Skip to content

feat(risk): supply-chain operational-risk contract (BIAN/FICO)#194

Closed
mdheller wants to merge 1 commit into
mainfrom
feat/supply-chain-risk-contract
Closed

feat(risk): supply-chain operational-risk contract (BIAN/FICO)#194
mdheller wants to merge 1 commit into
mainfrom
feat/supply-chain-risk-contract

Conversation

@mdheller

@mdheller mdheller commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Stage 4 (final) of the 5 handoff specs — a bank-style operational-risk framework applied to the supply chain. Layers onto the supply-chain spine: nodes/paths/clusters gain risk assessments.

  • RiskNode — inherent factors (criticality·privilege·execution·opacity·concentration·velocity) → inherent score; control efficacy across six families (governance·identity·provenance·integrity·distribution·monitoring) → residual score + rating. Aligns to BIAN Operational Risk Models.
  • RiskPath — accumulates node residuals across a critical service chain.
  • RiskCluster — common-mode / concentration (HHI, blast radius, time-to-recover, exit-difficulty → residual common-mode).
  • RiskIndicator — KRI/KCI with green/amber/red thresholds.

Examples + validator + make validate target; all 4 validate.

Completes the 5-spec program: agentic OS + triparty marketplace + labor market + this risk model.

🤖 Generated with Claude Code

Stage 4 (final) of the 5 handoff specs — a bank-style operational-risk framework
applied to the supply chain. Layers onto the supply-chain spine: nodes/paths/
clusters gain risk assessments.

- RiskNode: inherent factors (criticality·privilege·execution·opacity·
  concentration·velocity) → inherent score; control efficacy across six families
  (governance·identity·provenance·integrity·distribution·monitoring) → residual
  score + rating. Aligns to BIAN Operational Risk Models.
- RiskPath: accumulates node residuals across a critical service chain.
- RiskCluster: common-mode / concentration (HHI, blast radius, time-to-recover,
  exit-difficulty → residual common-mode).
- RiskIndicator: KRI/KCI with green/amber/red thresholds.

+ examples + tools/validate_supply_chain_risk_examples.py + Makefile target. All 4 validate.
Completes the 5-spec program (agentic OS + triparty marketplace + labor market + risk).
@mdheller

mdheller commented Jul 4, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #195 (cockpit contract pack) — merged to main in c516779.

@mdheller mdheller closed this Jul 4, 2026
@mdheller mdheller deleted the feat/supply-chain-risk-contract branch July 4, 2026 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant