill
  • river-reviewer-code: routing skill: not an executable review skill
  • river-reviewer-performance: routing skill: not an executable review skill
  • river-reviewer-security: routing skill: not an executable review skill
  • river-reviewer-testing: routing skill: not an executable review skill
  • river-reviewer: routing skill: not an executable review skill
  • rr-downstream-review-policy-standard-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-downstream-coverage-gap-001: phase mismatch: downstream !== midstream; missing inputContext: tests
  • rr-downstream-flaky-test-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-downstream-test-existence-001: phase mismatch: downstream !== midstream; missing inputContext: tests
  • rr-downstream-test-naming-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-downstream-test-plan-review-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-downstream-test-review-sample-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-a11y-accessible-name-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-modern-web-performance-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-modern-web-semantic-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-nextjs-app-router-boundary-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-review-policy-standard-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-agent-skill-bridge-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-api-compatibility-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-config-json-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-gh-address-comments-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-hello-skill-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-i18n-unused-key-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-loading-state-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-logic-torturing-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-normalization-consistency-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-nullability-contract-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-review-automation-boundary-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-review-comment-triage-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-security-basic-001: applyTo did not match any changed file
  • rr-midstream-suppression-feedback-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-type-driven-design-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-typescript-nullcheck-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-typescript-strict-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-war-game-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-midstream-code-quality-sample-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-review-policy-standard-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-test-code-nextjs-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-test-code-php-laravel-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-test-code-react-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-test-code-remix-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-test-code-unit-python-pytest-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-test-code-unit-ts-jest-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-test-code-vue-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-adr-decision-quality-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-api-design-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-api-versioning-compat-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-architecture-boundaries-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-architecture-diagrams-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-architecture-risk-register-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-architecture-traceability-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-architecture-validation-plan-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-availability-architecture-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-bounded-context-language-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-cache-strategy-consistency-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-capacity-cost-design-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-change-communication-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-context-budget-tuning-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-create-plan-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-data-flow-state-ownership-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-data-model-db-design-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-dr-multiregion-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-eval-driven-skill-design-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-event-driven-semantics-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-external-dependencies-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-failure-modes-observability-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-integration-contracts-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-migration-rollout-rollback-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-multitenancy-isolation-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-openapi-contract-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-operability-slo-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-plangate-exec-conformance-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-plangate-gc-deterministic-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-plangate-plan-integrity-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-plangate-rule-promotion-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-plangate-verification-audit-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-pr-template-qa-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-pre-mortem-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-requirements-acceptance-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-security-privacy-design-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-trust-boundaries-authz-001: dry-run: LLM必須スキル(ヒューリスティック未対応)
  • rr-upstream-architecture-sample-001: dry-run: LLM必須スキル(ヒューリスティック未対応)

優先度サマリー

  • P1 (must fix before merge): 0 件
  • P2 (should fix or waive): 0 件
  • P3 (recommended improvement): 0 件
  • P4 (informational): 0 件

スコア (参考値)

結果(スコア): 100/100
判定: auto-approve

内訳:

  • 可読性: 100/100
  • 拡張性: 100/100
  • パフォーマンス: 100/100
  • セキュリティ: 100/100
  • 保守性: 100/100

スコアは severity と axis から決定論的に算出された 参考値 (derived: true)。HITL レビューと併用してください。

指摘

No findings.

@github-actions

Copy link
Copy Markdown
Contributor

PlanGate Review

  • decision: pass
  • plan status: skipped-by-label
  • exec status: skipped-by-label

PlanGate review decision: pass

severity count policy
critical 0 fail
major 0 fail-if-required / warn
minor 0 comment-only
info 0 skipped

ポリシー: critical=fail / major=fail-if-required (warn) / minor=comment-only / info=skipped — spec: pages/reference/cli-review-plan-spec.md

@s977043 s977043 merged commit f73e64e into main May 22, 2026
16 checks passed
@s977043 s977043 deleted the fix/802-phase3-risk-assessment-propagation branch May 22, 2026 03:34
s977043 added a commit that referenced this pull request May 24, 2026
* docs(development): add npm distribution design + audit (#800 B1)

Codex's post-stop guidance was: if continuing at all, do the #800 B1
slice—design and dry-run packaging audit, not implementation. This PR
delivers that.

Audit findings from npm pack --dry-run on v0.55.0
- private: true blocks publish.
- files: unset, so the tarball would carry 969 files / 8.3 MB unpacked.
- Top contributors that should be excluded: pages/ (158), tests/ (193),
  docs/ (31), and parts of runners/.
- engines.node: 22.x blocks Node 20 LTS installs.
- bin maps both river and river-reviewer to src/cli.mjs, which is
  correct.

Hidden risks captured (per multi-perspective review carry-over)
- CLI 境界混乱: two CLIs exist (src/cli.mjs and runners/cli/bin/river)
  with overlapping subcommand names (review, eval). Resolution: publish
  only the main CLI; document the Runner CLI as contributor-only.
- Node version: relax engines.node to >=20 before publish, since CI
  already covers 20.x.
- GitHub Action dist staleness: exclude runners/github-action/dist/
  from the npm tarball (GitHub Action users already pull from the repo
  via @v0.x.x tags, not via npm).
- Runtime .river/ path: no code change needed (A2-fix-4 #877 already
  null-safes loadRiskMap on ENOENT). Note in publish notes.

Reference patch for B2 implementation
- Exact package.json diff (private/files/engines/publishConfig).
- "files" allowlist with explicit include/exclude/borderline buckets.
- Expected size after the allowlist: 300-500 KB tarball, 1.5-2 MB
  unpacked, ~400 files.

Explicitly out of scope for B1
- npx river try (C3).
- Sample skill curation, scoped packages, automated publish workflow,
  cross-platform install testing.

No code changes. No package.json mutation.

Refs: #800.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

* docs: apply gemini PR #886 review on npm distribution design

Fix two correct gemini comments on the package.json reference patch:

1. README.md / LICENSE / package.json removed from the files allowlist:
   npm auto-includes these regardless of the files field
   (npm-publish docs: "Files included"). Adding them to files was
   harmless but misleading. AGENT_LEARNINGS.md is contributor-only
   and should not ship to npm consumers; removed too.

2. Duplicate engines field corrected in the diff: the previous block
   showed both "+  engines: { node: >=20 }" and "  engines: { node:
   22.x }" without removing the latter, producing invalid JSON if
   applied verbatim. Now the diff shows a single line change from
   "node: 22.x" to "node: >=20".

No factual change to the design. The B2 implementation reference is
now applicable as-is.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
s977043 added a commit that referenced this pull request May 24, 2026
* docs(examples): add risk-map example file + adoption guide

Codex's final-pass review (post-25-PR) flagged that docs/guides
reference .river/risk-map.yaml but the repo carries no concrete
example for adopters to copy. Add one under examples/risk-map/ with
a README explaining the three action values and the apply / verify
flow.

Contents
- examples/risk-map/risk-map.yaml — sample with 10 rules covering
  require_human_review (security-sensitive files, credentials, CI
  workflows), escalate (LLM call path, config, action dist,
  package.json), and comment_only (docs, pages, tests). Each rule
  has a reason string so adopters see the intent, not just the
  pattern.
- examples/risk-map/README.md — adoption guide pointing at
  schemas/risk-map.schema.json, the user guide
  pages/guides/repo-wide-review.md, the execution-context-contract
  doc, and PR #877 (riskAssessment forwarding on the exec path).
- examples/README.md — link to the new directory.

The example was validated end-to-end with the real loadRiskMap +
evaluateRisk implementation: 10 rules parse cleanly, sample paths
classify correctly (require_human_review hit on secret-redactor.mjs,
escalate on review-engine.mjs, comment_only on docs/, fall-through
on unknown paths).

No code or runtime change. 1087/1087 tests green.

Refs: #800 (Codex final-pass review item #2 of 3).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

* docs(examples): correct risk-map verification + use absolute schema link (gemini PR #896)

Apply both gemini PR #896 comments.

HIGH: the README's verify step claimed
"jq .plan.riskAssessment /tmp/r.json"
would show aggregateAction / escalatedFiles. End-to-end test against
the real runReviewPlan + loadRiskMap confirmed this is wrong: the
artifact's `plan` schema only carries selectedSkills / skippedSkills /
plannerMode. riskAssessment is computed internally and only forwarded
to generateReview's prompt context. Rewrite step 4 to (a) verify file
parses by any river review command succeeding and (b) state honestly
that risk classification is not echoed on the artifact.

MEDIUM: the YAML header comments referenced ../../schemas/...
relative paths that break the moment an adopter copies this file to
.river/risk-map.yaml. Replace with absolute GitHub URLs so the
references stay resolvable after the copy.

No code change; user-facing accuracy fix only.

Refs: PR #896 (gemini review).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
s977043 added a commit that referenced this pull request May 25, 2026
#898)

Capture the 5-day sprint (35 PR, 6 release, 1 production CVE close)
as durable record before starting the next session. Codex consultation
was the foundation; the primary takeaway is:

  > 最大の問題は速度ではなく、停止条件の弱さ。次は「作る量」
  > より「どこから保留に戻すか」を先に設計すべき。

Sections
- Numerical summary
- What worked (5 items: multi-perspective review, silent-skip thread,
  memory persistence, gh-api recovery, dogfood detection)
- What didn't work (6 items: overproduction past Codex stop, eval-less
  skill increase, manual release-please kick x4, AGENTS.md pollution,
  reviewer mis-suggestions, single-shot multi-perspective)
- Surprises (npm pack audit findings, CLI boundary, fs-loss recovery)
- 5 pivot points (timeline of where direction should have changed)
- Codex 100-char summary on the sprint
- Improvement priorities split into Skills / Agents / Workflow with
  P0/P1/P2 ranking
- Stop-on-stop-judge operational rule with Continue / Consult / Park
  buckets, plus post-hoc classification of this sprint's 35 PRs
  (Continue: A2-fix and CVE-class items; Consult: skill registry
  decisions; Park: ~13 PRs of docs-about-docs / marginal polish)
- Next sprint opening checklist

No code change. Foundation for two follow-up PRs (S3 registry section,
W1+W5 release-please kick automation).

Refs: Codex consultations during the 5-day sprint (PR #860 78→91,
PR #864 dogfood, PR #877 riskAssessment, post-stop 13 PRs).

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
s977043 added a commit that referenced this pull request May 28, 2026
…3-runners) (#933)

Per docs/development/a2-3-replay-execution-design.md A2-3-runners slice:
populate the carry-over snapshot in buildExecutionPlan output so a future
A2-3-impl slice can attach it to artifact.debug.execution.snapshot for
--plan replay execution.

Additive shape:
- New top-level `snapshot: { fileTypes, relatedADRs, reviewMode, riskAssessment }`
- New top-level `riskAssessment` (was previously computed but never returned,
  silently breaking `plan.riskAssessment` consumers; #877 silent-skip
  taxonomy applies)

The empty-selection early return now also carries the snapshot (with
relatedADRs: [], reviewMode: null) so consumers can record the audit trail
even when no skills run.

Action bundle rebuilt (npm run build:action on Node 22) since cli.mjs
transitively imports review-runner.

Next slice: A2-3-impl wires src/lib/review-plan.mjs to copy plan.snapshot
into artifact.debug.execution.snapshot AND the replay path (runReviewExecReplay)
to read it back. That requires src/lib/ change; AGENTS.md "Ask before editing"
gate applies.
s977043 added a commit that referenced this pull request May 28, 2026
…on (#939)

The 2026-05-25..28 retrospective was written mid-session (#930). This addendum
captures the remaining arc (#878 epic, #868/#921/#929 closeout) and the one
durable lesson worth persisting:

"completed" report ≠ wired-through. #877 claimed to fix the riskAssessment
silent-skip but only wired the consumer side; the producer never emitted the
value, so plan.riskAssessment was always undefined. Found during A2-3-runners
(#933).

New P1 rule: a silent-skip fix needs a test asserting the value is RETURNED by
the producer AND consumed — not just "forwarded if present". A "forwards X"
test passes whether X is real or undefined.

Also records: the 4-slice design-doc-first delivery shape (#878) and the
design-only discipline held twice (#910, #938).

Full session totals: 38 PRs / 13 releases / 4 issues closed / 5 opened.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant