Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(optimization): Regulatory Optimization — Roadmap/Management renderer over the Capability Delta

Browse Source 
Roadmap item 5. GAP analysis and measure-prioritisation are the SAME computation: Required −
Known = the Capability Delta. The Capability Delta Engine (RS-005) computes it once; renderers
read that ONE delta. Interview Renderer (missing info → questions) was already built; this adds
the Roadmap/Management Renderer (missing capabilities → measures ranked by regulatory leverage).

- compliance/optimization/: regulatory_leverage() + select_within_budget() (pure leverage math)
  + roadmap_from_delta(assessment, ...) — the keystone binding optimization to the RS-005 delta
  (dependency optimization → transition_reasoning, acyclic; the delta engine stays hermetic).
  leverage(measure) = number of regulatory requirements it closes at once (e.g. patch management
  → CRA+MaschinenVO+IEC62443+ISO27001 = 4). No new corpus, no new meta-model class (freeze v1.0).
- Welt-1 honesty: percentages are exact count ratios over the IDENTIFIED requirements (the known
  delta), never "% gesetzeskonform".
- reference suite: "Regulatory Optimization" section runs the SAME convergence delta → ranked
  measures + budget answer + the management sentence "of N identified requirements you close M
  with the top-K measures (X%) — highest regulatory leverage".
- ADR-003: Capability Delta Engine — one delta, many renderers; rename Gap → Capability Delta.

13 optimization tests (31 with transition+company), mypy --strict clean, check-loc 0.
Product code with no app caller + ADR/reference = non-runtime → no deploy (ADR-001).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-27 09:49:38 +02:00
parent ffff9bb592
commit cfafa31ea2
7 changed files with 448 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/reference_scenarios/generate.py
+31
View File
@@ -38,6 +38,7 @@ from compliance.transition_reasoning import (
TransitionContext, TransitionGoal, TargetType, TargetRequirement, assess_transition, CoverageStatus,
regulatory_convergence,
)
from compliance.optimization import roadmap_from_delta, select_within_budget
import os
import yaml
@@ -411,6 +412,36 @@ coverage_table([
("Cross-Regulation Capability Mapping", "PASS", _conv.headline),
])
# ── Regulatory Optimization — Roadmap-Renderer über DEMSELBEN Capability Delta ───
w("## Regulatory Optimization — größter regulatorischer Hebel zuerst")
w("")
w("_Dieselbe Berechnung wie die GAP-Analyse, anderer Renderer: das **Capability Delta** (RS-005) wird nach **regulatorischem Hebel** priorisiert (eine Maßnahme schließt N Regelwerke gleichzeitig). Welt-1: % über die IDENTIFIZIERTEN Anforderungen, kein Compliance-Urteil._")
w("")
_opt = roadmap_from_delta(_cp_a, _delta_t) # SAME delta the Interview Renderer turns into questions
_open_reqs = {_m.capability_id: _m.covers for _m in _opt.ranked_measures}
w("**Kompression:** %s" % _opt.headline)
w("")
w("**Top-Maßnahmen nach regulatorischem Hebel (Roadmap):**")
w("")
w("| # | Maßnahme | Hebel | deckt | kumuliert |")
w("|---|---|---|---|---|")
for _i, _m in enumerate(_opt.ranked_measures[:6], 1):
w("| %d | `%s` | **%d** | %s | %d/%d (%.0f%%) |" % (
_i, _m.capability_id, _m.leverage, "+".join(_m.covers),
_m.cumulative_requirements, _opt.total_requirements, _m.cumulative_coverage * 100))
w("")
_bud = select_within_budget(_open_reqs, 5)
w('**Managementsatz:** „Wenn Sie zuerst diese %d Maßnahmen umsetzen, schließen Sie %d von %d identifizierten Anforderungen (%.0f%%) — höchster regulatorischer Hebel." (Hebel skaliert mit jedem weiteren Regelwerk/Convergence-Pattern.)'
% (len(_bud.selected_capabilities), _bud.requirements_closed, _bud.total_requirements, _bud.coverage_ratio * 100))
w("")
w("_Eine Wahrheit, zwei Renderer: dasselbe Capability Delta liefert dem Auditor **Fragen** (Interview) und dem GF **Maßnahmen** (Roadmap)._")
w("")
coverage_table([
("Capability Delta Engine (RS-005)", "PASS", "ein Delta, mehrere Renderer"),
("Roadmap/Management Renderer (Hebel)", "PASS", _opt.headline),
("Budget-Priorisierung", "PASS", "Top-5 → %.0f%% der identifizierten Anforderungen" % (_bud.coverage_ratio * 100)),
])
# ── Epics + roll-up ───────────────────────────────────────────────────────
w("## Gaps → Epics (Backlog — nur erfasst, NICHT implementiert)")
w("")