Change Class Critical
Manche Änderungen können das gesamte System gefährden - Authentifizierung, Zahlungsverarbeitung, persönliche Daten. Die Change Class "Critical" aktiviert den maximalen Schutz: Mehr Prüfungen, mehr Augen, mehr Zeit.
Wenn es ernst wird
"Critical" ist reserviert für Änderungen, bei denen ein Fehler katastrophale Folgen haben kann: Datenverlust, Sicherheitslücken, finanzielle Schäden, Compliance-Verstöße. Hier gibt es keine Abkürzungen.
Wann ist eine Änderung "Critical"?
# Change Class: Critical
# Hohes Risiko, maximaler Prüfaufwand
change_class:
id: "critical"
name: "Critical"
description: "Hochrisiko-Änderungen mit potentiell schwerwiegenden Auswirkungen"
risk_level: "high"
# Kriterien für Critical-Klassifikation
classification_criteria:
any_of:
- "affects_authentication"
- "affects_authorization"
- "affects_payment_processing"
- "affects_pii_data"
- "affects_encryption"
- "breaking_api_change"
- "irreversible_database_migration"
- "infrastructure_change"
- "compliance_relevant"
automatic_triggers:
- file_patterns:
- "**/auth/**"
- "**/security/**"
- "**/payment/**"
- "**/encryption/**"
- dependency_changes:
- "security_packages"
- "crypto_libraries"
# Maximaler Gate-Durchlauf
gate_requirements:
gates:
- gate: "G2_ANALYSIS"
predicates:
required:
- "has_requirements_defined"
- "has_acceptance_criteria"
- "has_contracts_drafted"
- "has_impact_analysis"
- "has_security_assessment"
- "has_performance_assessment"
- "has_risk_mitigation_plan"
- gate: "G4_IMPLEMENTATION"
predicates:
required:
- "has_tests_passed"
- "has_documentation"
- "meets_coverage_threshold"
- "has_integration_tests"
- "has_e2e_tests"
- "has_performance_tests"
- gate: "G5_REVIEW"
predicates:
required:
- "code_review_approved"
- "is_security_reviewed"
- "security_team_approval"
- gate: "G6_RELEASE"
predicates:
required:
- "all_tests_passed"
- "has_staging_validation"
- "has_rollback_plan"
- "has_performance_baseline"
- "has_stakeholder_approval"
- "has_compliance_signoff"
- "has_extended_monitoring"
# Erweiterte Approval-Anforderungen
approval_requirements:
code_review:
required: true
min_approvals: 3
reviewer_level: "all_senior"
mandatory_reviewers:
- "tech_lead"
- "security_champion"
security_review:
required: true
type: "manual_review"
team: "security_team"
sla_hours: 24
stakeholder_approval:
required: true
approvers:
- "product_owner"
- "engineering_manager"
- "security_officer"
compliance_review:
required_if: "compliance_relevant"
team: "compliance_team"Critical-Änderung in der Praxis
# Beispiel: Kritische Änderung
change_request:
id: "CHG-2024-0056"
title: "Implement OAuth2 with MFA"
description: "Replace basic auth with OAuth2 and mandatory MFA"
classification:
class: "critical"
classified_by: "auto"
triggers:
- "affects_authentication": true
- "affects_authorization": true
- "file_pattern_match": "src/auth/**"
# Erweiterter Prozess
process_flow:
phases_executed:
- phase: 1-2
name: "Intake & Triage"
duration: "1 hour"
result: "classified_as_critical"
escalated_to: "tech_lead"
- phase: 3
name: "Analysis"
duration: "1 day"
participants:
- "product_owner"
- "tech_lead"
- "security_team"
artifacts:
- "requirements.md"
- "security_assessment.md"
- "risk_mitigation_plan.md"
- phase: 4-5
name: "Design & Contract"
duration: "2 days"
security_review: "completed"
threat_model: "created"
- phase: 6
name: "Implementation"
duration: "1 week"
pair_programming: true
security_champion: "assigned"
- phase: 7
name: "Review"
duration: "2 days"
reviewers: 4
security_review: "manual"
penetration_test: "scheduled"
- phase: 8-10
name: "Testing & Hardening"
duration: "3 days"
tests:
- "Unit tests (312)"
- "Integration tests (58)"
- "E2E tests (23)"
- "Security tests (15)"
- "Performance tests (8)"
- "Penetration test (1)"
- phase: 11
name: "Deployment"
duration: "4 hours"
strategy: "blue_green"
rollback_tested: true
monitoring_enhanced: true
total_time: "~2 weeks"
gate_results:
- gate: "G2_ANALYSIS"
predicates_passed: 7
security_assessment: "approved"
result: "PASS"
- gate: "G4_IMPLEMENTATION"
predicates_passed: 6
coverage: "92%"
result: "PASS"
- gate: "G5_REVIEW"
approvals: 4
security_team: "approved"
pentest_result: "passed"
result: "PASS"
- gate: "G6_RELEASE"
all_checks: "passed"
compliance_signoff: "obtained"
result: "PASS"
deployed_at: "2024-01-30T02:00:00Z"
deployment_window: "maintenance"Warum ist das wichtig?
Die Critical-Klasse ist der Schutzschild für die sensibelsten Bereiche des Systems. Ein Fehler in der Authentifizierung kann Millionen Nutzer gefährden. Ein Bug im Payment-System kann finanzielle Schäden verursachen. Diese Klasse stellt sicher, dass solche Änderungen die maximale Aufmerksamkeit bekommen.
Im Mensch + KI-Code Prozess: Kritische Änderungen erfordern manuelles Security Review, Penetration Tests, 3+ Senior-Approvals und Compliance-Signoff. Typische Durchlaufzeit: 1-2 Wochen. Deployments erfolgen in Maintenance-Windows.