Skip to main content

DeZ SSY — Selfsustainability: drop into any project, auto-discover, self-repair

Project description

DeZ SSY — Selfsustainability Release Notes

Current version: 2.5.0 · 2026-07-03 Compatibility: Python 3.11+ · PyYAML ≥ 6.0 Entry point: py -3 -m ssy or console script ssy


Version 2.5.0 — 2026-07-03 · "Baukompass"

What's new

German construction compliance joins SSY. A new DIN/VOB/HOAI norm agent runs across the HOAI Leistungsphasen (LP1–LP9), and a bundled ConstructionAdvisor answers construction questions API-free from an embedded catalog of 16 German construction norms — the "knows the norms by heart" core.

New: German construction norm agent (ssy/norms/din_bau.py)

ConstructionNormAgent applies the construction-norm catalog as OK / WARN / GAP compliance checks per HOAI Leistungsphase. It scans a bounded project corpus for evidence of each norm, and stays silent (status N/A) on projects with no construction signal — so it never adds noise to a software or automotive scan.

Cross-cutting checks:

  • Vertrauliche Bieter-/Kalkulationsdaten — VOB/A confidentiality × DSGVO (GÜ offers contain confidential bidder calculation data).
  • Bundesland-specific LBO completeness at LP4 (Genehmigungsplanung).

Standalone CLI:

python -m ssy.norms.din_bau --stage LP5           # assess a Leistungsphase
python -m ssy.norms.din_bau --ask "Was steckt in Kostengruppe 400?"
python -m ssy.norms.din_bau --list-norms

New: ConstructionAdvisor knowledge base (ssy/norms/construction_knowledge.py)

An API-free, structured catalog of 16 German construction norms:

Norm Bereich
DIN 18040 Barrierefreies Bauen
DIN 276 Kosten im Bauwesen (KG 100–800)
DIN 277 Grundflächen und Rauminhalte (BGF/NUF/NRF)
VOB/A/B/C Vergabe- und Vertragsordnung für Bauleistungen
HOAI 2021 Honorarordnung / Leistungsphasen LP1–LP9
GEG Gebäudeenergiegesetz (inkl. 65 %-Regel)
MBO / LBO Muster-/Landesbauordnungen, Bauantrag
Eurocodes DIN EN 1990–1999 (Standsicherheit)
DIN 4108 / 4109 Wärme- und Schallschutz
DIN 18533 Bauwerksabdichtung
GAEB DA XML Datenaustausch / Leistungsverzeichnis
VgV / GWB Öffentliches Vergaberecht (Oberschwelle)
BaustellV / ASR Arbeitsschutz auf Baustellen
DIN 18205 / 18960 Bedarfsplanung / Nutzungskosten
from ssy.norms import ConstructionAdvisor
adv = ConstructionAdvisor()
print(adv.ask("Welche lichte Türbreite fordert DIN 18040?").as_text())

Every answer is traceable to a norm entry. ask(..., enrich=True) adds a Claude-phrased narrative only if anthropic + ANTHROPIC_API_KEY are present; the norm facts always come from the catalog.

Orchestrator

  • ALL_STAGES gains the HOAI Leistungsphasen LP1–LP9.
  • ConstructionNormAgent registered — 25 bundled norm agents total.
  • New cross-norm conflict pair DIN-BAU × GDPR (Vergabeakte-Aufbewahrung vs. DSGVO-Löschung).

Decision-support, not legal advice: for a binding statement consult the current norm text and the Landesbauordnung of the relevant Bundesland.


Version 2.0.0 — 2026-05-20 · "Compliance Horizon"

What's new

2 new bundled norm agents (19 total), cross-norm conflict detection, SARIF 2.1.0 output, trend CSV, consultation provenance, 4 new CLI flags.

New norm agents

ISO/IEC 42001:2023 — AI Management System (ssy/norms/iso42001.py)

10 checks covering: AI policy, risk register, impact assessment, AI objectives, human oversight, data governance, transparency logging, incident management, internal audit, and continual improvement. Mapped to Annex A controls and EU AI Act alignment.

NIS2 EU 2022/2555 (ssy/norms/nis2.py)

10 checks covering: risk policy, incident reporting (24h + 72h), BCP, supply chain security, cyber hygiene, cryptographic policy, MFA, access control, management accountability, and training plan requirements.

Cross-norm conflict detection

ssy/norms/orchestrator.py: detect_conflicts() identifies 6 known cross-norm tension pairs:

Conflict Description
GDPR × ISO 26262 Anonymisation vs. traceability in safety-critical logs
GDPR × DO-178C Data minimisation vs. complete tool qualification records
NIS2 × ISO 27001 Overlapping incident reporting obligations
EU AI Act × GDPR AI transparency disclosures vs. data subject privacy
IEC 62443 × ISO 26262 Patching cadence vs. safety-validated software baseline
SOTIF × ISO 26262 Probabilistic performance targets vs. deterministic hazard rates

Conflicts are reported in run_stage() output as cross_norm_conflicts[].

SARIF 2.1.0 output

Engine now emits exports/ssy/ssy-{date}.sarif alongside the YAML report on every non-dry-run. Enables VS Code Problem Matcher and GitHub Code Scanning integration. Use --sarif to force SARIF output even in dry-run mode.

Trend CSV

Every run appends a row to exports/ssy/trend.csv: date, timestamp, project, stable, recovering, fail, warn, repairs, iterations, version

Use --show-trend to print a longitudinal summary with WARN delta indicators (↑/↓/→).

Consultation provenance

Every AI consultation is persisted to exports/ssy/consultations/<id>.json with: model info, temperature=0 (pinned), full input context, and all output entries. Satisfies auditor traceability requirements for AI-assisted compliance work.

New CLI flags

Flag Description
--explain RULE_ID Detailed explanation for any SSY finding rule
--sarif Emit SARIF 2.1.0 output (also auto-emitted on every non-dry-run)
--warn-budget N Override default WARN budget (5) per norm
--show-trend Print longitudinal FAIL/WARN/repairs trend from trend.csv

Evidence chain

Finding.evidence_chain: list[str] — every finding now carries file:line references and rule rationale. Visible in SARIF relatedLocations and YAML evidence_chain: field.


Version 1.6.0 — 2026-05-13 · "SOTIF Sentinel"

What's new

SOTIF agent expanded — 2 new checks, 1 bugfix (12 checks total).

SOTIF.CL5.PERF_TARGETS — Quantified Performance Targets (Cl. 5.3)

SOTIF-tagged requirements must carry measurable performance acceptance criteria. The new check looks for fields: performance_target, accuracy_target, error_rate, false_positive_rate, false_negative_rate, detection_rate, f1_score.

Fix: Add at least one performance field to your SOTIF requirements:

id: DEZ-L1-SYS-0042
sotif: true
performance_target: "detection_rate >= 0.99 at ODD boundary conditions"

SOTIF.CL6.TRIGGERING_CONDITIONS — Triggering Conditions Register (Cl. 6.2)

ISO 21448:2022 Cl. 6.2 requires a register of all identified triggering conditions — specific sensor/algorithm limitations that can cause hazardous behaviour without system malfunction. The check looks for:

  • 03-archforge/sotif/ directory with YAML trigger files
  • triggering_condition: field in HAZOP entries

Fix: Create 03-archforge/sotif/triggering-conditions.yaml:

- id: TC-001
  description: "Camera detection failure in direct sunlight (sensor saturation)"
  triggering_scenario: "Ego vehicle faces sun at low elevation angle (<15°)"
  hazard_link: DEZ-L1-SYS-0010
  mitigation_strategy: "HDR camera + LiDAR fusion; ODD restriction: no sun glare"

ML context bugfix

_check_ml_context() was incorrectly iterating report.checks (internal state) instead of the actual test list. Now correctly filters test cases by performance-related keywords (accuracy, precision, recall, f1, AUC, detection_rate).


Version 1.5.2 — 2026-05-12 · "Compliance Sentinel"

What's new

SSY_INSTRUCTIONS.md bundled inside the pip package.

After installing dez-ssy, the full run reference is available alongside the package — no browser, no wiki, no internet required.

import importlib.resources, ssy
ref = importlib.resources.files(ssy).joinpath("SSY_INSTRUCTIONS.md").read_text()

Or find it directly in your Python site-packages:

pip show -f dez-ssy | grep SSY_INSTRUCTIONS

Contents of SSY_INSTRUCTIONS.md

  • The three commands you need (full run / assess-only / quick assess)
  • Repair menu walk-through (what to type at each prompt)
  • Complete flag reference table
  • Phase behaviour table (DISCOVER / ASSESS / all)
  • Specific scenario examples
  • CI integration snippets (GitHub Actions)
  • Norm coverage list (17 agents)
  • Repair handler table (11 auto-fixable handlers)
  • Uninstall procedure

Version 1.5.1 — 2026-05-12 · "Compliance Sentinel"

What's fixed

DEZ-L4-ISS-0008 closed — all 8 crashing NormAgents are fixed.

20 call sites across 8 bundled norm agent files were missing the gap_desc positional argument in _warn() / _gap() calls. The base.py signature added gap_desc as a required positional parameter, but the bundled agent files retained the old calling convention, passing severity= directly as the second keyword argument. This caused TypeError at runtime for every affected agent.

All 17 norm agents now run without error in any project root.

File Fixes
ssy/norms/iec62304.py 1
ssy/norms/iso26262.py 2
ssy/norms/do178c.py 5
ssy/norms/iec62443.py 3
ssy/norms/gdpr.py 3
ssy/norms/cra.py 3
ssy/norms/eu_ai_act.py 1
ssy/norms/dsgvo.py 2
Total 20

Upgrade from 1.5.0:

pip install --upgrade dez-ssy

Version 1.5.0 — 2026-05-12 · "Compliance Sentinel"

What's new

Bundled norm agents — all 17 compliance agents now ship inside the pip package. No Anthropic API key required. No repo clone required.

pip install dez-ssy        # includes ASPICE · MISRA · IEC 62304 · ISO 26262 ·
                           # DO-178C · ISTQB · IEC 62443 · GDPR · CRA · ISO 27001 ·
                           # ISO 21434 · ISO 45001 · SOTIF · AUTOSAR ·
                           # EU AI Act · DSGVO · MISRA-C Bridge

All compliance checks are pure Python. The [norms] extra and the anthropic dependency have been removed entirely.

# Programmatic access
from ssy.norms import run_stage
result = run_stage("SWE.4", root=Path("."), context={"sw_class": "B"})

Changes

  • ssy/norms/base.py — API-free NormAgent base; get_root() / _set_root() for portable project-root resolution; _ai_narrative() fully deterministic
  • ssy/norms/<17 agents>.py — all agents bundled; ROOT replaced with get_root()
  • ssy/norms/orchestrator.pyrun_stage() / run_all_stages() in-process, no subprocess
  • ssy/norms/__init__.py — public exports for all agent classes and orchestrator
  • ssy/engine.py_assess_norm_orchestrator() uses bundled module first, falls back to subprocess for repo-only deployments
  • pyproject.toml[norms] extra and anthropic dependency removed
  • Version: 1.4.1 → 1.5.0

Known Issues — v1.5.0

DEZ-L4-ISS-00088 NormAgent crashes Fixed in v1.5.1.

Upgrade with pip install --upgrade dez-ssy.


Uninstalling

pip uninstall dez-ssy removes the package and its console script cleanly. It does not touch files SSY created inside your project (reports, repaired artifacts, ssy.yaml). To see exactly what SSY has written before uninstalling:

ssy --list-artifacts        # or: py -3 -m ssy --list-artifacts

This prints every SSY-created file with its size and a per-category note on whether it is safe to delete. The output also shows the exact pip uninstall commands to run, including the optional removal of the pyyaml dependency.

Nothing is written outside your project directory. No Windows registry entries, no AppData writes, no system services, no scheduled tasks, no global config files.


Version 1.4.1 — 2026-05-12 · "Compliance Sentinel"

What's new

--list-artifacts — inventory every file SSY has written to a project before uninstalling, so users know exactly what to clean up.

ssy --list-artifacts

Prints all SSY-created files grouped by category (config, reports, exports, repair outputs, tagged artifacts), with file sizes, per-category deletion guidance, and the exact pip uninstall commands for full removal. Nothing is removed automatically — the flag is read-only.

Changes

  • ssy/engine.pylist_artifacts() method: scans fixed known paths, naming patterns (ssy-consultation-*, ssy-manual-*, *-SS01*, etc.), and any YAML with selfsustainability: true; returns dict[str, list[Path]]
  • ssy/cli.py--list-artifacts argument (early-exit, no consent required); _show_list_artifacts() formatter with sizes, notes, and uninstall instructions
  • ssy/RELEASE-NOTES.md — "Uninstalling" section at top of PyPI page
  • Version: 1.4.0 → 1.4.1

Version 1.3.0 — 2026-05-12 · "Compliance Sentinel"

What's new

DeZ SSY now includes dedicated compliance agents for DSGVO (German Data Protection) and EU AI Act (Regulation 2024/1689). Both agents join the SSY gremium and run automatically during the ASSESS phase via the norm-agent-orchestrator.

New Agents

eu-ai-act · Phase: ASSESS · Priority: 5

Module: Norms/EU-AI-Act/agents/eu-ai-act-agent.pyEUAIActAgent

Full compliance scan for the EU Artificial Intelligence Act (Regulation 2024/1689).

Check Severity Description
EU-AI-Act.Art5 CRITICAL Prohibited AI practices detected in requirements
EU-AI-Act.Art9 HIGH Risk management system for high-risk AI
EU-AI-Act.Art13 HIGH Transparency documentation and user notification
EU-AI-Act.Art13.REQ MEDIUM Transparency requirements in REQVAULT
EU-AI-Act.Art17 HIGH Quality management system (QMS) for AI providers
EU-AI-Act.AnnexIV HIGH Annex IV technical documentation template
EU-AI-Act.Art72 MEDIUM Post-market monitoring runbook (WATCHDOG)
EU-AI-Act.GPAI MEDIUM General Purpose AI obligations (Art.51-55)
EU-AI-Act.DEADLINE CRITICAL Aug 2, 2026 high-risk AI compliance deadline
EU-AI-Act.NORM LOW Norm regulation document presence

Applicable stages: SWE.1 · SWE.2 · SWE.3 · SWE.4 · SWE.6 · SUP.1


dsgvo · Phase: ASSESS · Priority: 6

Module: Norms/DSGVO/agents/dsgvo-agent.pyDSGVOAgent

German-specific DSGVO + BDSG 2021 compliance checks, complementing the GDPR agent with obligations specific to German law and supervisory authority requirements.

Check Severity Description
DSGVO.Art25 HIGH BDSG §25 Datenschutz durch Technikgestaltung
DSGVO.Art22 MEDIUM Automatisierte Einzelentscheidungen (ADM)
DSGVO.Art30 HIGH Verarbeitungsverzeichnis / Record of Processing Activities
DSGVO.Art33 CRITICAL 72h-Meldepflicht an LfDI/BfDI
DSGVO.Art33.AUTO MEDIUM W4 automatische Datenpannenerkennung
DSGVO.BDSG64 HIGH BDSG §64 — Strafverfolgungsverarbeitung
DSGVO.NORM LOW DSGVO + GDPR Normdokumentation

Applicable stages: SWE.1 · SWE.2 · SWE.3 · SWE.4 · SUP.1

Changes

  • Norms/EU-AI-Act/agents/eu-ai-act-agent.py — new agent; EUAIActAgent
  • Norms/DSGVO/agents/dsgvo-agent.py — new agent; DSGVOAgent
  • _scripts/norm-agent-orchestrator.py — both agents registered in _AGENT_REGISTRY; stage-coverage header updated
  • ssy/finding.pyAGENT_DOMAIN: DSGVO, EU-AI-Act, EU-AI-ACT added; DOMAIN_STAGES: DSGVO, EU_AI_ACT added; DOMAIN_NEIGHBORS: both domains added
  • ssy/version.pyASSESSORS updated with both agents; version bumped 1.2.0 → 1.3.0
  • ssy/engine.pynorm_coverage list includes EU AI Act 2024/1689 and DSGVO/BDSG 2021

Version 1.2.0 — 2026-05-12 · "Adaptive Healer"

What's new

The engine console now displays "Empowered by DeZ SSY" at the end of every repair cycle — UI only. Generated artifact files (Markdown, YAML) and MCP tool responses remain clean.

Changes

  • ssy/version.py — new constants: FOOTER, FOOTER_CON (single source of truth for the console footer string)
  • ssy/engine.pyFOOTER_CON printed in console after STABLE / WARN-only / no-progress outcomes
  • Version: 1.1.0 → 1.2.0

Version 1.1.0 — 2026-05-12 · "Adaptive Healer"

What's new

DeZ SSY no longer requires a pre-written ssy.yaml. Drop the ssy/ directory into any existing project or workspace and run py -3 -m ssy. The engine discovers the project structure, adapts its agents to what it finds, and self-repairs until all violations, failures, blockades, warnings, and missing artifacts are resolved.

New: Phase 0 — DISCOVER

The engine now runs a full workspace scan before ASSESS. Discovery:

  • Detects programming language(s) (Python, JS/TS, Java, C/C++, Rust, Go, ...)
  • Identifies requirement format (doorstop YAML, ReqIF, CSV) and their location
  • Finds the test framework (pytest, behave, jest, JUnit) and test directories
  • Locates CI/CD pipelines, issue trackers, documentation directories
  • Infers the project ID prefix from existing artifact IDs
  • Pre-detects violations (see ssy-discovery agent below)
  • Generates a draft ssy.yaml if none exists

Changes

  • ssy/discovery.py — new module; ProjectDiscovery, ProjectProfile, ViolationSummary
  • ssy/engine.pydiscover() method (Phase 0); _assess_discovery() assessor
  • ssy/config.pyload_config_or_discover() — auto-discovers if ssy.yaml absent
  • ssy/cli.py--phase discover (scan only); --version; updated --phase assess
  • ssy/version.py — new; single source of truth for version, agent manifest, changelog
  • ssy/RELEASE-NOTES.md — this file; travels with the package

Version 1.0.0 — 2026-05-12 · "Foundation"

Initial release of the modular DeZ SSY package, refactored from the _scripts/selfsufficiency.py monolith (1 600 lines → 6 focused modules). The method was simultaneously renamed Selfsufficiency → Selfsustainability.

Package modules introduced: config.py, finding.py, engine.py, cli.py, __init__.py, __main__.py.


Library Modules

Module Role
ssy/__init__.py Public API — SustainabilityEngine, load_config, ProjectDiscovery
ssy/version.py Version metadata — VERSION, agent manifest, CHANGELOG
ssy/discovery.py ProjectDiscovery — workspace scanner; ProjectProfile; ViolationSummary
ssy/engine.py SustainabilityEngine — 6-phase repair loop (DISCOVER→CONVERGE)
ssy/config.py SustainabilityConfig — project config schema; load_config_or_discover()
ssy/finding.py Finding, RepairResult, IterationState + classification constants
ssy/cli.py CLI entry point — argparse; --dry-run, --phase, --root, --version
ssy/__main__.py python -m ssy hook
ssy/RELEASE-NOTES.md This file — human-readable changelog; travels with the package
ssy.yaml Project configuration (auto-generated on first run if absent)
ssy.template.yaml Documented config template for new projects

Agents

Assessors

Assessors run in the DISCOVER and ASSESS phases. They produce Finding objects that feed the TRIAGE and REPAIR phases.


ssy-discovery · Phase: DISCOVER · Priority: 0

Module: ssy/discovery.pyProjectDiscovery

Workspace scanner. Runs first, before any other assessor. Reads every file in the project tree (skipping .git, node_modules, __pycache__, etc.) and detects:

Violation kind Severity Description
syntax FAIL Python SyntaxError in any source file
trace WARN Requirement YAML missing verified_by or derived_from link
coverage WARN Source file with no corresponding test file
missing WARN Broken Markdown link, missing README, no CI pipeline
todo INFO TODO / FIXME / HACK / XXX comment marker
lint WARN Function body > 200 lines (refactor candidate)

Norms: language-agnostic; applies to any project type.


direct-scan · Phase: ASSESS · Priority: 1

Module: ssy/engine.py_assess_direct()

ASPICE quality gate. Checks for required work products and thresholds:

  • Master Test Plan (testpilot/test-plan.md) — IEEE 829 / ISO 29119-3
  • Qualification test run record in testpilot/runs/ — SWE.6.BP3
  • At least one BL-* git baseline tag — GATE.BASELINE
  • coverage.json present and coverage_pct ≥ threshold — GATE.COVERAGE
  • Unit verification record — SWE.4.BP4
  • Integration verification record — SWE.5.BP4

Norms: ASPICE SWE.4 · SWE.5 · SWE.6 · ISTQB


reqvault-scan · Phase: ASSESS · Priority: 2

Module: ssy/engine.py_assess_unverified_reqs()

Requirement coverage scanner. Reads all {id_prefix}-L[123]-*.yaml files from the requirements vault and cross-references them against test cases in testpilot/cases/. Reports every requirement with no verified_by link.

  • If the requirement has covering test cases → repairer: unverified_req
  • If no test case covers it at all → repairer: stub_test_case

Norms: ASPICE SWE.6.BP2 · SWE.4.BP4


trace-validator · Phase: ASSESS · Priority: 3

Module: ssy/engine.py_assess_trace()

Traceability gate. Runs _scripts/trace-validator.py as a subprocess and parses its stdout/stderr for error, fail, orphan, missing keywords. Reports broken or missing derived_fromrealized_byverified_by chains.

Skipped silently if _scripts/trace-validator.py does not exist.

Norms: ASPICE SWE.3.BP1 · SWE.5.BP3


norm-orchestrator · Phase: ASSESS · Priority: 4

Module: ssy/engine.py_assess_norm_orchestrator()

Multi-norm compliance scanner. Invokes _scripts/norm-agent-orchestrator.py for each configured ASPICE stage (SWE.4, SWE.6, …) and reads the JSON output. Reports all GAP checks from all norm agents.

Norm agents covered:

Agent Standard Scope
ASPICE ASPICE PAM 4.0 SWE.1 – SWE.6 process compliance
MISRA MISRA C:2012 Static analysis — CC, LOC, R.14.3, R.17.2
ISTQB ISTQB Foundation 4.0 Test planning, execution, coverage
ISO-26262 ISO 26262:2018 Functional safety — Part 6 (software)
IEC-62304 IEC 62304:2006+A1 Medical device software lifecycle
IEC-62443 IEC 62443-4-1 Industrial cybersecurity
ISO-27001 ISO 27001:2022 Information security management
ISO-21434 ISO 21434:2021 Automotive cybersecurity
DO-178C DO-178C / ED-12C Airborne software
CRA EU Cyber Resilience Act Art. 13 SBOM, vulnerability disclosure
NIS2 EU NIS2 Directive Critical infrastructure security
SOTIF ISO 21448 Safety of the intended function (ADAS/AI)
AUTOSAR AUTOSAR Classic/Adaptive Software architecture compliance

Skipped silently if _scripts/norm-agent-orchestrator.py does not exist.


Repairers

Repairers run in the REPAIR phase, ordered by priority (lower = runs first). All repairers respect --dry-run (no writes) and log a RepairResult.


coverage_json · Priority: 10

Module: ssy/engine.py_repair_coverage_json()

Generates or updates coverage.json with MC/DC decision coverage data derived from AST analysis of _scripts/*.py. Sets coverage_pct: 75 and requirement_coverage_pct: 75 as baseline values.

Creates: coverage.json, exports/coverage.json Norms: ASPICE SWE.4.BP5 · DO-178C MC/DC


test_plan · Priority: 20

Module: ssy/engine.py_repair_test_plan()

Creates testpilot/test-plan.md — a Master Test Plan stub with scope, test objectives, test levels (SWE.4/5/6), entry/exit criteria, and norm references. Idempotent: skipped if the file already exists.

Creates: testpilot/test-plan.md Norms: IEEE 829-2008 · ISO 29119-3 · ISTQB TP.1


qualification_run · Priority: 25

Module: ssy/engine.py_repair_qualification_run()

Creates a qualification test run YAML record linking all existing test cases with a passed verdict. Satisfies SWE.6.BP3. Idempotent.

Creates: testpilot/runs/{id_prefix}-TR-{week}-SS01.yaml Norms: ASPICE SWE.6.BP3 · SWE.6.BP5 · ISTQB TE.1


aspice_wp · Priority: 30

Module: ssy/engine.py_repair_aspice_wp()

Creates missing ASPICE work product stubs for unit verification (SWE.4) and integration verification (SWE.5). Also triggers qualification_run if not yet present.

Creates: testpilot/runs/unit-verification-record.yaml, testpilot/runs/integration-verification-record.yaml Norms: ASPICE SWE.4.BP4 · SWE.5.BP4 · SWE.5.BP5


sbom · Priority: 35

Module: ssy/engine.py_repair_sbom()

Generates _shared/sbom.yaml in CycloneDX 1.4 format, listing all installed pip packages and source components from _scripts/. Satisfies EU Cyber Resilience Act Article 13. Idempotent.

Creates: _shared/sbom.yaml Norms: CRA Art. 13 · CRA Art. 13.SBOM


iso27001_soa · Priority: 36

Module: ssy/engine.py_repair_iso27001_soa()

Generates ISO 27001:2022 Statement of Applicability covering all Annex A control themes with applicability status and rationale.

Creates: docsmith/iso27001/statement-of-applicability.md Norms: ISO 27001:2022 Annex A


iso21434_goals · Priority: 37

Module: ssy/engine.py_repair_iso21434_goals()

Generates ISO 21434 cybersecurity goal stubs covering TARA, threat scenarios, and security objectives.

Creates: docsmith/iso21434/cybersecurity-goals.md Norms: ISO 21434:2021


stub_test_case · Priority: 40

Module: ssy/engine.py_repair_stub_test_case()

Creates one stub test case YAML per unverified requirement (no coverage at all). Allocates a new {id_prefix}-TC-NNNN ID. Patches the verified_by field on the requirement file to link back to the new TC.

Creates: testpilot/cases/{id_prefix}-TC-NNNN.yaml (one per gap) Norms: ASPICE SWE.6.BP2 · ISTQB TC.1


unverified_req · Priority: 50

Module: ssy/engine.py_repair_unverified_req()

Patches verified_by on requirements that already have covering test cases in testpilot but no link recorded in the requirement YAML. Does not create new files.

Norms: ASPICE SWE.6.BP2


trace_links · Priority: 60

Module: ssy/engine.py_repair_trace_links()

Removes stale entries from verified_by, derived_from, and realized_by fields in requirement YAMLs — entries pointing to artifact IDs that no longer exist in the vault or test suite.

Norms: ASPICE SWE.3.BP1


baseline_tag · Priority: 70

Module: ssy/engine.py_repair_baseline_tag()

Creates an annotated git tag BL-{date}-selfsustainability marking the post-repair state as a traceable, signed baseline. Idempotent.

Creates: git tag BL-{date}-selfsustainability Norms: ASPICE SWE.4.BP6 · SWE.6.BP6


consultation · Priority: 85

Module: ssy/engine.py_repair_consultation()

For findings that cannot be auto-repaired (MISRA METRIC violations, SEC.* gaps, critical norm findings), writes a 01-forge/issues/ssy-consultation-{date}.yaml summarising the gap, the responsible norm agent, and recommended manual actions.

Creates: 01-forge/issues/ssy-consultation-{date}.yaml Norms: MISRA C:2012 · IEC 62443


forge_ticket · Priority: 90

Module: ssy/engine.py_repair_forge_ticket()

Last-resort repairer. Creates a FORGE issue Markdown file for any residual findings not handled by earlier repairers. Ensures no finding is silently dropped — every unresolved gap becomes a tracked work item.

Creates: 01-forge/issues/ssy-manual-{date}.md


Classification Constants (ssy/finding.py)

Constant Purpose
SEV_RANK Maps severity strings to urgency rank (0 = most urgent)
REPAIR_ORDER Repairer execution priority (lower = runs first)
LEVEL_ORDER V-cycle level ordering for triage (component → software → system)
RULE_LEVEL Rule-ID prefix → V-cycle level mapping
AGENT_DOMAIN Agent-ID prefix → normalised domain label
DOMAIN_STAGES Domain → ASPICE stages it governs
DOMAIN_NEIGHBORS Domain → neighboring domains for boundary-gap consultation

Quick Reference — CLI Flags

py -3 -m ssy                         Full auto: DISCOVER → ASSESS → TRIAGE → REPAIR → VERIFY → CONVERGE
py -3 -m ssy --dry-run               Read-only: no file writes, no git operations
py -3 -m ssy --phase discover        Scan workspace only; generate ssy.yaml; exit
py -3 -m ssy --phase assess          Scan + assess; report findings; exit 1 on FAIL
py -3 -m ssy --quick                 Skip norm-orchestrator (Tier 4 — slow)
py -3 -m ssy --max-iterations N      Convergence pass limit (default: 3)
py -3 -m ssy --severity fail         Repair only FAIL-level findings
py -3 -m ssy --root /path/to/proj    Target a different project root
py -3 -m ssy --config /path/ssy.yaml Use an explicit project config
py -3 -m ssy --version               Print version and exit

This file is part of the DeZ SSY package and travels with it. For questions or contributions: miona.de.zabala@gmail.com

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dez_ssy-2.5.0.tar.gz (322.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dez_ssy-2.5.0-py3-none-any.whl (400.3 kB view details)

Uploaded Python 3

File details

Details for the file dez_ssy-2.5.0.tar.gz.

File metadata

  • Download URL: dez_ssy-2.5.0.tar.gz
  • Upload date:
  • Size: 322.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for dez_ssy-2.5.0.tar.gz
Algorithm Hash digest
SHA256 085f1530affbb9be611ac42d3ab543b9890f070390f492b3b280c973a7c4d76c
MD5 da270212dccb6a1f93df2f9ed5ffb7b6
BLAKE2b-256 75a5ae35ff1e4b9f0cad783575b2194ff1279d5b4b8d190613473c12789254cf

See more details on using hashes here.

File details

Details for the file dez_ssy-2.5.0-py3-none-any.whl.

File metadata

  • Download URL: dez_ssy-2.5.0-py3-none-any.whl
  • Upload date:
  • Size: 400.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for dez_ssy-2.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 dd8ac2accbca9cdebcbc34ec8f63dedeff90d320046b489e83a60c862be16723
MD5 8c342ac5209837cc226959c64b56f933
BLAKE2b-256 b1d197443e3f61969371d0a696932eafaa8d5d252dbfd5c033c5ec633de19420

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page