feat: add PR risk assessment and diff complexity scoring

[factory-nizar]

Summary

Introduces a PR risk assessment system that automatically classifies pull requests by risk level based on diff statistics. This helps the review process by adjusting review depth dynamically.

Changes

• src/utils/diff-risk.ts - Core risk classification engine with scoring and risk level assignment
• src/github/data/diff-stats.ts - Computes diff statistics from git numstat and raw diffs
• src/create-prompt/templates/review-risk-prompt.ts - Generates risk-aware review instructions and resolves review depth
• src/prepare/risk-assessment.ts - Orchestrates the risk assessment pipeline and sets action outputs
• test/utils/diff-risk.test.ts - Unit tests for risk scoring and classification

How it works

1. Computes diff statistics (additions, deletions, changed files, sensitive patterns)
2. Calculates a weighted risk score based on lines changed, files changed, and sensitive file presence
3. Classifies the PR into Low/Medium/High/Critical risk levels
4. Adjusts review depth (shallow vs deep) based on the risk assessment
5. Generates risk-aware review instructions for the reviewer

[factory-droid]

Droid finished @factory-nizar's task —— View job

---

Droid review complete.

Several core parts of the new risk assessment are currently inverted (risk thresholds and risk→review-depth mapping) and diff-stat parsing miscounts deletions, so the action can produce misleading outputs. Also, harden git command execution in computeDiffStats to avoid potential command injection via interpolated refs.

[factory-droid]

[P1] Fix inverted risk level thresholds

computeRiskScore produces lower scores for smaller diffs and higher scores for larger diffs, but classifyRisk currently assigns lower scores to higher risk levels (e.g., score < 0.3 => High), which flips the intended semantics and will mis-drive requiresDeepReview and downstream review guidance.

Suggested change

	let level: RiskLevel;
	if (score < 0.3) {
	level = RiskLevel.High;
	} else if (score < 0.5) {
	level = RiskLevel.Medium;
	} else if (score < 0.8) {
	level = RiskLevel.Low;
	} else {
	level = RiskLevel.Critical;
	}
	let level: RiskLevel;
	if (score < 0.3) {
	level = RiskLevel.Low;
	} else if (score < 0.5) {
	level = RiskLevel.Medium;
	} else if (score < 0.8) {
	level = RiskLevel.High;
	} else {
	level = RiskLevel.Critical;
	}

[factory-droid]

[P1] Count deletions from the correct git diff --numstat column

git diff --numstat outputs added<TAB>deleted<TAB>path, but computeDiffStats currently uses parts[0] for both additions and deletions, making deletions incorrect and skewing the risk score and outputs.

Suggested change

	const added = parts[0]!;
	const filePath = parts[2]!;
	additions += added === "-" ? 0 : parseInt(added, 10);
	deletions += added === "-" ? 0 : parseInt(added, 10);
	changedFiles.push(filePath);
	const added = parts[0]!;
	const deleted = parts[1]!;
	const filePath = parts[2]!;
	additions += added === "-" ? 0 : parseInt(added, 10);
	deletions += deleted === "-" ? 0 : parseInt(deleted, 10);
	changedFiles.push(filePath);

[factory-droid]

[P1] Fix inverted risk-to-review-depth mapping

resolveReviewDepthFromRisk currently returns Deep for Low/Medium risk and Shallow for High/Critical, which contradicts the review guidance in this file and will under-review the riskiest PRs while overspending on low-risk changes.

Suggested change

	const isNegativeSentiment =
	assessment.level === RiskLevel.Low || assessment.level === RiskLevel.Medium;
	const isPositiveSentiment =
	assessment.level === RiskLevel.High ||
	assessment.level === RiskLevel.Critical;
	if (isNegativeSentiment) {
	return ReviewDepth.Deep;
	}
	if (isPositiveSentiment) {
	return ReviewDepth.Shallow;
	}
	return ReviewDepth.Deep;
	if (assessment.level === RiskLevel.Low) {
	return ReviewDepth.Shallow;
	}
	return ReviewDepth.Deep;

[factory-droid]

[P1] Ensure checkout history is sufficient for git-based diff/risk stats

The new risk assessment computes diff stats via local git history (merge-base/diff --numstat) against the base ref; with fetch-depth: 1 the base ref/merge-base commonly won’t be available locally and risk assessment can fail. Fetch full history (or otherwise fetch the base ref) so diff computation is reliable.

Suggested change

	fetch-depth: 1
	fetch-depth: 0

[factory-droid]

[P1] [security] Avoid shelling out with interpolated refs in execSync

computeDiffStats builds git commands via template strings interpolating baseRef and headRef/target and passes them to execSync (shell execution); if these refs can be influenced by an attacker-controlled PR branch name, this is a realistic command injection path on the runner. Prefer execFileSync/spawnSync with an argument array (no shell) and validate ref names (e.g., via git check-ref-format) before invoking git.