feat: Compliance Maximizer — Regulatory Optimization Engine
Some checks failed
Build + Deploy / build-admin-compliance (push) Successful in 1m45s
Build + Deploy / build-backend-compliance (push) Successful in 4m42s
Build + Deploy / build-ai-sdk (push) Successful in 46s
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Build + Deploy / build-tts (push) Successful in 1m14s
Build + Deploy / build-document-crawler (push) Successful in 31s
Build + Deploy / build-dsms-gateway (push) Successful in 24s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m27s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 37s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 18s
Build + Deploy / trigger-orca (push) Successful in 4m35s
Some checks failed
Build + Deploy / build-admin-compliance (push) Successful in 1m45s
Build + Deploy / build-backend-compliance (push) Successful in 4m42s
Build + Deploy / build-ai-sdk (push) Successful in 46s
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Build + Deploy / build-tts (push) Successful in 1m14s
Build + Deploy / build-document-crawler (push) Successful in 31s
Build + Deploy / build-dsms-gateway (push) Successful in 24s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 15s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m27s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Failing after 37s
CI / test-python-backend (push) Successful in 42s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 23s
CI / validate-canonical-controls (push) Successful in 18s
Build + Deploy / trigger-orca (push) Successful in 4m35s
Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases deterministisch berechnet und optimale Konfigurationen vorschlaegt. Kernfeatures: - 13-Dimensionen Constraint-Space (DSGVO + AI Act) - 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt - Deterministische Optimizer-Engine (kein LLM im Kern) - 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines - 28 Tests (Golden Suite + Meta-Tests) - REST API: /sdk/v1/maximizer/* (9 Endpoints) - Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges [migration-approved] Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
76
ai-compliance-sdk/internal/maximizer/constraints.go
Normal file
76
ai-compliance-sdk/internal/maximizer/constraints.go
Normal file
@@ -0,0 +1,76 @@
|
||||
package maximizer
|
||||
|
||||
// ConstraintRuleSet is the top-level container loaded from maximizer_constraints_v1.json.
|
||||
type ConstraintRuleSet struct {
|
||||
Version string `json:"version"`
|
||||
Regulations []string `json:"regulations"`
|
||||
Rules []ConstraintRule `json:"rules"`
|
||||
}
|
||||
|
||||
// ConstraintRule maps a regulatory obligation to dimension restrictions.
|
||||
type ConstraintRule struct {
|
||||
ID string `json:"id"`
|
||||
ObligationID string `json:"obligation_id"`
|
||||
Regulation string `json:"regulation"`
|
||||
ArticleRef string `json:"article_ref"`
|
||||
Title string `json:"title"`
|
||||
Description string `json:"description"`
|
||||
RuleType string `json:"rule_type"` // hard_prohibition, requirement, classification_rule, optimizer_rule, escalation_gate
|
||||
Constraints []Constraint `json:"constraints"`
|
||||
}
|
||||
|
||||
// Constraint is a single if-then rule on the dimension space.
|
||||
type Constraint struct {
|
||||
If ConditionSet `json:"if"`
|
||||
Then EffectSet `json:"then"`
|
||||
}
|
||||
|
||||
// ConditionSet maps dimension names to their required values.
|
||||
// Values can be a string (exact match) or []string (any of).
|
||||
type ConditionSet map[string]interface{}
|
||||
|
||||
// EffectSet defines what must be true when the condition matches.
|
||||
type EffectSet struct {
|
||||
// Allowed=false means hard block — no optimization possible for this rule
|
||||
Allowed *bool `json:"allowed,omitempty"`
|
||||
|
||||
// RequiredValues: dimension must have exactly this value
|
||||
RequiredValues map[string]string `json:"required_values,omitempty"`
|
||||
|
||||
// RequiredControls: organizational/technical controls needed
|
||||
RequiredControls []string `json:"required_controls,omitempty"`
|
||||
|
||||
// RequiredPatterns: architectural patterns needed
|
||||
RequiredPatterns []string `json:"required_patterns,omitempty"`
|
||||
|
||||
// Classification overrides
|
||||
SetRiskClassification string `json:"set_risk_classification,omitempty"`
|
||||
}
|
||||
|
||||
// Matches checks if a DimensionConfig satisfies all conditions in this set.
|
||||
func (cs ConditionSet) Matches(config *DimensionConfig) bool {
|
||||
for dim, expected := range cs {
|
||||
actual := config.GetValue(dim)
|
||||
if actual == "" {
|
||||
return false
|
||||
}
|
||||
switch v := expected.(type) {
|
||||
case string:
|
||||
if actual != v {
|
||||
return false
|
||||
}
|
||||
case []interface{}:
|
||||
found := false
|
||||
for _, item := range v {
|
||||
if s, ok := item.(string); ok && actual == s {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
Reference in New Issue
Block a user