Merge pull request 'Environmental stress test — architecture works outside cyber (Phase Omega)' (#36) from feat/environmental-stress-test into main

2026-06-28 11:10:36 +02:00
parent 2805256c33 fbbd0957bd
commit e0d9816c99
8 changed files with 382 additions and 19 deletions
@@ -12,6 +12,9 @@
 # stability claim broke and Phase Ω failed; record it honestly.
 # --- Integrated Requirement Sources: each is DATA (a pattern / a Required set), run by the shared pipeline ---
 # new_capability_types = distinct NEW capability ids the source introduced. NOT an architecture break —
 # a FRÜHINDIKATOR for capability-model granularity: if a domain ever needs ~80 new types with 0 runtime
 # change, the capability model is probably cut too coarse or too fine. Watch the number, not just 0/0.
 sources:
  - source: "Cyber Resilience Act (CRA)"
    domain: industrial_automation
@@ -19,7 +22,9 @@ sources:
    integrated_as: transition_pattern_data
    new_runtime_classes: 0
    new_pipeline: false
    new_capability_types: 13
    integration_kind: data_only
    family: cyber
    exercised_by: "customer_mission_1/2/3, journey_matcher_demo"
  - source: "Maschinenverordnung (MaschinenVO)"
    domain: industrial_automation
@@ -27,7 +32,9 @@ sources:
    integrated_as: transition_pattern_data
    new_runtime_classes: 0
    new_pipeline: false
    new_capability_types: 4
    integration_kind: data_only
    family: cyber
    exercised_by: "customer_mission_1/3, journey_matcher_demo"
  - source: "TISAX"
    domain: automotive
@@ -35,7 +42,9 @@ sources:
    integrated_as: transition_pattern_data
    new_runtime_classes: 0
    new_pipeline: false
    new_capability_types: 5
    integration_kind: data_only
    family: cyber
    exercised_by: "customer_mission_3/5, journey_matcher_demo"
  - source: "Public Tender (öffentliche Ausschreibung)"
    domain: cross_industry
@@ -43,7 +52,9 @@ sources:
    integrated_as: injected_required_set
    new_runtime_classes: 0
    new_pipeline: false
    new_capability_types: 3
    integration_kind: data_only
    family: cyber
    exercised_by: "customer_mission_3/4"
  - source: "OEM Specification (Lastenheft)"
    domain: automotive
@@ -51,16 +62,20 @@ sources:
    integrated_as: injected_required_set
    new_runtime_classes: 0
    new_pipeline: false
    new_capability_types: 4
    integration_kind: data_only
    family: cyber
    exercised_by: "customer_mission_4"
-  - source: "Environmental / Material evidence target"
+  - source: "ISO 14001 -> Environmental/Material (REACH/RoHS/Batterie/Wasser/Energie/Abfall)"
    domain: environmental
-    target_type: environmental
+    target_type: regulation
-    integrated_as: injected_required_set
+    integrated_as: transition_pattern_data
    new_runtime_classes: 0
    new_pipeline: false
    new_capability_types: 16
    integration_kind: data_only
-    exercised_by: "customer_mission_5"
+    family: non_cyber          # FIRST non-cyber domain — the real generality test
    exercised_by: "customer_mission_5, environmental_stress_test"
 # --- One-time, domain-AGNOSTIC pipeline functions (built once, now FROZEN per Phase Ω). ---
 # Listed for honesty so the stability KPI cannot be gamed: these are NOT per-domain costs. The last
@@ -0,0 +1,118 @@
 # Transition KNOWLEDGE Pattern (TKP) — ISO 14001 (EMS)  ->  Environmental / Material compliance
 # THE FIRST NON-CYBER STRESS TEST. Every prior pattern lives in the cyber family (infosec / software /
 # product cybersecurity). Environmental brings entirely different mental models: substance flows,
 # emissions, water, chemicals, energy, circularity, disposal. If RS-005 carries this UNCHANGED (only new
 # DATA, zero runtime code), the architecture is general beyond cyber.
 #
 # Same shape as ISO 9001 -> CRA: ISO 14001 is a MANAGEMENT system. It gives environmental management
 # discipline (aspects, compliance process, audits, improvement, document control) but NOT the concrete,
 # substance-/product-specific EVIDENCE. So the delta is large, and the new quality question is explicit:
 # "which environmental capabilities does ISO 14001 typically NOT produce?" -> rejected_assumptions.
 # Capabilities are VERBS (capability-is-a-verb). Curated expert FIRST DRAFT, NOT a normative proof.
 id: TP-ISO14001-ENV-v1
 status: draft                 # draft(L1) -> reviewed(L2) -> validated(L3, expert) -> proven(L4)
 version: 1
 transition_goal:
  from:
    standard: "ISO 14001"
    edition: "2015"
    nature: organizational_environmental_management_system
  to:
    domain: "Environmental / Material compliance"
    nature: concrete_environmental_evidence
    sources: ["REACH", "RoHS", "Batterieverordnung", "Wasserrecht", "Abwasservorschriften", "Energiemanagement (EnEfG)", "Kreislaufwirtschaft (KrWG/AVV)", "Emissionsschutz (BImSchG)"]
  one_line: "Move a manufacturer whose only environmental management system is ISO 14001 toward concrete environmental/material compliance for a product placed on the EU market."
 provenance:
  author: "Claude (Reasoning session) — AI first draft (L1)"
  basis: "ISO 14001:2015 (6.1.2 aspects, 6.1.3 compliance obligations, 7.5 documented information, 9.2 internal audit, 10.3 continual improvement) vs concrete substance/emission/water/material duties."
  reviewed_by: null
  validated_by: null
 disclaimer: >
  Curated expert knowledge, NOT a normative proof. KEY INSIGHT: ISO 14001 is an environmental MANAGEMENT
  system — it provides the discipline to identify aspects and run compliance/audit/improvement processes,
  but it produces NO concrete substance lists, emission measurements, REACH registrations, battery
  passports or water analyses. The environmental delta for an ISO-14001-only manufacturer is therefore
  LARGE. Welt-1; confidence from the curated relationship, never "erfüllt".
 source_state_variants:
  certified:      "ISO 14001 certified -> the management-discipline assumptions hold; concrete evidence is still missing."
  ems_introduced: "EMS implemented but not certified -> downgrade 'partially_supports' to needs_confirmation."
 # ── A) LIKELY COVERED — only environmental MANAGEMENT discipline (partially_supports), NOT evidence. ──
 likely_covered:
  - capability: identify_environmental_aspects
    iso14001_basis: ["6.1.2"]
    relationship: partially_supports
    confidence_source: relationship
    verification: required
    expected_evidence: [environmental_aspects_register]
    rationale: "ISO 14001 requires identifying environmental aspects/impacts — the discipline to KNOW where chemicals, water, energy and waste are relevant — but not the concrete substance/emission data itself."
    reviewable_claim: "Aspect identification scopes environmental topics but does not measure or declare any substance."
  - capability: operate_environmental_compliance_process
    iso14001_basis: ["6.1.3", "9.1.2"]
    relationship: partially_supports
    confidence_source: relationship
    verification: required
    expected_evidence: [compliance_obligations_register]
    rationale: "ISO 14001 requires a process to determine and evaluate compliance obligations — a framework to TRACK duties, not to discharge any specific one."
    reviewable_claim: "A compliance-obligations process tracks duties but does not produce a REACH registration or an emission report."
  - capability: conduct_internal_environmental_audits
    iso14001_basis: ["9.2"]
    relationship: partially_supports
    confidence_source: relationship
    verification: required
    expected_evidence: [internal_audit_programme]
    rationale: "Internal audit gives assurance that the EMS runs — process assurance, not substance evidence."
    reviewable_claim: "Internal audits assure the management system, not concrete environmental performance."
  - capability: run_continual_environmental_improvement
    iso14001_basis: ["10.3"]
    relationship: partially_supports
    confidence_source: relationship
    verification: required
    expected_evidence: [improvement_objectives]
    rationale: "Continual improvement drives objectives/targets — direction, not the concrete deliverables a regulation demands."
    reviewable_claim: "Improvement objectives set direction but do not constitute regulatory evidence."
  - capability: control_environmental_documents
    iso14001_basis: ["7.5"]
    relationship: partially_supports
    confidence_source: relationship
    verification: required
    expected_evidence: [document_control_procedure]
    rationale: "Documented-information control gives the discipline to MAINTAIN records — but no record content."
    reviewable_claim: "Document control maintains records; it does not create the substance/emission records themselves."
 # ── B) DELTA — the concrete substance/emission/water/material EVIDENCE ISO 14001 does NOT produce. ──
 # Each carries covers_targets = the requirement sources that demand it (the verb -> sources mapping).
 delta_requirements:
  - {capability: manage_chemical_substances, missing_because: "An EMS does not maintain a concrete chemical inventory.", why_asked: "REACH/RoHS require knowing exactly which substances are present.", dropped_if: ["A maintained substance inventory exists."], needed_information: verify_existence, covers_targets: [REACH, RoHS], expected_evidence: [chemical_inventory], priority: high, reviewable_claim: "ISO 14001 does not maintain a concrete substance inventory."}
  - {capability: register_substances_under_reach, missing_because: "No REACH registration dossiers in an EMS.", why_asked: "REACH requires registration of manufactured/imported substances >1 t/a.", dropped_if: ["REACH registration/notification dossiers exist."], needed_information: request_evidence, covers_targets: [REACH], expected_evidence: [reach_registration_dossier], priority: high, reviewable_claim: "ISO 14001 does not produce REACH registrations."}
  - {capability: restrict_hazardous_substances_rohs, missing_because: "No RoHS substance-restriction evidence in an EMS.", why_asked: "RoHS restricts specific hazardous substances in EEE.", dropped_if: ["RoHS compliance declarations + material data exist."], needed_information: request_evidence, covers_targets: [RoHS], expected_evidence: [rohs_declaration], priority: high, reviewable_claim: "ISO 14001 does not establish RoHS substance-restriction evidence."}
  - {capability: monitor_water_consumption, missing_because: "An EMS does not meter water by permit.", why_asked: "Water permits require monitoring abstraction/consumption.", dropped_if: ["Water consumption is metered and reported per permit."], needed_information: verify_existence, covers_targets: ["Wasserrecht"], expected_evidence: [water_consumption_records], priority: medium, reviewable_claim: "ISO 14001 does not meter water consumption per permit."}
  - {capability: treat_and_document_wastewater, missing_because: "No concrete effluent treatment/analysis in an EMS.", why_asked: "National wastewater rules set discharge limits + monitoring.", dropped_if: ["Effluent treatment + discharge analyses exist."], needed_information: request_evidence, covers_targets: ["Abwasservorschriften"], expected_evidence: [wastewater_analysis], priority: high, reviewable_claim: "ISO 14001 does not treat or analyse wastewater."}
  - {capability: account_energy_consumption, missing_because: "No concrete energy accounting in an EMS.", why_asked: "Energy-management duties require documented consumption.", dropped_if: ["Energy consumption is accounted and reported."], needed_information: verify_existence, covers_targets: ["Energiemanagement (EnEfG)"], expected_evidence: [energy_consumption_report], priority: medium, reviewable_claim: "ISO 14001 does not account energy consumption."}
  - {capability: document_waste_streams, missing_because: "No concrete waste-stream records in an EMS.", why_asked: "Circular-economy/waste law requires documented streams + codes.", dropped_if: ["Waste streams are documented with EWC codes."], needed_information: verify_existence, covers_targets: ["Kreislaufwirtschaft (KrWG/AVV)"], expected_evidence: [waste_register], priority: medium, reviewable_claim: "ISO 14001 does not document concrete waste streams."}
  - {capability: declare_material_composition, missing_because: "No material declaration in an EMS.", why_asked: "Customer/SCIP/battery rules require material declarations.", dropped_if: ["Material declarations (e.g. SCIP) exist."], needed_information: request_evidence, covers_targets: ["Kundenanforderungen", "Batterieverordnung"], expected_evidence: [material_declaration], priority: high, reviewable_claim: "ISO 14001 does not declare material composition."}
  - {capability: issue_battery_passport, missing_because: "No battery passport in an EMS.", why_asked: "The Battery Regulation requires a battery passport for in-scope batteries.", dropped_if: ["A battery passport is issued per unit/model."], needed_information: request_evidence, covers_targets: ["Batterieverordnung"], expected_evidence: [battery_passport], priority: high, reviewable_claim: "ISO 14001 does not produce a battery passport."}
  - {capability: measure_air_emissions, missing_because: "No concrete emission measurements in an EMS.", why_asked: "Emission-protection law requires measured emissions for in-scope installations.", dropped_if: ["Emission measurements/reports exist per permit."], needed_information: request_evidence, covers_targets: ["Emissionsschutz (BImSchG)"], expected_evidence: [emission_measurement_report], priority: medium, reviewable_claim: "ISO 14001 does not measure air emissions."}
  - {capability: analyze_water_discharge, missing_because: "No concrete water analyses in an EMS.", why_asked: "Permits require periodic water/effluent analyses.", dropped_if: ["Periodic water analyses exist."], needed_information: request_evidence, covers_targets: ["Wasserrecht", "Abwasservorschriften"], expected_evidence: [water_analysis], priority: medium, reviewable_claim: "ISO 14001 does not perform water analyses."}
 # ── C) REJECTED ASSUMPTIONS — the new quality question: what ISO 14001 typically does NOT produce. ──
 rejected_assumptions:
  - "ISO 14001 does NOT produce concrete substance lists or REACH registrations."
  - "ISO 14001 does NOT produce concrete air-emission measurements."
  - "ISO 14001 does NOT produce battery passports or material declarations."
  - "ISO 14001 does NOT produce water or wastewater analyses."
  - "An ISO 14001 certificate does NOT establish RoHS substance-restriction evidence."
 determinism_goal: >
  Two independent auditors should agree that an ISO-14001-only manufacturer has the environmental
  MANAGEMENT discipline but is missing nearly all concrete substance/emission/water/material evidence —
  the same shape as ISO 9001 -> CRA, in a completely non-cyber domain.
 review_checklist:
  - "Confirm the delta + rejected_assumptions with an environmental compliance expert."
  - "Replace capability ids with Capability Registry MCAP ids once assigned."
@@ -2,19 +2,21 @@
 _Der Fokus hat sich verschoben: nicht mehr „kann die Architektur das?", sondern „wo versagt sie bei echtem Fachwissen?". Diese zwei KPIs erhebt kaum jemand. Eine neue Domäne ist eine ZEILE im Ledger (Daten), nie eine Codeänderung — genau das macht den KPI auditierbar._
-## Architecture Stability — pro integrierter Anforderungsquelle: neue Runtime-Klassen? neue Pipeline?
+## Architecture Stability — pro Quelle: neue Runtime-Klassen? neue Pipeline? neue Capability-Typen?
-| Quelle | Zieltyp | als | neue Runtime-Klassen | neue Pipeline | Ergebnis |
+| Quelle | Familie | neue Runtime-Klassen | neue Pipeline | neue Capability-Typen | Ergebnis |
-|---|---|---|---:|---:|---|
+|---|---|---:|---:|---:|---|
-| Cyber Resilience Act (CRA) | regulation | transition_pattern_data | 0 | 0 | ✅ |
+| Cyber Resilience Act (CRA) | cyber | 0 | 0 | 13 | ✅ |
-| Maschinenverordnung (MaschinenVO) | regulation | transition_pattern_data | 0 | 0 | ✅ |
+| Maschinenverordnung (MaschinenVO) | cyber | 0 | 0 | 4 | ✅ |
-| TISAX | certification | transition_pattern_data | 0 | 0 | ✅ |
+| TISAX | cyber | 0 | 0 | 5 | ✅ |
-| Public Tender (öffentliche Ausschreibung) | contract | injected_required_set | 0 | 0 | ✅ |
+| Public Tender (öffentliche Ausschreibung) | cyber | 0 | 0 | 3 | ✅ |
-| OEM Specification (Lastenheft) | contract | injected_required_set | 0 | 0 | ✅ |
+| OEM Specification (Lastenheft) | cyber | 0 | 0 | 4 | ✅ |
-| Environmental / Material evidence target | environmental | injected_required_set | 0 | 0 | ✅ |
+| ISO 14001 -> Environmental/Material (REACH/RoHS/Batterie/Wasser/Energie/Abfall) | non_cyber | 0 | 0 | 16 | ✅ |
 - **Architecture Stability: 6/6 = 100%** der Quellen ohne neue Runtime-Klasse und ohne neue Pipeline.
 - **Knowledge Velocity: 6/6 = 100%** der Quellen **data-only** integriert (kein Entwickler nötig).
 - **Generalität über Cyber hinaus: 1/6 Quellen NICHT-Cyber** (Umwelt) — trugen die Pipeline ebenfalls 0/0. Das ist der eigentliche Test (ein anderes Denkmodell, nicht noch ein Cyber-Regelwerk).
 - **Capability-Modell-Frühindikator: 45 neue Typen gesamt, Maximum 16** (Umwelt, erste Nicht-Cyber-Domäne) — in Range, KEIN Granularitätsalarm (Alarm ≈ eine Domäne braucht plötzlich ~80 neue Typen bei 0 Runtime-Change → Modell zu grob/fein).
 ## Ehrlichkeit: die Pipeline-Funktionen sind EINMALIG (jetzt eingefroren)
 - 6 domänen-AGNOSTISCHE Funktionen, einmal gebaut, nicht je Domäne: `transition_reasoning (RS-005)`, `optimization`, `journey_matcher (ADR-011)`, `playbook`, `completeness`, `company (2A)`.
@@ -38,20 +38,27 @@ w("# Architecture Stability + Knowledge Velocity — Phase Ω (Evidence of Gener
 w("")
 w('_Der Fokus hat sich verschoben: nicht mehr „kann die Architektur das?", sondern „wo versagt sie bei echtem Fachwissen?". Diese zwei KPIs erhebt kaum jemand. Eine neue Domäne ist eine ZEILE im Ledger (Daten), nie eine Codeänderung — genau das macht den KPI auditierbar._')
 w("")
-w("## Architecture Stability — pro integrierter Anforderungsquelle: neue Runtime-Klassen? neue Pipeline?")
+w("## Architecture Stability — pro Quelle: neue Runtime-Klassen? neue Pipeline? neue Capability-Typen?")
 w("")
-w("| Quelle | Zieltyp | als | neue Runtime-Klassen | neue Pipeline | Ergebnis |")
+w("| Quelle | Familie | neue Runtime-Klassen | neue Pipeline | neue Capability-Typen | Ergebnis |")
-w("|---|---|---|---:|---:|---|")
+w("|---|---|---:|---:|---:|---|")
 for s in sources:
    ok = "✅" if (s["new_runtime_classes"] == 0 and not s["new_pipeline"]) else "❌"
-    w("| %s | %s | %s | %d | %s | %s |" % (
+    w("| %s | %s | %d | %s | %d | %s |" % (
-        s["source"], s["target_type"], s["integrated_as"], s["new_runtime_classes"],
+        s["source"], s.get("family", "-"), s["new_runtime_classes"],
-        "ja" if s["new_pipeline"] else "0", ok))
+        "ja" if s["new_pipeline"] else "0", s.get("new_capability_types", 0), ok))
 w("")
 non_cyber = [s for s in sources if s.get("family") == "non_cyber"]
 total_types = sum(s.get("new_capability_types", 0) for s in sources)
 max_types = max((s.get("new_capability_types", 0) for s in sources), default=0)
 w("- **Architecture Stability: %d/%d = %d%%** der Quellen ohne neue Runtime-Klasse und ohne neue Pipeline." % (
    len(stable), n, round(arch_stability * 100)))
 w("- **Knowledge Velocity: %d/%d = %d%%** der Quellen **data-only** integriert (kein Entwickler nötig)." % (
    len(data_only), n, round(knowledge_velocity * 100)))
 w("- **Generalität über Cyber hinaus: %d/%d Quellen NICHT-Cyber** (Umwelt) — trugen die Pipeline ebenfalls 0/0. Das ist der eigentliche Test (ein anderes Denkmodell, nicht noch ein Cyber-Regelwerk)." % (
    len(non_cyber), n))
 w("- **Capability-Modell-Frühindikator: %d neue Typen gesamt, Maximum %d** (Umwelt, erste Nicht-Cyber-Domäne) — in Range, KEIN Granularitätsalarm (Alarm ≈ eine Domäne braucht plötzlich ~80 neue Typen bei 0 Runtime-Change → Modell zu grob/fein)." % (
    total_types, max_types))
 w("")
 # pipeline functions = one-time, domain-agnostic infrastructure (honesty: not per-domain costs)
@@ -0,0 +1,37 @@
 # Environmental Stress Test — funktioniert die Architektur AUSSERHALB von Cyber? (Phase Ω)
 _Erster Nicht-Cyber-Test. Nicht „wir bauen einen Umwelt-Cluster", sondern: trägt RS-005 ein völlig anderes Denkmodell (Stoffe/Emissionen/Wasser/Energie/Kreislauf) UNVERÄNDERT — nur neue DATEN, null Runtime-Code? ISO 14001 als Company Profile (Welt-1), dieselbe Engine wie ISO 27001 → CRA. Synthetisch, keine echten Namen._
 ## 1. ISO 14001 als Company Profile — Management, nicht Evidence
 - ISO 14001 liefert **Umwelt-MANAGEMENT-Disziplin** (Welt-1, wahrscheinlich vorhanden): `identify_environmental_aspects`, `operate_environmental_compliance_process`, `conduct_internal_environmental_audits`, `run_continual_environmental_improvement`, `control_environmental_documents`.
 - Über **dieselbe** `assess_transition`-Engine wie im Cyber-Fall — **keine Zeile neuer Runtime-Code**, nur ein neues Pattern-YAML.
 ## 2. RS-005 stellt dieselbe Frage: welche Umwelt-Capabilities fehlen?
 > 16 zu klären, 0 bereits abgedeckt, 5 vermutlich vorhanden, 11 fehlt, 0 n/a, 0 nicht im Korpus.
 - **Vermutlich vorhanden (Management):** 5 — `conduct_internal_environmental_audits`, `control_environmental_documents`, `identify_environmental_aspects` …
 - **Delta (konkrete Evidence, fehlt): 11 Capabilities** — z. B. `account_energy_consumption`, `analyze_water_discharge`, `declare_material_composition`, `document_waste_streams` …
 - Capabilities sind **Verben** (capability-is-a-verb): `manage_chemical_substances`, `measure_air_emissions`, `issue_battery_passport` …
 ## 3. Neue Qualitätsfrage — was erzeugt ISO 14001 typischerweise NICHT? _(rejected_assumptions, Welt-1/Welt-2)_
 - ISO 14001 does NOT produce concrete substance lists or REACH registrations.
 - ISO 14001 does NOT produce concrete air-emission measurements.
 - ISO 14001 does NOT produce battery passports or material declarations.
 - ISO 14001 does NOT produce water or wastewater analyses.
 - An ISO 14001 certificate does NOT establish RoHS substance-restriction evidence.
 → Genau wie ISO 9001 → CRA: ein **Managementsystem** gibt die Disziplin, aber **nicht die konkrete substanz-/produktspezifische Evidence**. Die Welt-1/Welt-2-Trennung bleibt erhalten.
 ## 4. Journey Matcher bleibt domänen-agnostisch
 > 1 Journeys erklaeren das Delta; beste: ISO14001 -> Environmental (100% des Deltas)
 | Journey | erklärt das Umwelt-Delta |
 |---|---|
 | ISO14001 -> Environmental | 100% |
 | ISMS -> TISAX | 0% |
 | ISO27001 -> CRA + MaschinenVO | 0% |
 → Die **Cyber-Journeys erklären 0 %** des Umwelt-Deltas — der Matcher rät nicht, er erklärt nur, was das Delta wirklich beschreibt.
 ## Befund
 > **Ein völlig anderes Denkmodell (Umwelt) lief durch `Reality → Evidence → Capability → Required → Delta → Journey` ohne eine Zeile neuen Runtime-Code — nur ein neues Pattern-YAML + injizierte Required-Caps.** Das ist ein stärkerer Generalitätsbeweis als zehn weitere Cyber-Regelwerke: die Architektur ist nicht „Compliance/Cyber", sondern ein allgemeines Trägersystem. **16 neue Capability-Typen** (5 Management + 11 konkrete Evidence) — in der Größenordnung der Cyber-Domänen, kein Granularitäts-Frühindikator. Architecture Stability: **0 neue Runtime-Klassen, 0 neue Pipeline.**
@@ -0,0 +1,107 @@
 # ruff: noqa
 # mypy: ignore-errors
 """Environmental stress test — does the architecture work OUTSIDE cyber? (Phase Ω)
 Every prior journey lived in the cyber family (CRA / MaschinenVO / TISAX / ISO 27001 / OEM / Tender —
 all infosec, software, product cybersecurity). This is the first NON-cyber stress test: substance flows,
 emissions, water, chemicals, energy, circularity. The claim under test is NOT "we built an environmental
 cluster" but "RS-005 carries an entirely different mental model UNCHANGED — only new DATA, zero runtime".
 It runs ISO 14001 (an EMS, as a Company Profile, Welt-1) -> an Environmental target through the SAME
 engines used for ISO 27001 -> CRA, and asks the SAME question: which environmental capabilities are
 still missing? Plus the new quality question (rejected_assumptions): which capabilities does ISO 14001
 typically NOT produce? And it runs the Journey Matcher to confirm it stays domain-agnostic.
 Synthetic, no real names. Non-runtime -> no deploy.
 Run:  cd backend-compliance && PYTHONPATH=. python3 reference_scenarios/environmental_stress_test.py
 """
 from __future__ import annotations
 import os
 import yaml
 from compliance.company import (
    CompanyContext, Certification, CapabilityMappingEntry, build_company_profile,
 )
 from compliance.reasoning.enums import Confidence
 from compliance.transition_reasoning import (
    TransitionContext, TransitionGoal, TargetRequirement, assess_transition, CoverageStatus,
 )
 from compliance.journey_matcher import JourneySignature, match_journeys
 OUT = []
 def w(s=""):
    OUT.append(s)
 _K = os.path.join(os.path.dirname(__file__), "..", "knowledge", "transition_patterns")
 def _load(name):
    return yaml.safe_load(open(os.path.join(_K, name), encoding="utf-8"))
 ENV = _load("transition_pattern_iso14001_to_environmental_v1.yaml")
 mgmt = [a["capability"] for a in ENV["likely_covered"]]          # what ISO 14001 DOES give (Welt-1)
 concrete = [d["capability"] for d in ENV["delta_requirements"]]  # what it does NOT give (the delta)
 # ── Company Profile: ISO 14001 -> the management capabilities only (NO concrete evidence) ────
 profile = build_company_profile(
    CompanyContext(company_id="env", certifications=[Certification(certification_id="ISO14001")]),
    {"ISO14001": CapabilityMappingEntry(capability_ids=mgmt, confidence=Confidence.MEDIUM)})
 # ── SAME engine as ISO 27001 -> CRA: required = management + concrete; delta = what's missing ─
 reqs = [TargetRequirement(capability_id=c) for c in mgmt + concrete]
 assess = assess_transition(TransitionContext(company_id="env", target=TransitionGoal(target_id="Environmental")), reqs, profile)
 covered = sorted({c.capability_id for c in assess.coverage if c.status != CoverageStatus.MISSING})
 delta = sorted({c.capability_id for c in assess.coverage if c.status == CoverageStatus.MISSING})
 # ── Journey Matcher: stays domain-agnostic? cyber journeys must score ~0 on an env delta ─────
 def _sig(name, label):
    p = _load(name)
    return JourneySignature(journey_id=p.get("id", name), label=label,
                            capability_pattern=[d["capability"] for d in p["delta_requirements"]])
 journeys = [
    _sig("transition_pattern_iso14001_to_environmental_v1.yaml", "ISO14001 -> Environmental"),
    _sig("transition_pattern_iso27001_to_cra_maschinenvo_v1.yaml", "ISO27001 -> CRA + MaschinenVO"),
    _sig("transition_pattern_isms_to_tisax_v1.yaml", "ISMS -> TISAX"),
 ]
 match = match_journeys(delta, journeys)
 w("# Environmental Stress Test — funktioniert die Architektur AUSSERHALB von Cyber? (Phase Ω)")
 w("")
 w('_Erster Nicht-Cyber-Test. Nicht „wir bauen einen Umwelt-Cluster", sondern: trägt RS-005 ein völlig anderes Denkmodell (Stoffe/Emissionen/Wasser/Energie/Kreislauf) UNVERÄNDERT — nur neue DATEN, null Runtime-Code? ISO 14001 als Company Profile (Welt-1), dieselbe Engine wie ISO 27001 → CRA. Synthetisch, keine echten Namen._')
 w("")
 w("## 1. ISO 14001 als Company Profile — Management, nicht Evidence")
 w("- ISO 14001 liefert **Umwelt-MANAGEMENT-Disziplin** (Welt-1, wahrscheinlich vorhanden): %s." % ", ".join("`%s`" % c for c in mgmt))
 w("- Über **dieselbe** `assess_transition`-Engine wie im Cyber-Fall — **keine Zeile neuer Runtime-Code**, nur ein neues Pattern-YAML.")
 w("")
 w("## 2. RS-005 stellt dieselbe Frage: welche Umwelt-Capabilities fehlen?")
 w("> %s" % assess.summary.headline)
 w("- **Vermutlich vorhanden (Management):** %d — %s" % (len(covered), ", ".join("`%s`" % c for c in covered[:3]) + " …"))
 w("- **Delta (konkrete Evidence, fehlt): %d Capabilities** — z. B. %s …" % (len(delta), ", ".join("`%s`" % c for c in delta[:4])))
 w("- Capabilities sind **Verben** (capability-is-a-verb): `manage_chemical_substances`, `measure_air_emissions`, `issue_battery_passport` …")
 w("")
 w("## 3. Neue Qualitätsfrage — was erzeugt ISO 14001 typischerweise NICHT? _(rejected_assumptions, Welt-1/Welt-2)_")
 for r in ENV["rejected_assumptions"]:
    w("- %s" % r)
 w("")
 w("→ Genau wie ISO 9001 → CRA: ein **Managementsystem** gibt die Disziplin, aber **nicht die konkrete substanz-/produktspezifische Evidence**. Die Welt-1/Welt-2-Trennung bleibt erhalten.")
 w("")
 w("## 4. Journey Matcher bleibt domänen-agnostisch")
 w("> %s" % match.headline)
 w("| Journey | erklärt das Umwelt-Delta |")
 w("|---|---|")
 for m in match.matches:
    w("| %s | %d%% |" % (m.label, round(m.score * 100)))
 w("")
 w("→ Die **Cyber-Journeys erklären 0 %** des Umwelt-Deltas — der Matcher rät nicht, er erklärt nur, was das Delta wirklich beschreibt.")
 w("")
 w("## Befund")
 w("")
 w('> **Ein völlig anderes Denkmodell (Umwelt) lief durch `Reality → Evidence → Capability → Required → Delta → Journey` ohne eine Zeile neuen Runtime-Code — nur ein neues Pattern-YAML + injizierte Required-Caps.** Das ist ein stärkerer Generalitätsbeweis als zehn weitere Cyber-Regelwerke: die Architektur ist nicht „Compliance/Cyber", sondern ein allgemeines Trägersystem. **%d neue Capability-Typen** (5 Management + %d konkrete Evidence) — in der Größenordnung der Cyber-Domänen, kein Granularitäts-Frühindikator. Architecture Stability: **0 neue Runtime-Klassen, 0 neue Pipeline.**' % (len(mgmt) + len(concrete), len(concrete)))
 w("")
 print("\n".join(OUT))
@@ -47,6 +47,19 @@ def test_kpis_reported_at_full_stability():
    assert "Knowledge Velocity: %d/%d = 100%%" % (n, n) in out
 def test_capability_types_column_and_non_cyber_generality():
    out = _run()
    # the third KPI column (capability-model granularity Frühindikator) is present and populated
    assert "neue Capability-Typen" in out
    assert "Capability-Modell-Frühindikator" in out
    # the first non-cyber domain is recorded and carried the pipeline 0/0
    assert "non_cyber" in out
    assert "Generalität über Cyber hinaus" in out
    # every ledger source carries a capability-type count
    for s in _ledger()["sources"]:
        assert s["new_capability_types"] >= 1, s["source"]
 def test_pipeline_functions_are_one_time_infrastructure():
    out = _run()
    assert "EINMALIG (jetzt eingefroren)" in out
@@ -0,0 +1,64 @@
 """Environmental stress test — does the architecture work OUTSIDE cyber? (Phase Ω)
 Pins the first NON-cyber generality proof: ISO 14001 (an EMS, as a Company Profile) runs through the
 SAME RS-005 engine + Journey Matcher used for ISO 27001 -> CRA, with only new DATA (a pattern YAML +
 injected Required caps) and zero runtime code. ISO 14001 yields environmental MANAGEMENT capabilities
 (Welt-1); the concrete substance/emission/water/material evidence is the delta; rejected_assumptions
 state what ISO 14001 does NOT produce; and the Journey Matcher stays domain-agnostic (cyber journeys 0%).
 """
 from __future__ import annotations
 import os
 import subprocess
 import sys
 def _run():
    root = os.path.join(os.path.dirname(__file__), "..")
    r = subprocess.run(
        [sys.executable, "reference_scenarios/environmental_stress_test.py"],
        cwd=root, env={**os.environ, "PYTHONPATH": "."}, capture_output=True, text=True,
    )
    assert r.returncode == 0, r.stderr
    return r.stdout
 def test_runs_end_to_end_outside_cyber():
    out = _run()
    assert "AUSSERHALB von Cyber" in out
    assert "keine Zeile neuer Runtime-Code" in out
 def test_iso14001_is_management_not_evidence():
    out = _run()
    # 5 management capabilities probably present, 11 concrete-evidence capabilities missing
    assert "5 vermutlich vorhanden, 11 fehlt" in out
    assert "manage_chemical_substances" in out  # a verb capability
 def test_rejected_assumptions_preserve_welt1_welt2():
    out = _run()
    assert "rejected_assumptions" in out
    assert "ISO 14001 does NOT produce concrete substance lists or REACH registrations." in out
    assert "Welt-1/Welt-2-Trennung bleibt erhalten" in out
 def test_journey_matcher_stays_domain_agnostic():
    out = _run()
    # the environmental journey explains the delta; cyber journeys explain 0%
    assert "| ISO14001 -> Environmental | 100% |" in out
    assert "| ISMS -> TISAX | 0% |" in out
    assert "| ISO27001 -> CRA + MaschinenVO | 0% |" in out
 def test_zero_runtime_change_verdict():
    out = _run()
    assert "0 neue Runtime-Klassen, 0 neue Pipeline" in out
    assert "16 neue Capability-Typen" in out
 def test_no_real_company_names():
    out = _run().lower()
    for name in ["eto", "owis", "winterhalter"]:
        assert name not in out