Benjamin Admin
78f0ffa9de
Roadmap item 4. After WHAT applies / WHAT is missing / WHICH first, the GF asks HOW. The Implementation Playbook renders, for one capability, the full journey — why / which regulations it closes / tools / process / evidence / controls — and chains the Optimization Roadmap into per-measure playbooks. Another renderer over the same Capability spine (ADR-003/004), not a new engine: ~95% of the data already exists, it just needs a different rendering. - compliance/playbook/: build_playbook() + playbooks_for_plan() (chains optimization -> playbook, acyclic; reuses leverage for "closes which regulations"). Capabilities without curated content render as honest status:missing stubs — the content-owed signal. - knowledge/implementation_playbooks/: curated knowledge layer (Reasoning Knowledge Acquisition), two deep expert drafts (SBOM, CVD/PSIRT, status draft, expert-draft-not-normative) + README. The bottleneck is now CONTENT, not software; Playbook (own knowledge) != regulatory domain. - ADR-004: Implementation Playbooks = renderer + knowledge layer; content is the bottleneck. - reference suite: "Implementation Playbook" section renders the SBOM journey + Roadmap->Playbook table (high-leverage caps flagged "fehlt (Inhalt)" — content backlog, highest leverage first). - refactor: extracted markdown helpers to reference_scenarios/_helpers.py to keep generate.py under the 500-LOC budget. 9 playbook tests (40 with optimization+transition+company), mypy --strict clean, check-loc 0. Product code with no app caller + knowledge/ADR/reference = non-runtime -> no deploy (ADR-001). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
46 lines
2.2 KiB
Python
46 lines
2.2 KiB
Python
"""Schemas for the Implementation Playbook renderer.
|
|
|
|
A Playbook is a *derived view* (computed-not-stored): it assembles, for one capability, the full
|
|
"wie komme ich dort hin?" journey from (a) curated playbook KNOWLEDGE, (b) the regulatory leverage
|
|
(which regulations a delivered capability closes), and (c) injected Procedure/Control/Evidence links
|
|
(Execution-owned). Nothing here is persisted. No new meta-model class, no graph (freeze v1.0).
|
|
Python 3.9 compatible (no `|` unions).
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from typing import List
|
|
|
|
from pydantic import BaseModel, Field
|
|
|
|
|
|
class PlaybookStep(BaseModel):
|
|
"""One step in the recommended way to stand up a capability."""
|
|
|
|
order: int
|
|
title: str
|
|
detail: str = ""
|
|
|
|
|
|
class Playbook(BaseModel):
|
|
"""The complete implementation journey for ONE capability — the Berater view.
|
|
|
|
Answers, in order: Warum? -> Welche Regelwerke schliesst das? -> Welche Tools? -> Welche
|
|
Prozesse? -> Welche Nachweise? -> Welche Controls? The curated parts (why/tools/steps/evidence/
|
|
how-others) are an EXPERT DRAFT, not a normative requirement; controls are injected from
|
|
Execution (may be empty until linked).
|
|
"""
|
|
|
|
capability_id: str
|
|
title: str = ""
|
|
why: str = "" # why this is required (regulatory rationale)
|
|
closes_regulations: List[str] = Field(default_factory=list) # leverage: regulations a delivered cap closes
|
|
leverage: int = 0 # = len(closes_regulations)
|
|
tools: List[str] = Field(default_factory=list) # typical tooling (curated knowledge)
|
|
process_steps: List[PlaybookStep] = Field(default_factory=list) # how to stand it up
|
|
expected_evidence: List[str] = Field(default_factory=list) # artifacts that prove it
|
|
controls: List[str] = Field(default_factory=list) # control refs (injected from Execution; may be empty)
|
|
how_others_do_it: str = "" # "wie machen das andere?" (curated)
|
|
status: str = "draft" # draft -> reviewed -> validated -> proven
|
|
disclaimer: str = "" # expert draft, not a normative requirement
|