csh
/
playbook
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
playbook/skills/thirdparty/_shared/custom-risks-guide.md

49 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Custom Risk Loading Guide
When `.brooks-lint.yaml` contains a `custom_risks` map, this guide governs how those
risks are loaded and scanned. Custom risks use `Cx` codes (C1, C2, …) — no conflict with
the standard R1R6 and T1T6 namespaces.
---
## Loading
1. For each entry in `custom_risks`, validate that it has:
- `name` — non-empty string
- `question` — the diagnostic question to ask
- `symptoms` — non-empty list of symptom patterns
- `severity` — map with at least one of: `critical`, `warning`, `suggestion`
2. Register each valid entry as a `Cx` code alongside R1R6 / T1T6. Once loaded,
`Cx` codes become valid targets for `disable`, `focus`, and `severity` fields in
the same config file.
3. Report any validation errors as config warnings (do not abort the review):
- Missing required field: `"Config warning: C1 missing 'symptoms'"`
- Invalid code format (must be `C` followed by digits): skip, note error
- Code conflicts with R/T namespace: skip, note error
---
## Scanning
During the analysis, treat each custom risk as an additional step after the standard
process:
- Use `question` as the diagnostic question
- Use `symptoms` as the symptom lookup list
- Use the `severity` map for tier classification
- Apply the Iron Law: `Source` field should be `"[Project-defined risk] — <risk name>"`
- Include custom risk findings in the Health Score (same deduction rules as R/T codes)
- In the report, custom findings appear after standard findings under a
**### Project-Specific Risks** sub-heading
---
## Config Validation additions
The following codes are valid in `disable`, `focus`, and `severity`:
- Standard: `R1``R6`, `T1``T6`
- Custom: any `Cx` code defined in `custom_risks`
- Any other code: skip it and emit `"Config warning: X is not a valid risk code"`
Reference in New Issue View Git Blame Copy Permalink