Context
From Ryan Carson's Code Factory analysis (reflection note).
A JSON contract defining risk tiers by file path and required checks per tier. Removes ambiguity about what needs extra scrutiny.
Current State
Risk is implicit — issue labels determine which issues get auto-ready, but there's no path-based risk tiering. A change to src/scoring/ gets the same review depth as a change to scripts/.
Proposed Contract
{
"high": ["src/scoring/**", "src/server/**", "db/**"],
"medium": ["src/clients/**", "src/extraction/**"],
"low": ["scripts/**", "tests/**", "docs/**"]
}Implementation
- Add
risk-policy.json to target repo root
- Review brief computes risk tier as a field based on changed file paths
- High-risk changes get additional review passes (red-team, security)
- Low-risk changes can fast-track with single reviewer
Priority
Medium — Phase 2 of TS nightshift migration
Context
From Ryan Carson's Code Factory analysis (reflection note).
A JSON contract defining risk tiers by file path and required checks per tier. Removes ambiguity about what needs extra scrutiny.
Current State
Risk is implicit — issue labels determine which issues get auto-ready, but there's no path-based risk tiering. A change to
src/scoring/gets the same review depth as a change toscripts/.Proposed Contract
{ "high": ["src/scoring/**", "src/server/**", "db/**"], "medium": ["src/clients/**", "src/extraction/**"], "low": ["scripts/**", "tests/**", "docs/**"] }Implementation
risk-policy.jsonto target repo rootPriority
Medium — Phase 2 of TS nightshift migration