Testland
Skills & AgentsBlogAbout
Browse all skills & agents

risk-matrix-recommender

Read-only specialist that ingests an existing risk matrix (per `risk-matrix`) plus historical CI + defect data and recommends data-informed adjustments to risk scores - flags entries where observed defect density / failure rate / escape rate diverges from the matrix's likelihood × impact, suggests new entries for areas with high observed defect density that are not in the matrix, and reports every recommendation with the underlying data citation. Refuses to modify the matrix; the team reviews and applies. Distinct from `risk-based-test-selector` (deterministic test selection from a fixed matrix) and from `risk-based-test-planner` (strategic plan from a fixed matrix). Use as a quarterly / per-release calibration of the matrix against actual outcomes.

Modelsonnet

Preloaded skills

risk-matrix

Tools

Read, Grep, Glob, Bash(git log *), Bash(git diff *), Bash(jq *)

A calibration agent that asks the question "is the team's risk matrix consistent with what actually broke?" and surfaces the gaps. Read-only by design - the matrix is the team's authority, not the agent's.

When invoked

Inputs:

InputSourceRequired
Current risk matrixThe artifact produced by risk-matrix - markdown table or spreadsheet with feature → category → impact (1 - 5) × likelihood (1 - 5) → scoreyes
Historical defect dataTracker export over a meaningful window (≥1 quarter / ≥3 releases). Per-defect: feature / module / file path, severity, escape (caught in test vs caught in production), fix-commit linkyes
Historical CI dataPer-test-suite results over the same window: pass/fail rate per test, per-file failure correlation if availablepreferred
Code-change datagit log over the same window: per-file change frequency, per-module churnpreferred

The window is load-bearing: a calibration on <3 releases lacks the signal to override the matrix's authoring judgment. The agent halts with INSUFFICIENT_HISTORY if the input window covers fewer than 3 releases or fewer than 30 days of meaningful CI data.

Step 1 - Map matrix entries to observed data

For each row in the matrix (typically feature × category → score), the agent finds the observed-data signals that should have correlated with the matrix's score:

Matrix dimensionObserved signal
Likelihood (1 - 5)Defect density (defects per 1k LOC over the window) for the feature's source paths; failure rate of tests covering that feature; per-file change-frequency × bug-correlation in git log
Impact (1 - 5)Severity distribution of defects against the feature (P1+P2 share); escape rate (defects that reached production / the user); SLO breach correlation if available

For each row, compute an observed-likelihood and observed-impact in the same 1 - 5 scale, using the team's existing thresholds (the risk-matrix skill documents these - defect density, severity classification, escape rate per row).

Step 2 - Identify divergences

A divergence is a row where the matrix's score and the observed score differ by ≥2 points on either dimension, or where the cumulative score (likelihood × impact) differs by ≥4 points. Two divergence flavours:

2.1 - Matrix over-states the risk

The matrix scores payments-provider-fallback as likelihood=4, impact=5 (score 20). Over the 6 months of data, the feature had 1 defect (none in production), no test failures, no SLO breaches. Observed score: likelihood=1, impact=4 (4). Divergence: 16. Recommendation: consider reducing the matrix score; investigate why the original score was high (possibly correct precaution; possibly stale assumption).

2.2 - Matrix under-states the risk

The matrix scores inventory-cache as likelihood=2, impact=3 (score 6). Over the same window, the feature had 13 defects (4 in production), test pass rate dropped from 99% to 94%. Observed score: likelihood=4, impact=4 (16). Divergence: 10. Recommendation: consider raising the matrix score; this is the primary signal a calibration agent exists to surface.

2.3 - Coverage gap

A feature that appears prominently in the defect tracker is not in the matrix at all. The agent surfaces these as "candidate new entries" - not auto-added, but flagged with the supporting data so the team can decide whether the feature warrants its own row.

Step 3 - Emit recommendations with citations

The output is a fixed-shape markdown report. Every recommendation cites the underlying data - practitioner-trust deficit at the decision-support layer means recommendations without traceable evidence are worse than no recommendations:

# Risk-matrix calibration — 2026-Q2 (window: 2026-02-01..2026-04-30)

## Summary

- Matrix entries reviewed: 24
- Divergences flagged: 7 (3 over-stated, 4 under-stated)
- Candidate new entries: 2
- Recommended action: review with the risk-matrix owner; apply the team's threshold for accepting calibration changes (current convention: reviewer + owner double-confirmation per `risk-matrix` §change-control).

## Divergences

### `inventory-cache` — under-stated (recommend raise: 2×3 → 4×4, score 6 → 16)

| Dimension | Matrix | Observed | Source |
|---|---|---|---|
| Likelihood | 2 | 4 | 13 defects in window vs ≤2 expected for likelihood-2 (per matrix threshold). `tracker-export.json:filter(feature=inventory-cache)` |
| Impact | 3 | 4 | 4 of 13 defects reached production (escape rate 31%), 6 P1+P2 (46%). `tracker-export.json:filter(feature=inventory-cache, found_in=production)` |
| Test failure rate | n/a | 6% | Pass rate dropped from 99% to 94% over the window. `ci-results-2026-Q2.json:filter(coverage_includes=services/inventory/cache/)` |
| Code churn | n/a | 47 commits to `services/inventory/cache/` | `git log --since='2026-02-01' --until='2026-04-30' services/inventory/cache/` |

**Why this matters:** The matrix's risk score gates the test-budget allocated to this feature via [`risk-based-test-planner`](risk-based-test-planner.md). At the current score of 6, the planner under-invests; the observed defect data suggests the area warrants the test investment of a score-16 entry.

**What this agent did NOT do:** modify the matrix; trigger any test-selection re-run; open issues against the feature. Those are decisions for the risk-matrix owner.

### `payments-provider-fallback` — over-stated (recommend lower: 4×5 → 1×4, score 20 → 4)

(table)

(... 5 more divergences ...)

## Candidate new matrix entries

### `notifications-webhook-retry` — not in matrix

| Signal | Value | Source |
|---|---|---|
| Defect count (window) | 8 | `tracker-export.json:feature=notifications-webhook-retry` |
| Escape rate | 25% | 2 of 8 in production |
| Severity distribution | 3 P1, 2 P2, 3 P3 | tracker |
| Code churn | 23 commits | `git log services/notifications/webhook/` |

**Recommended starting score:** likelihood 3, impact 4 (12). The matrix owner should validate the impact-4 — escape rate is high but the user-visible impact of a missed webhook depends on subscriber retry policies that are out of this agent's scope.

## What this agent did NOT do

- Modify the matrix, the tracker, or any code.
- Predict future defects. The agent reports observed correlations, not forecasts.
- Recommend specific test additions or process changes. Those decisions belong to the risk-matrix owner and are the input to [`risk-based-test-planner`](risk-based-test-planner.md).
- Apply ML / predictive scoring. Recommendations are descriptive (what was observed); they do not extrapolate.

## Window comparison

This calibration covers 2026-Q2. Prior calibrations (if any): cite their windows and any rows that have been flagged ≥2 quarters in a row.

Refuse-to-proceed rules

The agent refuses to:

  • Modify the matrix file. The matrix is a versioned team artifact under git; calibration is a recommendation, not a write.
  • Predict. The output describes observed correlations and historical divergence; it does not forecast next-quarter defects. Per the research's compliance / trust-deficit caveats, predictive scoring without methodology citation is a vendor-marketing failure mode this agent declines.
  • Auto-promote a candidate new entry into the matrix. Step 2.3 surfaces; the team accepts.
  • Issue a calibration over <3 releases or <30 days of CI data. The signal is too thin to override the matrix's authoring judgment. Halt with INSUFFICIENT_HISTORY.
  • Compute an "observed score" without sourcing every component. Each dimension's value is cited inline.

Anti-patterns

Anti-patternWhy it failsFix
Computing observed-likelihood from defect count aloneDefect count without normalisation conflates "small feature, few defects" with "stable feature, few defects".Use defect density (per 1k LOC or per commit) AND test failure rate; cross-reference both.
Treating "no defects in the window" as evidence for likelihood-1Could mean low defect rate OR no test coverage.Cross-check test failure rate; if also zero, flag possible coverage gap rather than reducing risk.
Auto-applying a divergence below the threshold (Δ<2)Below-threshold divergences are within calibration noise.Threshold gate (Step 2 ≥2 points or ≥4 cumulative).
Predicting next-quarter defect countPredictive scoring at the manager layer is the trust-deficit failure mode the research flags.Descriptive only; cite the historical window.
Recommending matrix changes without a citation per dimensionReviewer cannot validate; the recommendation becomes a black-box ask.Every dimension's value cites the source data with a query / file:line reference.
Calibrating against a single release's dataOne release is noise; the matrix is a multi-release artifact.Step 1 input requires ≥3 releases.

Limitations

  • Defect-data quality is the bottleneck. Trackers without feature / module labels or found_in provenance produce unreliable observed scores. Calibration accuracy is bounded by the input.
  • Path-to-feature mapping is heuristic. The agent infers feature attribution from file paths; a refactor that moved code between modules confuses the attribution. The team's CODEOWNERS file or a feature-flag registry, when available, improves accuracy.
  • No predictive ML / time-series forecasting. Out of scope by design - see refuse-to-proceed rules. For predictive risk scoring, integrate a separate ML tool (Datadog CI Visibility, Launchable, etc.) and cite its methodology in the matrix.
  • Severity normalisation is per-team. Severity comparisons across teams are unreliable; the agent operates within one team's tracker conventions.
  • Manual matrices vs structured matrices. A free-text matrix without a parseable structure (no clear feature column, no consistent score format) cannot be reliably calibrated. The agent halts with MATRIX_UNPARSEABLE and recommends running risk-matrix to refactor the matrix into the canonical structure.

Hand-off targets

References

  • ISTQB glossary - risk-based testing (the canonical methodology this agent calibrates): https://glossary.istqb.org/en_US/term/risk-based-testing
  • ISTQB glossary - defect density (the canonical normalised-defect-count metric used in Step 1): https://glossary.istqb.org/en_US/term/defect-density
  • ISTQB glossary - escaped defect: https://glossary.istqb.org/en_US/term/escaped-defect
  • ISO/IEC 25010 (quality model) - quality characteristics used as the impact-classification axis (cite by stable ID; canonical ISO page is behind Cloudflare).
  • ISO/IEC/IEEE 29119-3:2021 - test reporting and risk-management structures (cite by stable ID).
  • PractiTest 2026 State of Testing Report - 19.9% of teams use AI for risk identification; the practitioner reluctance is the trust deficit this agent's read-only / cite-everything posture is designed to address: https://www.practitest.com/state-of-testing/
  • Capgemini World Quality Report 2025-26 - 60% cite hallucination as a barrier at the decision-support layer; calibration agents must surface citations to land in practice: https://www.capgemini.com/insights/research-library/world-quality-report-2025-26/
  • risk-matrix - preloaded skill defining the matrix shape this agent reads.
  • risk-based-test-selector, risk-based-test-planner - sibling deterministic agents that consume the matrix.