Feature Hypotheses Simulation - Architecture Documentation

1

Correctness

Risk calculations must be statistically sound. Product Owners, Portfolio Owners, Agile leaders, and Risk Managers rely on the numbers for real business decisions.

2

Simplicity

Results must be understandable without a finance background. Plain language, EUR figures, and clear labels are required.

3

Transparency

Every metric must be explained in context, not only displayed as a number.

4

Practical Value

Insights must connect directly to actionable decisions on priority, build/skip, and budget fit.

Product Owner

Risk-informed feature prioritization, sprint planning, and stakeholder communication.

Uncertainty in ROI predictions and difficulty justifying backlog decisions with data.

Sprint planning, backlog refinement, roadmap review, investment committee prep.

Portfolio Owner / Agile leader

Clear roadmap trade-offs, budget-fit decisions, and prioritization across initiatives.

Hard-to-compare feature proposals and weak downside visibility before commitment.

Quarterly planning, budget allocation, portfolio review, initiative go/no-go decisions.

Risk Manager

Portfolio-level risk metrics including CVaR, stress tests, correlation analysis, and budget frontier.

Limited tooling for applying financial risk methods to product portfolios.

Risk committee reviews, portfolio stress testing, audit preparation, budget frontier analysis.

Business Stakeholder

Clear, quantified risk exposure with EUR figures and confidence intervals.

Surprises in product outcomes and weak data-driven support before budget commitment.

Decision briefings, executive reviews, pre-approval sign-off.

Product Owner

Understand what FHS does and how to run a first simulation

Kap. 1 (this page) → Kap. 4 (Solution Strategy) → apps/fhs/notebooks/01-getting-started.ipynb → Kap. 8 (Strategic Feature Categories)

Portfolio Owner / Agile leader

Understand portfolio-level analysis and budget decisions

Kap. 1 → Kap. 5 (Building Blocks — notebook tracks) → Kap. 4 → Advanced notebooks (A01/A02) → Kap. 12 (Glossary)

Risk Manager

Understand risk methods, governance, and assumptions quality

Kap. 1 → ADR-002 (risk methods) → Kap. 8 (Statistical Accuracy, Security, Governance) → Kap. 11 (Risks) → Kap. 12 (Glossary)

Architect (new to the project)

Understand architecture structure and key decisions

Kap. 1 → Kap. 5 (DDD layers) → Kap. 6 (Runtime sequences) → Kap. 7 (Deployment) → Kap. 8 (Cross-cutting) → Kap. 9 (ADRs) → Kap. 10 (Quality)

CFO / Business Stakeholder

Understand value, risk exposure, and decision outputs

Kap. 1 → Kap. 4 (solution) → BEGINNERS_GUIDE.md → Architecture Canvases

Python 3.14+

Baseline requires-python is 3.14+, validated on current runtime versions.

Jupyter Lab

Primary user interface where code, results, and explanations are combined.

Docker

Zero-setup installation and reproducible environment startup.

Linux / macOS

Scripts and Makefiles target Linux and macOS workflows.

No financial training required

Product Owners, Portfolio Owners, Agile leaders, and Risk Managers must run simulations without statistical expertise.

Agile context

Risk assessments must fit into sprint planning sessions.

MIT License (open source)

Third-party libraries (NumPy, SciPy, Pydantic, Matplotlib, Plotly, JupyterLab, PuLP) are all permissively licensed. The FHS library itself is MIT. No GPL or AGPL transitive dependencies are permitted.

Browser: modern Chromium/Firefox (ES2020+)

JupyterLab 4.x requires a modern browser. Internet Explorer and legacy Edge are not supported. Interactive Plotly widgets require WebGL.

Memory: minimum 2 GB free RAM for 100,000-scenario runs

NumPy arrays for 100 k scenarios × 10 features fit in approximately 80 MB. JupyterLab kernel overhead and Plotly rendering bring the practical minimum to ~2 GB. Reduce scenarios to 10,000 on memory-constrained machines.

No persistent storage beyond local filesystem

No database, no cloud sync, no remote state. Scenario YAML files and exported notebooks are the only persistent artifacts.

apps/fhs/notebooks/config/*.yaml

Input

Scenario source of truth (features, budget, strategy metadata) loaded via ScenarioService and YamlFeatureRepository.

fhs plan --features <file>

Input

CLI ingest of YAML/JSON/CSV feature sets for ad-hoc planning and report generation.

NumPy / SciPy / Pandas

Internal dependency

Numerical simulation, risk metrics, and tabular portfolio analysis.

Matplotlib / Plotly

Output

Visual communication of simulation distributions and portfolio risk summaries in notebooks/reports.

Markdown / notebook exports

Output

Decision artifacts for Product Owner and stakeholder review (local files, no remote API push).

Programming Language

Python 3.14+

Modern Python with access to the latest scientific tooling and language features.

Risk Calculations

NumPy / SciPy

Optimized mathematical libraries for Monte Carlo simulation and statistical analysis.

User Interface

Jupyter Notebooks

Interactive analysis environment with code, results, and explanations in one document.

Deployment

Docker + GitHub Actions

Consistent environments across machines with automated CI/CD.

Documentation

Arc42 + docToolchain

Enterprise-standard architecture documentation.

Core (01-07)

Product Owners, Portfolio Owners, and Agile leaders new to FHS

Single-feature analysis, portfolio advising, risk layers, delivery-risk case study, and executive decision synthesis.

Tutorial (T01)

Product Owners first, Risk Managers second

Distribution selection and uncertainty-model guidance.

Advanced (A01-A02)

Portfolio Owners, Agile leaders, and Risk Managers

Portfolio optimization, budget constraints, stress tests, and executive summaries.

Jupyter Lab

Python 3.14+, JupyterLab

Primary user interface — interactive analysis and visualization

FHS Python Library

Python package, NumPy, SciPy

Core business logic: Monte Carlo simulation, VaR/CVaR, portfolio analysis

1

Open 01-getting-started.ipynb in Jupyter Lab

Kernel initialises Python environment

2

Load scenario context via notebook facade: scenario = load_scenario("blockchain", editable=True)

ScenarioService loads YAML config through YamlFeatureRepository, validates with ScenarioConfig, builds ScenarioContext, and runs exam checks

3

Run feature simulation: simulator.simulate_feature(feature, scenarios=10_000)

FeatureSimulator orchestrates MonteCarloEngine and RiskCalculator (VaR, CVaR, expected value)

4

Read results: result.expected_value, result.var_95, result.net_value

SimulationResult properties return pre-calculated values

5

Adjust scenario parameters and persist changes

ScenarioService.save_scenario() writes YAML, creates version snapshots, and publishes ScenarioConfigurationChanged events

Lima VM Sandbox

macOS developers wanting a complete, isolated dev environment

macOS (Intel + Apple Silicon)

make -C local-sandbox shell → fhs-lab

Docker

Quick start on any OS; CI/CD pipelines

Linux · macOS · Windows

docker compose -f cicd/docker-compose.yml up --profile fhs

macOS (Intel + Apple Silicon)

Lima + Docker Desktop

Docker Desktop

Linux

Lima + Docker Engine

Docker Engine

Windows

Not supported

Docker Desktop (WSL 2)

./cicd/run-cicd.sh test

pytest suite — unit tests for all modules

./cicd/run-cicd.sh lint

ruff format + ruff check code quality checks

./cicd/run-cicd.sh types

mypy type checking

./cicd/run-cicd.sh arch

Architecture layer boundary tests (import restrictions)

./cicd/run-cicd.sh security

Jupyter security defaults validation

./cicd/run-cicd.sh pipeline

Complete pipeline: security + ci + docs

Correctness first

Risk calculations are statistically sound. All results are validated by tests before visualization.

Plain language

Every metric includes a one-sentence explanation in EUR terms.

KISS — no infrastructure

Direct Python library imports. No REST API, no database, no message queue.

Single source of truth

Scenario configuration is centralized in apps/fhs/notebooks/config/*.yaml, loaded via load_scenario() and validated by ScenarioService.

Semantic Colour System

All chart colours are referenced by token (palette["primary"], COLORS.danger) rather than hardcoded hex literals. The palette is defined in presentation/notebook/styling.py as a frozen _Colors dataclass with 16 semantic tokens. Light and dark themes are supported via ThemeContext. All foreground/text tokens meet WCAG 2.1 AA contrast ratio (≥ 4.5:1) on white. The RISK_HEATMAP_GRADIENT constant defines the canonical red → amber → green gradient for risk heatmaps.

Invalid Feature parameters (e.g., conversion_rate > 1)

Validation is enforced by Pydantic/domain rules. Errors surface as validation exceptions (ValidationError and/or typed ValueError context) before simulation starts.

High uncertainty with Normal distribution (uncertainty > 0.5)

warnings.warn() alerts user to clipping bias risk. User decides whether to switch to Beta distribution.

Invalid correlation matrix

Validation is executed before decomposition; invalid matrices are rejected with explicit diagnostics (CorrelationMatrixError/ValueError).

Value Driver

Direct business value expected. Positive ROI pays for the portfolio.

New product capability, upsell feature, retention improvement

Efficiency

Reduces cost, time, or process waste. Value is captured as savings or throughput.

Automation, workflow improvement, self-service tooling

Risk Reduction

Reduces operational, technical, or financial exposure. Value is the avoided loss.

Security hardening, reliability improvement, dependency removal

Regulatory Compliance

Required by law or governance mandate. Cost of non-compliance (fines, exclusion) exceeds development cost.

GDPR, safety regulations, audit requirements

Strategic Option

Creates a future capability, market entry point, or learning opportunity. Value is optionality.

Platform foundation, market pilot, technical spike

Resilience

Improves robustness, continuity, or stability under stress. Value is realized in crisis, not in normal operation.

DR/BCP capability, redundancy, degraded-mode handling

YAML loading

yaml.safe_load() is used throughout YamlFeatureRepository. yaml.load() with an arbitrary Loader is never used.

Notebook code execution

Jupyter’s execution model gives notebooks full Python access. FHS does not add further sandbox restrictions — this is a user-environment responsibility.

No secrets handling

FHS stores no credentials, API keys, or personal data. Scenario YAML files contain only business estimates.

Dependency supply chain

Dependencies are pinned in pyproject.toml. CI runs on Docker images built from pinned base images.

Unit tests

Individual functions in core/, application/, presentation/

pytest — currently 1,374 tests, 100% branch coverage target

Architecture boundary tests

DDD layer import restrictions (no notebook imports from core.* directly)

tests/test_architecture.py with importlib inspection

Statistical regression tests

VaR/CVaR output within ±1% of theoretical value across seeds

pytest + NumPy assertion tolerances

Notebook execution tests

All notebooks execute without error in a clean kernel

docker compose --profile notebook-check

Security defaults tests

Jupyter allow_remote_access = False, no token-bypass configuration

./cicd/run-cicd.sh security

Parametric VaR (variance-covariance)

Closed-form VaR assuming Normal distribution

Assumes Normality; underestimates tail risk; wrong for skewed business outcomes

Historical simulation

VaR from real past outcomes

No historical data exists for new product features

Extreme Value Theory (EVT)

Models distribution tails explicitly

Requires large sample sizes and statistical expertise beyond the target audience

Cornish-Fisher expansion

Semi-parametric VaR with skewness/kurtosis correction

Adds complexity without proportional benefit for 10,000-scenario runs

Monte Carlo + Normal/Lognormal ← chosen

Flexible simulation with configurable distributions (Normal, Lognormal, Beta, bounded)

Simple to explain, easy to extend, statistically sound for the uncertainty range of product estimates

ADR-001

Python Stack Selection

Accepted

2025-06

ADR-001

ADR-002

Risk Assessment Methods (VaR/CVaR/Monte Carlo)

Accepted

2025-06

ADR-002

ADR-003

KISS Architecture — No API

Accepted

2025-06

ADR-003

ADR-004

Jupyter Notebooks as Components

Accepted

2025-06

ADR-004

ADR-005

UX Simulation Integration

Accepted

2025-06

ADR-005

ADR-006

C4 Model + Arc42 Documentation

Accepted

2025-06

ADR-006

ADR-007

Package Structure and Testing

Accepted

2025-06

ADR-007

ADR-008

Container Strategy

Accepted

2025-06

ADR-008

ADR-009

Development Cost and ROI

Accepted

2026-02

ADR-009

ADR-010

Correlation Modeling Strategy

Accepted

2026-02

ADR-010

ADR-011

Budget Optimization Algorithm

Accepted

2026-02

ADR-011

ADR-012

Budget Constraint Scope (Portfolio-level)

Accepted

2026-02

ADR-012

ADR-013

Centralized Scenario Data (YAML + ScenarioService)

Accepted

2026-02

ADR-013

ADR-014

Mixin-based Presentation Facade (FHSDisplay)

Accepted

2026-03

ADR-014

Correctness

A Monte Carlo simulation with 10,000 scenarios produces VaR 95% values within +/-1% of the theoretical value across five independent runs with the same seed.

Deviation ⇐ 1%

Usability

A Product Owner with no financial background opens 01-getting-started.ipynb and completes a first feature risk assessment without external help.

Complete within 15 minutes

Performance

A Monte Carlo simulation with 10,000 scenarios completes in under 2 seconds on standard laptop hardware.

< 2 seconds

Maintainability

A new distribution type can be added to the monte_carlo service without changing the simulation or risk services, or any notebook.

Change isolated to one module

Correctness

Monte Carlo with 10,000 scenarios produces VaR 95% within ±1% of theoretical value across five runs with the same seed.

test_var_reproducibility in tests/test_risk_calculator.py

NumPy seeded default_rng; CI runs the full suite on every commit.

Simplicity

A Product Owner with no financial background completes a first risk assessment in Notebook 01 within 15 minutes, without external help.

Manual walkthrough; notebook UX review.

Progressive disclosure (Core → Tutorial → Advanced tracks); plain-language metric labels throughout.

Transparency

Every show.* widget displays a one-sentence plain-language explanation alongside the EUR figure.

Code review; test_display_includes_explanation (presentation layer tests).

FHSDisplay mixin contract: each method renders a show.info_box() alongside the metric.

Practical Value

A Risk Manager can run a full portfolio stress test and export a decision report within a single sprint planning session (~2 hours).

End-to-end notebook walkthrough (Notebook A01–A02).

AdvancedPortfolioService returns pre-computed value objects; no manual data wrangling required.

Performance

(Supporting Correctness & Practical Value) 10,000-scenario Monte Carlo completes in under 2 seconds on standard laptop hardware.

test_performance_budget benchmark test.

NumPy vectorized simulation; no Python loops in the hot path.

Maintainability

(Supporting Correctness) A new distribution type can be added to the Monte Carlo engine without changing simulator.py, risk_calculator.py, or any notebook.

Architecture boundary test (tests/test_architecture.py).

DDD layering enforced by import restriction tests; MonteCarloEngine is the single extension point.

Clipping bias

Medium

Normal distribution clips negative values to zero, inflating the mean by ~0.5%. Effect grows with uncertainty > 0.5.

Warning issued when uncertainty > 0.5. Beta distribution recommended for bounded parameters (conversion rates).

Correlation estimation

Medium

Features rarely have historical correlation data. Default (uncorrelated) may underestimate portfolio risk if features actually move together.

Users can supply a custom correlation matrix. Matrix is validated before Cholesky decomposition with clear error messages.

Budget optimization heuristic risk

Medium

optimize_portfolio_by_budget uses greedy selection and may miss globally optimal subsets for some portfolios.

Mitigated by transparent alternatives output and separate exact combinatorial mode (optimize_portfolio) when selecting by fixed feature count.

Development cost uncertainty

High

Development costs are point estimates with typical ±30-50% error. Bad cost estimates produce misleading ROI and portfolio recommendations.

Documented limitation. Future: add cost_uncertainty field and simulate cost scenarios alongside business value.

Model risk — VaR/CVaR validity boundary

High

VaR and CVaR are known to underestimate tail risk in fat-tailed distributions (Black Swan events). The Normal/Lognormal simulation engines produce well-behaved tails that may not reflect real business outcome distributions. All results are estimates, not guarantees.

Results are always presented alongside the underlying uncertainty parameters. Notebooks include plain-language disclaimers. For heavy-tail scenarios, users are guided to higher scenario counts (100k+) and warned to treat tail metrics as directional, not precise.

Input data quality — estimates as facts

High

expected_users, conversion_rate, and business_value_per_conversion are expert estimates, not measured values. Simulations produce statistically precise output from imprecise input, creating a false confidence effect with stakeholders who focus on the numbers rather than their provenance.

Scenario configuration form (Notebook 02) prominently labels inputs as estimates. Output headings include "Simulated" to signal model-derived values. Users are encouraged to run sensitivity analysis to understand how input uncertainty drives output uncertainty.

Reproducibility under library upgrades

Medium

NumPy’s random number generator behavior has changed between major versions (legacy vs. default_rng). A NumPy major-version upgrade could produce different simulation outputs from the same seed, breaking reproducibility and invalidating saved scenario comparisons.

seed=42 with numpy.random.default_rng is used consistently. Library versions are pinned in pyproject.toml. Any NumPy upgrade must include a simulation regression test before release.

Audit trail persistence

Medium

EventBus and EventLogger run in Jupyter kernel memory. A kernel crash or restart discards the event log. Scenario YAML versions survive, but the sequence of changes and the actor who made them is lost between sessions.

YAML version snapshots provide a persistent change history via VersioningService. Users are advised to commit notebooks/config/ to a Git repository for full audit trail durability.

False confidence effect

Medium

Stakeholders may treat simulation outputs (e.g. "VaR 95%: EUR 42,317") as precise forecasts rather than probability estimates. This risk grows when the tool is used to justify large budget commitments without communicating model limitations.

Every metric card includes a one-sentence plain-language explanation. The Quality Goal "Transparency" (Kap. 1) mandates that no metric is displayed without context. Risk Managers reviewing outputs should communicate confidence intervals alongside point estimates.

Cost uncertainty modeling

Medium

development_cost is a single number. Adding a cost uncertainty range with Monte Carlo over costs would improve ROI accuracy.

Algorithm documentation

Low

ADR-011 should be extended with practical guidance on when to use greedy budget optimization vs. exact combinatorial selection.

Solver dependency transparency

Low

AdvancedPortfolioService uses PuLP for ILP optimization. The default solver (CBC, included with PuLP) is open source, but users who install commercial solvers (CPLEX, Gurobi) may face separate license obligations. This is not documented.

Input validation coverage

Low

ScenarioConfig validates YAML structure but does not enforce business-rule constraints across fields (e.g., budget covering at least one feature’s development_cost). Cross-field validation lives implicitly in the optimizer rather than at load time.