Dev Container users: If you are using the VS Code Dev Container, all setup is handled automatically by
install-deps.sh(including pre-commit hooks). See risk-map/docs/setup.md for Dev Container instructions. The manual steps below are for contributors working outside the container.
System requirements for install-deps.sh:
curl— used to install mise and actsudowith passwordless (NOPASSWD) access — used to install act; if unavailable, act installation is skipped but all other steps succeedbash— the script uses bash-specific features (parameter expansion, arrays)
Runtime tools (installed automatically by install-deps.sh, or install manually):
- Python 3.14 or higher
- Node.js 22+ and npm
- Chrome/Chromium browser (for SVG generation from Mermaid diagrams)
install-deps.sh installs all dependencies, pre-commit hooks, and Playwright Chromium in one step. It is idempotent — safe to re-run at any time.
# From the repository root — installs everything and verifies
./scripts/tools/install-deps.sh
# Preview what would be installed without making changes
./scripts/tools/install-deps.sh --dry-runAfter installation, activate mise in your current shell (new shells pick this up automatically from ~/.bashrc):
source ~/.bashrc
# or: eval "$(mise activate bash)"Verify the environment:
./scripts/tools/verify-deps.shIf you prefer to install dependencies individually:
# Install required Python packages (includes pre-commit framework)
pip install -r requirements.txt
# Install Node.js dependencies (prettier, mermaid-cli, etc.)
npm install
# Install the pre-commit framework hook into .git/hooks/pre-commit
pre-commit installPlatform-specific Chrome/Chromium setup:
The regenerate-svgs hook converts Mermaid diagrams to SVGs via npx mmdc,
which needs a Chromium binary. The hook self-discovers it at runtime:
- If
CHROMIUM_PATHis set in your environment, it is used verbatim - On Linux ARM64, it auto-discovers Playwright's bundled Chromium under
$PLAYWRIGHT_BROWSERS_PATH(or~/.cache/ms-playwrightif unset) - Otherwise, mmdc's bundled detection runs (works on Mac / Windows / Linux x64 with system Chrome)
For Linux ARM64 contributors, ensure Playwright Chromium is installed
(install-deps.sh does this automatically; manual: npx playwright install chromium).
Required packages (from requirements.txt):
PyYAML- YAML file parsing and manipulationcheck-jsonschema- JSON schema validation for YAML filespytest- Testing framework for validation scriptsruff- Python linting and formatting
Additional dependencies (from package.json):
prettier- Code formatting for YAML files@mermaid-js/mermaid-cli- Converts Mermaid diagrams to SVG filesplaywright- Provides Chromium browser for ARM64 Linux (optional)puppeteer-core- Browser automation library used by mermaid-cli
Hooks are configured declaratively in .pre-commit-config.yaml at the repo
root and installed via pre-commit install. Validators and generators live
under scripts/hooks/:
hooks/precommit/- Wrapper scripts invoked by the framework (graphs, tables, SVGs, issue templates, prettier-yaml). Each wrapper runs its underlying tool andgit adds the output (Mode B auto-stage).hooks/validate_riskmap.py- Component edge validation and graph generationhooks/validate_control_risk_references.py- Control-risk cross-reference validationhooks/validate_framework_references.py- Framework reference validationhooks/validate_issue_templates.py- Issue template and dependabot.yml schema validationhooks/yaml_to_markdown.py- Markdown table generation from YAMLhooks/riskmap_validator/- Python module with models, validator, graphing, and utilities
Related:
- Hook Validations - What the pre-commit hook does
- Troubleshooting - Installation and setup issues