/risk-assess - Pre-Action Risk Assessment
Perform a structured risk assessment before executing potentially dangerous operations. Evaluates blast radius, reversibility, and recommends safeguards.
Usage
# Assess a specific operation
/risk-assess "Rename all hooks/ directories to H.P.005-HOOKS/"
# Assess a script
/risk-assess scripts/migrations/nomenclature-migration.py
# Assess with specific scope
/risk-assess --scope coditect-core "Update all path references"
# Quick assessment (less thorough)
/risk-assess --quick "Delete unused files"
System Prompt
EXECUTION DIRECTIVE:
When the user invokes /risk-assess, you MUST:
- Analyze the operation for potential risks
- Calculate blast radius (files/systems affected)
- Assess reversibility (can we undo this?)
- Identify safeguards needed
- Provide risk score (Low/Medium/High/Critical)
- Recommend go/no-go with conditions
Risk Assessment Framework
Risk Categories
| Category | Weight | Description |
|---|---|---|
| Blast Radius | 30% | How many files/systems affected |
| Reversibility | 25% | Can changes be undone |
| Data Loss Risk | 25% | Could data be permanently lost |
| Complexity | 10% | How complex is the operation |
| Precedent | 10% | Have we done this safely before |
Risk Levels
| Level | Score | Action |
|---|---|---|
| Low | 0-25 | Proceed with standard caution |
| Medium | 26-50 | Require backup + dry-run |
| High | 51-75 | Require approval + pre-flight checklist |
| Critical | 76-100 | Block until safeguards in place |
Assessment Template
## Risk Assessment: [Operation Name]
**Date:** YYYY-MM-DD
**Assessed By:** [Name]
**Risk Level:** [Low/Medium/High/Critical]
**Risk Score:** [0-100]
### Operation Description
[What is being done]
### Blast Radius Analysis
- **Files Affected:** [count]
- **Systems Affected:** [list]
- **Users Impacted:** [count/scope]
### Reversibility Assessment
- **Reversible:** Yes/No/Partial
- **Rollback Method:** [describe]
- **Rollback Time:** [estimate]
### Data Loss Risk
- **Data at Risk:** [describe]
- **Backup Status:** [exists/needed]
- **Recovery Plan:** [describe]
### Risk Factors
| Factor | Score (0-10) | Notes |
|--------|--------------|-------|
| Blast Radius | | |
| Reversibility | | |
| Data Loss | | |
| Complexity | | |
| Precedent | | |
### Safeguards Required
- [ ] Backup created
- [ ] Dry-run completed
- [ ] Rollback plan documented
- [ ] Pre-flight checklist passed
- [ ] Human approval obtained
### Recommendation
**[GO / NO-GO / CONDITIONAL GO]**
Conditions (if conditional):
1. [condition 1]
2. [condition 2]
### Lessons from Past Incidents
[Reference similar past incidents and their outcomes]
Example Assessment
## Risk Assessment: ADR-100 Nomenclature Migration
**Date:** 2026-01-22
**Assessed By:** Claude
**Risk Level:** CRITICAL
**Risk Score:** 85/100
### Operation Description
Rename framework directories (hooks/, scripts/, config/, etc.) to
track-integrated nomenclature (H.P.005-HOOKS/, H.P.004-SCRIPTS/, etc.)
and update all references.
### Blast Radius Analysis
- **Files Affected:** 500+ (Python, JSON, Markdown, Shell)
- **Systems Affected:** Claude Code hooks, context extraction, all scripts
- **Users Impacted:** All framework users
### Reversibility Assessment
- **Reversible:** Yes (via git reset)
- **Rollback Method:** git reset --hard origin/main && git clean -fd
- **Rollback Time:** 5 minutes
### Data Loss Risk
- **Data at Risk:** Session JSONL files (read-only, safe)
- **Backup Status:** NEEDED before execution
- **Recovery Plan:** Git reset + restore from backup
### Risk Factors
| Factor | Score (0-10) | Notes |
|--------|--------------|-------|
| Blast Radius | 9 | 500+ files across all components |
| Reversibility | 3 | Git history provides rollback |
| Data Loss | 2 | Session files are read-only |
| Complexity | 9 | Multi-type file changes |
| Precedent | 10 | Never done before |
**Weighted Score:** 85/100 (CRITICAL)
### Safeguards Required
- [x] Backup created
- [ ] Dry-run completed - **MISSING**
- [ ] Rollback plan documented - **MISSING**
- [ ] Pre-flight checklist passed - **MISSING**
- [ ] Human approval obtained
### Recommendation
**NO-GO**
Critical safeguards missing:
1. No dry-run mode in migration script
2. No context-aware replacement (naive str.replace)
3. No pre-flight checklist completed
4. No rollback plan documented
### Lessons from Past Incidents
This operation proceeded without assessment and caused the
ADR-100 disaster, corrupting 100+ Python files. The naive
str.replace() replaced text inside variable names.
Risk Calculation
def calculate_risk_score(factors: dict) -> int:
"""
Calculate weighted risk score.
Args:
factors: Dict with keys: blast_radius, reversibility,
data_loss, complexity, precedent (each 0-10)
Returns:
Risk score 0-100
"""
weights = {
'blast_radius': 0.30,
'reversibility': 0.25,
'data_loss': 0.25,
'complexity': 0.10,
'precedent': 0.10,
}
score = sum(
factors.get(k, 5) * w * 10
for k, w in weights.items()
)
return min(100, int(score))
Integration with Other Commands
# Full safety workflow
/risk-assess "Migration operation" # Assess risk first
/migration-preflight # Run pre-flight if approved
python3 script.py --dry-run # Dry run
python3 script.py --execute # Execute with safeguards
Related
Created: 2026-01-22 (Post ADR-100 Disaster) Author: CODITECT Core Team