fix(submissions): keep high-risk import-ready entries out of ready triage

[JSONbored]

Motivation

• A recent triage refactor caused schema-valid high-risk submissions with status === "import_ready" to appear in the primary ready queue, which can mislead maintainers and surface risky supply-chain items as ordinary review work.
• The change restores a clearer separation so high-risk items requiring risk review do not surface as ready without explicit risk handling.

Description

• Added an explicit triage rule that maps entries with status === "import_ready" and risk.riskTier === "high" to the blocked triage group instead of ready in submissionTriageGroup.
• The modification is localized to packages/registry/src/submission.js and preserves existing blocked behavior for deterministic policy blockers and critical risk tiers.
• No other queue statuses or auto-import logic were changed to avoid impacting unrelated workflows.

Testing

• Ran the focused suite with pnpm exec vitest run tests/submission-intake.test.ts -t "builds a maintainer submission queue|adds deterministic security/safety context to the maintainer queue" and both targeted tests passed.
• The change was validated against the submission intake tests to ensure high-risk entries are counted in summary.blocked and not in summary.ready.

---

Codex Task

[coderabbitai]

Warning

Review limit reached

@JSONbored, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 29 minutes and 9 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 7340e753-ac79-4976-97f3-d1351307a70e

📥 Commits

Reviewing files that changed from the base of the PR and between 9aa3e7b and c454e19.

📒 Files selected for processing (1)

• packages/registry/src/submission.js

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch codex/propose-fix-for-high-risk-submission-regression

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}