Risk Assessment - Roosloot.com
Version: 0.6
Date: March 8, 2026
Owner: Rens Roosloot
1. Method
Simple qualitative matrix:
- Likelihood: Low / Medium / High
- Impact: Low / Medium / High
- Priority: derived from likelihood + impact
2. Risk Register
| ID | Risk | Likelihood | Impact | Priority | Mitigation | Verification |
|---|---|---|---|---|---|---|
| R-01 | Accidental secret/API key exposure in static files | Low | High | Medium | No secrets policy in AGENTS.md; review before commit |
Repo scan and code review |
| R-02 | Unsafe third-party embed/script introduces tracking/security issues | Medium | High | High | Avoid embeds/scripts unless explicitly approved | Manual review of HTML includes |
| R-03 | Broken navigation/internal links after content changes | Medium | Medium | Medium | Keep shared structure; add link checks in OQ | Automated link check + manual smoke |
| R-04 | Language toggle regressions or missing translations | Medium | Medium | Medium | Shared i18n.js; enforce NL/EN parity |
OQ i18n tests |
| R-05 | Accessibility regressions (contrast, keyboard flow, labels) | Medium | Medium | Medium | Keep semantic markup and labels; run a11y checks | Axe/Pa11y and manual keyboard test |
| R-06 | Performance regressions from large assets | Medium | Medium | Medium | Compress images, static-first, no heavy runtime scripts | Lighthouse CI thresholds |
| R-07 | Host config lacks security headers | Medium | High | High | Configure headers at hosting layer | Deployment checklist + header scan |
| R-08 | Documentation drift (URS/FS/DS out of sync) |
Medium | Medium | Medium | V-model update rules in AGENTS.md |
PR checklist and review |
3. Residual Risk Statement
After mitigations, remaining risk is acceptable for a static personal site, provided review discipline and periodic verification are maintained.
4. Change Addendum (2026-02-25)
- Added/updated risk consideration for interactive visual complexity in
site/visuals-ascii-star-runner.html:- Risk: animation regressions (layer desync, groove jitter/flicker, frame drops) after visual tuning changes
- Likelihood: Medium
- Impact: Medium
- Mitigation: deterministic/stabilized ravine rendering, bounded control ranges, and manual visual smoke checks after tuning changes
- Verification: browser console error check plus manual slider/toggle interaction test
5. Change Addendum (2026-02-25, Game Prototype Branch)
- Added prototype-specific risk consideration for
site/swapbound/game.html:- Risk: gameplay frustration from unclear split controls / remap state
- Likelihood: Medium
- Impact: Medium
- Mitigation: persistent control mapping panel, room hints, remap banner, room-jump test tooling during iteration
- Verification: manual playtesting with 2-player keyboard sessions
- Added prototype-specific risk consideration for procedural audio:
- Risk: repetitive or fatiguing synth loop / SFX spam
- Likelihood: Medium
- Impact: Low/Medium
- Mitigation: mute toggle, edge-triggered checkpoint sound, conservative volume defaults
- Verification: manual audio usability check across several minutes of play
6. Change Addendum (2026-03-08, Docs and Visual Routing)
- Added documentation routing risk consideration:
- Risk: project-level docs hubs or project-local HTML mirrors drift out of sync with their markdown sources or public navigation
- Likelihood: Medium
- Impact: Medium
- Mitigation: keep markdown as the source of truth, publish via
npm run docs:render, and smoke-check the docs hubs after structural changes - Verification: render run plus manual checks on
site/docs/index.html,site/docs/swapbound.html, andsite/voxel-cutaway-world/docs/index.html