Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Automotive convergence stress test — same capability from many sources (Phase Ω #2)

Browse Source 
Not another domain to prove agnosticism (Environmental did that) but a DIFFERENT property: can the
SAME capability be fed by many overlapping Requirement Sources at once without the model becoming
unstable? Realistic setup — a supplier with ISO 9001 + IATF 16949 + TISAX + ASPICE + CSMS + SUMS
developing an ECU for OEM X. Seven sources (CRA, UNECE R155/CSMS, R156/SUMS, IATF, TISAX, ASPICE,
OEM X) with deliberate overlap, run through the SAME engine (0 runtime code, data only).

Three new measurements (user-requested):
  - Capability Convergence: technical_vulnerability_management = 4 sources across 3 source TYPES
    (regulation + certification + contract); secure_signed_update_distribution = 4 sources. The
    overlap is where the economic value lives ("one capability replaces five evidence worlds").
  - Existing-vs-New: 13/27 required caps reuse existing cyber/environmental MCAPs (48%) -> the
    registry is starting to converge; the automotive-specific rest (CSMS/SUMS/ASPICE/functional
    safety) is expectedly new (a maturity hint, not an architecture break).
  - Business Leverage: a convergent capability satisfies N regulations AND unlocks the OEM market —
    more convincing to a GF than "satisfies five laws". (Regulatory Leverage counts regulations;
    Business Leverage counts regulations + markets/customers.)

Ledger gains the automotive row (0/0, 14 new types, data_only); stability stays 7/7 = 100%. The
verdict recommends the user's next step: NOT a new domain but PAUSE and analyse the registry for the
cross-domain high-convergence core MCAPs. Non-runtime -> no deploy. 12 tests pass, check-loc 0.
This commit is contained in:
Benjamin Admin
2026-06-28 11:30:30 +02:00
parent e0d9816c99
commit 90c3fe16b5
6 changed files with 300 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/knowledge/architecture_stability/integration_ledger.yaml
+10
View File
@@ -76,6 +76,16 @@ sources:
integration_kind: data_only
family: non_cyber # FIRST non-cyber domain — the real generality test
exercised_by: "customer_mission_5, environmental_stress_test"
- source: "Automotive ECU for OEM X (CRA / UNECE R155+R156 / IATF 16949 / TISAX / ASPICE / OEM spec)"
domain: automotive
target_type: multi_source # 7 OVERLAPPING sources spanning regulation + certification + process + contract
integrated_as: multi_source_required_set
new_runtime_classes: 0
new_pipeline: false
new_capability_types: 14 # of 27 required caps, 13 reuse existing MCAPs (48% -> registry converging)
integration_kind: data_only
family: cyber # convergence test: same capability fed by many sources, model stayed stable
exercised_by: "automotive_convergence_stress_test"
# --- One-time, domain-AGNOSTIC pipeline functions (built once, now FROZEN per Phase Ω). ---
# Listed for honesty so the stability KPI cannot be gamed: these are NOT per-domain costs. The last