ADR-003: Risk Classification

Status

Accepted

Context

Bausteinsicht is developed with significant AI agent assistance (Claude Code). AI-generated code requires a risk-aware quality assurance strategy — the level of review and automated checks should match the risk profile of the codebase.

The Vibe-Coding Risk Radar framework classifies projects along five dimensions (each scored 0–4):

  • Code Type — what the code does (UI → Auth/Crypto)

  • Language Safety — type system and memory safety guarantees

  • Deployment Context — where the code runs (local tool → safety-critical)

  • Data Sensitivity — what data the code handles (public → PHI/PCI)

  • Blast Radius — worst realistic impact of a bug (cosmetic → life & limb)

The tier is determined by the maximum score across all dimensions.

Decision

The risk assessment for the bausteinsicht module (2026-03-04):

Dimension Score Level Evidence

Code Type

2

Business Logic

Architecture model processing, XML sync engine, template rendering — no auth/API/DB

Language

1

Statically typed

69 Go source files

Deployment

1

Internal tool

Open-source CLI, primary use company-internal for architecture diagrams

Data Sensitivity

0

Public data

Processes architecture model definitions (JSONC/XML), no personal data

Blast Radius

0

Cosmetic / Tech debt

Incorrect diagram output; data loss theoretically possible but trivially recoverable from git

Result: Tier 2 — Extended Assurance (determined by Code Type = 2)

Required Mitigations

Tier 1 — Automated Gates (always active)

  • Linter & formatter (golangci-lint, go vet, staticcheck)

  • Type checking (Go compiler, static typing)

  • Dependency vulnerability scanning (govulncheck, gosec)

  • CI build & unit tests (GitHub Actions)

Tier 2 — Extended Assurance

  • SAST tools (gosec, nilaway, staticcheck)

  • AI-assisted code review (Claude Code with code-review plugin)

  • Mandatory human review (PR merge policy)

Consequences

Positive

  • Clear quality baseline for AI-assisted development

  • Existing toolchain already covers most Tier 1 and Tier 2 measures

  • Security scanner (gosec) and nil-pointer analysis (nilaway) provide strong SAST coverage for Go

Negative

  • Risk assessment should be re-evaluated if auth, API, or PII handling is added

Implementation Status

Updated by /risk-mitigate on 2026-03-04

Measure Status Details

Linter & Formatter

✅ Present

golangci-lint in CI, go vet, staticcheck

Type Checking

✅ Present

Go compiler (static typing)

Pre-Commit Hooks

✅ Set up

scripts/pre-commit — gofmt, go vet, golangci-lint, gitleaks

Dependency Check

✅ Present

govulncheck, gosec

CI Build & Unit Tests

✅ Present

GitHub Actions go.yml

SAST

✅ Present

gosec, nilaway, staticcheck

AI Code Review

✅ Present

Claude Code with code-review plugin

Property-Based Tests

✅ Set up

pgregory.net/rapid — label roundtrip property tests

SonarQube

N/A

Not configured

Sampling Review

✅ Present

PR merge policy

Overall Status: 9/10 measures active (1 N/A)