Skip to content

fix: align risk command with UK Gov Orange Book 2023#216

Closed
tractorjuice wants to merge 1 commit intomainfrom
feat/optimise-risk-command
Closed

fix: align risk command with UK Gov Orange Book 2023#216
tractorjuice wants to merge 1 commit intomainfrom
feat/optimise-risk-command

Conversation

@tractorjuice
Copy link
Copy Markdown
Owner

@tractorjuice tractorjuice commented Mar 27, 2026

Summary

  • Autoresearch-optimised the /arckit:risk command prompt over 16 iterations, improving output quality from 8.0 → 9.6 (20% improvement)
  • Aligned with the actual HM Treasury Orange Book (2023) by replacing the incorrect 4Ts framework with the Orange Book's six treatment options
  • Added Three Lines Model, risk interdependencies with cascade analysis, principle-derived risk identification, and cost-benefit action plan

Changes

Change Before After
Risk treatment options 4Ts (Tolerate, Treat, Transfer, Terminate) Orange Book 6 options (Avoid, Take/Increase, Retain, Change Likelihood, Change Consequences, Share)
Three Lines Model Not mentioned First/Second/Third line documented per Orange Book Part II
Risk interdependencies Not included Cascade analysis with dependency chains and combined impact scores
Risk identification Generic category-based Principle-derived (P-001–P-006 non-compliance → specific risks)
Action plan Basic table Cost + Expected Score Reduction per action + cost-per-risk-point-reduced
Risk level labels No enforcement Explicit boundary instruction (12=Medium, 13=High)
Document Approval Often generic Requires distinct realistic names
External References Basic Requires comprehensive legislation/standards with URLs
Orange Book compliance checklist Abbreviated Full principle names (A–E) + Three Lines Model

Autoresearch Results

iter  0: 8.0 baseline                                              KEEP
iter  2: 8.4 Orange Book treatment + Three Lines + specificity     KEEP
iter  3: 8.8 consistent risk level labelling                       KEEP
iter  7: 9.2 risk interdependencies with cascade analysis          KEEP
iter 13: 9.6 combined: principles + cost-benefit + cascade         KEEP

5 keeps, 11 discards across 16 iterations. Converter run included — all 7 distribution formats updated.

Test plan

  • Run /arckit:risk 001 in a test repo with existing STKE and PRIN artifacts
  • Verify output uses Orange Book 2023 treatment options (not 4Ts)
  • Verify Three Lines Model section present
  • Verify risk level labels consistent (score 12 = Medium, not High)
  • Verify cascade analysis section present with dependency chains
  • Verify action plan has Cost and Expected Score Reduction columns

🤖 Generated with Claude Code

@tractorjuice @claude
fix: align risk command with UK Gov Orange Book 2023
905acf9 
Autoresearch-optimised the risk command prompt (16 iterations, 8.0→9.6):

- Replace 4Ts framework with Orange Book 2023 six treatment options
  (Avoid, Take/Increase, Retain, Change Likelihood, Change
  Consequences, Share)
- Add Three Lines Model per Orange Book Part II
- Add risk interdependencies section with cascade analysis
- Add principle-derived risk identification (P-001 through P-006)
- Add cost-benefit action plan with cost-per-risk-point-reduced
- Add consistent risk level labelling (12=Medium, 13=High)
- Add specificity requirements (Document Approval names, External
  References with URLs)
- Update Orange Book compliance checklist with correct principle names

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was referenced Mar 27, 2026
Closed
Open
@tractorjuice
Copy link
Copy Markdown
Owner Author

tractorjuice commented Mar 27, 2026

Superseded by #265 (autoresearch includes deeper optimisation of this command)

@tractorjuice tractorjuice deleted the feat/optimise-risk-command branch March 27, 2026 23:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tractorjuice