Problem. The design doc (§B "Planner") promises risk categories — new write permissions,
removed approvals, model changes, cost-cap changes — but the current risk summary is shallow.
Proposed change. In internal/plan, derive a structured RiskSummary from the diff:
- Permission widening: new
tool.permissions.allow entries, especially write/destructive
operations.
- Approval removal: entries removed from
policy.approvals.requiredFor.
- Budget relaxation:
maxTotalCostUsd / maxWallClockSeconds increased.
- Model change: agent
model changed (provider or model id).
- Tool surface change: tools added to an agent's
tools list (now meaningful post-Epic A).
Each item carries a severity and a human-readable reason.
Affected files. internal/plan/risk.go, internal/plan/diff.go, internal/plan/output.go.
Acceptance criteria. Given a diff that removes an approval requirement and raises the cost
cap, plan reports both as distinct, labeled risk items.
Test requirements. Golden tests for plan output covering each category; extend existing
golden suite (GO_UPDATE_GOLDEN=1).
Depends on. —
Problem. The design doc (§B "Planner") promises risk categories — new write permissions,
removed approvals, model changes, cost-cap changes — but the current risk summary is shallow.
Proposed change. In
internal/plan, derive a structuredRiskSummaryfrom the diff:tool.permissions.allowentries, especially write/destructiveoperations.
policy.approvals.requiredFor.maxTotalCostUsd/maxWallClockSecondsincreased.modelchanged (provider or model id).toolslist (now meaningful post-Epic A).Each item carries a severity and a human-readable reason.
Affected files.
internal/plan/risk.go,internal/plan/diff.go,internal/plan/output.go.Acceptance criteria. Given a diff that removes an approval requirement and raises the cost
cap,
planreports both as distinct, labeled risk items.Test requirements. Golden tests for
planoutput covering each category; extend existinggolden suite (
GO_UPDATE_GOLDEN=1).Depends on. —