Risk scoring · the composite score

Risk, expressed as one number.

Every authority decision carries a composite risk score. The inputs are named and auditable. The score is operator-tunable. The threshold above which an action escalates or denies is yours to set.

02 · The four inputs

01 · Inherent

Action-type base risk

The inherent risk of the requested action. Deployments score higher than reads. Schema migrations score higher than config changes.

02 · Environmental

Execution environment

Production adds +20 to the composite. Staging and development carry no modifier. Configurable per environment.

03 · Conformance

Process drift signal

Out-of-order or off-script actions raise the score. Continuous, not categorical.

04 · Posture

Off-hours, peer review, change windows

Operator-defined modifiers. Off-hours adds 10. Outside change window adds 15. Combine to taste.

You set the line. We enforce it.

Watch a real decision Read the docs