breakpilot-compliance/backend-compliance/tests/test_medical_stress_test.py

"""Medical stress test — safety + security coupled (Phase Ω #3).

Pins the harder joint test: ISO 13485 runs through the SAME engine (0 runtime, data only), and IEC
81001-5-1 (health-software security) pulls in the SAME security MCAPs as the CRA — so Medical REUSES
cyber capabilities (the safety/security coupling shows up as capability reuse) while adding genuinely
new medical-specific caps (clinical evaluation, software safety classification, ISO 14971 risk file).
"""

from __future__ import annotations

import os
import subprocess
import sys


def _run():
    root = os.path.join(os.path.dirname(__file__), "..")
    r = subprocess.run(
        [sys.executable, "reference_scenarios/medical_stress_test.py"],
        cwd=root, env={**os.environ, "PYTHONPATH": "."}, capture_output=True, text=True,
    )
    assert r.returncode == 0, r.stderr
    return r.stdout


def test_runs_end_to_end_zero_runtime():
    out = _run()
    assert "Medical Stress Test" in out
    assert "0 neue Runtime-Klassen" in out


def test_safety_security_coupling_reuses_cyber_caps():
    out = _run()
    assert "Wiederverwendete Cyber-Capabilities (4)" in out
    for cap in ["secure_signed_update_distribution", "technical_vulnerability_management",
                "access_control_and_authentication", "sbom_creation"]:
        assert cap in out
    assert "IEC 81001-5-1" in out


def test_genuinely_new_medical_capabilities():
    out = _run()
    assert "Neu (7)" in out
    for cap in ["conduct_clinical_evaluation", "classify_software_safety_iec62304",
                "maintain_risk_management_file_iso14971", "perform_benefit_risk_analysis"]:
        assert cap in out


def test_rejected_assumptions_present():
    out = _run()
    assert "ISO 13485 does NOT produce clinical evidence" in out
    assert "the same security caps as the CRA" in out


def test_no_real_company_names():
    out = _run().lower()
    for name in ["eto", "owis", "winterhalter", "medtronic", "siemens"]:
        assert name not in out