Risk Review
Pre-deployment review of workflow changes against risk class — what data is touched, what tools are invoked, what side effects are possible — beyond functional review.
Functional review answers 'does this work'. Risk review answers 'what is the worst thing this could do at scale, and is that acceptable'.
What it solves
Catches the changes whose individual diff looks harmless but whose deployed behavior crosses a risk threshold (new tool access, new data class, new external destination).
How we build it
Workflow changes carry a risk classification (data, tool surface, external impact). Changes that elevate risk require an additional reviewer with explicit signoff. The classification is itself a versioned artifact; downgrades trigger review.
- Per-workflow risk classification
- Elevation triggers required reviewer
- Risk classification versioned
- Audit log on elevation and review
What changes when it is in place
The team can ship fast on low-risk changes without losing the gate on high-risk ones.