Skip to content

chore(safety): full ISO/IEC/DO compliance evidence pack + max coverage#35

Merged
SoundMatt merged 1 commit into
mainfrom
chore/fusa-full-pack
Jun 19, 2026
Merged

chore(safety): full ISO/IEC/DO compliance evidence pack + max coverage#35
SoundMatt merged 1 commit into
mainfrom
chore/fusa-full-pack

Conversation

@SoundMatt

@SoundMatt SoundMatt commented Jun 19, 2026

Copy link
Copy Markdown
Owner

Builds out the complete functional-safety and cybersecurity evidence pack, drives every go-FuSa compliance gap report to zero GAP / zero FAIL, and maximises requirement and test coverage.

Compliance scoreboard (0 GAP, 0 FAIL everywhere)

Standard Result
ISO 26262 (Part 6) 15 PASS · 0 GAP
IEC 61508 (Parts 1-3) 19 PASS · 0 GAP
ISO/SAE 21434 10 PASS · 0 GAP
IEC 62443-4-2 10 PASS · 0 GAP
DO-178C (Annex A) 30 PASS · 0 GAP
UN R.155 (CSMS) 6 PASS · 0 GAP
SLSA v1.0 6 PASS · 0 GAP

Remaining items are inherent human-review MANUAL attestations (e.g. verification independence) or N/A for a software component.

Evidence pack

  • HARA structured data (.fusa-hara.json) reconciled with HARA.md — 6 hazards, 5 safety goals, 4 operational situations.
  • TARA (tara.json/md), boundary diagram (boundary.mermaid/.dot), SCI (sci.json), problem register (.fusa-problems.json).
  • Safety Manual (SAFETY_MANUAL.md), SECURITY.md, INCIDENT-RESPONSE.md, IEC 62443 SL declaration (.fusa-iec62443.json, SL-2).
  • DO-178C plans: SVP.md, SCMP.md, SQAP.md, sas.md; HLR/LLR levels on all requirements.

Requirements: 100 → 112 (all traced and tested)

  • REQ-SEC-001..006 cybersecurity requirements from the threat model (parser robustness, E2E tamper/replay detection, trust-boundary validation, convert-driver input handling) — annotated on the real functions with requirement-based security tests.
  • REQ-SEOOC-001..009 integration assumptions now all have demonstrating tests → 100% traceability, density and test coverage.

Test coverage

  • virtual 80.7% → 99.1%, slave 92.6% → 100%, ldf 86.0% → 89.7%, cmd/go-lin 21.3% → 49.8% (mandatory commands refactored to io.Writer). safety & mock 100%.

CI / release

  • New compliance job: all 7 gap reports, each failing on a GAP.
  • go-FuSa job expanded: trace -sec-tested 100, coverage, boundary, sci, coupling, tara, fmea, release + SLSA builder injection.
  • New coverage-floor gate (library packages ≥ 85%).
  • release.yml regenerates boundary/sci and injects the provenance builder.

Verification (local)

go build / go vet / go test -race ✅ · relay conform --strict PASS · relay interop --protocol LIN EQUIVALENT · full gofusa lifecycle (check / trace -req-coverage 100 / -sec-tested 100 / cyber / vuln / qualify) ✅ · all 7 gap reports 0 GAP ✅

@SoundMatt @claude
chore(safety): full ISO/IEC/DO compliance evidence pack + max coverage
45058de 
Build out the complete functional-safety and cybersecurity evidence pack and
drive every go-FuSa compliance gap report to zero GAP / zero FAIL, while
maximising requirement and test coverage.

Evidence pack (machine + documents):
- HARA structured data (.fusa-hara.json) reconciled with HARA.md (6 hazards,
  5 safety goals, 4 operational situations).
- TARA (tara.json/md, ISO 21434), architecture boundary (boundary.mermaid/dot),
  configuration index (sci.json), problem-report register (.fusa-problems.json).
- DO-178C plan set: SVP, SCMP, SQAP, Software Accomplishment Summary (sas.md).
- SAFETY_MANUAL.md (integration-facing), SECURITY.md (vuln policy),
  INCIDENT-RESPONSE.md (IEC 62443 CR 6.2.1), .fusa-iec62443.json (target SL-2).
- HLR/LLR levels on all requirements (DO-178C A-2.2).

Requirements (100 -> 112, all traced AND tested):
- REQ-SEC-001..006 cybersecurity requirements derived from the threat model
  (parser robustness, E2E tamper/replay detection, trust-boundary validation,
  untrusted-envelope and convert-driver input handling), annotated on the real
  functions with requirement-based security tests.
- REQ-SEOOC-001..009 integration assumptions now all have demonstrating tests;
  100% requirement traceability, function-annotation density, AND test coverage.

Test coverage:
- virtual 80.7% -> 99.1%, slave 92.6% -> 100%, ldf 86.0% -> 89.7%,
  cmd/go-lin 21.3% -> 49.8% (mandatory commands refactored to io.Writer).
- safety and mock remain 100%.

CI / release:
- New compliance job runs all 7 gap reports (ISO 26262 / IEC 61508 / ISO 21434
  / IEC 62443 / DO-178C / UN R.155 / SLSA), each exiting non-zero on a GAP.
- go-FuSa job expanded: trace -sec-tested 100, coverage, boundary, sci,
  coupling, tara, fmea, release + SLSA builder injection.
- New coverage-floor gate (library packages >= 85%).
- release.yml regenerates boundary/sci and injects the provenance builder.

Compliance scoreboard (0 GAP, 0 FAIL on every standard; remaining items are
inherent human-review MANUAL attestations or N/A for a software component):
ISO 26262 15 PASS · IEC 61508 19 PASS · ISO 21434 10 PASS · IEC 62443 10 PASS ·
DO-178C 30 PASS · UN R.155 6 PASS · SLSA 6 PASS.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Matt Jones <47545907+SoundMatt@users.noreply.github.com>
@SoundMatt SoundMatt merged commit e854a3f into main Jun 19, 2026
14 checks passed
@SoundMatt SoundMatt deleted the chore/fusa-full-pack branch June 19, 2026 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SoundMatt