feat: Environmental stress test — the architecture works OUTSIDE cyber (Phase Ω, data-only)

First NON-cyber stress test. Every prior journey was cyber (infosec/software/product security).
Environmental brings a completely different mental model (substance flows, emissions, water,
chemicals, energy, circularity). The claim under test: RS-005 carries it UNCHANGED — only new DATA,
zero runtime code.

ISO 14001 (an EMS) is modelled as a Company Profile and run through the SAME engines as ISO 27001 ->
CRA (new pattern transition_pattern_iso14001_to_environmental_v1.yaml, capabilities as VERBS):
  - ISO 14001 yields 5 environmental MANAGEMENT capabilities (Welt-1, probably present)
  - the concrete substance/emission/water/material EVIDENCE is the 11-capability delta
  - rejected_assumptions state what ISO 14001 does NOT produce (substance lists, REACH, emissions,
    battery passports, water analyses) — preserving the Welt-1/Welt-2 separation
  - the Journey Matcher stays domain-agnostic: ISO14001->Environmental 100%, cyber journeys 0%

Result: a non-cyber domain ran through Reality -> ... -> Journey with 0 new runtime classes and 0
new pipeline — a stronger generality proof than ten more cyber regulations.

Also extends the Architecture Stability ledger with the third KPI column the user requested — "new
capability types" — as a granularity Frühindikator (a domain needing ~80 new types at 0 runtime would
flag a too-coarse/too-fine capability model). Environmental = 16 types (5 mgmt + 11 evidence), in
range. Ledger now flags cyber vs non_cyber family. Non-runtime -> no deploy. 19 tests pass, check-loc 0.

backend-compliance/knowledge/architecture_stability/integration_ledger.yaml

@@ -12,6 +12,9 @@
 # stability claim broke and Phase Ω failed; record it honestly.
 
 # --- Integrated Requirement Sources: each is DATA (a pattern / a Required set), run by the shared pipeline ---
+# new_capability_types = distinct NEW capability ids the source introduced. NOT an architecture break —
+# a FRÜHINDIKATOR for capability-model granularity: if a domain ever needs ~80 new types with 0 runtime
+# change, the capability model is probably cut too coarse or too fine. Watch the number, not just 0/0.
 sources:
   - source: "Cyber Resilience Act (CRA)"
     domain: industrial_automation
@@ -19,7 +22,9 @@ sources:
     integrated_as: transition_pattern_data
     new_runtime_classes: 0
     new_pipeline: false
+    new_capability_types: 13
     integration_kind: data_only
+    family: cyber
     exercised_by: "customer_mission_1/2/3, journey_matcher_demo"
   - source: "Maschinenverordnung (MaschinenVO)"
     domain: industrial_automation
@@ -27,7 +32,9 @@ sources:
     integrated_as: transition_pattern_data
     new_runtime_classes: 0
     new_pipeline: false
+    new_capability_types: 4
     integration_kind: data_only
+    family: cyber
     exercised_by: "customer_mission_1/3, journey_matcher_demo"
   - source: "TISAX"
     domain: automotive
@@ -35,7 +42,9 @@ sources:
     integrated_as: transition_pattern_data
     new_runtime_classes: 0
     new_pipeline: false
+    new_capability_types: 5
     integration_kind: data_only
+    family: cyber
     exercised_by: "customer_mission_3/5, journey_matcher_demo"
   - source: "Public Tender (öffentliche Ausschreibung)"
     domain: cross_industry
@@ -43,7 +52,9 @@ sources:
     integrated_as: injected_required_set
     new_runtime_classes: 0
     new_pipeline: false
+    new_capability_types: 3
     integration_kind: data_only
+    family: cyber
     exercised_by: "customer_mission_3/4"
   - source: "OEM Specification (Lastenheft)"
     domain: automotive
@@ -51,16 +62,20 @@ sources:
     integrated_as: injected_required_set
     new_runtime_classes: 0
     new_pipeline: false
+    new_capability_types: 4
     integration_kind: data_only
+    family: cyber
     exercised_by: "customer_mission_4"
-  - source: "Environmental / Material evidence target"
+  - source: "ISO 14001 -> Environmental/Material (REACH/RoHS/Batterie/Wasser/Energie/Abfall)"
     domain: environmental
-    target_type: environmental
-    integrated_as: injected_required_set
+    target_type: regulation
+    integrated_as: transition_pattern_data
     new_runtime_classes: 0
     new_pipeline: false
+    new_capability_types: 16
     integration_kind: data_only
-    exercised_by: "customer_mission_5"
+    family: non_cyber          # FIRST non-cyber domain — the real generality test
+    exercised_by: "customer_mission_5, environmental_stress_test"
 
 # --- One-time, domain-AGNOSTIC pipeline functions (built once, now FROZEN per Phase Ω). ---
 # Listed for honesty so the stability KPI cannot be gamed: these are NOT per-domain costs. The last

backend-compliance/knowledge/transition_patterns/transition_pattern_iso14001_to_environmental_v1.yaml

@@ -0,0 +1,118 @@
+# Transition KNOWLEDGE Pattern (TKP) — ISO 14001 (EMS)  ->  Environmental / Material compliance
+# THE FIRST NON-CYBER STRESS TEST. Every prior pattern lives in the cyber family (infosec / software /
+# product cybersecurity). Environmental brings entirely different mental models: substance flows,
+# emissions, water, chemicals, energy, circularity, disposal. If RS-005 carries this UNCHANGED (only new
+# DATA, zero runtime code), the architecture is general beyond cyber.
+#
+# Same shape as ISO 9001 -> CRA: ISO 14001 is a MANAGEMENT system. It gives environmental management
+# discipline (aspects, compliance process, audits, improvement, document control) but NOT the concrete,
+# substance-/product-specific EVIDENCE. So the delta is large, and the new quality question is explicit:
+# "which environmental capabilities does ISO 14001 typically NOT produce?" -> rejected_assumptions.
+# Capabilities are VERBS (capability-is-a-verb). Curated expert FIRST DRAFT, NOT a normative proof.
+
+id: TP-ISO14001-ENV-v1
+status: draft                 # draft(L1) -> reviewed(L2) -> validated(L3, expert) -> proven(L4)
+version: 1
+
+transition_goal:
+  from:
+    standard: "ISO 14001"
+    edition: "2015"
+    nature: organizational_environmental_management_system
+  to:
+    domain: "Environmental / Material compliance"
+    nature: concrete_environmental_evidence
+    sources: ["REACH", "RoHS", "Batterieverordnung", "Wasserrecht", "Abwasservorschriften", "Energiemanagement (EnEfG)", "Kreislaufwirtschaft (KrWG/AVV)", "Emissionsschutz (BImSchG)"]
+  one_line: "Move a manufacturer whose only environmental management system is ISO 14001 toward concrete environmental/material compliance for a product placed on the EU market."
+
+provenance:
+  author: "Claude (Reasoning session) — AI first draft (L1)"
+  basis: "ISO 14001:2015 (6.1.2 aspects, 6.1.3 compliance obligations, 7.5 documented information, 9.2 internal audit, 10.3 continual improvement) vs concrete substance/emission/water/material duties."
+  reviewed_by: null
+  validated_by: null
+
+disclaimer: >
+  Curated expert knowledge, NOT a normative proof. KEY INSIGHT: ISO 14001 is an environmental MANAGEMENT
+  system — it provides the discipline to identify aspects and run compliance/audit/improvement processes,
+  but it produces NO concrete substance lists, emission measurements, REACH registrations, battery
+  passports or water analyses. The environmental delta for an ISO-14001-only manufacturer is therefore
+  LARGE. Welt-1; confidence from the curated relationship, never "erfüllt".
+
+source_state_variants:
+  certified:      "ISO 14001 certified -> the management-discipline assumptions hold; concrete evidence is still missing."
+  ems_introduced: "EMS implemented but not certified -> downgrade 'partially_supports' to needs_confirmation."
+
+# ── A) LIKELY COVERED — only environmental MANAGEMENT discipline (partially_supports), NOT evidence. ──
+likely_covered:
+  - capability: identify_environmental_aspects
+    iso14001_basis: ["6.1.2"]
+    relationship: partially_supports
+    confidence_source: relationship
+    verification: required
+    expected_evidence: [environmental_aspects_register]
+    rationale: "ISO 14001 requires identifying environmental aspects/impacts — the discipline to KNOW where chemicals, water, energy and waste are relevant — but not the concrete substance/emission data itself."
+    reviewable_claim: "Aspect identification scopes environmental topics but does not measure or declare any substance."
+  - capability: operate_environmental_compliance_process
+    iso14001_basis: ["6.1.3", "9.1.2"]
+    relationship: partially_supports
+    confidence_source: relationship
+    verification: required
+    expected_evidence: [compliance_obligations_register]
+    rationale: "ISO 14001 requires a process to determine and evaluate compliance obligations — a framework to TRACK duties, not to discharge any specific one."
+    reviewable_claim: "A compliance-obligations process tracks duties but does not produce a REACH registration or an emission report."
+  - capability: conduct_internal_environmental_audits
+    iso14001_basis: ["9.2"]
+    relationship: partially_supports
+    confidence_source: relationship
+    verification: required
+    expected_evidence: [internal_audit_programme]
+    rationale: "Internal audit gives assurance that the EMS runs — process assurance, not substance evidence."
+    reviewable_claim: "Internal audits assure the management system, not concrete environmental performance."
+  - capability: run_continual_environmental_improvement
+    iso14001_basis: ["10.3"]
+    relationship: partially_supports
+    confidence_source: relationship
+    verification: required
+    expected_evidence: [improvement_objectives]
+    rationale: "Continual improvement drives objectives/targets — direction, not the concrete deliverables a regulation demands."
+    reviewable_claim: "Improvement objectives set direction but do not constitute regulatory evidence."
+  - capability: control_environmental_documents
+    iso14001_basis: ["7.5"]
+    relationship: partially_supports
+    confidence_source: relationship
+    verification: required
+    expected_evidence: [document_control_procedure]
+    rationale: "Documented-information control gives the discipline to MAINTAIN records — but no record content."
+    reviewable_claim: "Document control maintains records; it does not create the substance/emission records themselves."
+
+# ── B) DELTA — the concrete substance/emission/water/material EVIDENCE ISO 14001 does NOT produce. ──
+# Each carries covers_targets = the requirement sources that demand it (the verb -> sources mapping).
+delta_requirements:
+  - {capability: manage_chemical_substances, missing_because: "An EMS does not maintain a concrete chemical inventory.", why_asked: "REACH/RoHS require knowing exactly which substances are present.", dropped_if: ["A maintained substance inventory exists."], needed_information: verify_existence, covers_targets: [REACH, RoHS], expected_evidence: [chemical_inventory], priority: high, reviewable_claim: "ISO 14001 does not maintain a concrete substance inventory."}
+  - {capability: register_substances_under_reach, missing_because: "No REACH registration dossiers in an EMS.", why_asked: "REACH requires registration of manufactured/imported substances >1 t/a.", dropped_if: ["REACH registration/notification dossiers exist."], needed_information: request_evidence, covers_targets: [REACH], expected_evidence: [reach_registration_dossier], priority: high, reviewable_claim: "ISO 14001 does not produce REACH registrations."}
+  - {capability: restrict_hazardous_substances_rohs, missing_because: "No RoHS substance-restriction evidence in an EMS.", why_asked: "RoHS restricts specific hazardous substances in EEE.", dropped_if: ["RoHS compliance declarations + material data exist."], needed_information: request_evidence, covers_targets: [RoHS], expected_evidence: [rohs_declaration], priority: high, reviewable_claim: "ISO 14001 does not establish RoHS substance-restriction evidence."}
+  - {capability: monitor_water_consumption, missing_because: "An EMS does not meter water by permit.", why_asked: "Water permits require monitoring abstraction/consumption.", dropped_if: ["Water consumption is metered and reported per permit."], needed_information: verify_existence, covers_targets: ["Wasserrecht"], expected_evidence: [water_consumption_records], priority: medium, reviewable_claim: "ISO 14001 does not meter water consumption per permit."}
+  - {capability: treat_and_document_wastewater, missing_because: "No concrete effluent treatment/analysis in an EMS.", why_asked: "National wastewater rules set discharge limits + monitoring.", dropped_if: ["Effluent treatment + discharge analyses exist."], needed_information: request_evidence, covers_targets: ["Abwasservorschriften"], expected_evidence: [wastewater_analysis], priority: high, reviewable_claim: "ISO 14001 does not treat or analyse wastewater."}
+  - {capability: account_energy_consumption, missing_because: "No concrete energy accounting in an EMS.", why_asked: "Energy-management duties require documented consumption.", dropped_if: ["Energy consumption is accounted and reported."], needed_information: verify_existence, covers_targets: ["Energiemanagement (EnEfG)"], expected_evidence: [energy_consumption_report], priority: medium, reviewable_claim: "ISO 14001 does not account energy consumption."}
+  - {capability: document_waste_streams, missing_because: "No concrete waste-stream records in an EMS.", why_asked: "Circular-economy/waste law requires documented streams + codes.", dropped_if: ["Waste streams are documented with EWC codes."], needed_information: verify_existence, covers_targets: ["Kreislaufwirtschaft (KrWG/AVV)"], expected_evidence: [waste_register], priority: medium, reviewable_claim: "ISO 14001 does not document concrete waste streams."}
+  - {capability: declare_material_composition, missing_because: "No material declaration in an EMS.", why_asked: "Customer/SCIP/battery rules require material declarations.", dropped_if: ["Material declarations (e.g. SCIP) exist."], needed_information: request_evidence, covers_targets: ["Kundenanforderungen", "Batterieverordnung"], expected_evidence: [material_declaration], priority: high, reviewable_claim: "ISO 14001 does not declare material composition."}
+  - {capability: issue_battery_passport, missing_because: "No battery passport in an EMS.", why_asked: "The Battery Regulation requires a battery passport for in-scope batteries.", dropped_if: ["A battery passport is issued per unit/model."], needed_information: request_evidence, covers_targets: ["Batterieverordnung"], expected_evidence: [battery_passport], priority: high, reviewable_claim: "ISO 14001 does not produce a battery passport."}
+  - {capability: measure_air_emissions, missing_because: "No concrete emission measurements in an EMS.", why_asked: "Emission-protection law requires measured emissions for in-scope installations.", dropped_if: ["Emission measurements/reports exist per permit."], needed_information: request_evidence, covers_targets: ["Emissionsschutz (BImSchG)"], expected_evidence: [emission_measurement_report], priority: medium, reviewable_claim: "ISO 14001 does not measure air emissions."}
+  - {capability: analyze_water_discharge, missing_because: "No concrete water analyses in an EMS.", why_asked: "Permits require periodic water/effluent analyses.", dropped_if: ["Periodic water analyses exist."], needed_information: request_evidence, covers_targets: ["Wasserrecht", "Abwasservorschriften"], expected_evidence: [water_analysis], priority: medium, reviewable_claim: "ISO 14001 does not perform water analyses."}
+
+# ── C) REJECTED ASSUMPTIONS — the new quality question: what ISO 14001 typically does NOT produce. ──
+rejected_assumptions:
+  - "ISO 14001 does NOT produce concrete substance lists or REACH registrations."
+  - "ISO 14001 does NOT produce concrete air-emission measurements."
+  - "ISO 14001 does NOT produce battery passports or material declarations."
+  - "ISO 14001 does NOT produce water or wastewater analyses."
+  - "An ISO 14001 certificate does NOT establish RoHS substance-restriction evidence."
+
+determinism_goal: >
+  Two independent auditors should agree that an ISO-14001-only manufacturer has the environmental
+  MANAGEMENT discipline but is missing nearly all concrete substance/emission/water/material evidence —
+  the same shape as ISO 9001 -> CRA, in a completely non-cyber domain.
+
+review_checklist:
+  - "Confirm the delta + rejected_assumptions with an environmental compliance expert."
+  - "Replace capability ids with Capability Registry MCAP ids once assigned."

backend-compliance/reference_scenarios/architecture_stability_kpi.md

@@ -2,19 +2,21 @@
 
 _Der Fokus hat sich verschoben: nicht mehr „kann die Architektur das?", sondern „wo versagt sie bei echtem Fachwissen?". Diese zwei KPIs erhebt kaum jemand. Eine neue Domäne ist eine ZEILE im Ledger (Daten), nie eine Codeänderung — genau das macht den KPI auditierbar._
 
-## Architecture Stability — pro integrierter Anforderungsquelle: neue Runtime-Klassen? neue Pipeline?
+## Architecture Stability — pro Quelle: neue Runtime-Klassen? neue Pipeline? neue Capability-Typen?
 
-| Quelle | Zieltyp | als | neue Runtime-Klassen | neue Pipeline | Ergebnis |
-|---|---|---|---:|---:|---|
-| Cyber Resilience Act (CRA) | regulation | transition_pattern_data | 0 | 0 | ✅ |
-| Maschinenverordnung (MaschinenVO) | regulation | transition_pattern_data | 0 | 0 | ✅ |
-| TISAX | certification | transition_pattern_data | 0 | 0 | ✅ |
-| Public Tender (öffentliche Ausschreibung) | contract | injected_required_set | 0 | 0 | ✅ |
-| OEM Specification (Lastenheft) | contract | injected_required_set | 0 | 0 | ✅ |
-| Environmental / Material evidence target | environmental | injected_required_set | 0 | 0 | ✅ |
+| Quelle | Familie | neue Runtime-Klassen | neue Pipeline | neue Capability-Typen | Ergebnis |
+|---|---|---:|---:|---:|---|
+| Cyber Resilience Act (CRA) | cyber | 0 | 0 | 13 | ✅ |
+| Maschinenverordnung (MaschinenVO) | cyber | 0 | 0 | 4 | ✅ |
+| TISAX | cyber | 0 | 0 | 5 | ✅ |
+| Public Tender (öffentliche Ausschreibung) | cyber | 0 | 0 | 3 | ✅ |
+| OEM Specification (Lastenheft) | cyber | 0 | 0 | 4 | ✅ |
+| ISO 14001 -> Environmental/Material (REACH/RoHS/Batterie/Wasser/Energie/Abfall) | non_cyber | 0 | 0 | 16 | ✅ |
 
 - **Architecture Stability: 6/6 = 100%** der Quellen ohne neue Runtime-Klasse und ohne neue Pipeline.
 - **Knowledge Velocity: 6/6 = 100%** der Quellen **data-only** integriert (kein Entwickler nötig).
+- **Generalität über Cyber hinaus: 1/6 Quellen NICHT-Cyber** (Umwelt) — trugen die Pipeline ebenfalls 0/0. Das ist der eigentliche Test (ein anderes Denkmodell, nicht noch ein Cyber-Regelwerk).
+- **Capability-Modell-Frühindikator: 45 neue Typen gesamt, Maximum 16** (Umwelt, erste Nicht-Cyber-Domäne) — in Range, KEIN Granularitätsalarm (Alarm ≈ eine Domäne braucht plötzlich ~80 neue Typen bei 0 Runtime-Change → Modell zu grob/fein).
 
 ## Ehrlichkeit: die Pipeline-Funktionen sind EINMALIG (jetzt eingefroren)
 - 6 domänen-AGNOSTISCHE Funktionen, einmal gebaut, nicht je Domäne: `transition_reasoning (RS-005)`, `optimization`, `journey_matcher (ADR-011)`, `playbook`, `completeness`, `company (2A)`.

backend-compliance/reference_scenarios/architecture_stability_kpi.py

@@ -38,20 +38,27 @@ w("# Architecture Stability + Knowledge Velocity — Phase Ω (Evidence of Gener
 w("")
 w('_Der Fokus hat sich verschoben: nicht mehr „kann die Architektur das?", sondern „wo versagt sie bei echtem Fachwissen?". Diese zwei KPIs erhebt kaum jemand. Eine neue Domäne ist eine ZEILE im Ledger (Daten), nie eine Codeänderung — genau das macht den KPI auditierbar._')
 w("")
-w("## Architecture Stability — pro integrierter Anforderungsquelle: neue Runtime-Klassen? neue Pipeline?")
+w("## Architecture Stability — pro Quelle: neue Runtime-Klassen? neue Pipeline? neue Capability-Typen?")
 w("")
-w("| Quelle | Zieltyp | als | neue Runtime-Klassen | neue Pipeline | Ergebnis |")
-w("|---|---|---|---:|---:|---|")
+w("| Quelle | Familie | neue Runtime-Klassen | neue Pipeline | neue Capability-Typen | Ergebnis |")
+w("|---|---|---:|---:|---:|---|")
 for s in sources:
     ok = "✅" if (s["new_runtime_classes"] == 0 and not s["new_pipeline"]) else "❌"
-    w("| %s | %s | %s | %d | %s | %s |" % (
-        s["source"], s["target_type"], s["integrated_as"], s["new_runtime_classes"],
-        "ja" if s["new_pipeline"] else "0", ok))
+    w("| %s | %s | %d | %s | %d | %s |" % (
+        s["source"], s.get("family", "-"), s["new_runtime_classes"],
+        "ja" if s["new_pipeline"] else "0", s.get("new_capability_types", 0), ok))
 w("")
+non_cyber = [s for s in sources if s.get("family") == "non_cyber"]
+total_types = sum(s.get("new_capability_types", 0) for s in sources)
+max_types = max((s.get("new_capability_types", 0) for s in sources), default=0)
 w("- **Architecture Stability: %d/%d = %d%%** der Quellen ohne neue Runtime-Klasse und ohne neue Pipeline." % (
     len(stable), n, round(arch_stability * 100)))
 w("- **Knowledge Velocity: %d/%d = %d%%** der Quellen **data-only** integriert (kein Entwickler nötig)." % (
     len(data_only), n, round(knowledge_velocity * 100)))
+w("- **Generalität über Cyber hinaus: %d/%d Quellen NICHT-Cyber** (Umwelt) — trugen die Pipeline ebenfalls 0/0. Das ist der eigentliche Test (ein anderes Denkmodell, nicht noch ein Cyber-Regelwerk)." % (
+    len(non_cyber), n))
+w("- **Capability-Modell-Frühindikator: %d neue Typen gesamt, Maximum %d** (Umwelt, erste Nicht-Cyber-Domäne) — in Range, KEIN Granularitätsalarm (Alarm ≈ eine Domäne braucht plötzlich ~80 neue Typen bei 0 Runtime-Change → Modell zu grob/fein)." % (
+    total_types, max_types))
 w("")
 
 # pipeline functions = one-time, domain-agnostic infrastructure (honesty: not per-domain costs)

backend-compliance/reference_scenarios/environmental_stress_test.md

@@ -0,0 +1,37 @@
+# Environmental Stress Test — funktioniert die Architektur AUSSERHALB von Cyber? (Phase Ω)
+
+_Erster Nicht-Cyber-Test. Nicht „wir bauen einen Umwelt-Cluster", sondern: trägt RS-005 ein völlig anderes Denkmodell (Stoffe/Emissionen/Wasser/Energie/Kreislauf) UNVERÄNDERT — nur neue DATEN, null Runtime-Code? ISO 14001 als Company Profile (Welt-1), dieselbe Engine wie ISO 27001 → CRA. Synthetisch, keine echten Namen._
+
+## 1. ISO 14001 als Company Profile — Management, nicht Evidence
+- ISO 14001 liefert **Umwelt-MANAGEMENT-Disziplin** (Welt-1, wahrscheinlich vorhanden): `identify_environmental_aspects`, `operate_environmental_compliance_process`, `conduct_internal_environmental_audits`, `run_continual_environmental_improvement`, `control_environmental_documents`.
+- Über **dieselbe** `assess_transition`-Engine wie im Cyber-Fall — **keine Zeile neuer Runtime-Code**, nur ein neues Pattern-YAML.
+
+## 2. RS-005 stellt dieselbe Frage: welche Umwelt-Capabilities fehlen?
+> 16 zu klären, 0 bereits abgedeckt, 5 vermutlich vorhanden, 11 fehlt, 0 n/a, 0 nicht im Korpus.
+- **Vermutlich vorhanden (Management):** 5 — `conduct_internal_environmental_audits`, `control_environmental_documents`, `identify_environmental_aspects` …
+- **Delta (konkrete Evidence, fehlt): 11 Capabilities** — z. B. `account_energy_consumption`, `analyze_water_discharge`, `declare_material_composition`, `document_waste_streams` …
+- Capabilities sind **Verben** (capability-is-a-verb): `manage_chemical_substances`, `measure_air_emissions`, `issue_battery_passport` …
+
+## 3. Neue Qualitätsfrage — was erzeugt ISO 14001 typischerweise NICHT? _(rejected_assumptions, Welt-1/Welt-2)_
+- ISO 14001 does NOT produce concrete substance lists or REACH registrations.
+- ISO 14001 does NOT produce concrete air-emission measurements.
+- ISO 14001 does NOT produce battery passports or material declarations.
+- ISO 14001 does NOT produce water or wastewater analyses.
+- An ISO 14001 certificate does NOT establish RoHS substance-restriction evidence.
+
+→ Genau wie ISO 9001 → CRA: ein **Managementsystem** gibt die Disziplin, aber **nicht die konkrete substanz-/produktspezifische Evidence**. Die Welt-1/Welt-2-Trennung bleibt erhalten.
+
+## 4. Journey Matcher bleibt domänen-agnostisch
+> 1 Journeys erklaeren das Delta; beste: ISO14001 -> Environmental (100% des Deltas)
+| Journey | erklärt das Umwelt-Delta |
+|---|---|
+| ISO14001 -> Environmental | 100% |
+| ISMS -> TISAX | 0% |
+| ISO27001 -> CRA + MaschinenVO | 0% |
+
+→ Die **Cyber-Journeys erklären 0 %** des Umwelt-Deltas — der Matcher rät nicht, er erklärt nur, was das Delta wirklich beschreibt.
+
+## Befund
+
+> **Ein völlig anderes Denkmodell (Umwelt) lief durch `Reality → Evidence → Capability → Required → Delta → Journey` ohne eine Zeile neuen Runtime-Code — nur ein neues Pattern-YAML + injizierte Required-Caps.** Das ist ein stärkerer Generalitätsbeweis als zehn weitere Cyber-Regelwerke: die Architektur ist nicht „Compliance/Cyber", sondern ein allgemeines Trägersystem. **16 neue Capability-Typen** (5 Management + 11 konkrete Evidence) — in der Größenordnung der Cyber-Domänen, kein Granularitäts-Frühindikator. Architecture Stability: **0 neue Runtime-Klassen, 0 neue Pipeline.**
+

backend-compliance/reference_scenarios/environmental_stress_test.py

@@ -0,0 +1,107 @@
+# ruff: noqa
+# mypy: ignore-errors
+"""Environmental stress test — does the architecture work OUTSIDE cyber? (Phase Ω)
+
+Every prior journey lived in the cyber family (CRA / MaschinenVO / TISAX / ISO 27001 / OEM / Tender —
+all infosec, software, product cybersecurity). This is the first NON-cyber stress test: substance flows,
+emissions, water, chemicals, energy, circularity. The claim under test is NOT "we built an environmental
+cluster" but "RS-005 carries an entirely different mental model UNCHANGED — only new DATA, zero runtime".
+
+It runs ISO 14001 (an EMS, as a Company Profile, Welt-1) -> an Environmental target through the SAME
+engines used for ISO 27001 -> CRA, and asks the SAME question: which environmental capabilities are
+still missing? Plus the new quality question (rejected_assumptions): which capabilities does ISO 14001
+typically NOT produce? And it runs the Journey Matcher to confirm it stays domain-agnostic.
+
+Synthetic, no real names. Non-runtime -> no deploy.
+Run:  cd backend-compliance && PYTHONPATH=. python3 reference_scenarios/environmental_stress_test.py
+"""
+from __future__ import annotations
+
+import os
+import yaml
+
+from compliance.company import (
+    CompanyContext, Certification, CapabilityMappingEntry, build_company_profile,
+)
+from compliance.reasoning.enums import Confidence
+from compliance.transition_reasoning import (
+    TransitionContext, TransitionGoal, TargetRequirement, assess_transition, CoverageStatus,
+)
+from compliance.journey_matcher import JourneySignature, match_journeys
+
+OUT = []
+
+
+def w(s=""):
+    OUT.append(s)
+
+
+_K = os.path.join(os.path.dirname(__file__), "..", "knowledge", "transition_patterns")
+
+
+def _load(name):
+    return yaml.safe_load(open(os.path.join(_K, name), encoding="utf-8"))
+
+
+ENV = _load("transition_pattern_iso14001_to_environmental_v1.yaml")
+mgmt = [a["capability"] for a in ENV["likely_covered"]]          # what ISO 14001 DOES give (Welt-1)
+concrete = [d["capability"] for d in ENV["delta_requirements"]]  # what it does NOT give (the delta)
+
+# ── Company Profile: ISO 14001 -> the management capabilities only (NO concrete evidence) ────
+profile = build_company_profile(
+    CompanyContext(company_id="env", certifications=[Certification(certification_id="ISO14001")]),
+    {"ISO14001": CapabilityMappingEntry(capability_ids=mgmt, confidence=Confidence.MEDIUM)})
+
+# ── SAME engine as ISO 27001 -> CRA: required = management + concrete; delta = what's missing ─
+reqs = [TargetRequirement(capability_id=c) for c in mgmt + concrete]
+assess = assess_transition(TransitionContext(company_id="env", target=TransitionGoal(target_id="Environmental")), reqs, profile)
+covered = sorted({c.capability_id for c in assess.coverage if c.status != CoverageStatus.MISSING})
+delta = sorted({c.capability_id for c in assess.coverage if c.status == CoverageStatus.MISSING})
+
+# ── Journey Matcher: stays domain-agnostic? cyber journeys must score ~0 on an env delta ─────
+def _sig(name, label):
+    p = _load(name)
+    return JourneySignature(journey_id=p.get("id", name), label=label,
+                            capability_pattern=[d["capability"] for d in p["delta_requirements"]])
+journeys = [
+    _sig("transition_pattern_iso14001_to_environmental_v1.yaml", "ISO14001 -> Environmental"),
+    _sig("transition_pattern_iso27001_to_cra_maschinenvo_v1.yaml", "ISO27001 -> CRA + MaschinenVO"),
+    _sig("transition_pattern_isms_to_tisax_v1.yaml", "ISMS -> TISAX"),
+]
+match = match_journeys(delta, journeys)
+
+w("# Environmental Stress Test — funktioniert die Architektur AUSSERHALB von Cyber? (Phase Ω)")
+w("")
+w('_Erster Nicht-Cyber-Test. Nicht „wir bauen einen Umwelt-Cluster", sondern: trägt RS-005 ein völlig anderes Denkmodell (Stoffe/Emissionen/Wasser/Energie/Kreislauf) UNVERÄNDERT — nur neue DATEN, null Runtime-Code? ISO 14001 als Company Profile (Welt-1), dieselbe Engine wie ISO 27001 → CRA. Synthetisch, keine echten Namen._')
+w("")
+w("## 1. ISO 14001 als Company Profile — Management, nicht Evidence")
+w("- ISO 14001 liefert **Umwelt-MANAGEMENT-Disziplin** (Welt-1, wahrscheinlich vorhanden): %s." % ", ".join("`%s`" % c for c in mgmt))
+w("- Über **dieselbe** `assess_transition`-Engine wie im Cyber-Fall — **keine Zeile neuer Runtime-Code**, nur ein neues Pattern-YAML.")
+w("")
+w("## 2. RS-005 stellt dieselbe Frage: welche Umwelt-Capabilities fehlen?")
+w("> %s" % assess.summary.headline)
+w("- **Vermutlich vorhanden (Management):** %d — %s" % (len(covered), ", ".join("`%s`" % c for c in covered[:3]) + " …"))
+w("- **Delta (konkrete Evidence, fehlt): %d Capabilities** — z. B. %s …" % (len(delta), ", ".join("`%s`" % c for c in delta[:4])))
+w("- Capabilities sind **Verben** (capability-is-a-verb): `manage_chemical_substances`, `measure_air_emissions`, `issue_battery_passport` …")
+w("")
+w("## 3. Neue Qualitätsfrage — was erzeugt ISO 14001 typischerweise NICHT? _(rejected_assumptions, Welt-1/Welt-2)_")
+for r in ENV["rejected_assumptions"]:
+    w("- %s" % r)
+w("")
+w("→ Genau wie ISO 9001 → CRA: ein **Managementsystem** gibt die Disziplin, aber **nicht die konkrete substanz-/produktspezifische Evidence**. Die Welt-1/Welt-2-Trennung bleibt erhalten.")
+w("")
+w("## 4. Journey Matcher bleibt domänen-agnostisch")
+w("> %s" % match.headline)
+w("| Journey | erklärt das Umwelt-Delta |")
+w("|---|---|")
+for m in match.matches:
+    w("| %s | %d%% |" % (m.label, round(m.score * 100)))
+w("")
+w("→ Die **Cyber-Journeys erklären 0 %** des Umwelt-Deltas — der Matcher rät nicht, er erklärt nur, was das Delta wirklich beschreibt.")
+w("")
+w("## Befund")
+w("")
+w('> **Ein völlig anderes Denkmodell (Umwelt) lief durch `Reality → Evidence → Capability → Required → Delta → Journey` ohne eine Zeile neuen Runtime-Code — nur ein neues Pattern-YAML + injizierte Required-Caps.** Das ist ein stärkerer Generalitätsbeweis als zehn weitere Cyber-Regelwerke: die Architektur ist nicht „Compliance/Cyber", sondern ein allgemeines Trägersystem. **%d neue Capability-Typen** (5 Management + %d konkrete Evidence) — in der Größenordnung der Cyber-Domänen, kein Granularitäts-Frühindikator. Architecture Stability: **0 neue Runtime-Klassen, 0 neue Pipeline.**' % (len(mgmt) + len(concrete), len(concrete)))
+w("")
+
+print("\n".join(OUT))

backend-compliance/tests/test_architecture_stability_kpi.py

@@ -47,6 +47,19 @@ def test_kpis_reported_at_full_stability():
     assert "Knowledge Velocity: %d/%d = 100%%" % (n, n) in out
 
 
+def test_capability_types_column_and_non_cyber_generality():
+    out = _run()
+    # the third KPI column (capability-model granularity Frühindikator) is present and populated
+    assert "neue Capability-Typen" in out
+    assert "Capability-Modell-Frühindikator" in out
+    # the first non-cyber domain is recorded and carried the pipeline 0/0
+    assert "non_cyber" in out
+    assert "Generalität über Cyber hinaus" in out
+    # every ledger source carries a capability-type count
+    for s in _ledger()["sources"]:
+        assert s["new_capability_types"] >= 1, s["source"]
+
+
 def test_pipeline_functions_are_one_time_infrastructure():
     out = _run()
     assert "EINMALIG (jetzt eingefroren)" in out

backend-compliance/tests/test_environmental_stress_test.py

@@ -0,0 +1,64 @@
+"""Environmental stress test — does the architecture work OUTSIDE cyber? (Phase Ω)
+
+Pins the first NON-cyber generality proof: ISO 14001 (an EMS, as a Company Profile) runs through the
+SAME RS-005 engine + Journey Matcher used for ISO 27001 -> CRA, with only new DATA (a pattern YAML +
+injected Required caps) and zero runtime code. ISO 14001 yields environmental MANAGEMENT capabilities
+(Welt-1); the concrete substance/emission/water/material evidence is the delta; rejected_assumptions
+state what ISO 14001 does NOT produce; and the Journey Matcher stays domain-agnostic (cyber journeys 0%).
+"""
+
+from __future__ import annotations
+
+import os
+import subprocess
+import sys
+
+
+def _run():
+    root = os.path.join(os.path.dirname(__file__), "..")
+    r = subprocess.run(
+        [sys.executable, "reference_scenarios/environmental_stress_test.py"],
+        cwd=root, env={**os.environ, "PYTHONPATH": "."}, capture_output=True, text=True,
+    )
+    assert r.returncode == 0, r.stderr
+    return r.stdout
+
+
+def test_runs_end_to_end_outside_cyber():
+    out = _run()
+    assert "AUSSERHALB von Cyber" in out
+    assert "keine Zeile neuer Runtime-Code" in out
+
+
+def test_iso14001_is_management_not_evidence():
+    out = _run()
+    # 5 management capabilities probably present, 11 concrete-evidence capabilities missing
+    assert "5 vermutlich vorhanden, 11 fehlt" in out
+    assert "manage_chemical_substances" in out  # a verb capability
+
+
+def test_rejected_assumptions_preserve_welt1_welt2():
+    out = _run()
+    assert "rejected_assumptions" in out
+    assert "ISO 14001 does NOT produce concrete substance lists or REACH registrations." in out
+    assert "Welt-1/Welt-2-Trennung bleibt erhalten" in out
+
+
+def test_journey_matcher_stays_domain_agnostic():
+    out = _run()
+    # the environmental journey explains the delta; cyber journeys explain 0%
+    assert "| ISO14001 -> Environmental | 100% |" in out
+    assert "| ISMS -> TISAX | 0% |" in out
+    assert "| ISO27001 -> CRA + MaschinenVO | 0% |" in out
+
+
+def test_zero_runtime_change_verdict():
+    out = _run()
+    assert "0 neue Runtime-Klassen, 0 neue Pipeline" in out
+    assert "16 neue Capability-Typen" in out
+
+
+def test_no_real_company_names():
+    out = _run().lower()
+    for name in ["eto", "owis", "winterhalter"]:
+        assert name not in out