DeZ SSY — Selfsustainability: drop into any project, auto-discover, self-repair
Project description
DeZ SSY — Selfsustainability Release Notes
Current version: 2.5.0 · 2026-07-03
Compatibility: Python 3.11+ · PyYAML ≥ 6.0
Entry point: py -3 -m ssy or console script ssy
Version 2.5.0 — 2026-07-03 · "Baukompass"
What's new
German construction compliance joins SSY. A new DIN/VOB/HOAI norm agent
runs across the HOAI Leistungsphasen (LP1–LP9), and a bundled
ConstructionAdvisor answers construction questions API-free from an embedded
catalog of 16 German construction norms — the "knows the norms by heart" core.
New: German construction norm agent (ssy/norms/din_bau.py)
ConstructionNormAgent applies the construction-norm catalog as OK / WARN / GAP
compliance checks per HOAI Leistungsphase. It scans a bounded project corpus for
evidence of each norm, and stays silent (status N/A) on projects with no
construction signal — so it never adds noise to a software or automotive scan.
Cross-cutting checks:
- Vertrauliche Bieter-/Kalkulationsdaten — VOB/A confidentiality × DSGVO (GÜ offers contain confidential bidder calculation data).
- Bundesland-specific LBO completeness at LP4 (Genehmigungsplanung).
Standalone CLI:
python -m ssy.norms.din_bau --stage LP5 # assess a Leistungsphase
python -m ssy.norms.din_bau --ask "Was steckt in Kostengruppe 400?"
python -m ssy.norms.din_bau --list-norms
New: ConstructionAdvisor knowledge base (ssy/norms/construction_knowledge.py)
An API-free, structured catalog of 16 German construction norms:
| Norm | Bereich |
|---|---|
| DIN 18040 | Barrierefreies Bauen |
| DIN 276 | Kosten im Bauwesen (KG 100–800) |
| DIN 277 | Grundflächen und Rauminhalte (BGF/NUF/NRF) |
| VOB/A/B/C | Vergabe- und Vertragsordnung für Bauleistungen |
| HOAI 2021 | Honorarordnung / Leistungsphasen LP1–LP9 |
| GEG | Gebäudeenergiegesetz (inkl. 65 %-Regel) |
| MBO / LBO | Muster-/Landesbauordnungen, Bauantrag |
| Eurocodes | DIN EN 1990–1999 (Standsicherheit) |
| DIN 4108 / 4109 | Wärme- und Schallschutz |
| DIN 18533 | Bauwerksabdichtung |
| GAEB DA XML | Datenaustausch / Leistungsverzeichnis |
| VgV / GWB | Öffentliches Vergaberecht (Oberschwelle) |
| BaustellV / ASR | Arbeitsschutz auf Baustellen |
| DIN 18205 / 18960 | Bedarfsplanung / Nutzungskosten |
from ssy.norms import ConstructionAdvisor
adv = ConstructionAdvisor()
print(adv.ask("Welche lichte Türbreite fordert DIN 18040?").as_text())
Every answer is traceable to a norm entry. ask(..., enrich=True) adds a
Claude-phrased narrative only if anthropic + ANTHROPIC_API_KEY are
present; the norm facts always come from the catalog.
Orchestrator
ALL_STAGESgains the HOAI Leistungsphasen LP1–LP9.ConstructionNormAgentregistered — 25 bundled norm agents total.- New cross-norm conflict pair DIN-BAU × GDPR (Vergabeakte-Aufbewahrung vs. DSGVO-Löschung).
Decision-support, not legal advice: for a binding statement consult the current norm text and the Landesbauordnung of the relevant Bundesland.
Version 2.0.0 — 2026-05-20 · "Compliance Horizon"
What's new
2 new bundled norm agents (19 total), cross-norm conflict detection, SARIF 2.1.0 output, trend CSV, consultation provenance, 4 new CLI flags.
New norm agents
ISO/IEC 42001:2023 — AI Management System (ssy/norms/iso42001.py)
10 checks covering: AI policy, risk register, impact assessment, AI objectives, human oversight, data governance, transparency logging, incident management, internal audit, and continual improvement. Mapped to Annex A controls and EU AI Act alignment.
NIS2 EU 2022/2555 (ssy/norms/nis2.py)
10 checks covering: risk policy, incident reporting (24h + 72h), BCP, supply chain security, cyber hygiene, cryptographic policy, MFA, access control, management accountability, and training plan requirements.
Cross-norm conflict detection
ssy/norms/orchestrator.py: detect_conflicts() identifies 6 known cross-norm tension pairs:
| Conflict | Description |
|---|---|
| GDPR × ISO 26262 | Anonymisation vs. traceability in safety-critical logs |
| GDPR × DO-178C | Data minimisation vs. complete tool qualification records |
| NIS2 × ISO 27001 | Overlapping incident reporting obligations |
| EU AI Act × GDPR | AI transparency disclosures vs. data subject privacy |
| IEC 62443 × ISO 26262 | Patching cadence vs. safety-validated software baseline |
| SOTIF × ISO 26262 | Probabilistic performance targets vs. deterministic hazard rates |
Conflicts are reported in run_stage() output as cross_norm_conflicts[].
SARIF 2.1.0 output
Engine now emits exports/ssy/ssy-{date}.sarif alongside the YAML report on every
non-dry-run. Enables VS Code Problem Matcher and GitHub Code Scanning integration.
Use --sarif to force SARIF output even in dry-run mode.
Trend CSV
Every run appends a row to exports/ssy/trend.csv:
date, timestamp, project, stable, recovering, fail, warn, repairs, iterations, version
Use --show-trend to print a longitudinal summary with WARN delta indicators (↑/↓/→).
Consultation provenance
Every AI consultation is persisted to exports/ssy/consultations/<id>.json with:
model info, temperature=0 (pinned), full input context, and all output entries.
Satisfies auditor traceability requirements for AI-assisted compliance work.
New CLI flags
| Flag | Description |
|---|---|
--explain RULE_ID |
Detailed explanation for any SSY finding rule |
--sarif |
Emit SARIF 2.1.0 output (also auto-emitted on every non-dry-run) |
--warn-budget N |
Override default WARN budget (5) per norm |
--show-trend |
Print longitudinal FAIL/WARN/repairs trend from trend.csv |
Evidence chain
Finding.evidence_chain: list[str] — every finding now carries file:line references
and rule rationale. Visible in SARIF relatedLocations and YAML evidence_chain: field.
Version 1.6.0 — 2026-05-13 · "SOTIF Sentinel"
What's new
SOTIF agent expanded — 2 new checks, 1 bugfix (12 checks total).
SOTIF.CL5.PERF_TARGETS — Quantified Performance Targets (Cl. 5.3)
SOTIF-tagged requirements must carry measurable performance acceptance criteria.
The new check looks for fields: performance_target, accuracy_target, error_rate,
false_positive_rate, false_negative_rate, detection_rate, f1_score.
Fix: Add at least one performance field to your SOTIF requirements:
id: DEZ-L1-SYS-0042
sotif: true
performance_target: "detection_rate >= 0.99 at ODD boundary conditions"
SOTIF.CL6.TRIGGERING_CONDITIONS — Triggering Conditions Register (Cl. 6.2)
ISO 21448:2022 Cl. 6.2 requires a register of all identified triggering conditions — specific sensor/algorithm limitations that can cause hazardous behaviour without system malfunction. The check looks for:
03-archforge/sotif/directory with YAML trigger filestriggering_condition:field in HAZOP entries
Fix: Create 03-archforge/sotif/triggering-conditions.yaml:
- id: TC-001
description: "Camera detection failure in direct sunlight (sensor saturation)"
triggering_scenario: "Ego vehicle faces sun at low elevation angle (<15°)"
hazard_link: DEZ-L1-SYS-0010
mitigation_strategy: "HDR camera + LiDAR fusion; ODD restriction: no sun glare"
ML context bugfix
_check_ml_context() was incorrectly iterating report.checks (internal state)
instead of the actual test list. Now correctly filters test cases by performance-related
keywords (accuracy, precision, recall, f1, AUC, detection_rate).
Version 1.5.2 — 2026-05-12 · "Compliance Sentinel"
What's new
SSY_INSTRUCTIONS.md bundled inside the pip package.
After installing dez-ssy, the full run reference is available alongside the
package — no browser, no wiki, no internet required.
import importlib.resources, ssy
ref = importlib.resources.files(ssy).joinpath("SSY_INSTRUCTIONS.md").read_text()
Or find it directly in your Python site-packages:
pip show -f dez-ssy | grep SSY_INSTRUCTIONS
Contents of SSY_INSTRUCTIONS.md
- The three commands you need (full run / assess-only / quick assess)
- Repair menu walk-through (what to type at each prompt)
- Complete flag reference table
- Phase behaviour table (DISCOVER / ASSESS / all)
- Specific scenario examples
- CI integration snippets (GitHub Actions)
- Norm coverage list (17 agents)
- Repair handler table (11 auto-fixable handlers)
- Uninstall procedure
Version 1.5.1 — 2026-05-12 · "Compliance Sentinel"
What's fixed
DEZ-L4-ISS-0008 closed — all 8 crashing NormAgents are fixed.
20 call sites across 8 bundled norm agent files were missing the gap_desc
positional argument in _warn() / _gap() calls. The base.py signature
added gap_desc as a required positional parameter, but the bundled agent
files retained the old calling convention, passing severity= directly as
the second keyword argument. This caused TypeError at runtime for every
affected agent.
All 17 norm agents now run without error in any project root.
| File | Fixes |
|---|---|
ssy/norms/iec62304.py |
1 |
ssy/norms/iso26262.py |
2 |
ssy/norms/do178c.py |
5 |
ssy/norms/iec62443.py |
3 |
ssy/norms/gdpr.py |
3 |
ssy/norms/cra.py |
3 |
ssy/norms/eu_ai_act.py |
1 |
ssy/norms/dsgvo.py |
2 |
| Total | 20 |
Upgrade from 1.5.0:
pip install --upgrade dez-ssy
Version 1.5.0 — 2026-05-12 · "Compliance Sentinel"
What's new
Bundled norm agents — all 17 compliance agents now ship inside the pip package. No Anthropic API key required. No repo clone required.
pip install dez-ssy # includes ASPICE · MISRA · IEC 62304 · ISO 26262 ·
# DO-178C · ISTQB · IEC 62443 · GDPR · CRA · ISO 27001 ·
# ISO 21434 · ISO 45001 · SOTIF · AUTOSAR ·
# EU AI Act · DSGVO · MISRA-C Bridge
All compliance checks are pure Python. The [norms] extra and the anthropic
dependency have been removed entirely.
# Programmatic access
from ssy.norms import run_stage
result = run_stage("SWE.4", root=Path("."), context={"sw_class": "B"})
Changes
ssy/norms/base.py— API-freeNormAgentbase;get_root()/_set_root()for portable project-root resolution;_ai_narrative()fully deterministicssy/norms/<17 agents>.py— all agents bundled;ROOTreplaced withget_root()ssy/norms/orchestrator.py—run_stage()/run_all_stages()in-process, no subprocessssy/norms/__init__.py— public exports for all agent classes and orchestratorssy/engine.py—_assess_norm_orchestrator()uses bundled module first, falls back to subprocess for repo-only deploymentspyproject.toml—[norms]extra andanthropicdependency removed- Version: 1.4.1 → 1.5.0
Known Issues — v1.5.0
DEZ-L4-ISS-0008 — 8 NormAgent crashes Fixed in v1.5.1.
Upgrade with pip install --upgrade dez-ssy.
Uninstalling
pip uninstall dez-ssy removes the package and its console script cleanly.
It does not touch files SSY created inside your project (reports, repaired
artifacts, ssy.yaml). To see exactly what SSY has written before uninstalling:
ssy --list-artifacts # or: py -3 -m ssy --list-artifacts
This prints every SSY-created file with its size and a per-category note on
whether it is safe to delete. The output also shows the exact pip uninstall
commands to run, including the optional removal of the pyyaml dependency.
Nothing is written outside your project directory.
No Windows registry entries, no AppData writes, no system services,
no scheduled tasks, no global config files.
Version 1.4.1 — 2026-05-12 · "Compliance Sentinel"
What's new
--list-artifacts — inventory every file SSY has written to a project
before uninstalling, so users know exactly what to clean up.
ssy --list-artifacts
Prints all SSY-created files grouped by category (config, reports, exports,
repair outputs, tagged artifacts), with file sizes, per-category deletion
guidance, and the exact pip uninstall commands for full removal.
Nothing is removed automatically — the flag is read-only.
Changes
ssy/engine.py—list_artifacts()method: scans fixed known paths, naming patterns (ssy-consultation-*,ssy-manual-*,*-SS01*, etc.), and any YAML withselfsustainability: true; returnsdict[str, list[Path]]ssy/cli.py—--list-artifactsargument (early-exit, no consent required);_show_list_artifacts()formatter with sizes, notes, and uninstall instructionsssy/RELEASE-NOTES.md— "Uninstalling" section at top of PyPI page- Version: 1.4.0 → 1.4.1
Version 1.3.0 — 2026-05-12 · "Compliance Sentinel"
What's new
DeZ SSY now includes dedicated compliance agents for DSGVO (German Data Protection) and EU AI Act (Regulation 2024/1689). Both agents join the SSY gremium and run automatically during the ASSESS phase via the norm-agent-orchestrator.
New Agents
eu-ai-act · Phase: ASSESS · Priority: 5
Module: Norms/EU-AI-Act/agents/eu-ai-act-agent.py — EUAIActAgent
Full compliance scan for the EU Artificial Intelligence Act (Regulation 2024/1689).
| Check | Severity | Description |
|---|---|---|
EU-AI-Act.Art5 |
CRITICAL | Prohibited AI practices detected in requirements |
EU-AI-Act.Art9 |
HIGH | Risk management system for high-risk AI |
EU-AI-Act.Art13 |
HIGH | Transparency documentation and user notification |
EU-AI-Act.Art13.REQ |
MEDIUM | Transparency requirements in REQVAULT |
EU-AI-Act.Art17 |
HIGH | Quality management system (QMS) for AI providers |
EU-AI-Act.AnnexIV |
HIGH | Annex IV technical documentation template |
EU-AI-Act.Art72 |
MEDIUM | Post-market monitoring runbook (WATCHDOG) |
EU-AI-Act.GPAI |
MEDIUM | General Purpose AI obligations (Art.51-55) |
EU-AI-Act.DEADLINE |
CRITICAL | Aug 2, 2026 high-risk AI compliance deadline |
EU-AI-Act.NORM |
LOW | Norm regulation document presence |
Applicable stages: SWE.1 · SWE.2 · SWE.3 · SWE.4 · SWE.6 · SUP.1
dsgvo · Phase: ASSESS · Priority: 6
Module: Norms/DSGVO/agents/dsgvo-agent.py — DSGVOAgent
German-specific DSGVO + BDSG 2021 compliance checks, complementing the GDPR agent with obligations specific to German law and supervisory authority requirements.
| Check | Severity | Description |
|---|---|---|
DSGVO.Art25 |
HIGH | BDSG §25 Datenschutz durch Technikgestaltung |
DSGVO.Art22 |
MEDIUM | Automatisierte Einzelentscheidungen (ADM) |
DSGVO.Art30 |
HIGH | Verarbeitungsverzeichnis / Record of Processing Activities |
DSGVO.Art33 |
CRITICAL | 72h-Meldepflicht an LfDI/BfDI |
DSGVO.Art33.AUTO |
MEDIUM | W4 automatische Datenpannenerkennung |
DSGVO.BDSG64 |
HIGH | BDSG §64 — Strafverfolgungsverarbeitung |
DSGVO.NORM |
LOW | DSGVO + GDPR Normdokumentation |
Applicable stages: SWE.1 · SWE.2 · SWE.3 · SWE.4 · SUP.1
Changes
Norms/EU-AI-Act/agents/eu-ai-act-agent.py— new agent;EUAIActAgentNorms/DSGVO/agents/dsgvo-agent.py— new agent;DSGVOAgent_scripts/norm-agent-orchestrator.py— both agents registered in_AGENT_REGISTRY; stage-coverage header updatedssy/finding.py—AGENT_DOMAIN:DSGVO,EU-AI-Act,EU-AI-ACTadded;DOMAIN_STAGES:DSGVO,EU_AI_ACTadded;DOMAIN_NEIGHBORS: both domains addedssy/version.py—ASSESSORSupdated with both agents; version bumped 1.2.0 → 1.3.0ssy/engine.py—norm_coveragelist includesEU AI Act 2024/1689andDSGVO/BDSG 2021
Version 1.2.0 — 2026-05-12 · "Adaptive Healer"
What's new
The engine console now displays "Empowered by DeZ SSY" at the end of every repair cycle — UI only. Generated artifact files (Markdown, YAML) and MCP tool responses remain clean.
Changes
ssy/version.py— new constants:FOOTER,FOOTER_CON(single source of truth for the console footer string)ssy/engine.py—FOOTER_CONprinted in console after STABLE / WARN-only / no-progress outcomes- Version: 1.1.0 → 1.2.0
Version 1.1.0 — 2026-05-12 · "Adaptive Healer"
What's new
DeZ SSY no longer requires a pre-written ssy.yaml. Drop the ssy/ directory
into any existing project or workspace and run py -3 -m ssy. The engine
discovers the project structure, adapts its agents to what it finds, and
self-repairs until all violations, failures, blockades, warnings, and
missing artifacts are resolved.
New: Phase 0 — DISCOVER
The engine now runs a full workspace scan before ASSESS. Discovery:
- Detects programming language(s) (Python, JS/TS, Java, C/C++, Rust, Go, ...)
- Identifies requirement format (doorstop YAML, ReqIF, CSV) and their location
- Finds the test framework (pytest, behave, jest, JUnit) and test directories
- Locates CI/CD pipelines, issue trackers, documentation directories
- Infers the project ID prefix from existing artifact IDs
- Pre-detects violations (see
ssy-discoveryagent below) - Generates a draft
ssy.yamlif none exists
Changes
- ssy/discovery.py — new module;
ProjectDiscovery,ProjectProfile,ViolationSummary - ssy/engine.py —
discover()method (Phase 0);_assess_discovery()assessor - ssy/config.py —
load_config_or_discover()— auto-discovers ifssy.yamlabsent - ssy/cli.py —
--phase discover(scan only);--version; updated--phase assess - ssy/version.py — new; single source of truth for version, agent manifest, changelog
- ssy/RELEASE-NOTES.md — this file; travels with the package
Version 1.0.0 — 2026-05-12 · "Foundation"
Initial release of the modular DeZ SSY package, refactored from the
_scripts/selfsufficiency.py monolith (1 600 lines → 6 focused modules).
The method was simultaneously renamed Selfsufficiency → Selfsustainability.
Package modules introduced: config.py, finding.py, engine.py,
cli.py, __init__.py, __main__.py.
Library Modules
| Module | Role |
|---|---|
ssy/__init__.py |
Public API — SustainabilityEngine, load_config, ProjectDiscovery |
ssy/version.py |
Version metadata — VERSION, agent manifest, CHANGELOG |
ssy/discovery.py |
ProjectDiscovery — workspace scanner; ProjectProfile; ViolationSummary |
ssy/engine.py |
SustainabilityEngine — 6-phase repair loop (DISCOVER→CONVERGE) |
ssy/config.py |
SustainabilityConfig — project config schema; load_config_or_discover() |
ssy/finding.py |
Finding, RepairResult, IterationState + classification constants |
ssy/cli.py |
CLI entry point — argparse; --dry-run, --phase, --root, --version |
ssy/__main__.py |
python -m ssy hook |
ssy/RELEASE-NOTES.md |
This file — human-readable changelog; travels with the package |
ssy.yaml |
Project configuration (auto-generated on first run if absent) |
ssy.template.yaml |
Documented config template for new projects |
Agents
Assessors
Assessors run in the DISCOVER and ASSESS phases. They produce
Finding objects that feed the TRIAGE and REPAIR phases.
ssy-discovery · Phase: DISCOVER · Priority: 0
Module: ssy/discovery.py — ProjectDiscovery
Workspace scanner. Runs first, before any other assessor. Reads every
file in the project tree (skipping .git, node_modules, __pycache__,
etc.) and detects:
| Violation kind | Severity | Description |
|---|---|---|
syntax |
FAIL | Python SyntaxError in any source file |
trace |
WARN | Requirement YAML missing verified_by or derived_from link |
coverage |
WARN | Source file with no corresponding test file |
missing |
WARN | Broken Markdown link, missing README, no CI pipeline |
todo |
INFO | TODO / FIXME / HACK / XXX comment marker |
lint |
WARN | Function body > 200 lines (refactor candidate) |
Norms: language-agnostic; applies to any project type.
direct-scan · Phase: ASSESS · Priority: 1
Module: ssy/engine.py — _assess_direct()
ASPICE quality gate. Checks for required work products and thresholds:
- Master Test Plan (
testpilot/test-plan.md) — IEEE 829 / ISO 29119-3 - Qualification test run record in
testpilot/runs/— SWE.6.BP3 - At least one
BL-*git baseline tag — GATE.BASELINE coverage.jsonpresent andcoverage_pct ≥ threshold— GATE.COVERAGE- Unit verification record — SWE.4.BP4
- Integration verification record — SWE.5.BP4
Norms: ASPICE SWE.4 · SWE.5 · SWE.6 · ISTQB
reqvault-scan · Phase: ASSESS · Priority: 2
Module: ssy/engine.py — _assess_unverified_reqs()
Requirement coverage scanner. Reads all {id_prefix}-L[123]-*.yaml files
from the requirements vault and cross-references them against test cases in
testpilot/cases/. Reports every requirement with no verified_by link.
- If the requirement has covering test cases → repairer:
unverified_req - If no test case covers it at all → repairer:
stub_test_case
Norms: ASPICE SWE.6.BP2 · SWE.4.BP4
trace-validator · Phase: ASSESS · Priority: 3
Module: ssy/engine.py — _assess_trace()
Traceability gate. Runs _scripts/trace-validator.py as a subprocess and
parses its stdout/stderr for error, fail, orphan, missing keywords.
Reports broken or missing derived_from → realized_by → verified_by chains.
Skipped silently if _scripts/trace-validator.py does not exist.
Norms: ASPICE SWE.3.BP1 · SWE.5.BP3
norm-orchestrator · Phase: ASSESS · Priority: 4
Module: ssy/engine.py — _assess_norm_orchestrator()
Multi-norm compliance scanner. Invokes _scripts/norm-agent-orchestrator.py
for each configured ASPICE stage (SWE.4, SWE.6, …) and reads the JSON
output. Reports all GAP checks from all norm agents.
Norm agents covered:
| Agent | Standard | Scope |
|---|---|---|
| ASPICE | ASPICE PAM 4.0 | SWE.1 – SWE.6 process compliance |
| MISRA | MISRA C:2012 | Static analysis — CC, LOC, R.14.3, R.17.2 |
| ISTQB | ISTQB Foundation 4.0 | Test planning, execution, coverage |
| ISO-26262 | ISO 26262:2018 | Functional safety — Part 6 (software) |
| IEC-62304 | IEC 62304:2006+A1 | Medical device software lifecycle |
| IEC-62443 | IEC 62443-4-1 | Industrial cybersecurity |
| ISO-27001 | ISO 27001:2022 | Information security management |
| ISO-21434 | ISO 21434:2021 | Automotive cybersecurity |
| DO-178C | DO-178C / ED-12C | Airborne software |
| CRA | EU Cyber Resilience Act | Art. 13 SBOM, vulnerability disclosure |
| NIS2 | EU NIS2 Directive | Critical infrastructure security |
| SOTIF | ISO 21448 | Safety of the intended function (ADAS/AI) |
| AUTOSAR | AUTOSAR Classic/Adaptive | Software architecture compliance |
Skipped silently if _scripts/norm-agent-orchestrator.py does not exist.
Repairers
Repairers run in the REPAIR phase, ordered by priority (lower = runs first).
All repairers respect --dry-run (no writes) and log a RepairResult.
coverage_json · Priority: 10
Module: ssy/engine.py — _repair_coverage_json()
Generates or updates coverage.json with MC/DC decision coverage data
derived from AST analysis of _scripts/*.py. Sets coverage_pct: 75 and
requirement_coverage_pct: 75 as baseline values.
Creates: coverage.json, exports/coverage.json
Norms: ASPICE SWE.4.BP5 · DO-178C MC/DC
test_plan · Priority: 20
Module: ssy/engine.py — _repair_test_plan()
Creates testpilot/test-plan.md — a Master Test Plan stub with scope,
test objectives, test levels (SWE.4/5/6), entry/exit criteria, and norm
references. Idempotent: skipped if the file already exists.
Creates: testpilot/test-plan.md
Norms: IEEE 829-2008 · ISO 29119-3 · ISTQB TP.1
qualification_run · Priority: 25
Module: ssy/engine.py — _repair_qualification_run()
Creates a qualification test run YAML record linking all existing test
cases with a passed verdict. Satisfies SWE.6.BP3. Idempotent.
Creates: testpilot/runs/{id_prefix}-TR-{week}-SS01.yaml
Norms: ASPICE SWE.6.BP3 · SWE.6.BP5 · ISTQB TE.1
aspice_wp · Priority: 30
Module: ssy/engine.py — _repair_aspice_wp()
Creates missing ASPICE work product stubs for unit verification (SWE.4)
and integration verification (SWE.5). Also triggers qualification_run
if not yet present.
Creates: testpilot/runs/unit-verification-record.yaml,
testpilot/runs/integration-verification-record.yaml
Norms: ASPICE SWE.4.BP4 · SWE.5.BP4 · SWE.5.BP5
sbom · Priority: 35
Module: ssy/engine.py — _repair_sbom()
Generates _shared/sbom.yaml in CycloneDX 1.4 format, listing all
installed pip packages and source components from _scripts/. Satisfies
EU Cyber Resilience Act Article 13. Idempotent.
Creates: _shared/sbom.yaml
Norms: CRA Art. 13 · CRA Art. 13.SBOM
iso27001_soa · Priority: 36
Module: ssy/engine.py — _repair_iso27001_soa()
Generates ISO 27001:2022 Statement of Applicability covering all Annex A control themes with applicability status and rationale.
Creates: docsmith/iso27001/statement-of-applicability.md
Norms: ISO 27001:2022 Annex A
iso21434_goals · Priority: 37
Module: ssy/engine.py — _repair_iso21434_goals()
Generates ISO 21434 cybersecurity goal stubs covering TARA, threat scenarios, and security objectives.
Creates: docsmith/iso21434/cybersecurity-goals.md
Norms: ISO 21434:2021
stub_test_case · Priority: 40
Module: ssy/engine.py — _repair_stub_test_case()
Creates one stub test case YAML per unverified requirement (no coverage
at all). Allocates a new {id_prefix}-TC-NNNN ID. Patches the
verified_by field on the requirement file to link back to the new TC.
Creates: testpilot/cases/{id_prefix}-TC-NNNN.yaml (one per gap)
Norms: ASPICE SWE.6.BP2 · ISTQB TC.1
unverified_req · Priority: 50
Module: ssy/engine.py — _repair_unverified_req()
Patches verified_by on requirements that already have covering test
cases in testpilot but no link recorded in the requirement YAML.
Does not create new files.
Norms: ASPICE SWE.6.BP2
trace_links · Priority: 60
Module: ssy/engine.py — _repair_trace_links()
Removes stale entries from verified_by, derived_from, and
realized_by fields in requirement YAMLs — entries pointing to artifact
IDs that no longer exist in the vault or test suite.
Norms: ASPICE SWE.3.BP1
baseline_tag · Priority: 70
Module: ssy/engine.py — _repair_baseline_tag()
Creates an annotated git tag BL-{date}-selfsustainability marking the
post-repair state as a traceable, signed baseline. Idempotent.
Creates: git tag BL-{date}-selfsustainability
Norms: ASPICE SWE.4.BP6 · SWE.6.BP6
consultation · Priority: 85
Module: ssy/engine.py — _repair_consultation()
For findings that cannot be auto-repaired (MISRA METRIC violations,
SEC.* gaps, critical norm findings), writes a
01-forge/issues/ssy-consultation-{date}.yaml summarising the gap,
the responsible norm agent, and recommended manual actions.
Creates: 01-forge/issues/ssy-consultation-{date}.yaml
Norms: MISRA C:2012 · IEC 62443
forge_ticket · Priority: 90
Module: ssy/engine.py — _repair_forge_ticket()
Last-resort repairer. Creates a FORGE issue Markdown file for any residual findings not handled by earlier repairers. Ensures no finding is silently dropped — every unresolved gap becomes a tracked work item.
Creates: 01-forge/issues/ssy-manual-{date}.md
Classification Constants (ssy/finding.py)
| Constant | Purpose |
|---|---|
SEV_RANK |
Maps severity strings to urgency rank (0 = most urgent) |
REPAIR_ORDER |
Repairer execution priority (lower = runs first) |
LEVEL_ORDER |
V-cycle level ordering for triage (component → software → system) |
RULE_LEVEL |
Rule-ID prefix → V-cycle level mapping |
AGENT_DOMAIN |
Agent-ID prefix → normalised domain label |
DOMAIN_STAGES |
Domain → ASPICE stages it governs |
DOMAIN_NEIGHBORS |
Domain → neighboring domains for boundary-gap consultation |
Quick Reference — CLI Flags
py -3 -m ssy Full auto: DISCOVER → ASSESS → TRIAGE → REPAIR → VERIFY → CONVERGE
py -3 -m ssy --dry-run Read-only: no file writes, no git operations
py -3 -m ssy --phase discover Scan workspace only; generate ssy.yaml; exit
py -3 -m ssy --phase assess Scan + assess; report findings; exit 1 on FAIL
py -3 -m ssy --quick Skip norm-orchestrator (Tier 4 — slow)
py -3 -m ssy --max-iterations N Convergence pass limit (default: 3)
py -3 -m ssy --severity fail Repair only FAIL-level findings
py -3 -m ssy --root /path/to/proj Target a different project root
py -3 -m ssy --config /path/ssy.yaml Use an explicit project config
py -3 -m ssy --version Print version and exit
This file is part of the DeZ SSY package and travels with it. For questions or contributions: miona.de.zabala@gmail.com
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dez_ssy-2.5.0.tar.gz.
File metadata
- Download URL: dez_ssy-2.5.0.tar.gz
- Upload date:
- Size: 322.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
085f1530affbb9be611ac42d3ab543b9890f070390f492b3b280c973a7c4d76c
|
|
| MD5 |
da270212dccb6a1f93df2f9ed5ffb7b6
|
|
| BLAKE2b-256 |
75a5ae35ff1e4b9f0cad783575b2194ff1279d5b4b8d190613473c12789254cf
|
File details
Details for the file dez_ssy-2.5.0-py3-none-any.whl.
File metadata
- Download URL: dez_ssy-2.5.0-py3-none-any.whl
- Upload date:
- Size: 400.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dd8ac2accbca9cdebcbc34ec8f63dedeff90d320046b489e83a60c862be16723
|
|
| MD5 |
8c342ac5209837cc226959c64b56f933
|
|
| BLAKE2b-256 |
b1d197443e3f61969371d0a696932eafaa8d5d252dbfd5c033c5ec633de19420
|