Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(iace): cite ESAW source + license on risk-frequency anchors

Browse Source 
Surfaces the public-statistics provenance for the contact-mode probability
tiers so generated risk numbers are auditable and attributed (not RAG —
~a dozen stable aggregate facts are better as a license-tagged code table).

- risk_data_sources.go: RiskEvidence register (Eurostat ESAW figures + CC BY
  4.0 attribution) for the documented contact modes; RiskDataSourcesNote.
- risk_suggestion.go: the W justification now cites the actual ESAW share +
  license where documented; RiskSuggestion gains a data_source field.
- GET /iace/risk-data-sources returns the evidence register + attribution.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-11 09:14:36 +02:00
parent 289988d23e
commit ee64b7e95c
4 changed files with 93 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ai-compliance-sdk/internal/api/handlers/iace_handler_risk.go
+11
View File
@@ -47,3 +47,14 @@ func (h *IACEHandler) GetRiskMatrix(c *gin.Context) {
}
c.JSON(http.StatusOK, iace.BuildRiskMatrix(hazards))
}
// GetRiskDataSources handles GET /risk-data-sources.
// Returns the license-tagged public-statistics evidence register (Eurostat ESAW,
// CC BY 4.0) that anchors the risk-frequency tiers, plus the overall attribution
// note — so an auditor can see WHERE the risk numbers come from.
func (h *IACEHandler) GetRiskDataSources(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
"note": iace.RiskDataSourcesNote,
"evidence": iace.AllRiskEvidence(),
})
}