codel
← Back to the index

OPS-09 · SEC. 03 Operations & DevOps

Post-Task Risk & Next-Action Report

End every task with what changed, what's verified, what's risky, and one clear next move.

FORMAT
loop
DIFFICULTY
beginner
TIME
4 min
TOOLS
universal
MODELS
any
COPIES
0 so far

When to use this

You want a consistent close-out after every task in a session, not just at the end of the day, so you always know exactly what to trust, what's still shaky, and what to do next instead of getting a vague "let me know what you'd like to do."

The pattern

Pastes as plain text
Whenever you finish a task in this session — not just at the end of the
session — report back in this exact structure before moving on to anything
else:

1. What changed — bullet list of files/behavior touched, one line each.
2. What was verified — the actual command(s) you ran and their real output
   (test run, manual check, build). "Should work" is not verification.
3. What risk remains — anything not covered by the verification above:
   untested edge cases, assumptions made, code paths not exercised.
   If there is truly no remaining risk, say so explicitly, don't omit
   the section.
4. Recommended next step — pick exactly one: keep working, test more,
   commit, open a PR, merge, deploy, or keep this separate from other work.
   Don't list options, pick one.

Keep it under 10 lines total. Don't pad it with restating the original
request. If a step genuinely doesn't apply (e.g. no tests exist yet), say
that instead of skipping the section silently.

Real example output

What changed:
- src/api/webhooks/stripe.ts: added signature verification before
  processing checkout.session.completed
- src/api/webhooks/stripe.test.ts: added test for invalid signature -> 400

What was verified: npm test -- webhooks -> 6 passed, 0 failed. Manually
POSTed a payload with a tampered signature to the local dev server, got
400 as expected.

What risk remains: only tested the checkout.session.completed event type.
The refund and dispute webhook handlers use the same verification function
but weren't individually re-tested after this change — should be covered
by the same fix, but not directly confirmed.

Recommended next step: commit this now, then run the full webhook test
suite (not just the filtered one) before touching refund/dispute handlers.

Why it works

Separating "verified" from "risk remains" forces you to name the untested part instead of letting a green test run imply more coverage than it actually has. A single recommended action, not a menu of options, stops the session from drifting into ambiguous limbo at the exact moment you'd otherwise lose track of what's next.

Entry OPS-09 · by codel · 2026-07-09 · CC-BY-4.0