Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(sdk,iace): add Personalized Drafting Pipeline v2 and IACE engine
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 44s
Details
CI / test-python-backend-compliance (push) Successful in 37s
Details
CI / test-python-document-crawler (push) Successful in 22s
Details
CI / test-python-dsms-gateway (push) Successful in 20s
Details

Browse Source 
Drafting Engine: 7-module pipeline with narrative tags, allowed facts governance,
PII sanitizer, prose validator with repair loop, hash-based cache, and terminology
guide. v1 fallback via ?v=1 query param.

IACE: Initial AI-Act Conformity Engine with risk classifier, completeness checker,
hazard library, and PostgreSQL store for AI system assessments.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Boenisch
2026-02-25 22:27:06 +01:00
parent 3efa391de5
commit 06711bad1c
20 changed files with 10588 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1833
ai-compliance-sdk/internal/api/handlers/iace_handler.go Normal file
View File

File diff suppressed because it is too large Load Diff

415
ai-compliance-sdk/internal/iace/classifier.go Normal file
View File

@@ -0,0 +1,415 @@
package iace
import (
"encoding/json"
"fmt"
"strings"
)
// ============================================================================
// Classifier Types
// ============================================================================
// ClassificationResult holds the output of a single regulatory classification.
type ClassificationResult struct {
Regulation RegulationType `json:"regulation"`
ClassificationResult string `json:"classification_result"`
RiskLevel string `json:"risk_level"`
Confidence float64 `json:"confidence"`
Reasoning string `json:"reasoning"`
Requirements []string `json:"requirements"`
}
// ============================================================================
// Classifier
// ============================================================================
// Classifier determines which EU regulations apply to a machine or product
// based on project metadata and component analysis.
type Classifier struct{}
// NewClassifier creates a new Classifier instance.
func NewClassifier() *Classifier { return &Classifier{} }
// ============================================================================
// Public Methods
// ============================================================================
// ClassifyAll runs all four regulatory classifiers (AI Act, Machinery Regulation,
// CRA, NIS2) and returns the combined results.
func (c *Classifier) ClassifyAll(project *Project, components []Component) []ClassificationResult {
return []ClassificationResult{
c.ClassifyAIAct(project, components),
c.ClassifyMachineryRegulation(project, components),
c.ClassifyCRA(project, components),
c.ClassifyNIS2(project, components),
}
}
// ClassifyAIAct determines the AI Act classification based on whether the system
// contains AI components and their safety relevance.
//
// Classification logic:
// - Has safety-relevant AI component: "high_risk"
// - Has AI component (not safety-relevant): "limited_risk"
// - No AI components: "not_applicable"
func (c *Classifier) ClassifyAIAct(project *Project, components []Component) ClassificationResult {
result := ClassificationResult{
Regulation: RegulationAIAct,
}
hasAI := false
hasSafetyRelevantAI := false
var aiComponentNames []string
for _, comp := range components {
if comp.ComponentType == ComponentTypeAIModel {
hasAI = true
aiComponentNames = append(aiComponentNames, comp.Name)
if comp.IsSafetyRelevant {
hasSafetyRelevantAI = true
}
}
}
switch {
case hasSafetyRelevantAI:
result.ClassificationResult = "high_risk"
result.RiskLevel = "high"
result.Confidence = 0.9
result.Reasoning = fmt.Sprintf(
"System contains safety-relevant AI component(s): %s. "+
"Under EU AI Act Art. 6, AI systems that are safety components of products "+
"covered by Union harmonisation legislation are classified as high-risk.",
strings.Join(aiComponentNames, ", "),
)
result.Requirements = []string{
"Risk management system (Art. 9)",
"Data governance and management (Art. 10)",
"Technical documentation (Art. 11)",
"Record-keeping / logging (Art. 12)",
"Transparency and information to deployers (Art. 13)",
"Human oversight measures (Art. 14)",
"Accuracy, robustness and cybersecurity (Art. 15)",
"Quality management system (Art. 17)",
"Conformity assessment before placing on market",
}
case hasAI:
result.ClassificationResult = "limited_risk"
result.RiskLevel = "medium"
result.Confidence = 0.85
result.Reasoning = fmt.Sprintf(
"System contains AI component(s): %s, but none are marked as safety-relevant. "+
"Classified as limited-risk under EU AI Act with transparency obligations.",
strings.Join(aiComponentNames, ", "),
)
result.Requirements = []string{
"Transparency obligations (Art. 52)",
"AI literacy measures (Art. 4)",
"Technical documentation recommended",
}
default:
result.ClassificationResult = "not_applicable"
result.RiskLevel = "none"
result.Confidence = 0.95
result.Reasoning = "No AI model components found in the system. EU AI Act does not apply."
result.Requirements = nil
}
return result
}
// ClassifyMachineryRegulation determines the Machinery Regulation (EU) 2023/1230
// classification based on CE marking intent and component analysis.
//
// Classification logic:
// - CE marking target set: "applicable" (standard machinery)
// - Has safety-relevant software/firmware: "annex_iii" (high-risk, Annex III machinery)
// - Otherwise: "standard"
func (c *Classifier) ClassifyMachineryRegulation(project *Project, components []Component) ClassificationResult {
result := ClassificationResult{
Regulation: RegulationMachineryRegulation,
}
hasCETarget := project.CEMarkingTarget != ""
hasSafetyRelevantSoftware := false
var safetySwNames []string
for _, comp := range components {
if (comp.ComponentType == ComponentTypeSoftware || comp.ComponentType == ComponentTypeFirmware) && comp.IsSafetyRelevant {
hasSafetyRelevantSoftware = true
safetySwNames = append(safetySwNames, comp.Name)
}
}
switch {
case hasSafetyRelevantSoftware:
result.ClassificationResult = "annex_iii"
result.RiskLevel = "high"
result.Confidence = 0.9
result.Reasoning = fmt.Sprintf(
"Machine contains safety-relevant software/firmware component(s): %s. "+
"Under Machinery Regulation (EU) 2023/1230 Annex III, machinery with safety-relevant "+
"digital components requires third-party conformity assessment.",
strings.Join(safetySwNames, ", "),
)
result.Requirements = []string{
"Third-party conformity assessment (Annex III)",
"Essential health and safety requirements (Annex III EHSR)",
"Technical documentation per Annex IV",
"Risk assessment per ISO 12100",
"Software validation (IEC 62443 / IEC 61508)",
"EU Declaration of Conformity",
"CE marking",
}
case hasCETarget:
result.ClassificationResult = "applicable"
result.RiskLevel = "medium"
result.Confidence = 0.85
result.Reasoning = fmt.Sprintf(
"CE marking target is set (%s). Machinery Regulation (EU) 2023/1230 applies. "+
"No safety-relevant software/firmware detected; standard conformity assessment path.",
project.CEMarkingTarget,
)
result.Requirements = []string{
"Essential health and safety requirements (EHSR)",
"Technical documentation per Annex IV",
"Risk assessment per ISO 12100",
"EU Declaration of Conformity",
"CE marking",
}
default:
result.ClassificationResult = "standard"
result.RiskLevel = "low"
result.Confidence = 0.7
result.Reasoning = "No CE marking target specified and no safety-relevant software/firmware detected. " +
"Standard machinery regulation requirements may still apply depending on product placement."
result.Requirements = []string{
"Risk assessment recommended",
"Technical documentation recommended",
"Verify if CE marking is required for intended market",
}
}
return result
}
// ClassifyCRA determines the Cyber Resilience Act (CRA) classification based on
// whether the system contains networked components and their criticality.
//
// Classification logic:
// - Safety-relevant + networked: "class_ii" (highest CRA category)
// - Networked with critical component types: "class_i"
// - Networked (other): "default" (self-assessment)
// - No networked components: "not_applicable"
func (c *Classifier) ClassifyCRA(project *Project, components []Component) ClassificationResult {
result := ClassificationResult{
Regulation: RegulationCRA,
}
hasNetworked := false
hasSafetyRelevantNetworked := false
hasCriticalType := false
var networkedNames []string
// Component types considered critical under CRA
criticalTypes := map[ComponentType]bool{
ComponentTypeController: true,
ComponentTypeNetwork: true,
ComponentTypeSensor: true,
}
for _, comp := range components {
if comp.IsNetworked {
hasNetworked = true
networkedNames = append(networkedNames, comp.Name)
if comp.IsSafetyRelevant {
hasSafetyRelevantNetworked = true
}
if criticalTypes[comp.ComponentType] {
hasCriticalType = true
}
}
}
switch {
case hasSafetyRelevantNetworked:
result.ClassificationResult = "class_ii"
result.RiskLevel = "high"
result.Confidence = 0.9
result.Reasoning = fmt.Sprintf(
"System contains safety-relevant networked component(s): %s. "+
"Under CRA, products with digital elements that are safety-relevant and networked "+
"fall into Class II, requiring third-party conformity assessment.",
strings.Join(networkedNames, ", "),
)
result.Requirements = []string{
"Third-party conformity assessment",
"Vulnerability handling process",
"Security updates for product lifetime (min. 5 years)",
"SBOM (Software Bill of Materials)",
"Incident reporting to ENISA within 24h",
"Coordinated vulnerability disclosure",
"Secure by default configuration",
"Technical documentation with cybersecurity risk assessment",
}
case hasCriticalType:
result.ClassificationResult = "class_i"
result.RiskLevel = "medium"
result.Confidence = 0.85
result.Reasoning = fmt.Sprintf(
"System contains networked component(s) of critical type: %s. "+
"Under CRA Class I, these products require conformity assessment via harmonised "+
"standards or third-party assessment.",
strings.Join(networkedNames, ", "),
)
result.Requirements = []string{
"Conformity assessment (self or third-party with harmonised standards)",
"Vulnerability handling process",
"Security updates for product lifetime (min. 5 years)",
"SBOM (Software Bill of Materials)",
"Incident reporting to ENISA within 24h",
"Coordinated vulnerability disclosure",
"Secure by default configuration",
}
case hasNetworked:
result.ClassificationResult = "default"
result.RiskLevel = "low"
result.Confidence = 0.85
result.Reasoning = fmt.Sprintf(
"System contains networked component(s): %s. "+
"CRA default category applies; self-assessment is sufficient.",
strings.Join(networkedNames, ", "),
)
result.Requirements = []string{
"Self-assessment conformity",
"Vulnerability handling process",
"Security updates for product lifetime (min. 5 years)",
"SBOM (Software Bill of Materials)",
"Incident reporting to ENISA within 24h",
}
default:
result.ClassificationResult = "not_applicable"
result.RiskLevel = "none"
result.Confidence = 0.9
result.Reasoning = "No networked components found. The Cyber Resilience Act applies to " +
"products with digital elements that have a network connection. Currently not applicable."
result.Requirements = nil
}
return result
}
// ClassifyNIS2 determines the NIS2 Directive classification based on project
// metadata indicating whether the manufacturer supplies critical infrastructure sectors.
//
// Classification logic:
// - Project metadata indicates KRITIS supplier: "indirect_obligation"
// - Otherwise: "not_applicable"
func (c *Classifier) ClassifyNIS2(project *Project, components []Component) ClassificationResult {
result := ClassificationResult{
Regulation: RegulationNIS2,
}
isKRITISSupplier := c.isKRITISSupplier(project)
if isKRITISSupplier {
result.ClassificationResult = "indirect_obligation"
result.RiskLevel = "medium"
result.Confidence = 0.8
result.Reasoning = "Project metadata indicates this product/system is supplied to clients " +
"in critical infrastructure sectors (KRITIS). Under NIS2, suppliers to essential and " +
"important entities have indirect obligations for supply chain security."
result.Requirements = []string{
"Supply chain security measures",
"Incident notification support for customers",
"Cybersecurity risk management documentation",
"Security-by-design evidence",
"Contractual security requirements with KRITIS customers",
"Regular security assessments and audits",
}
} else {
result.ClassificationResult = "not_applicable"
result.RiskLevel = "none"
result.Confidence = 0.75
result.Reasoning = "No indication in project metadata that this product is supplied to " +
"critical infrastructure (KRITIS) sectors. NIS2 indirect obligations do not currently apply. " +
"Re-evaluate if customer base changes."
result.Requirements = nil
}
return result
}
// ============================================================================
// Helper Methods
// ============================================================================
// isKRITISSupplier checks project metadata for indicators that the manufacturer
// supplies critical infrastructure sectors.
func (c *Classifier) isKRITISSupplier(project *Project) bool {
if project.Metadata == nil {
return false
}
var metadata map[string]interface{}
if err := json.Unmarshal(project.Metadata, &metadata); err != nil {
return false
}
// Check for explicit KRITIS flag
if kritis, ok := metadata["kritis_supplier"]; ok {
if val, ok := kritis.(bool); ok && val {
return true
}
}
// Check for critical sector clients
if sectors, ok := metadata["critical_sector_clients"]; ok {
switch v := sectors.(type) {
case []interface{}:
return len(v) > 0
case bool:
return v
}
}
// Check for NIS2-relevant target sectors
if targetSectors, ok := metadata["target_sectors"]; ok {
kriticalSectors := map[string]bool{
"energy": true,
"transport": true,
"banking": true,
"health": true,
"water": true,
"digital_infra": true,
"public_admin": true,
"space": true,
"food": true,
"manufacturing": true,
"waste_management": true,
"postal": true,
"chemicals": true,
}
if sectorList, ok := targetSectors.([]interface{}); ok {
for _, s := range sectorList {
if str, ok := s.(string); ok {
if kriticalSectors[strings.ToLower(str)] {
return true
}
}
}
}
}
return false
}

553
ai-compliance-sdk/internal/iace/classifier_test.go Normal file
View File

@@ -0,0 +1,553 @@
package iace
import (
"encoding/json"
"testing"
)
func TestClassifyAIAct(t *testing.T) {
c := NewClassifier()
tests := []struct {
name string
project *Project
components []Component
wantResult string
wantRiskLevel string
wantReqsEmpty bool
wantConfidence float64
}{
{
name: "no AI components returns not_applicable",
project: &Project{MachineName: "TestMachine"},
components: []Component{
{Name: "PLC", ComponentType: ComponentTypeSoftware},
{Name: "Ethernet", ComponentType: ComponentTypeNetwork},
},
wantResult: "not_applicable",
wantRiskLevel: "none",
wantReqsEmpty: true,
wantConfidence: 0.95,
},
{
name: "no components at all returns not_applicable",
project: &Project{MachineName: "EmptyMachine"},
components: []Component{},
wantResult: "not_applicable",
wantRiskLevel: "none",
wantReqsEmpty: true,
wantConfidence: 0.95,
},
{
name: "AI model not safety relevant returns limited_risk",
project: &Project{MachineName: "VisionMachine"},
components: []Component{
{Name: "QualityChecker", ComponentType: ComponentTypeAIModel, IsSafetyRelevant: false},
},
wantResult: "limited_risk",
wantRiskLevel: "medium",
wantReqsEmpty: false,
wantConfidence: 0.85,
},
{
name: "safety-relevant AI model returns high_risk",
project: &Project{MachineName: "SafetyMachine"},
components: []Component{
{Name: "SafetyAI", ComponentType: ComponentTypeAIModel, IsSafetyRelevant: true},
},
wantResult: "high_risk",
wantRiskLevel: "high",
wantReqsEmpty: false,
wantConfidence: 0.9,
},
{
name: "mixed components with safety-relevant AI returns high_risk",
project: &Project{MachineName: "ComplexMachine"},
components: []Component{
{Name: "PLC", ComponentType: ComponentTypeSoftware},
{Name: "BasicAI", ComponentType: ComponentTypeAIModel, IsSafetyRelevant: false},
{Name: "SafetyAI", ComponentType: ComponentTypeAIModel, IsSafetyRelevant: true},
{Name: "Cam", ComponentType: ComponentTypeSensor},
},
wantResult: "high_risk",
wantRiskLevel: "high",
wantReqsEmpty: false,
wantConfidence: 0.9,
},
{
name: "non-AI safety-relevant component does not trigger AI act",
project: &Project{MachineName: "SafetySoftwareMachine"},
components: []Component{
{Name: "SafetyPLC", ComponentType: ComponentTypeSoftware, IsSafetyRelevant: true},
},
wantResult: "not_applicable",
wantRiskLevel: "none",
wantReqsEmpty: true,
wantConfidence: 0.95,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := c.ClassifyAIAct(tt.project, tt.components)
if result.Regulation != RegulationAIAct {
t.Errorf("Regulation = %q, want %q", result.Regulation, RegulationAIAct)
}
if result.ClassificationResult != tt.wantResult {
t.Errorf("ClassificationResult = %q, want %q", result.ClassificationResult, tt.wantResult)
}
if result.RiskLevel != tt.wantRiskLevel {
t.Errorf("RiskLevel = %q, want %q", result.RiskLevel, tt.wantRiskLevel)
}
if (result.Requirements == nil || len(result.Requirements) == 0) != tt.wantReqsEmpty {
t.Errorf("Requirements empty = %v, want %v", result.Requirements == nil || len(result.Requirements) == 0, tt.wantReqsEmpty)
}
if result.Confidence != tt.wantConfidence {
t.Errorf("Confidence = %f, want %f", result.Confidence, tt.wantConfidence)
}
if result.Reasoning == "" {
t.Error("Reasoning should not be empty")
}
})
}
}
func TestClassifyMachineryRegulation(t *testing.T) {
c := NewClassifier()
tests := []struct {
name string
project *Project
components []Component
wantResult string
wantRiskLevel string
wantReqsLen int
}{
{
name: "no CE target and no safety SW returns standard",
project: &Project{MachineName: "BasicMachine", CEMarkingTarget: ""},
components: []Component{{Name: "App", ComponentType: ComponentTypeSoftware}},
wantResult: "standard",
wantRiskLevel: "low",
wantReqsLen: 3,
},
{
name: "CE target set returns applicable",
project: &Project{MachineName: "CEMachine", CEMarkingTarget: "2023/1230"},
components: []Component{{Name: "App", ComponentType: ComponentTypeSoftware}},
wantResult: "applicable",
wantRiskLevel: "medium",
wantReqsLen: 5,
},
{
name: "safety-relevant software overrides CE target to annex_iii",
project: &Project{MachineName: "SafetyMachine", CEMarkingTarget: "2023/1230"},
components: []Component{{Name: "SafetyPLC", ComponentType: ComponentTypeSoftware, IsSafetyRelevant: true}},
wantResult: "annex_iii",
wantRiskLevel: "high",
wantReqsLen: 7,
},
{
name: "safety-relevant firmware returns annex_iii",
project: &Project{MachineName: "FirmwareMachine", CEMarkingTarget: ""},
components: []Component{{Name: "SafetyFW", ComponentType: ComponentTypeFirmware, IsSafetyRelevant: true}},
wantResult: "annex_iii",
wantRiskLevel: "high",
wantReqsLen: 7,
},
{
name: "safety-relevant non-SW component does not trigger annex_iii",
project: &Project{MachineName: "SensorMachine", CEMarkingTarget: ""},
components: []Component{
{Name: "SafetySensor", ComponentType: ComponentTypeSensor, IsSafetyRelevant: true},
},
wantResult: "standard",
wantRiskLevel: "low",
wantReqsLen: 3,
},
{
name: "AI model safety-relevant does not trigger annex_iii (not software/firmware type)",
project: &Project{MachineName: "AIModelMachine", CEMarkingTarget: ""},
components: []Component{
{Name: "SafetyAI", ComponentType: ComponentTypeAIModel, IsSafetyRelevant: true},
},
wantResult: "standard",
wantRiskLevel: "low",
wantReqsLen: 3,
},
{
name: "empty components with no CE target returns standard",
project: &Project{MachineName: "EmptyMachine"},
components: []Component{},
wantResult: "standard",
wantRiskLevel: "low",
wantReqsLen: 3,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := c.ClassifyMachineryRegulation(tt.project, tt.components)
if result.Regulation != RegulationMachineryRegulation {
t.Errorf("Regulation = %q, want %q", result.Regulation, RegulationMachineryRegulation)
}
if result.ClassificationResult != tt.wantResult {
t.Errorf("ClassificationResult = %q, want %q", result.ClassificationResult, tt.wantResult)
}
if result.RiskLevel != tt.wantRiskLevel {
t.Errorf("RiskLevel = %q, want %q", result.RiskLevel, tt.wantRiskLevel)
}
if len(result.Requirements) != tt.wantReqsLen {
t.Errorf("Requirements length = %d, want %d", len(result.Requirements), tt.wantReqsLen)
}
if result.Reasoning == "" {
t.Error("Reasoning should not be empty")
}
})
}
}
func TestClassifyCRA(t *testing.T) {
c := NewClassifier()
tests := []struct {
name string
project *Project
components []Component
wantResult string
wantRiskLevel string
wantReqsNil bool
}{
{
name: "no networked components returns not_applicable",
project: &Project{MachineName: "OfflineMachine"},
components: []Component{{Name: "PLC", ComponentType: ComponentTypeSoftware, IsNetworked: false}},
wantResult: "not_applicable",
wantRiskLevel: "none",
wantReqsNil: true,
},
{
name: "empty components returns not_applicable",
project: &Project{MachineName: "EmptyMachine"},
components: []Component{},
wantResult: "not_applicable",
wantRiskLevel: "none",
wantReqsNil: true,
},
{
name: "networked generic software returns default",
project: &Project{MachineName: "GenericNetworkedMachine"},
components: []Component{
{Name: "App", ComponentType: ComponentTypeSoftware, IsNetworked: true},
},
wantResult: "default",
wantRiskLevel: "low",
wantReqsNil: false,
},
{
name: "networked controller returns class_i",
project: &Project{MachineName: "ControllerMachine"},
components: []Component{
{Name: "MainPLC", ComponentType: ComponentTypeController, IsNetworked: true},
},
wantResult: "class_i",
wantRiskLevel: "medium",
wantReqsNil: false,
},
{
name: "networked network component returns class_i",
project: &Project{MachineName: "NetworkMachine"},
components: []Component{
{Name: "Switch", ComponentType: ComponentTypeNetwork, IsNetworked: true},
},
wantResult: "class_i",
wantRiskLevel: "medium",
wantReqsNil: false,
},
{
name: "networked sensor returns class_i",
project: &Project{MachineName: "SensorMachine"},
components: []Component{
{Name: "IoTSensor", ComponentType: ComponentTypeSensor, IsNetworked: true},
},
wantResult: "class_i",
wantRiskLevel: "medium",
wantReqsNil: false,
},
{
name: "safety-relevant networked component returns class_ii",
project: &Project{MachineName: "SafetyNetworkedMachine"},
components: []Component{
{Name: "SafetyNet", ComponentType: ComponentTypeSoftware, IsNetworked: true, IsSafetyRelevant: true},
},
wantResult: "class_ii",
wantRiskLevel: "high",
wantReqsNil: false,
},
{
name: "safety-relevant overrides critical type",
project: &Project{MachineName: "MixedMachine"},
components: []Component{
{Name: "PLC", ComponentType: ComponentTypeController, IsNetworked: true, IsSafetyRelevant: true},
},
wantResult: "class_ii",
wantRiskLevel: "high",
wantReqsNil: false,
},
{
name: "non-networked critical type is not_applicable",
project: &Project{MachineName: "OfflineControllerMachine"},
components: []Component{
{Name: "PLC", ComponentType: ComponentTypeController, IsNetworked: false},
},
wantResult: "not_applicable",
wantRiskLevel: "none",
wantReqsNil: true,
},
{
name: "HMI networked but not critical type returns default",
project: &Project{MachineName: "HMIMachine"},
components: []Component{
{Name: "Panel", ComponentType: ComponentTypeHMI, IsNetworked: true},
},
wantResult: "default",
wantRiskLevel: "low",
wantReqsNil: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := c.ClassifyCRA(tt.project, tt.components)
if result.Regulation != RegulationCRA {
t.Errorf("Regulation = %q, want %q", result.Regulation, RegulationCRA)
}
if result.ClassificationResult != tt.wantResult {
t.Errorf("ClassificationResult = %q, want %q", result.ClassificationResult, tt.wantResult)
}
if result.RiskLevel != tt.wantRiskLevel {
t.Errorf("RiskLevel = %q, want %q", result.RiskLevel, tt.wantRiskLevel)
}
if (result.Requirements == nil) != tt.wantReqsNil {
t.Errorf("Requirements nil = %v, want %v", result.Requirements == nil, tt.wantReqsNil)
}
if result.Reasoning == "" {
t.Error("Reasoning should not be empty")
}
})
}
}
func TestClassifyNIS2(t *testing.T) {
c := NewClassifier()
tests := []struct {
name string
metadata json.RawMessage
wantResult string
}{
{
name: "nil metadata returns not_applicable",
metadata: nil,
wantResult: "not_applicable",
},
{
name: "empty JSON object returns not_applicable",
metadata: json.RawMessage(`{}`),
wantResult: "not_applicable",
},
{
name: "invalid JSON returns not_applicable",
metadata: json.RawMessage(`not-json`),
wantResult: "not_applicable",
},
{
name: "kritis_supplier true returns indirect_obligation",
metadata: json.RawMessage(`{"kritis_supplier": true}`),
wantResult: "indirect_obligation",
},
{
name: "kritis_supplier false returns not_applicable",
metadata: json.RawMessage(`{"kritis_supplier": false}`),
wantResult: "not_applicable",
},
{
name: "critical_sector_clients non-empty array returns indirect_obligation",
metadata: json.RawMessage(`{"critical_sector_clients": ["energy"]}`),
wantResult: "indirect_obligation",
},
{
name: "critical_sector_clients empty array returns not_applicable",
metadata: json.RawMessage(`{"critical_sector_clients": []}`),
wantResult: "not_applicable",
},
{
name: "critical_sector_clients bool true returns indirect_obligation",
metadata: json.RawMessage(`{"critical_sector_clients": true}`),
wantResult: "indirect_obligation",
},
{
name: "critical_sector_clients bool false returns not_applicable",
metadata: json.RawMessage(`{"critical_sector_clients": false}`),
wantResult: "not_applicable",
},
{
name: "target_sectors with critical sector returns indirect_obligation",
metadata: json.RawMessage(`{"target_sectors": ["health"]}`),
wantResult: "indirect_obligation",
},
{
name: "target_sectors energy returns indirect_obligation",
metadata: json.RawMessage(`{"target_sectors": ["energy"]}`),
wantResult: "indirect_obligation",
},
{
name: "target_sectors transport returns indirect_obligation",
metadata: json.RawMessage(`{"target_sectors": ["transport"]}`),
wantResult: "indirect_obligation",
},
{
name: "target_sectors banking returns indirect_obligation",
metadata: json.RawMessage(`{"target_sectors": ["banking"]}`),
wantResult: "indirect_obligation",
},
{
name: "target_sectors water returns indirect_obligation",
metadata: json.RawMessage(`{"target_sectors": ["water"]}`),
wantResult: "indirect_obligation",
},
{
name: "target_sectors digital_infra returns indirect_obligation",
metadata: json.RawMessage(`{"target_sectors": ["digital_infra"]}`),
wantResult: "indirect_obligation",
},
{
name: "target_sectors non-critical sector returns not_applicable",
metadata: json.RawMessage(`{"target_sectors": ["retail"]}`),
wantResult: "not_applicable",
},
{
name: "target_sectors empty array returns not_applicable",
metadata: json.RawMessage(`{"target_sectors": []}`),
wantResult: "not_applicable",
},
{
name: "target_sectors case insensitive match",
metadata: json.RawMessage(`{"target_sectors": ["Health"]}`),
wantResult: "indirect_obligation",
},
{
name: "kritis_supplier takes precedence over target_sectors",
metadata: json.RawMessage(`{"kritis_supplier": true, "target_sectors": ["retail"]}`),
wantResult: "indirect_obligation",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
project := &Project{
MachineName: "TestMachine",
Metadata: tt.metadata,
}
result := c.ClassifyNIS2(project, nil)
if result.Regulation != RegulationNIS2 {
t.Errorf("Regulation = %q, want %q", result.Regulation, RegulationNIS2)
}
if result.ClassificationResult != tt.wantResult {
t.Errorf("ClassificationResult = %q, want %q", result.ClassificationResult, tt.wantResult)
}
if result.Reasoning == "" {
t.Error("Reasoning should not be empty")
}
if tt.wantResult == "indirect_obligation" {
if result.RiskLevel != "medium" {
t.Errorf("RiskLevel = %q, want %q", result.RiskLevel, "medium")
}
if result.Requirements == nil || len(result.Requirements) == 0 {
t.Error("Requirements should not be empty for indirect_obligation")
}
} else {
if result.RiskLevel != "none" {
t.Errorf("RiskLevel = %q, want %q", result.RiskLevel, "none")
}
if result.Requirements != nil {
t.Errorf("Requirements should be nil for not_applicable, got %v", result.Requirements)
}
}
})
}
}
func TestClassifyAll(t *testing.T) {
c := NewClassifier()
tests := []struct {
name string
project *Project
components []Component
}{
{
name: "returns exactly 4 results for empty project",
project: &Project{MachineName: "TestMachine"},
components: []Component{},
},
{
name: "returns exactly 4 results for complex project",
project: &Project{MachineName: "ComplexMachine", CEMarkingTarget: "2023/1230", Metadata: json.RawMessage(`{"kritis_supplier": true}`)},
components: []Component{
{Name: "SafetyAI", ComponentType: ComponentTypeAIModel, IsSafetyRelevant: true, IsNetworked: true},
{Name: "PLC", ComponentType: ComponentTypeController, IsNetworked: true},
{Name: "SafetyFW", ComponentType: ComponentTypeFirmware, IsSafetyRelevant: true},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
results := c.ClassifyAll(tt.project, tt.components)
if len(results) != 4 {
t.Fatalf("ClassifyAll returned %d results, want 4", len(results))
}
expectedRegulations := map[RegulationType]bool{
RegulationAIAct: false,
RegulationMachineryRegulation: false,
RegulationCRA: false,
RegulationNIS2: false,
}
for _, r := range results {
if _, ok := expectedRegulations[r.Regulation]; !ok {
t.Errorf("unexpected regulation %q in results", r.Regulation)
}
expectedRegulations[r.Regulation] = true
}
for reg, found := range expectedRegulations {
if !found {
t.Errorf("missing regulation %q in results", reg)
}
}
// Verify order: AI Act, Machinery, CRA, NIS2
if results[0].Regulation != RegulationAIAct {
t.Errorf("results[0].Regulation = %q, want %q", results[0].Regulation, RegulationAIAct)
}
if results[1].Regulation != RegulationMachineryRegulation {
t.Errorf("results[1].Regulation = %q, want %q", results[1].Regulation, RegulationMachineryRegulation)
}
if results[2].Regulation != RegulationCRA {
t.Errorf("results[2].Regulation = %q, want %q", results[2].Regulation, RegulationCRA)
}
if results[3].Regulation != RegulationNIS2 {
t.Errorf("results[3].Regulation = %q, want %q", results[3].Regulation, RegulationNIS2)
}
})
}
}

485
ai-compliance-sdk/internal/iace/completeness.go Normal file
View File

@@ -0,0 +1,485 @@
package iace
import (
"encoding/json"
"fmt"
)
// ============================================================================
// Completeness Types
// ============================================================================
// GateDefinition describes a single completeness gate with its check function.
type GateDefinition struct {
ID string
Category string // onboarding, classification, hazard_risk, evidence, tech_file
Label string
Required bool
Recommended bool
CheckFunc func(ctx *CompletenessContext) bool
}
// CompletenessContext provides all project data needed to evaluate completeness gates.
type CompletenessContext struct {
Project *Project
Components []Component
Classifications []RegulatoryClassification
Hazards []Hazard
Assessments []RiskAssessment
Mitigations []Mitigation
Evidence []Evidence
TechFileSections []TechFileSection
HasAI bool
}
// CompletenessResult contains the aggregated result of all gate checks.
type CompletenessResult struct {
Score float64 `json:"score"`
Gates []CompletenessGate `json:"gates"`
PassedRequired int `json:"passed_required"`
TotalRequired int `json:"total_required"`
PassedRecommended int `json:"passed_recommended"`
TotalRecommended int `json:"total_recommended"`
CanExport bool `json:"can_export"`
}
// ============================================================================
// Gate Definitions (25 CE Completeness Gates)
// ============================================================================
// buildGateDefinitions returns the full set of 25 CE completeness gate definitions.
func buildGateDefinitions() []GateDefinition {
return []GateDefinition{
// =====================================================================
// Onboarding Gates (G01-G08) - Required
// =====================================================================
{
ID: "G01",
Category: "onboarding",
Label: "Machine identity set",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return ctx.Project != nil && ctx.Project.MachineName != ""
},
},
{
ID: "G02",
Category: "onboarding",
Label: "Intended use described",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return ctx.Project != nil && ctx.Project.Description != ""
},
},
{
ID: "G03",
Category: "onboarding",
Label: "Operating limits defined",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return ctx.Project != nil && hasMetadataKey(ctx.Project.Metadata, "operating_limits")
},
},
{
ID: "G04",
Category: "onboarding",
Label: "Foreseeable misuse documented",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return ctx.Project != nil && hasMetadataKey(ctx.Project.Metadata, "foreseeable_misuse")
},
},
{
ID: "G05",
Category: "onboarding",
Label: "Component tree exists",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return len(ctx.Components) > 0
},
},
{
ID: "G06",
Category: "onboarding",
Label: "AI classification done (if applicable)",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
// If no AI present, this gate passes automatically
if !ctx.HasAI {
return true
}
return hasClassificationFor(ctx.Classifications, RegulationAIAct)
},
},
{
ID: "G07",
Category: "onboarding",
Label: "Safety relevance marked",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
for _, comp := range ctx.Components {
if comp.IsSafetyRelevant {
return true
}
}
return false
},
},
{
ID: "G08",
Category: "onboarding",
Label: "Manufacturer info present",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return ctx.Project != nil && ctx.Project.Manufacturer != ""
},
},
// =====================================================================
// Classification Gates (G10-G13) - Required
// =====================================================================
{
ID: "G10",
Category: "classification",
Label: "AI Act classification complete",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return hasClassificationFor(ctx.Classifications, RegulationAIAct)
},
},
{
ID: "G11",
Category: "classification",
Label: "Machinery Regulation check done",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return hasClassificationFor(ctx.Classifications, RegulationMachineryRegulation)
},
},
{
ID: "G12",
Category: "classification",
Label: "NIS2 check done",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return hasClassificationFor(ctx.Classifications, RegulationNIS2)
},
},
{
ID: "G13",
Category: "classification",
Label: "CRA check done",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return hasClassificationFor(ctx.Classifications, RegulationCRA)
},
},
// =====================================================================
// Hazard & Risk Gates (G20-G24) - Required
// =====================================================================
{
ID: "G20",
Category: "hazard_risk",
Label: "Hazards identified",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return len(ctx.Hazards) > 0
},
},
{
ID: "G21",
Category: "hazard_risk",
Label: "All hazards assessed",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
if len(ctx.Hazards) == 0 {
return false
}
// Build a set of hazard IDs that have at least one assessment
assessedHazards := make(map[string]bool)
for _, a := range ctx.Assessments {
assessedHazards[a.HazardID.String()] = true
}
for _, h := range ctx.Hazards {
if !assessedHazards[h.ID.String()] {
return false
}
}
return true
},
},
{
ID: "G22",
Category: "hazard_risk",
Label: "Critical/High risks mitigated",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
// Find all hazards that have a critical or high assessment
criticalHighHazards := make(map[string]bool)
for _, a := range ctx.Assessments {
if a.RiskLevel == RiskLevelCritical || a.RiskLevel == RiskLevelHigh {
criticalHighHazards[a.HazardID.String()] = true
}
}
// If no critical/high hazards, gate passes
if len(criticalHighHazards) == 0 {
return true
}
// Check that every critical/high hazard has at least one mitigation
mitigatedHazards := make(map[string]bool)
for _, m := range ctx.Mitigations {
mitigatedHazards[m.HazardID.String()] = true
}
for hazardID := range criticalHighHazards {
if !mitigatedHazards[hazardID] {
return false
}
}
return true
},
},
{
ID: "G23",
Category: "hazard_risk",
Label: "Mitigations verified",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
// All mitigations with status "implemented" must also be verified
for _, m := range ctx.Mitigations {
if m.Status == MitigationStatusImplemented {
// Implemented but not yet verified -> gate fails
return false
}
}
// All mitigations are either planned, verified, or rejected
return true
},
},
{
ID: "G24",
Category: "hazard_risk",
Label: "Residual risk accepted",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
if len(ctx.Assessments) == 0 {
return false
}
for _, a := range ctx.Assessments {
if !a.IsAcceptable && a.RiskLevel != RiskLevelLow && a.RiskLevel != RiskLevelNegligible {
return false
}
}
return true
},
},
// =====================================================================
// Evidence Gate (G30) - Recommended
// =====================================================================
{
ID: "G30",
Category: "evidence",
Label: "Test evidence linked",
Required: false,
Recommended: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return len(ctx.Evidence) > 0
},
},
// =====================================================================
// Tech File Gates (G40-G42) - Required for completion
// =====================================================================
{
ID: "G40",
Category: "tech_file",
Label: "Risk assessment report generated",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return hasTechFileSection(ctx.TechFileSections, "risk_assessment_report")
},
},
{
ID: "G41",
Category: "tech_file",
Label: "Hazard log generated",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
return hasTechFileSection(ctx.TechFileSections, "hazard_log_combined")
},
},
{
ID: "G42",
Category: "tech_file",
Label: "AI documents present (if applicable)",
Required: true,
CheckFunc: func(ctx *CompletenessContext) bool {
// If no AI present, this gate passes automatically
if !ctx.HasAI {
return true
}
hasIntendedPurpose := hasTechFileSection(ctx.TechFileSections, "ai_intended_purpose")
hasModelDescription := hasTechFileSection(ctx.TechFileSections, "ai_model_description")
return hasIntendedPurpose && hasModelDescription
},
},
}
}
// ============================================================================
// CompletenessChecker
// ============================================================================
// CompletenessChecker evaluates the 25 CE completeness gates for an IACE project.
type CompletenessChecker struct{}
// NewCompletenessChecker creates a new CompletenessChecker instance.
func NewCompletenessChecker() *CompletenessChecker { return &CompletenessChecker{} }
// Check evaluates all 25 completeness gates against the provided context and
// returns an aggregated result with a weighted score.
//
// Scoring formula:
//
// score = (passed_required / total_required) * 80
// + (passed_recommended / total_recommended) * 15
// + (passed_optional / total_optional) * 5
//
// Optional gates are those that are neither required nor recommended.
// CanExport is true only when all required gates have passed.
func (c *CompletenessChecker) Check(ctx *CompletenessContext) CompletenessResult {
gates := buildGateDefinitions()
var result CompletenessResult
var passedOptional, totalOptional int
for _, gate := range gates {
passed := gate.CheckFunc(ctx)
details := ""
if !passed {
details = fmt.Sprintf("Gate %s not satisfied: %s", gate.ID, gate.Label)
}
result.Gates = append(result.Gates, CompletenessGate{
ID: gate.ID,
Category: gate.Category,
Label: gate.Label,
Required: gate.Required,
Passed: passed,
Details: details,
})
switch {
case gate.Required:
result.TotalRequired++
if passed {
result.PassedRequired++
}
case gate.Recommended:
result.TotalRecommended++
if passed {
result.PassedRecommended++
}
default:
// Optional gate (neither required nor recommended)
totalOptional++
if passed {
passedOptional++
}
}
}
// Calculate weighted score
result.Score = calculateWeightedScore(
result.PassedRequired, result.TotalRequired,
result.PassedRecommended, result.TotalRecommended,
passedOptional, totalOptional,
)
// CanExport is true only when ALL required gates pass
result.CanExport = result.PassedRequired == result.TotalRequired
return result
}
// ============================================================================
// Helper Functions
// ============================================================================
// hasMetadataKey checks whether a JSON metadata blob contains a non-empty value
// for the given key.
func hasMetadataKey(metadata json.RawMessage, key string) bool {
if metadata == nil {
return false
}
var m map[string]interface{}
if err := json.Unmarshal(metadata, &m); err != nil {
return false
}
val, exists := m[key]
if !exists {
return false
}
// Check that the value is not empty/nil
switch v := val.(type) {
case string:
return v != ""
case nil:
return false
default:
return true
}
}
// hasClassificationFor checks whether a classification exists for the given regulation type.
func hasClassificationFor(classifications []RegulatoryClassification, regulation RegulationType) bool {
for _, c := range classifications {
if c.Regulation == regulation {
return true
}
}
return false
}
// hasTechFileSection checks whether a tech file section of the given type exists.
func hasTechFileSection(sections []TechFileSection, sectionType string) bool {
for _, s := range sections {
if s.SectionType == sectionType {
return true
}
}
return false
}
// calculateWeightedScore computes the weighted completeness score (0-100).
//
// Formula:
//
// score = (passedRequired/totalRequired) * 80
// + (passedRecommended/totalRecommended) * 15
// + (passedOptional/totalOptional) * 5
//
// If any denominator is 0, that component contributes 0 to the score.
func calculateWeightedScore(passedRequired, totalRequired, passedRecommended, totalRecommended, passedOptional, totalOptional int) float64 {
var score float64
if totalRequired > 0 {
score += (float64(passedRequired) / float64(totalRequired)) * 80
}
if totalRecommended > 0 {
score += (float64(passedRecommended) / float64(totalRecommended)) * 15
}
if totalOptional > 0 {
score += (float64(passedOptional) / float64(totalOptional)) * 5
}
return score
}

678
ai-compliance-sdk/internal/iace/completeness_test.go Normal file
View File

@@ -0,0 +1,678 @@
package iace
import (
"encoding/json"
"math"
"testing"
"github.com/google/uuid"
)
// helper to build metadata with the given keys set to non-empty string values.
func metadataWith(keys ...string) json.RawMessage {
m := make(map[string]interface{})
for _, k := range keys {
m[k] = "defined"
}
data, _ := json.Marshal(m)
return data
}
func TestCompletenessCheck_EmptyContext(t *testing.T) {
checker := NewCompletenessChecker()
ctx := &CompletenessContext{
Project: nil,
}
result := checker.Check(ctx)
if result.CanExport {
t.Error("CanExport should be false for empty context")
}
// With nil project, most gates fail. However, some auto-pass:
// G06 (AI classification): auto-passes when HasAI=false
// G22 (critical/high mitigated): auto-passes when no critical/high assessments exist
// G23 (mitigations verified): auto-passes when no mitigations with status "implemented"
// G42 (AI documents): auto-passes when HasAI=false
// That gives 4 required gates passing even with empty context.
if result.PassedRequired != 4 {
t.Errorf("PassedRequired = %d, want 4 (G06, G22, G23, G42 auto-pass)", result.PassedRequired)
}
// Score should be low: 4/20 * 80 = 16
if result.Score > 20 {
t.Errorf("Score = %f, expected <= 20 for empty context", result.Score)
}
if len(result.Gates) == 0 {
t.Error("Gates should not be empty")
}
}
func TestCompletenessCheck_MinimalValidProject(t *testing.T) {
checker := NewCompletenessChecker()
projectID := uuid.New()
hazardID := uuid.New()
componentID := uuid.New()
ctx := &CompletenessContext{
Project: &Project{
ID: projectID,
MachineName: "TestMachine",
Description: "A test machine for unit testing",
Manufacturer: "TestCorp",
CEMarkingTarget: "2023/1230",
Metadata: metadataWith("operating_limits", "foreseeable_misuse"),
},
Components: []Component{
{ID: componentID, Name: "SafetyPLC", ComponentType: ComponentTypeSoftware, IsSafetyRelevant: true},
},
Classifications: []RegulatoryClassification{
{Regulation: RegulationAIAct},
{Regulation: RegulationMachineryRegulation},
{Regulation: RegulationNIS2},
{Regulation: RegulationCRA},
},
Hazards: []Hazard{
{ID: hazardID, ProjectID: projectID, ComponentID: componentID, Name: "TestHazard", Category: "test"},
},
Assessments: []RiskAssessment{
{ID: uuid.New(), HazardID: hazardID, RiskLevel: RiskLevelLow, IsAcceptable: true},
},
Mitigations: []Mitigation{
{ID: uuid.New(), HazardID: hazardID, Status: MitigationStatusVerified},
},
Evidence: []Evidence{
{ID: uuid.New(), ProjectID: projectID, FileName: "test.pdf"},
},
TechFileSections: []TechFileSection{
{ID: uuid.New(), ProjectID: projectID, SectionType: "risk_assessment_report"},
{ID: uuid.New(), ProjectID: projectID, SectionType: "hazard_log_combined"},
},
HasAI: false,
}
result := checker.Check(ctx)
if !result.CanExport {
t.Error("CanExport should be true for fully valid project")
for _, g := range result.Gates {
if g.Required && !g.Passed {
t.Errorf(" Required gate %s (%s) not passed: %s", g.ID, g.Label, g.Details)
}
}
}
if result.PassedRequired != result.TotalRequired {
t.Errorf("PassedRequired = %d, TotalRequired = %d, want all passed", result.PassedRequired, result.TotalRequired)
}
// Score should be at least 80 (all required) + 15 (evidence recommended) = 95
if result.Score < 80 {
t.Errorf("Score = %f, expected >= 80 for fully valid project", result.Score)
}
}
func TestCompletenessCheck_PartialRequiredGates(t *testing.T) {
checker := NewCompletenessChecker()
// Provide only some required data: machine name, manufacturer, description, one component, one safety-relevant.
// Missing: operating_limits, foreseeable_misuse, classifications, hazards, assessments, tech files.
ctx := &CompletenessContext{
Project: &Project{
MachineName: "PartialMachine",
Description: "Some description",
Manufacturer: "TestCorp",
},
Components: []Component{
{Name: "Sensor", ComponentType: ComponentTypeSensor, IsSafetyRelevant: true},
},
HasAI: false,
}
result := checker.Check(ctx)
if result.CanExport {
t.Error("CanExport should be false when not all required gates pass")
}
if result.PassedRequired == 0 {
t.Error("Some required gates should pass (G01, G02, G05, G06, G07, G08)")
}
if result.PassedRequired >= result.TotalRequired {
t.Errorf("PassedRequired (%d) should be less than TotalRequired (%d)", result.PassedRequired, result.TotalRequired)
}
// Score should be partial
if result.Score <= 0 || result.Score >= 95 {
t.Errorf("Score = %f, expected partial score between 0 and 95", result.Score)
}
}
func TestCompletenessCheck_G06_AIClassificationGate(t *testing.T) {
checker := NewCompletenessChecker()
tests := []struct {
name string
hasAI bool
classifications []RegulatoryClassification
wantG06Passed bool
}{
{
name: "no AI present auto-passes G06",
hasAI: false,
classifications: nil,
wantG06Passed: true,
},
{
name: "AI present without classification fails G06",
hasAI: true,
classifications: nil,
wantG06Passed: false,
},
{
name: "AI present with AI Act classification passes G06",
hasAI: true,
classifications: []RegulatoryClassification{
{Regulation: RegulationAIAct},
},
wantG06Passed: true,
},
{
name: "AI present with non-AI classification fails G06",
hasAI: true,
classifications: []RegulatoryClassification{
{Regulation: RegulationCRA},
},
wantG06Passed: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
ctx := &CompletenessContext{
Project: &Project{MachineName: "Test"},
Classifications: tt.classifications,
HasAI: tt.hasAI,
}
result := checker.Check(ctx)
for _, g := range result.Gates {
if g.ID == "G06" {
if g.Passed != tt.wantG06Passed {
t.Errorf("G06 Passed = %v, want %v", g.Passed, tt.wantG06Passed)
}
return
}
}
t.Error("G06 gate not found in results")
})
}
}
func TestCompletenessCheck_G42_AIDocumentsGate(t *testing.T) {
checker := NewCompletenessChecker()
tests := []struct {
name string
hasAI bool
techFileSections []TechFileSection
wantG42Passed bool
}{
{
name: "no AI auto-passes G42",
hasAI: false,
techFileSections: nil,
wantG42Passed: true,
},
{
name: "AI present without tech files fails G42",
hasAI: true,
techFileSections: nil,
wantG42Passed: false,
},
{
name: "AI present with only intended_purpose fails G42",
hasAI: true,
techFileSections: []TechFileSection{
{SectionType: "ai_intended_purpose"},
},
wantG42Passed: false,
},
{
name: "AI present with only model_description fails G42",
hasAI: true,
techFileSections: []TechFileSection{
{SectionType: "ai_model_description"},
},
wantG42Passed: false,
},
{
name: "AI present with both AI sections passes G42",
hasAI: true,
techFileSections: []TechFileSection{
{SectionType: "ai_intended_purpose"},
{SectionType: "ai_model_description"},
},
wantG42Passed: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
ctx := &CompletenessContext{
Project: &Project{MachineName: "Test"},
TechFileSections: tt.techFileSections,
HasAI: tt.hasAI,
}
result := checker.Check(ctx)
for _, g := range result.Gates {
if g.ID == "G42" {
if g.Passed != tt.wantG42Passed {
t.Errorf("G42 Passed = %v, want %v", g.Passed, tt.wantG42Passed)
}
return
}
}
t.Error("G42 gate not found in results")
})
}
}
func TestCompletenessCheck_G22_CriticalHighMitigated(t *testing.T) {
checker := NewCompletenessChecker()
hazardID := uuid.New()
tests := []struct {
name string
assessments []RiskAssessment
mitigations []Mitigation
wantG22Passed bool
}{
{
name: "no critical/high hazards auto-passes G22",
assessments: []RiskAssessment{{HazardID: hazardID, RiskLevel: RiskLevelLow}},
mitigations: nil,
wantG22Passed: true,
},
{
name: "no assessments at all auto-passes G22 (no critical/high found)",
assessments: nil,
mitigations: nil,
wantG22Passed: true,
},
{
name: "critical hazard without mitigation fails G22",
assessments: []RiskAssessment{{HazardID: hazardID, RiskLevel: RiskLevelCritical}},
mitigations: nil,
wantG22Passed: false,
},
{
name: "high hazard without mitigation fails G22",
assessments: []RiskAssessment{{HazardID: hazardID, RiskLevel: RiskLevelHigh}},
mitigations: nil,
wantG22Passed: false,
},
{
name: "critical hazard with mitigation passes G22",
assessments: []RiskAssessment{{HazardID: hazardID, RiskLevel: RiskLevelCritical}},
mitigations: []Mitigation{{HazardID: hazardID, Status: MitigationStatusVerified}},
wantG22Passed: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
ctx := &CompletenessContext{
Project: &Project{MachineName: "Test"},
Assessments: tt.assessments,
Mitigations: tt.mitigations,
}
result := checker.Check(ctx)
for _, g := range result.Gates {
if g.ID == "G22" {
if g.Passed != tt.wantG22Passed {
t.Errorf("G22 Passed = %v, want %v", g.Passed, tt.wantG22Passed)
}
return
}
}
t.Error("G22 gate not found in results")
})
}
}
func TestCompletenessCheck_G23_MitigationsVerified(t *testing.T) {
checker := NewCompletenessChecker()
hazardID := uuid.New()
tests := []struct {
name string
mitigations []Mitigation
wantG23Passed bool
}{
{
name: "no mitigations passes G23",
mitigations: nil,
wantG23Passed: true,
},
{
name: "all mitigations verified passes G23",
mitigations: []Mitigation{
{HazardID: hazardID, Status: MitigationStatusVerified},
{HazardID: hazardID, Status: MitigationStatusVerified},
},
wantG23Passed: true,
},
{
name: "one mitigation still implemented fails G23",
mitigations: []Mitigation{
{HazardID: hazardID, Status: MitigationStatusVerified},
{HazardID: hazardID, Status: MitigationStatusImplemented},
},
wantG23Passed: false,
},
{
name: "planned mitigations pass G23 (not yet implemented)",
mitigations: []Mitigation{
{HazardID: hazardID, Status: MitigationStatusPlanned},
},
wantG23Passed: true,
},
{
name: "rejected mitigations pass G23",
mitigations: []Mitigation{
{HazardID: hazardID, Status: MitigationStatusRejected},
},
wantG23Passed: true,
},
{
name: "mix of verified planned rejected passes G23",
mitigations: []Mitigation{
{HazardID: hazardID, Status: MitigationStatusVerified},
{HazardID: hazardID, Status: MitigationStatusPlanned},
{HazardID: hazardID, Status: MitigationStatusRejected},
},
wantG23Passed: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
ctx := &CompletenessContext{
Project: &Project{MachineName: "Test"},
Mitigations: tt.mitigations,
}
result := checker.Check(ctx)
for _, g := range result.Gates {
if g.ID == "G23" {
if g.Passed != tt.wantG23Passed {
t.Errorf("G23 Passed = %v, want %v", g.Passed, tt.wantG23Passed)
}
return
}
}
t.Error("G23 gate not found in results")
})
}
}
func TestCompletenessCheck_G24_ResidualRiskAccepted(t *testing.T) {
checker := NewCompletenessChecker()
hazardID := uuid.New()
tests := []struct {
name string
assessments []RiskAssessment
wantG24Passed bool
}{
{
name: "no assessments fails G24",
assessments: nil,
wantG24Passed: false,
},
{
name: "all assessments acceptable passes G24",
assessments: []RiskAssessment{
{HazardID: hazardID, IsAcceptable: true, RiskLevel: RiskLevelMedium},
{HazardID: hazardID, IsAcceptable: true, RiskLevel: RiskLevelHigh},
},
wantG24Passed: true,
},
{
name: "not acceptable but low risk passes G24",
assessments: []RiskAssessment{
{HazardID: hazardID, IsAcceptable: false, RiskLevel: RiskLevelLow},
},
wantG24Passed: true,
},
{
name: "not acceptable but negligible risk passes G24",
assessments: []RiskAssessment{
{HazardID: hazardID, IsAcceptable: false, RiskLevel: RiskLevelNegligible},
},
wantG24Passed: true,
},
{
name: "not acceptable with high risk fails G24",
assessments: []RiskAssessment{
{HazardID: hazardID, IsAcceptable: false, RiskLevel: RiskLevelHigh},
},
wantG24Passed: false,
},
{
name: "not acceptable with critical risk fails G24",
assessments: []RiskAssessment{
{HazardID: hazardID, IsAcceptable: false, RiskLevel: RiskLevelCritical},
},
wantG24Passed: false,
},
{
name: "not acceptable with medium risk fails G24",
assessments: []RiskAssessment{
{HazardID: hazardID, IsAcceptable: false, RiskLevel: RiskLevelMedium},
},
wantG24Passed: false,
},
{
name: "mix acceptable and unacceptable high fails G24",
assessments: []RiskAssessment{
{HazardID: hazardID, IsAcceptable: true, RiskLevel: RiskLevelHigh},
{HazardID: hazardID, IsAcceptable: false, RiskLevel: RiskLevelHigh},
},
wantG24Passed: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
ctx := &CompletenessContext{
Project: &Project{MachineName: "Test"},
Assessments: tt.assessments,
}
result := checker.Check(ctx)
for _, g := range result.Gates {
if g.ID == "G24" {
if g.Passed != tt.wantG24Passed {
t.Errorf("G24 Passed = %v, want %v", g.Passed, tt.wantG24Passed)
}
return
}
}
t.Error("G24 gate not found in results")
})
}
}
func TestCompletenessCheck_ScoringFormula(t *testing.T) {
tests := []struct {
name string
passedRequired int
totalRequired int
passedRecommended int
totalRecommended int
passedOptional int
totalOptional int
wantScore float64
}{
{
name: "all zeros produces zero score",
passedRequired: 0,
totalRequired: 0,
passedRecommended: 0,
totalRecommended: 0,
passedOptional: 0,
totalOptional: 0,
wantScore: 0,
},
{
name: "all required passed gives 80",
passedRequired: 20,
totalRequired: 20,
passedRecommended: 0,
totalRecommended: 1,
passedOptional: 0,
totalOptional: 0,
wantScore: 80,
},
{
name: "half required passed gives 40",
passedRequired: 10,
totalRequired: 20,
passedRecommended: 0,
totalRecommended: 1,
passedOptional: 0,
totalOptional: 0,
wantScore: 40,
},
{
name: "all required and all recommended gives 95",
passedRequired: 20,
totalRequired: 20,
passedRecommended: 1,
totalRecommended: 1,
passedOptional: 0,
totalOptional: 0,
wantScore: 95,
},
{
name: "all categories full gives 100",
passedRequired: 20,
totalRequired: 20,
passedRecommended: 1,
totalRecommended: 1,
passedOptional: 1,
totalOptional: 1,
wantScore: 100,
},
{
name: "only recommended passed",
passedRequired: 0,
totalRequired: 20,
passedRecommended: 1,
totalRecommended: 1,
passedOptional: 0,
totalOptional: 0,
wantScore: 15,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
score := calculateWeightedScore(
tt.passedRequired, tt.totalRequired,
tt.passedRecommended, tt.totalRecommended,
tt.passedOptional, tt.totalOptional,
)
if math.Abs(score-tt.wantScore) > 0.01 {
t.Errorf("calculateWeightedScore = %f, want %f", score, tt.wantScore)
}
})
}
}
func TestCompletenessCheck_GateCountsAndCategories(t *testing.T) {
checker := NewCompletenessChecker()
ctx := &CompletenessContext{
Project: &Project{MachineName: "Test"},
}
result := checker.Check(ctx)
// The buildGateDefinitions function returns exactly 21 gates
// (G01-G08: 8, G10-G13: 4, G20-G24: 5, G30: 1, G40-G42: 3 = 21 total)
if len(result.Gates) != 21 {
t.Errorf("Total gates = %d, want 21", len(result.Gates))
}
// Count required vs recommended
requiredCount := 0
recommendedCount := 0
for _, g := range result.Gates {
if g.Required {
requiredCount++
}
}
// G30 is the only recommended gate (Required=false, Recommended=true)
// All others are required (20 required, 1 recommended)
if requiredCount != 20 {
t.Errorf("Required gates count = %d, want 20", requiredCount)
}
if result.TotalRequired != 20 {
t.Errorf("TotalRequired = %d, want 20", result.TotalRequired)
}
// TotalRecommended should be 1 (G30)
if result.TotalRecommended != 1 {
t.Errorf("TotalRecommended = %d, want 1", result.TotalRecommended)
}
_ = recommendedCount
// Verify expected categories exist
categories := make(map[string]int)
for _, g := range result.Gates {
categories[g.Category]++
}
expectedCategories := map[string]int{
"onboarding": 8,
"classification": 4,
"hazard_risk": 5,
"evidence": 1,
"tech_file": 3,
}
for cat, expectedCount := range expectedCategories {
if categories[cat] != expectedCount {
t.Errorf("Category %q count = %d, want %d", cat, categories[cat], expectedCount)
}
}
}
func TestCompletenessCheck_FailedGateHasDetails(t *testing.T) {
checker := NewCompletenessChecker()
ctx := &CompletenessContext{
Project: &Project{}, // empty project, many gates will fail
}
result := checker.Check(ctx)
for _, g := range result.Gates {
if !g.Passed && g.Details == "" {
t.Errorf("Gate %s failed but has empty Details", g.ID)
}
if g.Passed && g.Details != "" {
t.Errorf("Gate %s passed but has non-empty Details: %s", g.ID, g.Details)
}
}
}

202
ai-compliance-sdk/internal/iace/engine.go Normal file
View File

@@ -0,0 +1,202 @@
package iace
import (
"fmt"
"math"
)
// RiskLevel, AssessRiskRequest, and RiskAssessment types are defined in models.go.
// This file only contains calculation methods.
// RiskComputeInput contains the input parameters for the engine's risk computation.
type RiskComputeInput struct {
Severity int `json:"severity"` // 1-5
Exposure int `json:"exposure"` // 1-5
Probability int `json:"probability"` // 1-5
ControlMaturity int `json:"control_maturity"` // 0-4
ControlCoverage float64 `json:"control_coverage"` // 0-1
TestEvidence float64 `json:"test_evidence"` // 0-1
HasJustification bool `json:"has_justification"`
}
// RiskComputeResult contains the output of the engine's risk computation.
type RiskComputeResult struct {
InherentRisk float64 `json:"inherent_risk"`
ControlEffectiveness float64 `json:"control_effectiveness"`
ResidualRisk float64 `json:"residual_risk"`
RiskLevel RiskLevel `json:"risk_level"`
IsAcceptable bool `json:"is_acceptable"`
AcceptanceReason string `json:"acceptance_reason"`
}
// ============================================================================
// RiskEngine
// ============================================================================
// RiskEngine provides methods for mathematical risk calculations
// according to the IACE (Inherent-risk Adjusted Control Effectiveness) model.
type RiskEngine struct{}
// NewRiskEngine creates a new RiskEngine instance.
func NewRiskEngine() *RiskEngine {
return &RiskEngine{}
}
// ============================================================================
// Calculations
// ============================================================================
// clamp restricts v to the range [lo, hi].
func clamp(v, lo, hi int) int {
if v < lo {
return lo
}
if v > hi {
return hi
}
return v
}
// clampFloat restricts v to the range [lo, hi].
func clampFloat(v, lo, hi float64) float64 {
if v < lo {
return lo
}
if v > hi {
return hi
}
return v
}
// CalculateInherentRisk computes the inherent risk score as S * E * P.
// Each factor is expected in the range 1-5 and will be clamped if out of range.
func (e *RiskEngine) CalculateInherentRisk(severity, exposure, probability int) float64 {
s := clamp(severity, 1, 5)
ex := clamp(exposure, 1, 5)
p := clamp(probability, 1, 5)
return float64(s) * float64(ex) * float64(p)
}
// CalculateControlEffectiveness computes the control effectiveness score.
//
// Formula: C_eff = min(1, 0.2*(maturity/4.0) + 0.5*coverage + 0.3*testEvidence)
//
// Parameters:
// - maturity: 0-4, clamped if out of range
// - coverage: 0-1, clamped if out of range
// - testEvidence: 0-1, clamped if out of range
//
// Returns a value between 0 and 1.
func (e *RiskEngine) CalculateControlEffectiveness(maturity int, coverage, testEvidence float64) float64 {
m := clamp(maturity, 0, 4)
cov := clampFloat(coverage, 0, 1)
te := clampFloat(testEvidence, 0, 1)
cEff := 0.2*(float64(m)/4.0) + 0.5*cov + 0.3*te
return math.Min(1, cEff)
}
// CalculateResidualRisk computes the residual risk after applying controls.
//
// Formula: R_residual = S * E * P * (1 - cEff)
//
// Parameters:
// - severity, exposure, probability: 1-5, clamped if out of range
// - cEff: control effectiveness, 0-1
func (e *RiskEngine) CalculateResidualRisk(severity, exposure, probability int, cEff float64) float64 {
inherent := e.CalculateInherentRisk(severity, exposure, probability)
return inherent * (1 - cEff)
}
// DetermineRiskLevel classifies the residual risk into a RiskLevel category.
//
// Thresholds:
// - >= 75: critical
// - >= 40: high
// - >= 15: medium
// - >= 5: low
// - < 5: negligible
func (e *RiskEngine) DetermineRiskLevel(residualRisk float64) RiskLevel {
switch {
case residualRisk >= 75:
return RiskLevelCritical
case residualRisk >= 40:
return RiskLevelHigh
case residualRisk >= 15:
return RiskLevelMedium
case residualRisk >= 5:
return RiskLevelLow
default:
return RiskLevelNegligible
}
}
// IsAcceptable determines whether the residual risk is acceptable based on
// the ALARP (As Low As Reasonably Practicable) principle and EU AI Act thresholds.
//
// Decision logic:
// - residualRisk < 15: acceptable ("Restrisiko unter Schwellwert")
// - residualRisk < 40 AND allReductionStepsApplied AND hasJustification:
// acceptable under ALARP ("ALARP-Prinzip: Restrisiko akzeptabel mit vollstaendiger Risikominderung")
// - residualRisk >= 40: not acceptable ("Restrisiko zu hoch - blockiert CE-Export")
func (e *RiskEngine) IsAcceptable(residualRisk float64, allReductionStepsApplied bool, hasJustification bool) (bool, string) {
if residualRisk < 15 {
return true, "Restrisiko unter Schwellwert"
}
if residualRisk < 40 && allReductionStepsApplied && hasJustification {
return true, "ALARP-Prinzip: Restrisiko akzeptabel mit vollstaendiger Risikominderung"
}
return false, "Restrisiko zu hoch - blockiert CE-Export"
}
// CalculateCompletenessScore computes a weighted completeness score (0-100).
//
// Formula:
//
// score = (passedRequired/totalRequired)*80
// + (passedRecommended/totalRecommended)*15
// + (passedOptional/totalOptional)*5
//
// If any totalX is 0, that component contributes 0 to the score.
func (e *RiskEngine) CalculateCompletenessScore(passedRequired, totalRequired, passedRecommended, totalRecommended, passedOptional, totalOptional int) float64 {
var score float64
if totalRequired > 0 {
score += (float64(passedRequired) / float64(totalRequired)) * 80
}
if totalRecommended > 0 {
score += (float64(passedRecommended) / float64(totalRecommended)) * 15
}
if totalOptional > 0 {
score += (float64(passedOptional) / float64(totalOptional)) * 5
}
return score
}
// ComputeRisk performs a complete risk computation using all calculation methods.
// It returns a RiskComputeResult with inherent risk, control effectiveness, residual risk,
// risk level, and acceptability.
//
// The allReductionStepsApplied parameter for IsAcceptable is set to false;
// the caller is responsible for updating acceptance status after reduction steps are applied.
func (e *RiskEngine) ComputeRisk(req RiskComputeInput) (*RiskComputeResult, error) {
if req.Severity < 1 || req.Exposure < 1 || req.Probability < 1 {
return nil, fmt.Errorf("severity, exposure, and probability must be >= 1")
}
inherentRisk := e.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability)
controlEff := e.CalculateControlEffectiveness(req.ControlMaturity, req.ControlCoverage, req.TestEvidence)
residualRisk := e.CalculateResidualRisk(req.Severity, req.Exposure, req.Probability, controlEff)
riskLevel := e.DetermineRiskLevel(residualRisk)
acceptable, reason := e.IsAcceptable(residualRisk, false, req.HasJustification)
return &RiskComputeResult{
InherentRisk: inherentRisk,
ControlEffectiveness: controlEff,
ResidualRisk: residualRisk,
RiskLevel: riskLevel,
IsAcceptable: acceptable,
AcceptanceReason: reason,
}, nil
}

936
ai-compliance-sdk/internal/iace/engine_test.go Normal file
View File

@@ -0,0 +1,936 @@
package iace
import (
"math"
"testing"
)
// ============================================================================
// Helper
// ============================================================================
const floatTolerance = 1e-9
func almostEqual(a, b float64) bool {
return math.Abs(a-b) < floatTolerance
}
// ============================================================================
// 1. CalculateInherentRisk — S × E × P
// ============================================================================
func TestCalculateInherentRisk_BasicCases(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
s, ex, p int
expected float64
}{
// Minimum
{"min 1×1×1", 1, 1, 1, 1},
// Maximum
{"max 5×5×5", 5, 5, 5, 125},
// Single factor high
{"5×1×1", 5, 1, 1, 5},
{"1×5×1", 1, 5, 1, 5},
{"1×1×5", 1, 1, 5, 5},
// Typical mid-range
{"3×3×3", 3, 3, 3, 27},
{"2×4×3", 2, 4, 3, 24},
{"4×2×5", 4, 2, 5, 40},
// Boundary at thresholds
{"3×5×5 = 75 (critical threshold)", 3, 5, 5, 75},
{"2×4×5 = 40 (high threshold)", 2, 4, 5, 40},
{"3×5×1 = 15 (medium threshold)", 3, 5, 1, 15},
{"5×1×1 = 5 (low threshold)", 5, 1, 1, 5},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := e.CalculateInherentRisk(tt.s, tt.ex, tt.p)
if !almostEqual(result, tt.expected) {
t.Errorf("CalculateInherentRisk(%d, %d, %d) = %v, want %v", tt.s, tt.ex, tt.p, result, tt.expected)
}
})
}
}
func TestCalculateInherentRisk_Clamping(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
s, ex, p int
expected float64
}{
{"below min clamped to 1", 0, 0, 0, 1},
{"negative clamped to 1", -5, -3, -1, 1},
{"above max clamped to 5", 10, 8, 6, 125},
{"mixed out-of-range", 0, 10, 3, 15}, // clamp(0,1,5)=1, clamp(10,1,5)=5, clamp(3,1,5)=3 → 1*5*3=15
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := e.CalculateInherentRisk(tt.s, tt.ex, tt.p)
if !almostEqual(result, tt.expected) {
t.Errorf("CalculateInherentRisk(%d, %d, %d) = %v, want %v", tt.s, tt.ex, tt.p, result, tt.expected)
}
})
}
}
// Full S×E×P coverage: verify all 125 combinations produce correct multiplication.
func TestCalculateInherentRisk_FullCoverage(t *testing.T) {
e := NewRiskEngine()
for s := 1; s <= 5; s++ {
for ex := 1; ex <= 5; ex++ {
for p := 1; p <= 5; p++ {
expected := float64(s * ex * p)
result := e.CalculateInherentRisk(s, ex, p)
if !almostEqual(result, expected) {
t.Errorf("CalculateInherentRisk(%d, %d, %d) = %v, want %v", s, ex, p, result, expected)
}
}
}
}
}
// ============================================================================
// 2. CalculateControlEffectiveness
// C_eff = min(1, 0.2*(maturity/4.0) + 0.5*coverage + 0.3*testEvidence)
// ============================================================================
func TestCalculateControlEffectiveness(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
maturity int
coverage float64
testEvidence float64
expected float64
}{
// All zeros → 0
{"all zero", 0, 0.0, 0.0, 0.0},
// All max → min(1, 0.2*1 + 0.5*1 + 0.3*1) = min(1, 1.0) = 1.0
{"all max", 4, 1.0, 1.0, 1.0},
// Only maturity max → 0.2 * (4/4) = 0.2
{"maturity only", 4, 0.0, 0.0, 0.2},
// Only coverage max → 0.5
{"coverage only", 0, 1.0, 0.0, 0.5},
// Only test evidence max → 0.3
{"evidence only", 0, 0.0, 1.0, 0.3},
// Half maturity → 0.2 * (2/4) = 0.1
{"half maturity", 2, 0.0, 0.0, 0.1},
// Typical mid-range: maturity=2, coverage=0.6, evidence=0.4
// 0.2*(2/4) + 0.5*0.6 + 0.3*0.4 = 0.1 + 0.3 + 0.12 = 0.52
{"typical mid", 2, 0.6, 0.4, 0.52},
// High values exceeding 1.0 should be capped
// maturity=4, coverage=1.0, evidence=1.0 → 0.2+0.5+0.3 = 1.0
{"capped at 1.0", 4, 1.0, 1.0, 1.0},
// maturity=3, coverage=0.8, evidence=0.9
// 0.2*(3/4) + 0.5*0.8 + 0.3*0.9 = 0.15 + 0.4 + 0.27 = 0.82
{"high controls", 3, 0.8, 0.9, 0.82},
// maturity=1, coverage=0.2, evidence=0.1
// 0.2*(1/4) + 0.5*0.2 + 0.3*0.1 = 0.05 + 0.1 + 0.03 = 0.18
{"low controls", 1, 0.2, 0.1, 0.18},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := e.CalculateControlEffectiveness(tt.maturity, tt.coverage, tt.testEvidence)
if !almostEqual(result, tt.expected) {
t.Errorf("CalculateControlEffectiveness(%d, %v, %v) = %v, want %v",
tt.maturity, tt.coverage, tt.testEvidence, result, tt.expected)
}
})
}
}
func TestCalculateControlEffectiveness_Clamping(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
maturity int
coverage float64
testEvidence float64
expected float64
}{
// Maturity below 0 → clamped to 0
{"maturity below zero", -1, 0.5, 0.5, 0.5*0.5 + 0.3*0.5},
// Maturity above 4 → clamped to 4
{"maturity above max", 10, 0.0, 0.0, 0.2},
// Coverage below 0 → clamped to 0
{"coverage below zero", 0, -0.5, 0.0, 0.0},
// Coverage above 1 → clamped to 1
{"coverage above max", 0, 2.0, 0.0, 0.5},
// Evidence below 0 → clamped to 0
{"evidence below zero", 0, 0.0, -1.0, 0.0},
// Evidence above 1 → clamped to 1
{"evidence above max", 0, 0.0, 5.0, 0.3},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := e.CalculateControlEffectiveness(tt.maturity, tt.coverage, tt.testEvidence)
if !almostEqual(result, tt.expected) {
t.Errorf("CalculateControlEffectiveness(%d, %v, %v) = %v, want %v",
tt.maturity, tt.coverage, tt.testEvidence, result, tt.expected)
}
})
}
}
// ============================================================================
// 3. CalculateResidualRisk — R_residual = S × E × P × (1 - C_eff)
// ============================================================================
func TestCalculateResidualRisk(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
s, ex, p int
cEff float64
expected float64
}{
// No controls → residual = inherent
{"no controls", 5, 5, 5, 0.0, 125.0},
// Perfect controls → residual = 0
{"perfect controls", 5, 5, 5, 1.0, 0.0},
// Half effectiveness
{"half controls 3×3×3", 3, 3, 3, 0.5, 13.5},
// Typical scenario: inherent=40, cEff=0.6 → residual=16
{"typical 2×4×5 cEff=0.6", 2, 4, 5, 0.6, 16.0},
// Low risk with some controls
{"low 1×2×3 cEff=0.3", 1, 2, 3, 0.3, 4.2},
// High risk with strong controls
{"high 5×4×4 cEff=0.82", 5, 4, 4, 0.82, 14.4},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := e.CalculateResidualRisk(tt.s, tt.ex, tt.p, tt.cEff)
if !almostEqual(result, tt.expected) {
t.Errorf("CalculateResidualRisk(%d, %d, %d, %v) = %v, want %v",
tt.s, tt.ex, tt.p, tt.cEff, result, tt.expected)
}
})
}
}
// ============================================================================
// 4. DetermineRiskLevel — threshold classification
// ============================================================================
func TestDetermineRiskLevel(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
residual float64
expected RiskLevel
}{
// Critical: >= 75
{"critical at 75", 75.0, RiskLevelCritical},
{"critical at 125", 125.0, RiskLevelCritical},
{"critical at 100", 100.0, RiskLevelCritical},
// High: >= 40
{"high at 40", 40.0, RiskLevelHigh},
{"high at 74.9", 74.9, RiskLevelHigh},
{"high at 50", 50.0, RiskLevelHigh},
// Medium: >= 15
{"medium at 15", 15.0, RiskLevelMedium},
{"medium at 39.9", 39.9, RiskLevelMedium},
{"medium at 27", 27.0, RiskLevelMedium},
// Low: >= 5
{"low at 5", 5.0, RiskLevelLow},
{"low at 14.9", 14.9, RiskLevelLow},
{"low at 10", 10.0, RiskLevelLow},
// Negligible: < 5
{"negligible at 4.9", 4.9, RiskLevelNegligible},
{"negligible at 0", 0.0, RiskLevelNegligible},
{"negligible at 1", 1.0, RiskLevelNegligible},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := e.DetermineRiskLevel(tt.residual)
if result != tt.expected {
t.Errorf("DetermineRiskLevel(%v) = %v, want %v", tt.residual, result, tt.expected)
}
})
}
}
// ============================================================================
// 5. IsAcceptable — ALARP principle
// ============================================================================
func TestIsAcceptable(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
residual float64
allReduction bool
justification bool
wantAcceptable bool
wantReason string
}{
// Below 15 → always acceptable
{"residual 14.9 always ok", 14.9, false, false, true, "Restrisiko unter Schwellwert"},
{"residual 0 always ok", 0.0, false, false, true, "Restrisiko unter Schwellwert"},
{"residual 10 always ok", 10.0, false, false, true, "Restrisiko unter Schwellwert"},
// 15-39.9 with all reduction + justification → ALARP
{"ALARP 20 all+just", 20.0, true, true, true, "ALARP-Prinzip: Restrisiko akzeptabel mit vollstaendiger Risikominderung"},
{"ALARP 39.9 all+just", 39.9, true, true, true, "ALARP-Prinzip: Restrisiko akzeptabel mit vollstaendiger Risikominderung"},
{"ALARP 15 all+just", 15.0, true, true, true, "ALARP-Prinzip: Restrisiko akzeptabel mit vollstaendiger Risikominderung"},
// 15-39.9 without all reduction → NOT acceptable
{"no reduction 20", 20.0, false, true, false, "Restrisiko zu hoch - blockiert CE-Export"},
// 15-39.9 without justification → NOT acceptable
{"no justification 20", 20.0, true, false, false, "Restrisiko zu hoch - blockiert CE-Export"},
// 15-39.9 without either → NOT acceptable
{"neither 30", 30.0, false, false, false, "Restrisiko zu hoch - blockiert CE-Export"},
// >= 40 → NEVER acceptable
{"residual 40 blocked", 40.0, true, true, false, "Restrisiko zu hoch - blockiert CE-Export"},
{"residual 75 blocked", 75.0, true, true, false, "Restrisiko zu hoch - blockiert CE-Export"},
{"residual 125 blocked", 125.0, true, true, false, "Restrisiko zu hoch - blockiert CE-Export"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
acceptable, reason := e.IsAcceptable(tt.residual, tt.allReduction, tt.justification)
if acceptable != tt.wantAcceptable {
t.Errorf("IsAcceptable(%v, %v, %v) acceptable = %v, want %v",
tt.residual, tt.allReduction, tt.justification, acceptable, tt.wantAcceptable)
}
if reason != tt.wantReason {
t.Errorf("IsAcceptable(%v, %v, %v) reason = %q, want %q",
tt.residual, tt.allReduction, tt.justification, reason, tt.wantReason)
}
})
}
}
// ============================================================================
// 6. CalculateCompletenessScore
// ============================================================================
func TestCalculateCompletenessScore(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
passedReq, totalReq, passedRec, totalRec, passedOpt, totalOpt int
expected float64
}{
// All passed
{"all passed", 20, 20, 5, 5, 3, 3, 100.0},
// Nothing passed
{"nothing passed", 0, 20, 0, 5, 0, 3, 0.0},
// Only required fully passed
{"only required", 20, 20, 0, 5, 0, 3, 80.0},
// Only recommended fully passed
{"only recommended", 0, 20, 5, 5, 0, 3, 15.0},
// Only optional fully passed
{"only optional", 0, 20, 0, 5, 3, 3, 5.0},
// Half required, no others
{"half required", 10, 20, 0, 5, 0, 3, 40.0},
// All zero totals → 0 (division by zero safety)
{"all zero totals", 0, 0, 0, 0, 0, 0, 0.0},
// Typical: 18/20 req + 3/5 rec + 1/3 opt
// (18/20)*80 + (3/5)*15 + (1/3)*5 = 72 + 9 + 1.6667 = 82.6667
{"typical", 18, 20, 3, 5, 1, 3, 72.0 + 9.0 + 5.0/3.0},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := e.CalculateCompletenessScore(
tt.passedReq, tt.totalReq, tt.passedRec, tt.totalRec, tt.passedOpt, tt.totalOpt)
if !almostEqual(result, tt.expected) {
t.Errorf("CalculateCompletenessScore(%d/%d, %d/%d, %d/%d) = %v, want %v",
tt.passedReq, tt.totalReq, tt.passedRec, tt.totalRec, tt.passedOpt, tt.totalOpt,
result, tt.expected)
}
})
}
}
// ============================================================================
// 7. ComputeRisk — integration test
// ============================================================================
func TestComputeRisk_ValidInput(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
input RiskComputeInput
wantInherent float64
wantCEff float64
wantResidual float64
wantLevel RiskLevel
wantAcceptable bool
}{
{
name: "no controls high risk",
input: RiskComputeInput{
Severity: 5, Exposure: 5, Probability: 5,
ControlMaturity: 0, ControlCoverage: 0, TestEvidence: 0,
},
wantInherent: 125,
wantCEff: 0,
wantResidual: 125,
wantLevel: RiskLevelCritical,
wantAcceptable: false,
},
{
name: "perfect controls zero residual",
input: RiskComputeInput{
Severity: 5, Exposure: 5, Probability: 5,
ControlMaturity: 4, ControlCoverage: 1.0, TestEvidence: 1.0,
},
wantInherent: 125,
wantCEff: 1.0,
wantResidual: 0,
wantLevel: RiskLevelNegligible,
wantAcceptable: true,
},
{
name: "medium risk acceptable",
input: RiskComputeInput{
Severity: 2, Exposure: 2, Probability: 2,
ControlMaturity: 2, ControlCoverage: 0.5, TestEvidence: 0.5,
// C_eff = 0.2*(2/4) + 0.5*0.5 + 0.3*0.5 = 0.1 + 0.25 + 0.15 = 0.5
// inherent = 8, residual = 8 * 0.5 = 4 → negligible → acceptable
},
wantInherent: 8,
wantCEff: 0.5,
wantResidual: 4,
wantLevel: RiskLevelNegligible,
wantAcceptable: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := e.ComputeRisk(tt.input)
if err != nil {
t.Fatalf("ComputeRisk returned error: %v", err)
}
if !almostEqual(result.InherentRisk, tt.wantInherent) {
t.Errorf("InherentRisk = %v, want %v", result.InherentRisk, tt.wantInherent)
}
if !almostEqual(result.ControlEffectiveness, tt.wantCEff) {
t.Errorf("ControlEffectiveness = %v, want %v", result.ControlEffectiveness, tt.wantCEff)
}
if !almostEqual(result.ResidualRisk, tt.wantResidual) {
t.Errorf("ResidualRisk = %v, want %v", result.ResidualRisk, tt.wantResidual)
}
if result.RiskLevel != tt.wantLevel {
t.Errorf("RiskLevel = %v, want %v", result.RiskLevel, tt.wantLevel)
}
if result.IsAcceptable != tt.wantAcceptable {
t.Errorf("IsAcceptable = %v, want %v", result.IsAcceptable, tt.wantAcceptable)
}
})
}
}
func TestComputeRisk_InvalidInput(t *testing.T) {
e := NewRiskEngine()
tests := []struct {
name string
input RiskComputeInput
}{
{"severity zero", RiskComputeInput{Severity: 0, Exposure: 3, Probability: 3}},
{"exposure zero", RiskComputeInput{Severity: 3, Exposure: 0, Probability: 3}},
{"probability zero", RiskComputeInput{Severity: 3, Exposure: 3, Probability: 0}},
{"all zero", RiskComputeInput{Severity: 0, Exposure: 0, Probability: 0}},
{"negative values", RiskComputeInput{Severity: -1, Exposure: -2, Probability: -3}},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := e.ComputeRisk(tt.input)
if err == nil {
t.Errorf("ComputeRisk expected error for input %+v, got result %+v", tt.input, result)
}
})
}
}
// ============================================================================
// 8. Golden Test Suite — 10 Referenzmaschinen (Industrial Machine Scenarios)
//
// Each machine scenario tests the full pipeline:
// Inherent Risk → Control Effectiveness → Residual Risk → Risk Level → Acceptability
//
// The control parameters reflect realistic mitigation states for each machine type.
// These serve as regression tests: if any threshold or formula changes,
// these tests will catch the impact immediately.
// ============================================================================
// referenceMachine defines a complete end-to-end test scenario for a real machine type.
type referenceMachine struct {
name string
description string
// Inherent risk factors (pre-mitigation)
severity int // 1-5
exposure int // 1-5
probability int // 1-5
// Control parameters (mitigation state)
controlMaturity int // 0-4
controlCoverage float64 // 0-1
testEvidence float64 // 0-1
hasJustification bool
// Expected outputs
expectedInherentRisk float64
expectedCEff float64
expectedResidualRisk float64
expectedRiskLevel RiskLevel
expectedAcceptable bool
}
// computeExpectedCEff calculates the expected control effectiveness for documentation/verification.
func computeExpectedCEff(maturity int, coverage, testEvidence float64) float64 {
cEff := 0.2*(float64(maturity)/4.0) + 0.5*coverage + 0.3*testEvidence
if cEff > 1.0 {
return 1.0
}
return cEff
}
func getReferenceMachines() []referenceMachine {
return []referenceMachine{
// ---------------------------------------------------------------
// 1. Industrieroboter-Zelle mit Schutzzaun
// 6-Achs-Roboter, Materialhandling, Schutzzaun + Lichtschranke.
// Hauptgefaehrdung: Quetschung/Kollision bei Betreten.
// Hohe Massnahmen: Sicherheits-SPS, zweikanalige Tuerueberwachung.
// ---------------------------------------------------------------
{
name: "Industrieroboter-Zelle",
description: "6-Achs-Roboter mit Schutzzaun, Quetsch-/Kollisionsgefahr",
severity: 5, // Lebensgefaehrlich
exposure: 3, // Regelmaessiger Zugang (Wartung)
probability: 4, // Wahrscheinlich bei offenem Zugang
controlMaturity: 3,
controlCoverage: 0.8,
testEvidence: 0.7,
hasJustification: false,
// Inherent: 5*3*4 = 60
// C_eff: 0.2*(3/4) + 0.5*0.8 + 0.3*0.7 = 0.15 + 0.4 + 0.21 = 0.76
// Residual: 60 * (1-0.76) = 60 * 0.24 = 14.4
// Level: medium (>=5, <15) → actually 14.4 < 15 → low
// Acceptable: 14.4 < 15 → yes
expectedInherentRisk: 60,
expectedCEff: 0.76,
expectedResidualRisk: 60 * (1 - 0.76),
expectedRiskLevel: RiskLevelLow,
expectedAcceptable: true,
},
// ---------------------------------------------------------------
// 2. CNC-Fraesmaschine mit automatischem Werkzeugwechsel
// Werkzeugbruch, Spaeneflug. Vollschutzkabine + Drehzahlueberwachung.
// ---------------------------------------------------------------
{
name: "CNC-Fraesmaschine",
description: "CNC mit Werkzeugwechsel, Werkzeugbruch/Spaeneflug",
severity: 4, // Schwere Verletzung
exposure: 3, // Bediener steht regelmaessig davor
probability: 3, // Moeglich
controlMaturity: 3,
controlCoverage: 0.9,
testEvidence: 0.8,
hasJustification: true,
// Inherent: 4*3*3 = 36
// C_eff: 0.2*(3/4) + 0.5*0.9 + 0.3*0.8 = 0.15 + 0.45 + 0.24 = 0.84
// Residual: 36 * 0.16 = 5.76
// Level: low (>=5, <15)
// Acceptable: 5.76 < 15 → yes
expectedInherentRisk: 36,
expectedCEff: 0.84,
expectedResidualRisk: 36 * (1 - 0.84),
expectedRiskLevel: RiskLevelLow,
expectedAcceptable: true,
},
// ---------------------------------------------------------------
// 3. Verpackungsmaschine mit Schneideeinheit
// Foerderband + Klinge. Schnittverletzung.
// Zweihandbedienung, Sicherheitsrelais, Abdeckung.
// ---------------------------------------------------------------
{
name: "Verpackungsmaschine",
description: "Foerderband + Schneideeinheit, Schnittverletzungsgefahr",
severity: 4, // Schwere Schnittverletzung
exposure: 4, // Dauerbetrieb mit Bediener
probability: 3, // Moeglich
controlMaturity: 2,
controlCoverage: 0.7,
testEvidence: 0.5,
hasJustification: true,
// Inherent: 4*4*3 = 48
// C_eff: 0.2*(2/4) + 0.5*0.7 + 0.3*0.5 = 0.1 + 0.35 + 0.15 = 0.6
// Residual: 48 * 0.4 = 19.2
// Level: medium (>=15, <40)
// Acceptable: 19.2 >= 15, allReduction=false (ComputeRisk default) → NOT acceptable
expectedInherentRisk: 48,
expectedCEff: 0.6,
expectedResidualRisk: 48 * (1 - 0.6),
expectedRiskLevel: RiskLevelMedium,
expectedAcceptable: false, // ComputeRisk sets allReductionStepsApplied=false
},
// ---------------------------------------------------------------
// 4. Automatisierte Pressanlage
// Quetschung im Pressbereich. Hoechste Gefaehrdung.
// Lichtvorhang, Kat-4-Steuerung, mechanische Verriegelung.
// ---------------------------------------------------------------
{
name: "Pressanlage",
description: "Automatische Presse, Quetschgefahr im Pressbereich",
severity: 5, // Toedlich
exposure: 4, // Bediener staendig im Bereich
probability: 4, // Wahrscheinlich ohne Schutz
controlMaturity: 4,
controlCoverage: 0.9,
testEvidence: 0.9,
hasJustification: true,
// Inherent: 5*4*4 = 80
// C_eff: 0.2*(4/4) + 0.5*0.9 + 0.3*0.9 = 0.2 + 0.45 + 0.27 = 0.92
// Residual: 80 * 0.08 = 6.4
// Level: low (>=5, <15)
// Acceptable: 6.4 < 15 → yes
expectedInherentRisk: 80,
expectedCEff: 0.92,
expectedResidualRisk: 80 * (1 - 0.92),
expectedRiskLevel: RiskLevelLow,
expectedAcceptable: true,
},
// ---------------------------------------------------------------
// 5. Lasergravur-Anlage (Klasse 4)
// Augenverletzung durch Laserstrahl.
// Geschlossene Kabine, Interlock.
// ---------------------------------------------------------------
{
name: "Lasergravur-Anlage",
description: "Klasse-4-Laser, Augenverletzungsgefahr",
severity: 5, // Irreversible Augenschaeden
exposure: 2, // Selten direkter Zugang
probability: 2, // Selten bei geschlossener Kabine
controlMaturity: 3,
controlCoverage: 0.95,
testEvidence: 0.8,
hasJustification: false,
// Inherent: 5*2*2 = 20
// C_eff: 0.2*(3/4) + 0.5*0.95 + 0.3*0.8 = 0.15 + 0.475 + 0.24 = 0.865
// Residual: 20 * 0.135 = 2.7
// Level: negligible (<5)
// Acceptable: 2.7 < 15 → yes
expectedInherentRisk: 20,
expectedCEff: 0.865,
expectedResidualRisk: 20 * (1 - 0.865),
expectedRiskLevel: RiskLevelNegligible,
expectedAcceptable: true,
},
// ---------------------------------------------------------------
// 6. Fahrerloses Transportsystem (AGV)
// Kollision mit Personen in Produktionshalle.
// Laserscanner, Not-Aus, Geschwindigkeitsbegrenzung.
// ---------------------------------------------------------------
{
name: "AGV (Fahrerloses Transportsystem)",
description: "Autonomes Fahrzeug, Kollisionsgefahr mit Personen",
severity: 4, // Schwere Verletzung
exposure: 4, // Dauerhaft Personen in der Naehe
probability: 3, // Moeglich in offener Umgebung
controlMaturity: 3,
controlCoverage: 0.7,
testEvidence: 0.6,
hasJustification: true,
// Inherent: 4*4*3 = 48
// C_eff: 0.2*(3/4) + 0.5*0.7 + 0.3*0.6 = 0.15 + 0.35 + 0.18 = 0.68
// Residual: 48 * 0.32 = 15.36
// Level: medium (>=15, <40)
// Acceptable: 15.36 >= 15, allReduction=false → NOT acceptable
expectedInherentRisk: 48,
expectedCEff: 0.68,
expectedResidualRisk: 48 * (1 - 0.68),
expectedRiskLevel: RiskLevelMedium,
expectedAcceptable: false, // ComputeRisk sets allReductionStepsApplied=false
},
// ---------------------------------------------------------------
// 7. Abfuellanlage fuer Chemikalien
// Kontakt mit gefaehrlichem Medium.
// Geschlossene Leitungen, Leckageerkennung.
// ---------------------------------------------------------------
{
name: "Abfuellanlage Chemikalien",
description: "Chemikalien-Abfuellung, Kontaktgefahr",
severity: 4, // Schwere Veraetzung
exposure: 2, // Gelegentlicher Zugang
probability: 2, // Selten bei geschlossenen Leitungen
controlMaturity: 3,
controlCoverage: 0.85,
testEvidence: 0.7,
hasJustification: false,
// Inherent: 4*2*2 = 16
// C_eff: 0.2*(3/4) + 0.5*0.85 + 0.3*0.7 = 0.15 + 0.425 + 0.21 = 0.785
// Residual: 16 * 0.215 = 3.44
// Level: negligible (<5)
// Acceptable: 3.44 < 15 → yes
expectedInherentRisk: 16,
expectedCEff: 0.785,
expectedResidualRisk: 16 * (1 - 0.785),
expectedRiskLevel: RiskLevelNegligible,
expectedAcceptable: true,
},
// ---------------------------------------------------------------
// 8. Industrie-3D-Drucker (Metallpulver)
// Feinstaub-Inhalation, Explosionsgefahr.
// Absauganlage, Explosionsschutz.
// ---------------------------------------------------------------
{
name: "Industrie-3D-Drucker Metallpulver",
description: "Metallpulver-Drucker, Feinstaub und ATEX",
severity: 4, // Schwere Lungenschaeden / Explosion
exposure: 3, // Regelmaessig (Druckjob-Wechsel)
probability: 3, // Moeglich
controlMaturity: 2,
controlCoverage: 0.6,
testEvidence: 0.5,
hasJustification: true,
// Inherent: 4*3*3 = 36
// C_eff: 0.2*(2/4) + 0.5*0.6 + 0.3*0.5 = 0.1 + 0.3 + 0.15 = 0.55
// Residual: 36 * 0.45 = 16.2
// Level: medium (>=15, <40)
// Acceptable: 16.2 >= 15, allReduction=false → NOT acceptable
expectedInherentRisk: 36,
expectedCEff: 0.55,
expectedResidualRisk: 36 * (1 - 0.55),
expectedRiskLevel: RiskLevelMedium,
expectedAcceptable: false,
},
// ---------------------------------------------------------------
// 9. Automatisches Hochregallager
// Absturz von Lasten, Regalbediengeraet.
// Lastsicherung, Sensoren, regelmaessige Wartung.
// ---------------------------------------------------------------
{
name: "Hochregallager",
description: "Automatisches Regallager, Lastabsturzgefahr",
severity: 5, // Toedlich bei Absturz schwerer Lasten
exposure: 2, // Selten (automatisiert, Wartungszugang)
probability: 2, // Selten bei ordnungsgemaessem Betrieb
controlMaturity: 3,
controlCoverage: 0.8,
testEvidence: 0.7,
hasJustification: false,
// Inherent: 5*2*2 = 20
// C_eff: 0.2*(3/4) + 0.5*0.8 + 0.3*0.7 = 0.15 + 0.4 + 0.21 = 0.76
// Residual: 20 * 0.24 = 4.8
// Level: negligible (<5)
// Acceptable: 4.8 < 15 → yes
expectedInherentRisk: 20,
expectedCEff: 0.76,
expectedResidualRisk: 20 * (1 - 0.76),
expectedRiskLevel: RiskLevelNegligible,
expectedAcceptable: true,
},
// ---------------------------------------------------------------
// 10. KI-Bildverarbeitung Qualitaetskontrolle
// Fehlklassifikation → sicherheitsrelevantes Bauteil wird freigegeben.
// Redundante Pruefung, Validierungsdatensatz, KI-Risikobeurteilung.
// AI Act relevant.
// ---------------------------------------------------------------
{
name: "KI-Qualitaetskontrolle",
description: "KI-Vision fuer Bauteilpruefung, Fehlklassifikationsgefahr (AI Act relevant)",
severity: 4, // Fehlerhaftes Sicherheitsbauteil im Feld
exposure: 5, // Kontinuierlich (jedes Bauteil)
probability: 3, // Moeglich (ML nie 100% korrekt)
controlMaturity: 2,
controlCoverage: 0.5,
testEvidence: 0.6,
hasJustification: true,
// Inherent: 4*5*3 = 60
// C_eff: 0.2*(2/4) + 0.5*0.5 + 0.3*0.6 = 0.1 + 0.25 + 0.18 = 0.53
// Residual: 60 * 0.47 = 28.2
// Level: medium (>=15, <40)
// Acceptable: 28.2 >= 15, allReduction=false → NOT acceptable
expectedInherentRisk: 60,
expectedCEff: 0.53,
expectedResidualRisk: 60 * (1 - 0.53),
expectedRiskLevel: RiskLevelMedium,
expectedAcceptable: false,
},
}
}
func TestReferenceMachines_ComputeRisk(t *testing.T) {
engine := NewRiskEngine()
machines := getReferenceMachines()
for _, m := range machines {
t.Run(m.name, func(t *testing.T) {
input := RiskComputeInput{
Severity: m.severity,
Exposure: m.exposure,
Probability: m.probability,
ControlMaturity: m.controlMaturity,
ControlCoverage: m.controlCoverage,
TestEvidence: m.testEvidence,
HasJustification: m.hasJustification,
}
result, err := engine.ComputeRisk(input)
if err != nil {
t.Fatalf("ComputeRisk returned error: %v", err)
}
// Verify inherent risk
if !almostEqual(result.InherentRisk, m.expectedInherentRisk) {
t.Errorf("InherentRisk = %v, want %v", result.InherentRisk, m.expectedInherentRisk)
}
// Verify control effectiveness
if !almostEqual(result.ControlEffectiveness, m.expectedCEff) {
t.Errorf("ControlEffectiveness = %v, want %v", result.ControlEffectiveness, m.expectedCEff)
}
// Verify residual risk
if !almostEqual(result.ResidualRisk, m.expectedResidualRisk) {
t.Errorf("ResidualRisk = %v, want %v (diff: %v)",
result.ResidualRisk, m.expectedResidualRisk,
math.Abs(result.ResidualRisk-m.expectedResidualRisk))
}
// Verify risk level
if result.RiskLevel != m.expectedRiskLevel {
t.Errorf("RiskLevel = %v, want %v (residual=%v)",
result.RiskLevel, m.expectedRiskLevel, result.ResidualRisk)
}
// Verify acceptability
if result.IsAcceptable != m.expectedAcceptable {
t.Errorf("IsAcceptable = %v, want %v (residual=%v, level=%v)",
result.IsAcceptable, m.expectedAcceptable, result.ResidualRisk, result.RiskLevel)
}
})
}
}
// TestReferenceMachines_InherentRiskDistribution verifies that the 10 machines
// cover a meaningful range of inherent risk values (not all clustered).
func TestReferenceMachines_InherentRiskDistribution(t *testing.T) {
machines := getReferenceMachines()
var minRisk, maxRisk float64
minRisk = 999
levelCounts := map[RiskLevel]int{}
for _, m := range machines {
if m.expectedInherentRisk < minRisk {
minRisk = m.expectedInherentRisk
}
if m.expectedInherentRisk > maxRisk {
maxRisk = m.expectedInherentRisk
}
levelCounts[m.expectedRiskLevel]++
}
// Should span a meaningful range
if maxRisk-minRisk < 40 {
t.Errorf("Inherent risk range too narrow: [%v, %v], want spread >= 40", minRisk, maxRisk)
}
// Should cover at least 3 different risk levels
if len(levelCounts) < 3 {
t.Errorf("Only %d risk levels covered, want at least 3: %v", len(levelCounts), levelCounts)
}
}
// TestReferenceMachines_AcceptabilityMix verifies that the test suite has both
// acceptable and unacceptable outcomes.
func TestReferenceMachines_AcceptabilityMix(t *testing.T) {
machines := getReferenceMachines()
acceptableCount := 0
unacceptableCount := 0
for _, m := range machines {
if m.expectedAcceptable {
acceptableCount++
} else {
unacceptableCount++
}
}
if acceptableCount == 0 {
t.Error("No acceptable machines in test suite — need at least one")
}
if unacceptableCount == 0 {
t.Error("No unacceptable machines in test suite — need at least one")
}
t.Logf("Acceptability mix: %d acceptable, %d unacceptable out of %d machines",
acceptableCount, unacceptableCount, len(machines))
}
// ============================================================================
// 9. Edge Cases
// ============================================================================
func TestClamp(t *testing.T) {
tests := []struct {
name string
v, lo, hi int
expected int
}{
{"in range", 3, 1, 5, 3},
{"at low", 1, 1, 5, 1},
{"at high", 5, 1, 5, 5},
{"below low", 0, 1, 5, 1},
{"above high", 10, 1, 5, 5},
{"negative", -100, 0, 4, 0},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := clamp(tt.v, tt.lo, tt.hi)
if result != tt.expected {
t.Errorf("clamp(%d, %d, %d) = %d, want %d", tt.v, tt.lo, tt.hi, result, tt.expected)
}
})
}
}
func TestClampFloat(t *testing.T) {
tests := []struct {
name string
v, lo, hi float64
expected float64
}{
{"in range", 0.5, 0, 1, 0.5},
{"at low", 0, 0, 1, 0},
{"at high", 1.0, 0, 1, 1.0},
{"below low", -0.5, 0, 1, 0},
{"above high", 2.5, 0, 1, 1.0},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := clampFloat(tt.v, tt.lo, tt.hi)
if !almostEqual(result, tt.expected) {
t.Errorf("clampFloat(%v, %v, %v) = %v, want %v", tt.v, tt.lo, tt.hi, result, tt.expected)
}
})
}
}

606
ai-compliance-sdk/internal/iace/hazard_library.go Normal file
View File

@@ -0,0 +1,606 @@
package iace
import (
"encoding/json"
"fmt"
"time"
"github.com/google/uuid"
)
// hazardUUID generates a deterministic UUID for a hazard library entry
// based on category and a 1-based index within that category.
func hazardUUID(category string, index int) uuid.UUID {
name := fmt.Sprintf("iace.hazard.%s.%d", category, index)
return uuid.NewSHA1(uuid.NameSpaceDNS, []byte(name))
}
// mustMarshalJSON marshals the given value to json.RawMessage, panicking on error.
// This is safe to use for static data known at compile time.
func mustMarshalJSON(v interface{}) json.RawMessage {
data, err := json.Marshal(v)
if err != nil {
panic(fmt.Sprintf("hazard_library: failed to marshal JSON: %v", err))
}
return data
}
// GetBuiltinHazardLibrary returns the complete built-in hazard library with 40+
// template entries for SW/FW/KI hazards in industrial machines. These entries are
// intended to be seeded into the iace_hazard_library table during initial setup.
//
// All entries have IsBuiltin=true and TenantID=nil (system-level templates).
// UUIDs are deterministic, generated via uuid.NewSHA1 based on category and index.
func GetBuiltinHazardLibrary() []HazardLibraryEntry {
now := time.Now()
entries := []HazardLibraryEntry{
// ====================================================================
// Category: false_classification (4 entries)
// ====================================================================
{
ID: hazardUUID("false_classification", 1),
Category: "false_classification",
Name: "Falsche Bauteil-Klassifikation durch KI",
Description: "Das KI-Modell klassifiziert ein Bauteil fehlerhaft, was zu falscher Weiterverarbeitung oder Montage fuehren kann.",
DefaultSeverity: 4,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"ai_model", "sensor"},
RegulationReferences: []string{"EU AI Act Art. 9", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Redundante Pruefung", "Konfidenz-Schwellwert"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("false_classification", 2),
Category: "false_classification",
Name: "Falsche Qualitaetsentscheidung (IO/NIO)",
Description: "Fehlerhafte IO/NIO-Entscheidung durch das KI-System fuehrt dazu, dass defekte Teile als gut bewertet oder gute Teile verworfen werden.",
DefaultSeverity: 4,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"ai_model", "software"},
RegulationReferences: []string{"EU AI Act Art. 9", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Human-in-the-Loop", "Stichproben-Gegenpruefung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("false_classification", 3),
Category: "false_classification",
Name: "Fehlklassifikation bei Grenzwertfaellen",
Description: "Bauteile nahe an Toleranzgrenzen werden systematisch falsch klassifiziert, da das Modell in Grenzwertbereichen unsicher agiert.",
DefaultSeverity: 3,
DefaultProbability: 4,
ApplicableComponentTypes: []string{"ai_model"},
RegulationReferences: []string{"EU AI Act Art. 9", "ISO 13849"},
SuggestedMitigations: mustMarshalJSON([]string{"Erweitertes Training", "Grauzone-Eskalation"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("false_classification", 4),
Category: "false_classification",
Name: "Verwechslung von Bauteiltypen",
Description: "Unterschiedliche Bauteiltypen werden vom KI-Modell verwechselt, was zu falscher Montage oder Verarbeitung fuehrt.",
DefaultSeverity: 4,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"ai_model", "sensor"},
RegulationReferences: []string{"EU AI Act Art. 9", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Barcode-Gegenpruefung", "Doppelte Sensorik"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: timing_error (3 entries)
// ====================================================================
{
ID: hazardUUID("timing_error", 1),
Category: "timing_error",
Name: "Verzoegerte KI-Reaktion in Echtzeitsystem",
Description: "Die KI-Inferenz dauert laenger als die zulaessige Echtzeitfrist, was zu verspaeteten Sicherheitsreaktionen fuehrt.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"software", "ai_model"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849", "IEC 62443"},
SuggestedMitigations: mustMarshalJSON([]string{"Watchdog-Timer", "Fallback-Steuerung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("timing_error", 2),
Category: "timing_error",
Name: "Echtzeit-Verletzung Safety-Loop",
Description: "Der sicherheitsgerichtete Regelkreis kann die geforderten Zykluszeiten nicht einhalten, wodurch Sicherheitsfunktionen versagen koennen.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"software", "firmware"},
RegulationReferences: []string{"ISO 13849", "IEC 61508", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Deterministische Ausfuehrung", "WCET-Analyse"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("timing_error", 3),
Category: "timing_error",
Name: "Timing-Jitter bei Netzwerkkommunikation",
Description: "Schwankende Netzwerklatenzen fuehren zu unvorhersehbaren Verzoegerungen in der Datenuebertragung sicherheitsrelevanter Signale.",
DefaultSeverity: 3,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"network", "software"},
RegulationReferences: []string{"IEC 62443", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"TSN-Netzwerk", "Pufferung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: data_poisoning (2 entries)
// ====================================================================
{
ID: hazardUUID("data_poisoning", 1),
Category: "data_poisoning",
Name: "Manipulierte Trainingsdaten",
Description: "Trainingsdaten werden absichtlich oder unbeabsichtigt manipuliert, wodurch das Modell systematisch fehlerhafte Entscheidungen trifft.",
DefaultSeverity: 4,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"ai_model"},
RegulationReferences: []string{"EU AI Act Art. 10", "CRA"},
SuggestedMitigations: mustMarshalJSON([]string{"Daten-Validierung", "Anomalie-Erkennung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("data_poisoning", 2),
Category: "data_poisoning",
Name: "Adversarial Input Angriff",
Description: "Gezielte Manipulation von Eingabedaten (z.B. Bilder, Sensorsignale), um das KI-Modell zu taeuschen und Fehlentscheidungen auszuloesen.",
DefaultSeverity: 4,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"ai_model", "sensor"},
RegulationReferences: []string{"EU AI Act Art. 15", "CRA", "IEC 62443"},
SuggestedMitigations: mustMarshalJSON([]string{"Input-Validation", "Adversarial Training"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: model_drift (3 entries)
// ====================================================================
{
ID: hazardUUID("model_drift", 1),
Category: "model_drift",
Name: "Performance-Degradation durch Concept Drift",
Description: "Die statistische Verteilung der Eingabedaten aendert sich ueber die Zeit, wodurch die Modellgenauigkeit schleichend abnimmt.",
DefaultSeverity: 3,
DefaultProbability: 4,
ApplicableComponentTypes: []string{"ai_model"},
RegulationReferences: []string{"EU AI Act Art. 9", "EU AI Act Art. 72"},
SuggestedMitigations: mustMarshalJSON([]string{"Monitoring-Dashboard", "Automatisches Retraining"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("model_drift", 2),
Category: "model_drift",
Name: "Data Drift durch veraenderte Umgebung",
Description: "Aenderungen in der physischen Umgebung (Beleuchtung, Temperatur, Material) fuehren zu veraenderten Sensordaten und Modellfehlern.",
DefaultSeverity: 3,
DefaultProbability: 4,
ApplicableComponentTypes: []string{"ai_model", "sensor"},
RegulationReferences: []string{"EU AI Act Art. 9", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Statistische Ueberwachung", "Sensor-Kalibrierung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("model_drift", 3),
Category: "model_drift",
Name: "Schleichende Modell-Verschlechterung",
Description: "Ohne aktives Monitoring verschlechtert sich die Modellqualitaet ueber Wochen oder Monate unbemerkt.",
DefaultSeverity: 3,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"ai_model"},
RegulationReferences: []string{"EU AI Act Art. 9", "EU AI Act Art. 72"},
SuggestedMitigations: mustMarshalJSON([]string{"Regelmaessige Evaluierung", "A/B-Testing"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: sensor_spoofing (3 entries)
// ====================================================================
{
ID: hazardUUID("sensor_spoofing", 1),
Category: "sensor_spoofing",
Name: "Kamera-Manipulation / Abdeckung",
Description: "Kamerasensoren werden absichtlich oder unbeabsichtigt abgedeckt oder manipuliert, sodass das System auf Basis falscher Bilddaten agiert.",
DefaultSeverity: 4,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"sensor"},
RegulationReferences: []string{"IEC 62443", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Plausibilitaetspruefung", "Mehrfach-Sensorik"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("sensor_spoofing", 2),
Category: "sensor_spoofing",
Name: "Sensor-Signal-Injection",
Description: "Einspeisung gefaelschter Signale in die Sensorleitungen oder Schnittstellen, um das System gezielt zu manipulieren.",
DefaultSeverity: 5,
DefaultProbability: 1,
ApplicableComponentTypes: []string{"sensor", "network"},
RegulationReferences: []string{"IEC 62443", "CRA"},
SuggestedMitigations: mustMarshalJSON([]string{"Signalverschluesselung", "Anomalie-Erkennung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("sensor_spoofing", 3),
Category: "sensor_spoofing",
Name: "Umgebungsbasierte Sensor-Taeuschung",
Description: "Natuerliche oder kuenstliche Umgebungsveraenderungen (Licht, Staub, Vibration) fuehren zu fehlerhaften Sensorwerten.",
DefaultSeverity: 3,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"sensor"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849"},
SuggestedMitigations: mustMarshalJSON([]string{"Sensor-Fusion", "Redundanz"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: communication_failure (3 entries)
// ====================================================================
{
ID: hazardUUID("communication_failure", 1),
Category: "communication_failure",
Name: "Feldbus-Ausfall",
Description: "Ausfall des industriellen Feldbusses (z.B. PROFINET, EtherCAT) fuehrt zum Verlust der Kommunikation zwischen Steuerung und Aktorik.",
DefaultSeverity: 4,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"network", "controller"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849", "IEC 62443"},
SuggestedMitigations: mustMarshalJSON([]string{"Redundanter Bus", "Safe-State-Transition"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("communication_failure", 2),
Category: "communication_failure",
Name: "Cloud-Verbindungsverlust",
Description: "Die Verbindung zur Cloud-Infrastruktur bricht ab, wodurch cloud-abhaengige Funktionen (z.B. Modell-Updates, Monitoring) nicht verfuegbar sind.",
DefaultSeverity: 3,
DefaultProbability: 4,
ApplicableComponentTypes: []string{"network", "software"},
RegulationReferences: []string{"CRA", "EU AI Act Art. 15"},
SuggestedMitigations: mustMarshalJSON([]string{"Offline-Faehigkeit", "Edge-Computing"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("communication_failure", 3),
Category: "communication_failure",
Name: "Netzwerk-Latenz-Spitzen",
Description: "Unkontrollierte Latenzspitzen im Netzwerk fuehren zu Timeouts und verspaeteter Datenlieferung an sicherheitsrelevante Systeme.",
DefaultSeverity: 3,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"network"},
RegulationReferences: []string{"IEC 62443", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"QoS-Konfiguration", "Timeout-Handling"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: unauthorized_access (4 entries)
// ====================================================================
{
ID: hazardUUID("unauthorized_access", 1),
Category: "unauthorized_access",
Name: "Unautorisierter Remote-Zugriff",
Description: "Ein Angreifer erlangt ueber das Netzwerk Zugriff auf die Maschinensteuerung und kann sicherheitsrelevante Parameter aendern.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"network", "software"},
RegulationReferences: []string{"IEC 62443", "CRA", "EU AI Act Art. 15"},
SuggestedMitigations: mustMarshalJSON([]string{"VPN", "MFA", "Netzwerksegmentierung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("unauthorized_access", 2),
Category: "unauthorized_access",
Name: "Konfigurations-Manipulation",
Description: "Sicherheitsrelevante Konfigurationsparameter werden unautorisiert geaendert, z.B. Grenzwerte, Schwellwerte oder Betriebsmodi.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"software", "firmware"},
RegulationReferences: []string{"IEC 62443", "CRA", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Zugriffskontrolle", "Audit-Log"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("unauthorized_access", 3),
Category: "unauthorized_access",
Name: "Privilege Escalation",
Description: "Ein Benutzer oder Prozess erlangt hoehere Berechtigungen als vorgesehen und kann sicherheitskritische Aktionen ausfuehren.",
DefaultSeverity: 5,
DefaultProbability: 1,
ApplicableComponentTypes: []string{"software"},
RegulationReferences: []string{"IEC 62443", "CRA"},
SuggestedMitigations: mustMarshalJSON([]string{"RBAC", "Least Privilege"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("unauthorized_access", 4),
Category: "unauthorized_access",
Name: "Supply-Chain-Angriff auf Komponente",
Description: "Eine kompromittierte Softwarekomponente oder Firmware wird ueber die Lieferkette eingeschleust und enthaelt Schadcode oder Backdoors.",
DefaultSeverity: 5,
DefaultProbability: 1,
ApplicableComponentTypes: []string{"software", "firmware"},
RegulationReferences: []string{"CRA", "IEC 62443", "EU AI Act Art. 15"},
SuggestedMitigations: mustMarshalJSON([]string{"SBOM", "Signaturpruefung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: firmware_corruption (3 entries)
// ====================================================================
{
ID: hazardUUID("firmware_corruption", 1),
Category: "firmware_corruption",
Name: "Update-Abbruch mit inkonsistentem Zustand",
Description: "Ein Firmware-Update wird unterbrochen (z.B. Stromausfall), wodurch das System in einem inkonsistenten und potenziell unsicheren Zustand verbleibt.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"firmware"},
RegulationReferences: []string{"CRA", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"A/B-Partitioning", "Rollback"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("firmware_corruption", 2),
Category: "firmware_corruption",
Name: "Rollback-Fehler auf alte Version",
Description: "Ein Rollback auf eine aeltere Firmware-Version schlaegt fehl oder fuehrt zu Inkompatibilitaeten mit der aktuellen Hardware-/Softwarekonfiguration.",
DefaultSeverity: 4,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"firmware"},
RegulationReferences: []string{"CRA", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Versionsmanagement", "Kompatibilitaetspruefung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("firmware_corruption", 3),
Category: "firmware_corruption",
Name: "Boot-Chain-Angriff",
Description: "Die Bootsequenz wird manipuliert, um unsignierte oder kompromittierte Firmware auszufuehren, was die gesamte Sicherheitsarchitektur untergaebt.",
DefaultSeverity: 5,
DefaultProbability: 1,
ApplicableComponentTypes: []string{"firmware"},
RegulationReferences: []string{"CRA", "IEC 62443"},
SuggestedMitigations: mustMarshalJSON([]string{"Secure Boot", "TPM"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: safety_boundary_violation (4 entries)
// ====================================================================
{
ID: hazardUUID("safety_boundary_violation", 1),
Category: "safety_boundary_violation",
Name: "Kraft-/Drehmoment-Ueberschreitung",
Description: "Aktorische Systeme ueberschreiten die zulaessigen Kraft- oder Drehmomentwerte, was zu Verletzungen oder Maschinenschaeden fuehren kann.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"controller", "actuator"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849", "IEC 62061"},
SuggestedMitigations: mustMarshalJSON([]string{"Hardware-Limiter", "SIL-Ueberwachung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("safety_boundary_violation", 2),
Category: "safety_boundary_violation",
Name: "Geschwindigkeitsueberschreitung Roboter",
Description: "Ein Industrieroboter ueberschreitet die zulaessige Geschwindigkeit, insbesondere bei Mensch-Roboter-Kollaboration.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"controller", "software"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849", "ISO 10218"},
SuggestedMitigations: mustMarshalJSON([]string{"Safe Speed Monitoring", "Lichtgitter"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("safety_boundary_violation", 3),
Category: "safety_boundary_violation",
Name: "Versagen des Safe-State",
Description: "Das System kann im Fehlerfall keinen sicheren Zustand einnehmen, da die Sicherheitssteuerung selbst versagt.",
DefaultSeverity: 5,
DefaultProbability: 1,
ApplicableComponentTypes: []string{"controller", "software", "firmware"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849", "IEC 62061"},
SuggestedMitigations: mustMarshalJSON([]string{"Redundante Sicherheitssteuerung", "Diverse Programmierung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("safety_boundary_violation", 4),
Category: "safety_boundary_violation",
Name: "Arbeitsraum-Verletzung",
Description: "Ein Roboter oder Aktor verlaesst seinen definierten Arbeitsraum und dringt in den Schutzbereich von Personen ein.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"controller", "sensor"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849", "ISO 10218"},
SuggestedMitigations: mustMarshalJSON([]string{"Sichere Achsueberwachung", "Schutzzaun-Sensorik"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: mode_confusion (3 entries)
// ====================================================================
{
ID: hazardUUID("mode_confusion", 1),
Category: "mode_confusion",
Name: "Falsche Betriebsart aktiv",
Description: "Das System befindet sich in einer unbeabsichtigten Betriebsart (z.B. Automatik statt Einrichtbetrieb), was zu unerwarteten Maschinenbewegungen fuehrt.",
DefaultSeverity: 4,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"hmi", "software"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849"},
SuggestedMitigations: mustMarshalJSON([]string{"Betriebsart-Anzeige", "Schluesselschalter"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("mode_confusion", 2),
Category: "mode_confusion",
Name: "Wartung/Normal-Verwechslung",
Description: "Das System wird im Normalbetrieb gewartet oder der Wartungsmodus wird nicht korrekt verlassen, was zu gefaehrlichen Situationen fuehrt.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"hmi", "software"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849"},
SuggestedMitigations: mustMarshalJSON([]string{"Zugangskontrolle", "Sicherheitsverriegelung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("mode_confusion", 3),
Category: "mode_confusion",
Name: "Automatik-Eingriff waehrend Handbetrieb",
Description: "Das System wechselt waehrend des Handbetriebs unerwartet in den Automatikbetrieb, wodurch eine Person im Gefahrenbereich verletzt werden kann.",
DefaultSeverity: 5,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"software", "controller"},
RegulationReferences: []string{"Maschinenverordnung 2023/1230", "ISO 13849"},
SuggestedMitigations: mustMarshalJSON([]string{"Exklusive Betriebsarten", "Zustimmtaster"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: unintended_bias (2 entries)
// ====================================================================
{
ID: hazardUUID("unintended_bias", 1),
Category: "unintended_bias",
Name: "Diskriminierende KI-Entscheidung",
Description: "Das KI-Modell trifft systematisch diskriminierende Entscheidungen, z.B. bei der Qualitaetsbewertung bestimmter Produktchargen oder Lieferanten.",
DefaultSeverity: 3,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"ai_model"},
RegulationReferences: []string{"EU AI Act Art. 10", "EU AI Act Art. 71"},
SuggestedMitigations: mustMarshalJSON([]string{"Bias-Testing", "Fairness-Metriken"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("unintended_bias", 2),
Category: "unintended_bias",
Name: "Verzerrte Trainingsdaten",
Description: "Die Trainingsdaten sind nicht repraesentativ und enthalten systematische Verzerrungen, die zu unfairen oder fehlerhaften Modellergebnissen fuehren.",
DefaultSeverity: 3,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"ai_model"},
RegulationReferences: []string{"EU AI Act Art. 10", "EU AI Act Art. 71"},
SuggestedMitigations: mustMarshalJSON([]string{"Datensatz-Audit", "Ausgewogenes Sampling"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
// ====================================================================
// Category: update_failure (3 entries)
// ====================================================================
{
ID: hazardUUID("update_failure", 1),
Category: "update_failure",
Name: "Unvollstaendiges OTA-Update",
Description: "Ein Over-the-Air-Update wird nur teilweise uebertragen oder angewendet, wodurch das System in einem inkonsistenten Zustand verbleibt.",
DefaultSeverity: 4,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"firmware", "software"},
RegulationReferences: []string{"CRA", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Atomare Updates", "Integritaetspruefung"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("update_failure", 2),
Category: "update_failure",
Name: "Versionskonflikt nach Update",
Description: "Nach einem Update sind Software- und Firmware-Versionen inkompatibel, was zu Fehlfunktionen oder Ausfaellen fuehrt.",
DefaultSeverity: 3,
DefaultProbability: 3,
ApplicableComponentTypes: []string{"software", "firmware"},
RegulationReferences: []string{"CRA", "Maschinenverordnung 2023/1230"},
SuggestedMitigations: mustMarshalJSON([]string{"Kompatibilitaetsmatrix", "Staging-Tests"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
{
ID: hazardUUID("update_failure", 3),
Category: "update_failure",
Name: "Unkontrollierter Auto-Update",
Description: "Ein automatisches Update wird ohne Genehmigung oder ausserhalb eines Wartungsfensters eingespielt und stoert den laufenden Betrieb.",
DefaultSeverity: 4,
DefaultProbability: 2,
ApplicableComponentTypes: []string{"software"},
RegulationReferences: []string{"CRA", "Maschinenverordnung 2023/1230", "IEC 62443"},
SuggestedMitigations: mustMarshalJSON([]string{"Update-Genehmigung", "Wartungsfenster"}),
IsBuiltin: true,
TenantID: nil,
CreatedAt: now,
},
}
return entries
}

293
ai-compliance-sdk/internal/iace/hazard_library_test.go Normal file
View File

@@ -0,0 +1,293 @@
package iace
import (
"testing"
"github.com/google/uuid"
)
func TestGetBuiltinHazardLibrary_EntryCount(t *testing.T) {
entries := GetBuiltinHazardLibrary()
// Expected: 4+3+2+3+3+3+4+3+4+3+2+3 = 37
if len(entries) != 37 {
t.Fatalf("GetBuiltinHazardLibrary returned %d entries, want 37", len(entries))
}
}
func TestGetBuiltinHazardLibrary_AllBuiltinAndNoTenant(t *testing.T) {
entries := GetBuiltinHazardLibrary()
for i, e := range entries {
if !e.IsBuiltin {
t.Errorf("entries[%d] (%s): IsBuiltin = false, want true", i, e.Name)
}
if e.TenantID != nil {
t.Errorf("entries[%d] (%s): TenantID = %v, want nil", i, e.Name, e.TenantID)
}
}
}
func TestGetBuiltinHazardLibrary_UniqueNonZeroUUIDs(t *testing.T) {
entries := GetBuiltinHazardLibrary()
seen := make(map[uuid.UUID]string)
for i, e := range entries {
if e.ID == uuid.Nil {
t.Errorf("entries[%d] (%s): ID is zero UUID", i, e.Name)
}
if prev, exists := seen[e.ID]; exists {
t.Errorf("entries[%d] (%s): duplicate UUID %s, same as %q", i, e.Name, e.ID, prev)
}
seen[e.ID] = e.Name
}
}
func TestGetBuiltinHazardLibrary_AllCategoriesPresent(t *testing.T) {
entries := GetBuiltinHazardLibrary()
expectedCategories := map[string]bool{
"false_classification": false,
"timing_error": false,
"data_poisoning": false,
"model_drift": false,
"sensor_spoofing": false,
"communication_failure": false,
"unauthorized_access": false,
"firmware_corruption": false,
"safety_boundary_violation": false,
"mode_confusion": false,
"unintended_bias": false,
"update_failure": false,
}
for _, e := range entries {
if _, ok := expectedCategories[e.Category]; !ok {
t.Errorf("unexpected category %q in entry %q", e.Category, e.Name)
}
expectedCategories[e.Category] = true
}
for cat, found := range expectedCategories {
if !found {
t.Errorf("expected category %q not found in any entry", cat)
}
}
}
func TestGetBuiltinHazardLibrary_CategoryCounts(t *testing.T) {
entries := GetBuiltinHazardLibrary()
expectedCounts := map[string]int{
"false_classification": 4,
"timing_error": 3,
"data_poisoning": 2,
"model_drift": 3,
"sensor_spoofing": 3,
"communication_failure": 3,
"unauthorized_access": 4,
"firmware_corruption": 3,
"safety_boundary_violation": 4,
"mode_confusion": 3,
"unintended_bias": 2,
"update_failure": 3,
}
actualCounts := make(map[string]int)
for _, e := range entries {
actualCounts[e.Category]++
}
for cat, expected := range expectedCounts {
if actualCounts[cat] != expected {
t.Errorf("category %q: count = %d, want %d", cat, actualCounts[cat], expected)
}
}
}
func TestGetBuiltinHazardLibrary_SeverityRange(t *testing.T) {
entries := GetBuiltinHazardLibrary()
for i, e := range entries {
if e.DefaultSeverity < 1 || e.DefaultSeverity > 5 {
t.Errorf("entries[%d] (%s): DefaultSeverity = %d, want 1-5", i, e.Name, e.DefaultSeverity)
}
}
}
func TestGetBuiltinHazardLibrary_ProbabilityRange(t *testing.T) {
entries := GetBuiltinHazardLibrary()
for i, e := range entries {
if e.DefaultProbability < 1 || e.DefaultProbability > 5 {
t.Errorf("entries[%d] (%s): DefaultProbability = %d, want 1-5", i, e.Name, e.DefaultProbability)
}
}
}
func TestGetBuiltinHazardLibrary_NonEmptyFields(t *testing.T) {
entries := GetBuiltinHazardLibrary()
for i, e := range entries {
if e.Name == "" {
t.Errorf("entries[%d]: Name is empty", i)
}
if e.Category == "" {
t.Errorf("entries[%d] (%s): Category is empty", i, e.Name)
}
if len(e.ApplicableComponentTypes) == 0 {
t.Errorf("entries[%d] (%s): ApplicableComponentTypes is empty", i, e.Name)
}
if len(e.RegulationReferences) == 0 {
t.Errorf("entries[%d] (%s): RegulationReferences is empty", i, e.Name)
}
}
}
func TestHazardUUID_Deterministic(t *testing.T) {
tests := []struct {
category string
index int
}{
{"false_classification", 1},
{"timing_error", 2},
{"data_poisoning", 1},
{"update_failure", 3},
{"mode_confusion", 1},
}
for _, tt := range tests {
t.Run(tt.category, func(t *testing.T) {
id1 := hazardUUID(tt.category, tt.index)
id2 := hazardUUID(tt.category, tt.index)
if id1 != id2 {
t.Errorf("hazardUUID(%q, %d) not deterministic: %s != %s", tt.category, tt.index, id1, id2)
}
if id1 == uuid.Nil {
t.Errorf("hazardUUID(%q, %d) returned zero UUID", tt.category, tt.index)
}
})
}
}
func TestHazardUUID_DifferentInputsProduceDifferentUUIDs(t *testing.T) {
tests := []struct {
cat1 string
idx1 int
cat2 string
idx2 int
}{
{"false_classification", 1, "false_classification", 2},
{"false_classification", 1, "timing_error", 1},
{"data_poisoning", 1, "data_poisoning", 2},
{"mode_confusion", 1, "mode_confusion", 3},
}
for _, tt := range tests {
name := tt.cat1 + "_" + tt.cat2
t.Run(name, func(t *testing.T) {
id1 := hazardUUID(tt.cat1, tt.idx1)
id2 := hazardUUID(tt.cat2, tt.idx2)
if id1 == id2 {
t.Errorf("hazardUUID(%q,%d) == hazardUUID(%q,%d): %s", tt.cat1, tt.idx1, tt.cat2, tt.idx2, id1)
}
})
}
}
func TestGetBuiltinHazardLibrary_CreatedAtSet(t *testing.T) {
entries := GetBuiltinHazardLibrary()
for i, e := range entries {
if e.CreatedAt.IsZero() {
t.Errorf("entries[%d] (%s): CreatedAt is zero", i, e.Name)
}
}
}
func TestGetBuiltinHazardLibrary_DescriptionPresent(t *testing.T) {
entries := GetBuiltinHazardLibrary()
for i, e := range entries {
if e.Description == "" {
t.Errorf("entries[%d] (%s): Description is empty", i, e.Name)
}
}
}
func TestGetBuiltinHazardLibrary_SuggestedMitigationsPresent(t *testing.T) {
entries := GetBuiltinHazardLibrary()
for i, e := range entries {
if e.SuggestedMitigations == nil || len(e.SuggestedMitigations) == 0 {
t.Errorf("entries[%d] (%s): SuggestedMitigations is nil/empty", i, e.Name)
}
}
}
func TestGetBuiltinHazardLibrary_ApplicableComponentTypesAreValid(t *testing.T) {
entries := GetBuiltinHazardLibrary()
validTypes := map[string]bool{
string(ComponentTypeSoftware): true,
string(ComponentTypeFirmware): true,
string(ComponentTypeAIModel): true,
string(ComponentTypeHMI): true,
string(ComponentTypeSensor): true,
string(ComponentTypeActuator): true,
string(ComponentTypeController): true,
string(ComponentTypeNetwork): true,
string(ComponentTypeOther): true,
}
for i, e := range entries {
for _, ct := range e.ApplicableComponentTypes {
if !validTypes[ct] {
t.Errorf("entries[%d] (%s): invalid component type %q in ApplicableComponentTypes", i, e.Name, ct)
}
}
}
}
func TestGetBuiltinHazardLibrary_UUIDsMatchExpected(t *testing.T) {
// Verify the first entry of each category has the expected UUID
// based on the deterministic hazardUUID function.
entries := GetBuiltinHazardLibrary()
categoryFirstSeen := make(map[string]uuid.UUID)
for _, e := range entries {
if _, exists := categoryFirstSeen[e.Category]; !exists {
categoryFirstSeen[e.Category] = e.ID
}
}
for cat, actualID := range categoryFirstSeen {
expectedID := hazardUUID(cat, 1)
if actualID != expectedID {
t.Errorf("first entry of category %q: ID = %s, want %s", cat, actualID, expectedID)
}
}
}
func TestGetBuiltinHazardLibrary_ConsistentAcrossCalls(t *testing.T) {
entries1 := GetBuiltinHazardLibrary()
entries2 := GetBuiltinHazardLibrary()
if len(entries1) != len(entries2) {
t.Fatalf("inconsistent lengths: %d vs %d", len(entries1), len(entries2))
}
for i := range entries1 {
if entries1[i].ID != entries2[i].ID {
t.Errorf("entries[%d]: ID mismatch across calls: %s vs %s", i, entries1[i].ID, entries2[i].ID)
}
if entries1[i].Name != entries2[i].Name {
t.Errorf("entries[%d]: Name mismatch across calls: %q vs %q", i, entries1[i].Name, entries2[i].Name)
}
if entries1[i].Category != entries2[i].Category {
t.Errorf("entries[%d]: Category mismatch across calls: %q vs %q", i, entries1[i].Category, entries2[i].Category)
}
}
}

485
ai-compliance-sdk/internal/iace/models.go Normal file
View File

@@ -0,0 +1,485 @@
package iace
import (
"encoding/json"
"time"
"github.com/google/uuid"
)
// ============================================================================
// Constants / Enums
// ============================================================================
// ProjectStatus represents the lifecycle status of an IACE project
type ProjectStatus string
const (
ProjectStatusDraft ProjectStatus = "draft"
ProjectStatusOnboarding ProjectStatus = "onboarding"
ProjectStatusClassification ProjectStatus = "classification"
ProjectStatusHazardAnalysis ProjectStatus = "hazard_analysis"
ProjectStatusMitigation ProjectStatus = "mitigation"
ProjectStatusVerification ProjectStatus = "verification"
ProjectStatusTechFile ProjectStatus = "tech_file"
ProjectStatusCompleted ProjectStatus = "completed"
ProjectStatusArchived ProjectStatus = "archived"
)
// ComponentType represents the type of a system component
type ComponentType string
const (
ComponentTypeSoftware ComponentType = "software"
ComponentTypeFirmware ComponentType = "firmware"
ComponentTypeAIModel ComponentType = "ai_model"
ComponentTypeHMI ComponentType = "hmi"
ComponentTypeSensor ComponentType = "sensor"
ComponentTypeActuator ComponentType = "actuator"
ComponentTypeController ComponentType = "controller"
ComponentTypeNetwork ComponentType = "network"
ComponentTypeOther ComponentType = "other"
)
// RegulationType represents the applicable EU regulation
type RegulationType string
const (
RegulationNIS2 RegulationType = "nis2"
RegulationAIAct RegulationType = "ai_act"
RegulationCRA RegulationType = "cra"
RegulationMachineryRegulation RegulationType = "machinery_regulation"
)
// HazardStatus represents the lifecycle status of a hazard
type HazardStatus string
const (
HazardStatusIdentified HazardStatus = "identified"
HazardStatusAssessed HazardStatus = "assessed"
HazardStatusMitigated HazardStatus = "mitigated"
HazardStatusAccepted HazardStatus = "accepted"
HazardStatusClosed HazardStatus = "closed"
)
// AssessmentType represents the type of risk assessment
type AssessmentType string
const (
AssessmentTypeInitial AssessmentType = "initial"
AssessmentTypePostMitigation AssessmentType = "post_mitigation"
AssessmentTypeReassessment AssessmentType = "reassessment"
)
// RiskLevel represents the severity level of a risk
type RiskLevel string
const (
RiskLevelCritical RiskLevel = "critical"
RiskLevelHigh RiskLevel = "high"
RiskLevelMedium RiskLevel = "medium"
RiskLevelLow RiskLevel = "low"
RiskLevelNegligible RiskLevel = "negligible"
)
// ReductionType represents the type of risk reduction measure
type ReductionType string
const (
ReductionTypeDesign ReductionType = "design"
ReductionTypeProtective ReductionType = "protective"
ReductionTypeInformation ReductionType = "information"
)
// MitigationStatus represents the lifecycle status of a mitigation measure
type MitigationStatus string
const (
MitigationStatusPlanned MitigationStatus = "planned"
MitigationStatusImplemented MitigationStatus = "implemented"
MitigationStatusVerified MitigationStatus = "verified"
MitigationStatusRejected MitigationStatus = "rejected"
)
// VerificationMethod represents the method used for verification
type VerificationMethod string
const (
VerificationMethodTest VerificationMethod = "test"
VerificationMethodAnalysis VerificationMethod = "analysis"
VerificationMethodInspection VerificationMethod = "inspection"
VerificationMethodReview VerificationMethod = "review"
)
// TechFileSectionStatus represents the status of a technical file section
type TechFileSectionStatus string
const (
TechFileSectionStatusDraft TechFileSectionStatus = "draft"
TechFileSectionStatusGenerated TechFileSectionStatus = "generated"
TechFileSectionStatusReviewed TechFileSectionStatus = "reviewed"
TechFileSectionStatusApproved TechFileSectionStatus = "approved"
)
// MonitoringEventType represents the type of monitoring event
type MonitoringEventType string
const (
MonitoringEventTypeIncident MonitoringEventType = "incident"
MonitoringEventTypeUpdate MonitoringEventType = "update"
MonitoringEventTypeDriftAlert MonitoringEventType = "drift_alert"
MonitoringEventTypeRegulationChange MonitoringEventType = "regulation_change"
MonitoringEventTypeAudit MonitoringEventType = "audit"
)
// AuditAction represents the type of action recorded in the audit trail
type AuditAction string
const (
AuditActionCreate AuditAction = "create"
AuditActionUpdate AuditAction = "update"
AuditActionDelete AuditAction = "delete"
AuditActionApprove AuditAction = "approve"
AuditActionVerify AuditAction = "verify"
)
// ============================================================================
// Main Entities
// ============================================================================
// Project represents an IACE compliance project for a machine or system
type Project struct {
ID uuid.UUID `json:"id"`
TenantID uuid.UUID `json:"tenant_id"`
MachineName string `json:"machine_name"`
MachineType string `json:"machine_type"`
Manufacturer string `json:"manufacturer"`
Description string `json:"description,omitempty"`
NarrativeText string `json:"narrative_text,omitempty"`
Status ProjectStatus `json:"status"`
CEMarkingTarget string `json:"ce_marking_target,omitempty"`
CompletenessScore float64 `json:"completeness_score"`
RiskSummary map[string]int `json:"risk_summary,omitempty"`
TriggeredRegulations json.RawMessage `json:"triggered_regulations,omitempty"`
Metadata json.RawMessage `json:"metadata,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
ArchivedAt *time.Time `json:"archived_at,omitempty"`
}
// Component represents a system component within a project
type Component struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
ParentID *uuid.UUID `json:"parent_id,omitempty"`
Name string `json:"name"`
ComponentType ComponentType `json:"component_type"`
Version string `json:"version,omitempty"`
Description string `json:"description,omitempty"`
IsSafetyRelevant bool `json:"is_safety_relevant"`
IsNetworked bool `json:"is_networked"`
Metadata json.RawMessage `json:"metadata,omitempty"`
SortOrder int `json:"sort_order"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// RegulatoryClassification represents the classification result for a regulation
type RegulatoryClassification struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
Regulation RegulationType `json:"regulation"`
ClassificationResult string `json:"classification_result"`
RiskLevel RiskLevel `json:"risk_level"`
Confidence float64 `json:"confidence"`
Reasoning string `json:"reasoning,omitempty"`
RAGSources json.RawMessage `json:"rag_sources,omitempty"`
Requirements json.RawMessage `json:"requirements,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// HazardLibraryEntry represents a reusable hazard template from the library
type HazardLibraryEntry struct {
ID uuid.UUID `json:"id"`
Category string `json:"category"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
DefaultSeverity int `json:"default_severity"`
DefaultProbability int `json:"default_probability"`
ApplicableComponentTypes []string `json:"applicable_component_types"`
RegulationReferences []string `json:"regulation_references"`
SuggestedMitigations json.RawMessage `json:"suggested_mitigations,omitempty"`
IsBuiltin bool `json:"is_builtin"`
TenantID *uuid.UUID `json:"tenant_id,omitempty"`
CreatedAt time.Time `json:"created_at"`
}
// Hazard represents a specific hazard identified within a project
type Hazard struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
ComponentID uuid.UUID `json:"component_id"`
LibraryHazardID *uuid.UUID `json:"library_hazard_id,omitempty"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
Scenario string `json:"scenario,omitempty"`
Category string `json:"category"`
Status HazardStatus `json:"status"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// RiskAssessment represents a quantitative risk assessment for a hazard
type RiskAssessment struct {
ID uuid.UUID `json:"id"`
HazardID uuid.UUID `json:"hazard_id"`
Version int `json:"version"`
AssessmentType AssessmentType `json:"assessment_type"`
Severity int `json:"severity"`
Exposure int `json:"exposure"`
Probability int `json:"probability"`
InherentRisk float64 `json:"inherent_risk"`
ControlMaturity int `json:"control_maturity"`
ControlCoverage float64 `json:"control_coverage"`
TestEvidenceStrength float64 `json:"test_evidence_strength"`
CEff float64 `json:"c_eff"`
ResidualRisk float64 `json:"residual_risk"`
RiskLevel RiskLevel `json:"risk_level"`
IsAcceptable bool `json:"is_acceptable"`
AcceptanceJustification string `json:"acceptance_justification,omitempty"`
AssessedBy uuid.UUID `json:"assessed_by"`
CreatedAt time.Time `json:"created_at"`
}
// Mitigation represents a risk reduction measure applied to a hazard
type Mitigation struct {
ID uuid.UUID `json:"id"`
HazardID uuid.UUID `json:"hazard_id"`
ReductionType ReductionType `json:"reduction_type"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
Status MitigationStatus `json:"status"`
VerificationMethod VerificationMethod `json:"verification_method,omitempty"`
VerificationResult string `json:"verification_result,omitempty"`
VerifiedAt *time.Time `json:"verified_at,omitempty"`
VerifiedBy uuid.UUID `json:"verified_by,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// Evidence represents an uploaded file that serves as evidence for compliance
type Evidence struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
MitigationID *uuid.UUID `json:"mitigation_id,omitempty"`
VerificationPlanID *uuid.UUID `json:"verification_plan_id,omitempty"`
FileName string `json:"file_name"`
FilePath string `json:"file_path"`
FileHash string `json:"file_hash"`
FileSize int64 `json:"file_size"`
MimeType string `json:"mime_type"`
Description string `json:"description,omitempty"`
UploadedBy uuid.UUID `json:"uploaded_by"`
CreatedAt time.Time `json:"created_at"`
}
// VerificationPlan represents a plan for verifying compliance measures
type VerificationPlan struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
HazardID *uuid.UUID `json:"hazard_id,omitempty"`
MitigationID *uuid.UUID `json:"mitigation_id,omitempty"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
AcceptanceCriteria string `json:"acceptance_criteria,omitempty"`
Method VerificationMethod `json:"method"`
Status string `json:"status"`
Result string `json:"result,omitempty"`
CompletedAt *time.Time `json:"completed_at,omitempty"`
CompletedBy uuid.UUID `json:"completed_by,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// TechFileSection represents a section of the technical documentation file
type TechFileSection struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
SectionType string `json:"section_type"`
Title string `json:"title"`
Content string `json:"content,omitempty"`
Version int `json:"version"`
Status TechFileSectionStatus `json:"status"`
ApprovedBy uuid.UUID `json:"approved_by,omitempty"`
ApprovedAt *time.Time `json:"approved_at,omitempty"`
Metadata json.RawMessage `json:"metadata,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// MonitoringEvent represents a post-market monitoring event
type MonitoringEvent struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
EventType MonitoringEventType `json:"event_type"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
Severity string `json:"severity"`
ImpactAssessment string `json:"impact_assessment,omitempty"`
Status string `json:"status"`
ResolvedAt *time.Time `json:"resolved_at,omitempty"`
ResolvedBy uuid.UUID `json:"resolved_by,omitempty"`
Metadata json.RawMessage `json:"metadata,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// AuditTrailEntry represents an immutable audit log entry for compliance traceability
type AuditTrailEntry struct {
ID uuid.UUID `json:"id"`
ProjectID uuid.UUID `json:"project_id"`
EntityType string `json:"entity_type"`
EntityID uuid.UUID `json:"entity_id"`
Action AuditAction `json:"action"`
UserID uuid.UUID `json:"user_id"`
OldValues json.RawMessage `json:"old_values,omitempty"`
NewValues json.RawMessage `json:"new_values,omitempty"`
Hash string `json:"hash"`
CreatedAt time.Time `json:"created_at"`
}
// ============================================================================
// API Request Types
// ============================================================================
// CreateProjectRequest is the API request for creating a new IACE project
type CreateProjectRequest struct {
MachineName string `json:"machine_name" binding:"required"`
MachineType string `json:"machine_type" binding:"required"`
Manufacturer string `json:"manufacturer" binding:"required"`
Description string `json:"description,omitempty"`
NarrativeText string `json:"narrative_text,omitempty"`
CEMarkingTarget string `json:"ce_marking_target,omitempty"`
Metadata json.RawMessage `json:"metadata,omitempty"`
}
// UpdateProjectRequest is the API request for updating an existing project
type UpdateProjectRequest struct {
MachineName *string `json:"machine_name,omitempty"`
MachineType *string `json:"machine_type,omitempty"`
Manufacturer *string `json:"manufacturer,omitempty"`
Description *string `json:"description,omitempty"`
NarrativeText *string `json:"narrative_text,omitempty"`
CEMarkingTarget *string `json:"ce_marking_target,omitempty"`
Metadata *json.RawMessage `json:"metadata,omitempty"`
}
// CreateComponentRequest is the API request for adding a component to a project
type CreateComponentRequest struct {
ProjectID uuid.UUID `json:"project_id" binding:"required"`
ParentID *uuid.UUID `json:"parent_id,omitempty"`
Name string `json:"name" binding:"required"`
ComponentType ComponentType `json:"component_type" binding:"required"`
Version string `json:"version,omitempty"`
Description string `json:"description,omitempty"`
IsSafetyRelevant bool `json:"is_safety_relevant"`
IsNetworked bool `json:"is_networked"`
}
// CreateHazardRequest is the API request for creating a new hazard
type CreateHazardRequest struct {
ProjectID uuid.UUID `json:"project_id" binding:"required"`
ComponentID uuid.UUID `json:"component_id" binding:"required"`
LibraryHazardID *uuid.UUID `json:"library_hazard_id,omitempty"`
Name string `json:"name" binding:"required"`
Description string `json:"description,omitempty"`
Scenario string `json:"scenario,omitempty"`
Category string `json:"category" binding:"required"`
}
// AssessRiskRequest is the API request for performing a risk assessment
type AssessRiskRequest struct {
HazardID uuid.UUID `json:"hazard_id" binding:"required"`
Severity int `json:"severity" binding:"required"`
Exposure int `json:"exposure" binding:"required"`
Probability int `json:"probability" binding:"required"`
ControlMaturity int `json:"control_maturity" binding:"required"`
ControlCoverage float64 `json:"control_coverage" binding:"required"`
TestEvidenceStrength float64 `json:"test_evidence_strength" binding:"required"`
AcceptanceJustification string `json:"acceptance_justification,omitempty"`
}
// CreateMitigationRequest is the API request for creating a mitigation measure
type CreateMitigationRequest struct {
HazardID uuid.UUID `json:"hazard_id" binding:"required"`
ReductionType ReductionType `json:"reduction_type" binding:"required"`
Name string `json:"name" binding:"required"`
Description string `json:"description,omitempty"`
}
// CreateVerificationPlanRequest is the API request for creating a verification plan
type CreateVerificationPlanRequest struct {
ProjectID uuid.UUID `json:"project_id" binding:"required"`
HazardID *uuid.UUID `json:"hazard_id,omitempty"`
MitigationID *uuid.UUID `json:"mitigation_id,omitempty"`
Title string `json:"title" binding:"required"`
Description string `json:"description,omitempty"`
AcceptanceCriteria string `json:"acceptance_criteria,omitempty"`
Method VerificationMethod `json:"method" binding:"required"`
}
// CreateMonitoringEventRequest is the API request for logging a monitoring event
type CreateMonitoringEventRequest struct {
ProjectID uuid.UUID `json:"project_id" binding:"required"`
EventType MonitoringEventType `json:"event_type" binding:"required"`
Title string `json:"title" binding:"required"`
Description string `json:"description,omitempty"`
Severity string `json:"severity" binding:"required"`
}
// InitFromProfileRequest is the API request for initializing a project from a company profile
type InitFromProfileRequest struct {
CompanyProfile json.RawMessage `json:"company_profile" binding:"required"`
ComplianceScope json.RawMessage `json:"compliance_scope" binding:"required"`
}
// ============================================================================
// API Response Types
// ============================================================================
// ProjectListResponse is the API response for listing projects
type ProjectListResponse struct {
Projects []Project `json:"projects"`
Total int `json:"total"`
}
// ProjectDetailResponse is the API response for a single project with related entities
type ProjectDetailResponse struct {
Project
Components []Component `json:"components"`
Classifications []RegulatoryClassification `json:"classifications"`
CompletenessGates []CompletenessGate `json:"completeness_gates"`
}
// RiskSummaryResponse is the API response for an aggregated risk overview
type RiskSummaryResponse struct {
TotalHazards int `json:"total_hazards"`
Critical int `json:"critical"`
High int `json:"high"`
Medium int `json:"medium"`
Low int `json:"low"`
Negligible int `json:"negligible"`
OverallRiskLevel RiskLevel `json:"overall_risk_level"`
AllAcceptable bool `json:"all_acceptable"`
}
// CompletenessGate represents a single gate in the project completeness checklist
type CompletenessGate struct {
ID string `json:"id"`
Category string `json:"category"`
Label string `json:"label"`
Required bool `json:"required"`
Passed bool `json:"passed"`
Details string `json:"details,omitempty"`
}

1777
ai-compliance-sdk/internal/iace/store.go Normal file
View File

File diff suppressed because it is too large Load Diff