breakpilot-compliance

Benjamin_Boenisch/breakpilot-compliance

Fork 0

Commit Graph

Author	SHA1	Message	Date
Benjamin Admin	fbbd0957bd	feat: Environmental stress test — the architecture works OUTSIDE cyber (Phase Ω, data-only) First NON-cyber stress test. Every prior journey was cyber (infosec/software/product security). Environmental brings a completely different mental model (substance flows, emissions, water, chemicals, energy, circularity). The claim under test: RS-005 carries it UNCHANGED — only new DATA, zero runtime code. ISO 14001 (an EMS) is modelled as a Company Profile and run through the SAME engines as ISO 27001 -> CRA (new pattern transition_pattern_iso14001_to_environmental_v1.yaml, capabilities as VERBS): - ISO 14001 yields 5 environmental MANAGEMENT capabilities (Welt-1, probably present) - the concrete substance/emission/water/material EVIDENCE is the 11-capability delta - rejected_assumptions state what ISO 14001 does NOT produce (substance lists, REACH, emissions, battery passports, water analyses) — preserving the Welt-1/Welt-2 separation - the Journey Matcher stays domain-agnostic: ISO14001->Environmental 100%, cyber journeys 0% Result: a non-cyber domain ran through Reality -> ... -> Journey with 0 new runtime classes and 0 new pipeline — a stronger generality proof than ten more cyber regulations. Also extends the Architecture Stability ledger with the third KPI column the user requested — "new capability types" — as a granularity Frühindikator (a domain needing ~80 new types at 0 runtime would flag a too-coarse/too-fine capability model). Environmental = 16 types (5 mgmt + 11 evidence), in range. Ledger now flags cyber vs non_cyber family. Non-runtime -> no deploy. 19 tests pass, check-loc 0.	2026-06-28 11:10:07 +02:00
Benjamin Admin	cefacb87af	feat: Architecture Stability + Knowledge Velocity KPI — Phase Ω (Evidence of Generality) The focus has shifted: no more architecture epics (the Journey Matcher was the last building block). The question is no longer "can the architecture do this?" but "where does it fail under real domain knowledge?". This operationalises the two KPIs almost nobody measures, as a non- runtime, auditable ledger: - Architecture Stability : per integrated Requirement Source — new runtime classes? new pipeline? - Knowledge Velocity : can a domain EXPERT integrate a source data-only, without a developer? A new domain is a ROW in knowledge/architecture_stability/integration_ledger.yaml (data), never a code change — so the KPI improves by adding data, which IS the proof. Current state: 6 sources across 5 target types (CRA, MaschinenVO, TISAX, Tender, OEM, Environmental) = 6/6 = 100% stability and 100% data-only. The pipeline functions are listed honestly as one-time, domain-agnostic infrastructure (now frozen), so the KPI cannot be gamed. The test is a LIVING GUARDRAIL: it fails the day a source needs runtime code, surfacing the exact moment generality breaks. Non-runtime -> no deploy. 5 tests pass, check-loc 0.	2026-06-28 10:49:00 +02:00

Author

SHA1

Message

Date

Benjamin Admin

fbbd0957bd

feat: Environmental stress test — the architecture works OUTSIDE cyber (Phase Ω, data-only)

First NON-cyber stress test. Every prior journey was cyber (infosec/software/product security).
Environmental brings a completely different mental model (substance flows, emissions, water,
chemicals, energy, circularity). The claim under test: RS-005 carries it UNCHANGED — only new DATA,
zero runtime code.

ISO 14001 (an EMS) is modelled as a Company Profile and run through the SAME engines as ISO 27001 ->
CRA (new pattern transition_pattern_iso14001_to_environmental_v1.yaml, capabilities as VERBS):
- ISO 14001 yields 5 environmental MANAGEMENT capabilities (Welt-1, probably present)
- the concrete substance/emission/water/material EVIDENCE is the 11-capability delta
- rejected_assumptions state what ISO 14001 does NOT produce (substance lists, REACH, emissions,
battery passports, water analyses) — preserving the Welt-1/Welt-2 separation
- the Journey Matcher stays domain-agnostic: ISO14001->Environmental 100%, cyber journeys 0%

Result: a non-cyber domain ran through Reality -> ... -> Journey with 0 new runtime classes and 0
new pipeline — a stronger generality proof than ten more cyber regulations.

Also extends the Architecture Stability ledger with the third KPI column the user requested — "new
capability types" — as a granularity Frühindikator (a domain needing ~80 new types at 0 runtime would
flag a too-coarse/too-fine capability model). Environmental = 16 types (5 mgmt + 11 evidence), in
range. Ledger now flags cyber vs non_cyber family. Non-runtime -> no deploy. 19 tests pass, check-loc 0.

2026-06-28 11:10:07 +02:00

Benjamin Admin

cefacb87af

feat: Architecture Stability + Knowledge Velocity KPI — Phase Ω (Evidence of Generality)

The focus has shifted: no more architecture epics (the Journey Matcher was the last building
block). The question is no longer "can the architecture do this?" but "where does it fail under
real domain knowledge?". This operationalises the two KPIs almost nobody measures, as a non-
runtime, auditable ledger:

  - Architecture Stability : per integrated Requirement Source — new runtime classes? new pipeline?
  - Knowledge Velocity     : can a domain EXPERT integrate a source data-only, without a developer?

A new domain is a ROW in knowledge/architecture_stability/integration_ledger.yaml (data), never a
code change — so the KPI improves by adding data, which IS the proof. Current state: 6 sources
across 5 target types (CRA, MaschinenVO, TISAX, Tender, OEM, Environmental) = 6/6 = 100% stability
and 100% data-only. The pipeline functions are listed honestly as one-time, domain-agnostic
infrastructure (now frozen), so the KPI cannot be gamed.

The test is a LIVING GUARDRAIL: it fails the day a source needs runtime code, surfacing the exact
moment generality breaks. Non-runtime -> no deploy. 5 tests pass, check-loc 0.

2026-06-28 10:49:00 +02:00

2 Commits