package ucca import ( "time" "github.com/google/uuid" ) // ============================================================================ // Constants / Enums // ============================================================================ // Feasibility represents the overall assessment result type Feasibility string const ( FeasibilityYES Feasibility = "YES" FeasibilityCONDITIONAL Feasibility = "CONDITIONAL" FeasibilityNO Feasibility = "NO" ) // RiskLevel represents the overall risk classification type RiskLevel string const ( RiskLevelMINIMAL RiskLevel = "MINIMAL" RiskLevelLOW RiskLevel = "LOW" RiskLevelMEDIUM RiskLevel = "MEDIUM" RiskLevelHIGH RiskLevel = "HIGH" RiskLevelUNACCEPTABLE RiskLevel = "UNACCEPTABLE" ) // Complexity represents implementation complexity type Complexity string const ( ComplexityLOW Complexity = "LOW" ComplexityMEDIUM Complexity = "MEDIUM" ComplexityHIGH Complexity = "HIGH" ) // Severity represents rule severity type Severity string const ( SeverityINFO Severity = "INFO" SeverityWARN Severity = "WARN" SeverityBLOCK Severity = "BLOCK" ) // Domain represents the business domain type Domain string const ( // Industrie & Produktion DomainAutomotive Domain = "automotive" DomainMechanicalEngineering Domain = "mechanical_engineering" DomainPlantEngineering Domain = "plant_engineering" DomainElectricalEngineering Domain = "electrical_engineering" DomainAerospace Domain = "aerospace" DomainChemicals Domain = "chemicals" DomainFoodBeverage Domain = "food_beverage" DomainTextiles Domain = "textiles" DomainPackaging Domain = "packaging" // Energie & Versorgung DomainUtilities Domain = "utilities" DomainEnergy Domain = "energy" DomainOilGas Domain = "oil_gas" // Land- & Forstwirtschaft DomainAgriculture Domain = "agriculture" DomainForestry Domain = "forestry" DomainFishing Domain = "fishing" // Bau & Immobilien DomainConstruction Domain = "construction" DomainRealEstate Domain = "real_estate" DomainFacilityManagement Domain = "facility_management" // Gesundheit & Soziales DomainHealthcare Domain = "healthcare" DomainMedicalDevices Domain = "medical_devices" DomainPharma Domain = "pharma" DomainElderlyCare Domain = "elderly_care" DomainSocialServices Domain = "social_services" // Bildung & Forschung DomainEducation Domain = "education" DomainHigherEducation Domain = "higher_education" DomainVocationalTraining Domain = "vocational_training" DomainResearch Domain = "research" // Finanzen & Versicherung DomainFinance Domain = "finance" DomainBanking Domain = "banking" DomainInsurance Domain = "insurance" DomainInvestment Domain = "investment" // Handel & Logistik DomainRetail Domain = "retail" DomainEcommerce Domain = "ecommerce" DomainWholesale Domain = "wholesale" DomainLogistics Domain = "logistics" // IT & Telekommunikation DomainITServices Domain = "it_services" DomainTelecom Domain = "telecom" DomainCybersecurity Domain = "cybersecurity" // Recht & Beratung DomainLegal Domain = "legal" DomainConsulting Domain = "consulting" DomainTaxAdvisory Domain = "tax_advisory" // Oeffentlicher Sektor DomainPublic Domain = "public_sector" DomainDefense Domain = "defense" DomainJustice Domain = "justice" // Marketing & Medien DomainMarketing Domain = "marketing" DomainMedia Domain = "media" DomainEntertainment Domain = "entertainment" // HR & Personal DomainHR Domain = "hr" DomainRecruiting Domain = "recruiting" // Tourismus & Gastronomie DomainHospitality Domain = "hospitality" DomainTourism Domain = "tourism" // Sonstige DomainNonprofit Domain = "nonprofit" DomainSports Domain = "sports" DomainGeneral Domain = "general" ) // ValidDomains contains all valid domain values var ValidDomains = map[Domain]bool{ DomainAutomotive: true, DomainMechanicalEngineering: true, DomainPlantEngineering: true, DomainElectricalEngineering: true, DomainAerospace: true, DomainChemicals: true, DomainFoodBeverage: true, DomainTextiles: true, DomainPackaging: true, DomainUtilities: true, DomainEnergy: true, DomainOilGas: true, DomainAgriculture: true, DomainForestry: true, DomainFishing: true, DomainConstruction: true, DomainRealEstate: true, DomainFacilityManagement: true, DomainHealthcare: true, DomainMedicalDevices: true, DomainPharma: true, DomainElderlyCare: true, DomainSocialServices: true, DomainEducation: true, DomainHigherEducation: true, DomainVocationalTraining: true, DomainResearch: true, DomainFinance: true, DomainBanking: true, DomainInsurance: true, DomainInvestment: true, DomainRetail: true, DomainEcommerce: true, DomainWholesale: true, DomainLogistics: true, DomainITServices: true, DomainTelecom: true, DomainCybersecurity: true, DomainLegal: true, DomainConsulting: true, DomainTaxAdvisory: true, DomainPublic: true, DomainDefense: true, DomainJustice: true, DomainMarketing: true, DomainMedia: true, DomainEntertainment: true, DomainHR: true, DomainRecruiting: true, DomainHospitality: true, DomainTourism: true, DomainNonprofit: true, DomainSports: true, DomainGeneral: true, } // AutomationLevel represents the degree of automation type AutomationLevel string const ( AutomationAssistive AutomationLevel = "assistive" AutomationSemiAutomated AutomationLevel = "semi_automated" AutomationFullyAutomated AutomationLevel = "fully_automated" ) // TrainingAllowed represents if training with data is permitted type TrainingAllowed string const ( TrainingYES TrainingAllowed = "YES" TrainingCONDITIONAL TrainingAllowed = "CONDITIONAL" TrainingNO TrainingAllowed = "NO" ) // ============================================================================ // Input Structs // ============================================================================ // UseCaseIntake represents the user's input describing their planned AI use case type UseCaseIntake struct { // Free-text description of the use case UseCaseText string `json:"use_case_text"` // Business domain Domain Domain `json:"domain"` // Title for the assessment (optional) Title string `json:"title,omitempty"` // Data types involved DataTypes DataTypes `json:"data_types"` // Purpose of the processing Purpose Purpose `json:"purpose"` // Level of automation Automation AutomationLevel `json:"automation"` // Output characteristics Outputs Outputs `json:"outputs"` // Hosting configuration Hosting Hosting `json:"hosting"` // Model usage configuration ModelUsage ModelUsage `json:"model_usage"` // Retention configuration Retention Retention `json:"retention"` // Financial regulations context (DORA, MaRisk, BAIT) // Only applicable for financial domains (banking, finance, insurance, investment) FinancialContext *FinancialContext `json:"financial_context,omitempty"` // Opt-in to store raw text (otherwise only hash) StoreRawText bool `json:"store_raw_text,omitempty"` } // DataTypes specifies what kinds of data are processed type DataTypes struct { PersonalData bool `json:"personal_data"` Article9Data bool `json:"article_9_data"` // Special categories (health, religion, etc.) MinorData bool `json:"minor_data"` // Data of children LicensePlates bool `json:"license_plates"` // KFZ-Kennzeichen Images bool `json:"images"` // Photos/images of persons Audio bool `json:"audio"` // Voice recordings LocationData bool `json:"location_data"` // GPS/location tracking BiometricData bool `json:"biometric_data"` // Fingerprints, face recognition FinancialData bool `json:"financial_data"` // Bank accounts, salaries EmployeeData bool `json:"employee_data"` // HR/employment data CustomerData bool `json:"customer_data"` // Customer information PublicData bool `json:"public_data"` // Publicly available data only } // Purpose specifies the processing purpose type Purpose struct { CustomerSupport bool `json:"customer_support"` Marketing bool `json:"marketing"` Analytics bool `json:"analytics"` Automation bool `json:"automation"` EvaluationScoring bool `json:"evaluation_scoring"` // Scoring/ranking of persons DecisionMaking bool `json:"decision_making"` // Automated decisions Profiling bool `json:"profiling"` Research bool `json:"research"` InternalTools bool `json:"internal_tools"` PublicService bool `json:"public_service"` } // Outputs specifies output characteristics type Outputs struct { RecommendationsToUsers bool `json:"recommendations_to_users"` RankingsOrScores bool `json:"rankings_or_scores"` // Outputs rankings/scores LegalEffects bool `json:"legal_effects"` // Has legal consequences AccessDecisions bool `json:"access_decisions"` // Grants/denies access ContentGeneration bool `json:"content_generation"` // Generates text/media DataExport bool `json:"data_export"` // Exports data externally } // Hosting specifies where the AI runs type Hosting struct { Provider string `json:"provider,omitempty"` // e.g., "Azure", "AWS", "Hetzner", "On-Prem" Region string `json:"region"` // "eu", "third_country", "on_prem" DataResidency string `json:"data_residency,omitempty"` // Where data is stored } // ModelUsage specifies how the model is used type ModelUsage struct { RAG bool `json:"rag"` // Retrieval-Augmented Generation only Finetune bool `json:"finetune"` // Fine-tuning with data Training bool `json:"training"` // Full training with data Inference bool `json:"inference"` // Inference only } // Retention specifies data retention type Retention struct { StorePrompts bool `json:"store_prompts"` StoreResponses bool `json:"store_responses"` RetentionDays int `json:"retention_days,omitempty"` AnonymizeAfterUse bool `json:"anonymize_after_use"` } // ============================================================================ // Financial Regulations Structs (DORA, MaRisk, BAIT) // ============================================================================ // FinancialEntityType represents the type of financial institution type FinancialEntityType string const ( FinancialEntityCreditInstitution FinancialEntityType = "CREDIT_INSTITUTION" FinancialEntityPaymentServiceProvider FinancialEntityType = "PAYMENT_SERVICE_PROVIDER" FinancialEntityEMoneyInstitution FinancialEntityType = "E_MONEY_INSTITUTION" FinancialEntityInvestmentFirm FinancialEntityType = "INVESTMENT_FIRM" FinancialEntityInsuranceCompany FinancialEntityType = "INSURANCE_COMPANY" FinancialEntityCryptoAssetProvider FinancialEntityType = "CRYPTO_ASSET_PROVIDER" FinancialEntityOther FinancialEntityType = "OTHER_FINANCIAL" ) // SizeCategory represents the significance category of a financial institution type SizeCategory string const ( SizeCategorySignificant SizeCategory = "SIGNIFICANT" SizeCategoryLessSignificant SizeCategory = "LESS_SIGNIFICANT" SizeCategorySmall SizeCategory = "SMALL" ) // ProviderLocation represents the location of an ICT service provider type ProviderLocation string const ( ProviderLocationEU ProviderLocation = "EU" ProviderLocationEEA ProviderLocation = "EEA" ProviderLocationAdequacyDecision ProviderLocation = "ADEQUACY_DECISION" ProviderLocationThirdCountry ProviderLocation = "THIRD_COUNTRY" ) // FinancialEntity describes the financial institution context type FinancialEntity struct { Type FinancialEntityType `json:"type"` Regulated bool `json:"regulated"` SizeCategory SizeCategory `json:"size_category"` } // ICTService describes ICT service characteristics for DORA compliance type ICTService struct { IsCritical bool `json:"is_critical"` IsOutsourced bool `json:"is_outsourced"` ProviderLocation ProviderLocation `json:"provider_location"` ConcentrationRisk bool `json:"concentration_risk"` } // FinancialAIApplication describes financial-specific AI application characteristics type FinancialAIApplication struct { AffectsCustomerDecisions bool `json:"affects_customer_decisions"` AlgorithmicTrading bool `json:"algorithmic_trading"` RiskAssessment bool `json:"risk_assessment"` AMLKYC bool `json:"aml_kyc"` ModelValidationDone bool `json:"model_validation_done"` } // FinancialContext aggregates all financial regulation-specific information type FinancialContext struct { FinancialEntity FinancialEntity `json:"financial_entity"` ICTService ICTService `json:"ict_service"` AIApplication FinancialAIApplication `json:"ai_application"` } // ============================================================================ // Output Structs // ============================================================================ // AssessmentResult represents the complete evaluation result type AssessmentResult struct { // Overall verdict Feasibility Feasibility `json:"feasibility"` RiskLevel RiskLevel `json:"risk_level"` Complexity Complexity `json:"complexity"` RiskScore int `json:"risk_score"` // 0-100 // Triggered rules TriggeredRules []TriggeredRule `json:"triggered_rules"` // Required controls/mitigations RequiredControls []RequiredControl `json:"required_controls"` // Recommended architecture patterns RecommendedArchitecture []PatternRecommendation `json:"recommended_architecture"` // Patterns that must NOT be used ForbiddenPatterns []ForbiddenPattern `json:"forbidden_patterns"` // Matching didactic examples ExampleMatches []ExampleMatch `json:"example_matches"` // Special flags DSFARecommended bool `json:"dsfa_recommended"` Art22Risk bool `json:"art22_risk"` // Art. 22 GDPR automated decision risk TrainingAllowed TrainingAllowed `json:"training_allowed"` // Summary for humans Summary string `json:"summary"` Recommendation string `json:"recommendation"` AlternativeApproach string `json:"alternative_approach,omitempty"` } // TriggeredRule represents a rule that was triggered during evaluation type TriggeredRule struct { Code string `json:"code"` // e.g., "R-001" Category string `json:"category"` // e.g., "A. Datenklassifikation" Title string `json:"title"` Description string `json:"description"` Severity Severity `json:"severity"` ScoreDelta int `json:"score_delta"` GDPRRef string `json:"gdpr_ref,omitempty"` // e.g., "Art. 9 DSGVO" Rationale string `json:"rationale"` // Why this rule triggered } // RequiredControl represents a control that must be implemented type RequiredControl struct { ID string `json:"id"` Title string `json:"title"` Description string `json:"description"` Severity Severity `json:"severity"` Category string `json:"category"` // "technical" or "organizational" GDPRRef string `json:"gdpr_ref,omitempty"` } // PatternRecommendation represents a recommended architecture pattern type PatternRecommendation struct { PatternID string `json:"pattern_id"` // e.g., "P-RAG-ONLY" Title string `json:"title"` Description string `json:"description"` Rationale string `json:"rationale"` Priority int `json:"priority"` // 1=highest } // ForbiddenPattern represents a pattern that must NOT be used type ForbiddenPattern struct { PatternID string `json:"pattern_id"` Title string `json:"title"` Description string `json:"description"` Reason string `json:"reason"` GDPRRef string `json:"gdpr_ref,omitempty"` } // ExampleMatch represents a matching didactic example type ExampleMatch struct { ExampleID string `json:"example_id"` Title string `json:"title"` Description string `json:"description"` Similarity float64 `json:"similarity"` // 0.0 - 1.0 Outcome string `json:"outcome"` // What happened / recommendation Lessons string `json:"lessons"` // Key takeaways } // ============================================================================ // Database Entity // ============================================================================ // Assessment represents a stored assessment in the database type Assessment struct { ID uuid.UUID `json:"id"` TenantID uuid.UUID `json:"tenant_id"` NamespaceID *uuid.UUID `json:"namespace_id,omitempty"` Title string `json:"title"` PolicyVersion string `json:"policy_version"` Status string `json:"status"` // "completed", "draft" // Input Intake UseCaseIntake `json:"intake"` UseCaseTextStored bool `json:"use_case_text_stored"` UseCaseTextHash string `json:"use_case_text_hash"` // Results Feasibility Feasibility `json:"feasibility"` RiskLevel RiskLevel `json:"risk_level"` Complexity Complexity `json:"complexity"` RiskScore int `json:"risk_score"` TriggeredRules []TriggeredRule `json:"triggered_rules"` RequiredControls []RequiredControl `json:"required_controls"` RecommendedArchitecture []PatternRecommendation `json:"recommended_architecture"` ForbiddenPatterns []ForbiddenPattern `json:"forbidden_patterns"` ExampleMatches []ExampleMatch `json:"example_matches"` DSFARecommended bool `json:"dsfa_recommended"` Art22Risk bool `json:"art22_risk"` TrainingAllowed TrainingAllowed `json:"training_allowed"` // Corpus Versioning (RAG) CorpusVersionID *uuid.UUID `json:"corpus_version_id,omitempty"` CorpusVersion string `json:"corpus_version,omitempty"` // LLM Explanation (optional) ExplanationText *string `json:"explanation_text,omitempty"` ExplanationGeneratedAt *time.Time `json:"explanation_generated_at,omitempty"` ExplanationModel *string `json:"explanation_model,omitempty"` // Domain Domain Domain `json:"domain"` // Audit CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` CreatedBy uuid.UUID `json:"created_by"` } // ============================================================================ // API Request/Response Types // ============================================================================ // AssessRequest is the API request for creating an assessment type AssessRequest struct { Intake UseCaseIntake `json:"intake"` } // AssessResponse is the API response for an assessment type AssessResponse struct { Assessment Assessment `json:"assessment"` Result AssessmentResult `json:"result"` Escalation *Escalation `json:"escalation,omitempty"` } // ExplainRequest is the API request for generating an explanation type ExplainRequest struct { Language string `json:"language,omitempty"` // "de" or "en", default "de" } // ExplainResponse is the API response for an explanation type ExplainResponse struct { ExplanationText string `json:"explanation_text"` GeneratedAt time.Time `json:"generated_at"` Model string `json:"model"` LegalContext *LegalContext `json:"legal_context,omitempty"` } // ExportFormat specifies the export format type ExportFormat string const ( ExportFormatJSON ExportFormat = "json" ExportFormatMarkdown ExportFormat = "md" )