Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17153ccbe80580843d10c4a379f591caf366b18b
breakpilot-compliance/ai-compliance-sdk/internal/ucca/models.go
Benjamin Admin 17153ccbe8 feat: Domain-Fragen fuer 10 weitere Domains (14 total) 
10 neue Context-Structs + Field-Resolver + ~30 YAML-Regeln + Frontend:
- Legal/Justice: Rechtsberatung, Urteilsprognose, Mandantengeheimnis
- Public Sector: Verwaltungsentscheidungen, Leistungsverteilung, FRIA
- Critical Infra: Netzsteuerung, Sicherheitskritisch, Redundanz
- Automotive: Autonomes Fahren, ADAS, ISO 26262
- Retail/E-Commerce: Preise, Scoring, Dark Patterns
- IT/Cybersecurity: Surveillance, Threat Detection, Log-Retention
- Logistics: Fahrer-Tracking, Workload-Scoring
- Construction: Mieterauswahl, Arbeitsschutz
- Marketing/Media: Deepfakes=BLOCK, Minderjaehrige, Targeting
- Manufacturing: Maschinensicherheit=BLOCK, CE-Kennzeichnung

Domains mit Fragen: 14 von 39 (36%)
YAML-Regeln total: ~44 (14 vorher + 30 neu)
BLOCK-Regeln: Deepfakes ungekennzeichnet, Maschinensicherheit unvalidiert,
              Kritische Infra ohne Redundanz

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 22:50:26 +02:00

747 lines
32 KiB
Go
Raw Blame History

package ucca
import (
"time"
"github.com/google/uuid"
)
// ============================================================================
// Constants / Enums
// ============================================================================
// Feasibility represents the overall assessment result
type Feasibility string
const (
FeasibilityYES Feasibility = "YES"
FeasibilityCONDITIONAL Feasibility = "CONDITIONAL"
FeasibilityNO Feasibility = "NO"
)
// RiskLevel represents the overall risk classification
type RiskLevel string
const (
RiskLevelMINIMAL RiskLevel = "MINIMAL"
RiskLevelLOW RiskLevel = "LOW"
RiskLevelMEDIUM RiskLevel = "MEDIUM"
RiskLevelHIGH RiskLevel = "HIGH"
RiskLevelUNACCEPTABLE RiskLevel = "UNACCEPTABLE"
)
// Complexity represents implementation complexity
type Complexity string
const (
ComplexityLOW Complexity = "LOW"
ComplexityMEDIUM Complexity = "MEDIUM"
ComplexityHIGH Complexity = "HIGH"
)
// Severity represents rule severity
type Severity string
const (
SeverityINFO Severity = "INFO"
SeverityWARN Severity = "WARN"
SeverityBLOCK Severity = "BLOCK"
)
// Domain represents the business domain
type Domain string
const (
// Industrie & Produktion
DomainAutomotive Domain = "automotive"
DomainMechanicalEngineering Domain = "mechanical_engineering"
DomainPlantEngineering Domain = "plant_engineering"
DomainElectricalEngineering Domain = "electrical_engineering"
DomainAerospace Domain = "aerospace"
DomainChemicals Domain = "chemicals"
DomainFoodBeverage Domain = "food_beverage"
DomainTextiles Domain = "textiles"
DomainPackaging Domain = "packaging"
// Energie & Versorgung
DomainUtilities Domain = "utilities"
DomainEnergy Domain = "energy"
DomainOilGas Domain = "oil_gas"
// Land- & Forstwirtschaft
DomainAgriculture Domain = "agriculture"
DomainForestry Domain = "forestry"
DomainFishing Domain = "fishing"
// Bau & Immobilien
DomainConstruction Domain = "construction"
DomainRealEstate Domain = "real_estate"
DomainFacilityManagement Domain = "facility_management"
// Gesundheit & Soziales
DomainHealthcare Domain = "healthcare"
DomainMedicalDevices Domain = "medical_devices"
DomainPharma Domain = "pharma"
DomainElderlyCare Domain = "elderly_care"
DomainSocialServices Domain = "social_services"
// Bildung & Forschung
DomainEducation Domain = "education"
DomainHigherEducation Domain = "higher_education"
DomainVocationalTraining Domain = "vocational_training"
DomainResearch Domain = "research"
// Finanzen & Versicherung
DomainFinance Domain = "finance"
DomainBanking Domain = "banking"
DomainInsurance Domain = "insurance"
DomainInvestment Domain = "investment"
// Handel & Logistik
DomainRetail Domain = "retail"
DomainEcommerce Domain = "ecommerce"
DomainWholesale Domain = "wholesale"
DomainLogistics Domain = "logistics"
// IT & Telekommunikation
DomainITServices Domain = "it_services"
DomainTelecom Domain = "telecom"
DomainCybersecurity Domain = "cybersecurity"
// Recht & Beratung
DomainLegal Domain = "legal"
DomainConsulting Domain = "consulting"
DomainTaxAdvisory Domain = "tax_advisory"
// Oeffentlicher Sektor
DomainPublic Domain = "public_sector"
DomainDefense Domain = "defense"
DomainJustice Domain = "justice"
// Marketing & Medien
DomainMarketing Domain = "marketing"
DomainMedia Domain = "media"
DomainEntertainment Domain = "entertainment"
// HR & Personal
DomainHR Domain = "hr"
DomainRecruiting Domain = "recruiting"
// Tourismus & Gastronomie
DomainHospitality Domain = "hospitality"
DomainTourism Domain = "tourism"
// Sonstige
DomainNonprofit Domain = "nonprofit"
DomainSports Domain = "sports"
DomainGeneral Domain = "general"
)
// ValidDomains contains all valid domain values
var ValidDomains = map[Domain]bool{
DomainAutomotive: true, DomainMechanicalEngineering: true, DomainPlantEngineering: true,
DomainElectricalEngineering: true, DomainAerospace: true, DomainChemicals: true,
DomainFoodBeverage: true, DomainTextiles: true, DomainPackaging: true,
DomainUtilities: true, DomainEnergy: true, DomainOilGas: true,
DomainAgriculture: true, DomainForestry: true, DomainFishing: true,
DomainConstruction: true, DomainRealEstate: true, DomainFacilityManagement: true,
DomainHealthcare: true, DomainMedicalDevices: true, DomainPharma: true,
DomainElderlyCare: true, DomainSocialServices: true,
DomainEducation: true, DomainHigherEducation: true, DomainVocationalTraining: true, DomainResearch: true,
DomainFinance: true, DomainBanking: true, DomainInsurance: true, DomainInvestment: true,
DomainRetail: true, DomainEcommerce: true, DomainWholesale: true, DomainLogistics: true,
DomainITServices: true, DomainTelecom: true, DomainCybersecurity: true,
DomainLegal: true, DomainConsulting: true, DomainTaxAdvisory: true,
DomainPublic: true, DomainDefense: true, DomainJustice: true,
DomainMarketing: true, DomainMedia: true, DomainEntertainment: true,
DomainHR: true, DomainRecruiting: true,
DomainHospitality: true, DomainTourism: true,
DomainNonprofit: true, DomainSports: true, DomainGeneral: true,
}
// AutomationLevel represents the degree of automation
type AutomationLevel string
const (
AutomationAssistive AutomationLevel = "assistive"
AutomationSemiAutomated AutomationLevel = "semi_automated"
AutomationFullyAutomated AutomationLevel = "fully_automated"
)
// TrainingAllowed represents if training with data is permitted
type TrainingAllowed string
const (
TrainingYES TrainingAllowed = "YES"
TrainingCONDITIONAL TrainingAllowed = "CONDITIONAL"
TrainingNO TrainingAllowed = "NO"
)
// ============================================================================
// Input Structs
// ============================================================================
// UseCaseIntake represents the user's input describing their planned AI use case
type UseCaseIntake struct {
// Free-text description of the use case
UseCaseText string `json:"use_case_text"`
// Business domain
Domain Domain `json:"domain"`
// Title for the assessment (optional)
Title string `json:"title,omitempty"`
// Data types involved
DataTypes DataTypes `json:"data_types"`
// Purpose of the processing
Purpose Purpose `json:"purpose"`
// Level of automation
Automation AutomationLevel `json:"automation"`
// Output characteristics
Outputs Outputs `json:"outputs"`
// Hosting configuration
Hosting Hosting `json:"hosting"`
// Model usage configuration
ModelUsage ModelUsage `json:"model_usage"`
// Retention configuration
Retention Retention `json:"retention"`
// Financial regulations context (DORA, MaRisk, BAIT)
// Only applicable for financial domains (banking, finance, insurance, investment)
FinancialContext *FinancialContext `json:"financial_context,omitempty"`
// BetrVG / works council context (Germany)
EmployeeMonitoring bool `json:"employee_monitoring,omitempty"` // System can monitor employee behavior/performance
HRDecisionSupport bool `json:"hr_decision_support,omitempty"` // System supports HR decisions (hiring, evaluation, termination)
WorksCouncilConsulted bool `json:"works_council_consulted,omitempty"` // Works council has been consulted
// Domain-specific contexts (AI Act Annex III high-risk domains)
HRContext *HRContext `json:"hr_context,omitempty"`
EducationContext *EducationContext `json:"education_context,omitempty"`
HealthcareContext *HealthcareContext `json:"healthcare_context,omitempty"`
LegalContext *LegalContext `json:"legal_context,omitempty"`
PublicSectorContext *PublicSectorContext `json:"public_sector_context,omitempty"`
CriticalInfraContext *CriticalInfraContext `json:"critical_infra_context,omitempty"`
AutomotiveContext *AutomotiveContext `json:"automotive_context,omitempty"`
RetailContext *RetailContext `json:"retail_context,omitempty"`
ITSecurityContext *ITSecurityContext `json:"it_security_context,omitempty"`
LogisticsContext *LogisticsContext `json:"logistics_context,omitempty"`
ConstructionContext *ConstructionContext `json:"construction_context,omitempty"`
MarketingContext *MarketingContext `json:"marketing_context,omitempty"`
ManufacturingContext *ManufacturingContext `json:"manufacturing_context,omitempty"`
// Opt-in to store raw text (otherwise only hash)
StoreRawText bool `json:"store_raw_text,omitempty"`
}
// HRContext captures HR/recruiting-specific compliance data (AI Act Annex III Nr. 4 + AGG)
type HRContext struct {
AutomatedScreening bool `json:"automated_screening"` // KI sortiert Bewerber vor
AutomatedRejection bool `json:"automated_rejection"` // KI generiert Absagen
CandidateRanking bool `json:"candidate_ranking"` // KI erstellt Bewerber-Rankings
BiasAuditsDone bool `json:"bias_audits_done"` // Regelmaessige Bias-Audits
AGGCategoriesVisible bool `json:"agg_categories_visible"` // System kann Name/Foto/Alter erkennen
HumanReviewEnforced bool `json:"human_review_enforced"` // Mensch prueft jede KI-Empfehlung
PerformanceEvaluation bool `json:"performance_evaluation"` // KI bewertet Mitarbeiterleistung
}
// EducationContext captures education-specific compliance data (AI Act Annex III Nr. 3)
type EducationContext struct {
GradeInfluence bool `json:"grade_influence"` // KI beeinflusst Noten
ExamEvaluation bool `json:"exam_evaluation"` // KI bewertet Pruefungen
StudentSelection bool `json:"student_selection"` // KI beeinflusst Zugang/Auswahl
MinorsInvolved bool `json:"minors_involved"` // Minderjaehrige betroffen
TeacherReviewRequired bool `json:"teacher_review_required"` // Lehrkraft prueft KI-Ergebnis
LearningAdaptation bool `json:"learning_adaptation"` // KI passt Lernpfade an
}
// HealthcareContext captures healthcare-specific compliance data (AI Act Annex III Nr. 5 + MDR)
type HealthcareContext struct {
DiagnosisSupport bool `json:"diagnosis_support"` // KI unterstuetzt Diagnosen
TreatmentRecommend bool `json:"treatment_recommendation"` // KI empfiehlt Behandlungen
TriageDecision bool `json:"triage_decision"` // KI priorisiert Patienten
PatientDataProcessed bool `json:"patient_data_processed"` // Gesundheitsdaten verarbeitet
MedicalDevice bool `json:"medical_device"` // System ist Medizinprodukt
ClinicalValidation bool `json:"clinical_validation"` // Klinisch validiert
}
// LegalContext captures legal/justice-specific compliance data (AI Act Annex III Nr. 8)
type LegalContext struct {
LegalAdvice bool `json:"legal_advice"` // KI gibt Rechtsberatung
ContractAnalysis bool `json:"contract_analysis"` // KI analysiert Vertraege
CourtPrediction bool `json:"court_prediction"` // KI prognostiziert Urteile
AccessToJustice bool `json:"access_to_justice"` // KI beeinflusst Zugang zu Recht
ClientConfidential bool `json:"client_confidential"` // Mandantengeheimnis betroffen
}
// PublicSectorContext captures public sector compliance data (Art. 27 FRIA)
type PublicSectorContext struct {
AdminDecision bool `json:"admin_decision"` // KI beeinflusst Verwaltungsentscheidungen
CitizenService bool `json:"citizen_service"` // KI in Buergerservices
BenefitAllocation bool `json:"benefit_allocation"` // KI verteilt Leistungen/Mittel
PublicSafety bool `json:"public_safety"` // KI in oeffentlicher Sicherheit
TransparencyEnsured bool `json:"transparency_ensured"` // Transparenz gegenueber Buergern
}
// CriticalInfraContext captures critical infrastructure data (NIS2 + Annex III Nr. 2)
type CriticalInfraContext struct {
GridControl bool `json:"grid_control"` // KI steuert Netz/Infrastruktur
SafetyCritical bool `json:"safety_critical"` // Sicherheitskritische Steuerung
AnomalyDetection bool `json:"anomaly_detection"` // KI erkennt Anomalien
RedundancyExists bool `json:"redundancy_exists"` // Redundante Systeme vorhanden
IncidentResponse bool `json:"incident_response"` // Incident Response Plan vorhanden
}
// AutomotiveContext captures automotive/aerospace safety data
type AutomotiveContext struct {
AutonomousDriving bool `json:"autonomous_driving"` // Autonomes Fahren / ADAS
SafetyRelevant bool `json:"safety_relevant"` // Sicherheitsrelevante Funktion
TypeApprovalNeeded bool `json:"type_approval_needed"` // Typgenehmigung erforderlich
FunctionalSafety bool `json:"functional_safety"` // ISO 26262 relevant
}
// RetailContext captures retail/e-commerce compliance data
type RetailContext struct {
PricingPersonalized bool `json:"pricing_personalized"` // Personalisierte Preise
CustomerProfiling bool `json:"customer_profiling"` // Kundenprofilbildung
RecommendationEngine bool `json:"recommendation_engine"` // Empfehlungssystem
CreditScoring bool `json:"credit_scoring"` // Bonitaetspruefung bei Kauf
DarkPatterns bool `json:"dark_patterns"` // Manipulative UI-Muster moeglich
}
// ITSecurityContext captures IT/cybersecurity/telecom data
type ITSecurityContext struct {
EmployeeSurveillance bool `json:"employee_surveillance"` // Mitarbeiterueberwachung
NetworkMonitoring bool `json:"network_monitoring"` // Netzwerkueberwachung
ThreatDetection bool `json:"threat_detection"` // Bedrohungserkennung
AccessControl bool `json:"access_control_ai"` // KI-gestuetzte Zugriffskontrolle
DataRetention bool `json:"data_retention_logs"` // Umfangreiche Log-Speicherung
}
// LogisticsContext captures logistics/transport compliance data
type LogisticsContext struct {
DriverTracking bool `json:"driver_tracking"` // Fahrer-/Kurier-Tracking
RouteOptimization bool `json:"route_optimization"` // Routenoptimierung mit Personenbezug
WorkloadScoring bool `json:"workload_scoring"` // Leistungsbewertung Lagerarbeiter
PredictiveMaint bool `json:"predictive_maintenance"` // Vorausschauende Wartung
}
// ConstructionContext captures construction/real estate data
type ConstructionContext struct {
SafetyMonitoring bool `json:"safety_monitoring"` // Baustellensicherheit per KI
TenantScreening bool `json:"tenant_screening"` // KI-gestuetzte Mieterauswahl
BuildingAutomation bool `json:"building_automation"` // Gebaeudesteuerung
WorkerSafety bool `json:"worker_safety"` // Arbeitsschutzueberwachung
}
// MarketingContext captures marketing/media compliance data
type MarketingContext struct {
DeepfakeContent bool `json:"deepfake_content"` // Synthetische Inhalte (Deepfakes)
ContentModeration bool `json:"content_moderation"` // Automatische Inhaltsmoderation
BehavioralTargeting bool `json:"behavioral_targeting"` // Verhaltensbasiertes Targeting
MinorsTargeted bool `json:"minors_targeted"` // Minderjaehrige als Zielgruppe
AIContentLabeled bool `json:"ai_content_labeled"` // KI-Inhalte als solche gekennzeichnet
}
// ManufacturingContext captures manufacturing/CE safety data
type ManufacturingContext struct {
MachineSafety bool `json:"machine_safety"` // Maschinensicherheit
QualityControl bool `json:"quality_control"` // KI in Qualitaetskontrolle
ProcessControl bool `json:"process_control"` // KI steuert Fertigungsprozess
CEMarkingRequired bool `json:"ce_marking_required"` // CE-Kennzeichnung erforderlich
SafetyValidated bool `json:"safety_validated"` // Sicherheitsvalidierung durchgefuehrt
}
// DataTypes specifies what kinds of data are processed
type DataTypes struct {
PersonalData bool `json:"personal_data"`
Article9Data bool `json:"article_9_data"` // Special categories (health, religion, etc.)
MinorData bool `json:"minor_data"` // Data of children
LicensePlates bool `json:"license_plates"` // KFZ-Kennzeichen
Images bool `json:"images"` // Photos/images of persons
Audio bool `json:"audio"` // Voice recordings
LocationData bool `json:"location_data"` // GPS/location tracking
BiometricData bool `json:"biometric_data"` // Fingerprints, face recognition
FinancialData bool `json:"financial_data"` // Bank accounts, salaries
EmployeeData bool `json:"employee_data"` // HR/employment data
CustomerData bool `json:"customer_data"` // Customer information
PublicData bool `json:"public_data"` // Publicly available data only
}
// Purpose specifies the processing purpose
type Purpose struct {
CustomerSupport bool `json:"customer_support"`
Marketing bool `json:"marketing"`
Analytics bool `json:"analytics"`
Automation bool `json:"automation"`
EvaluationScoring bool `json:"evaluation_scoring"` // Scoring/ranking of persons
DecisionMaking bool `json:"decision_making"` // Automated decisions
Profiling bool `json:"profiling"`
Research bool `json:"research"`
InternalTools bool `json:"internal_tools"`
PublicService bool `json:"public_service"`
}
// Outputs specifies output characteristics
type Outputs struct {
RecommendationsToUsers bool `json:"recommendations_to_users"`
RankingsOrScores bool `json:"rankings_or_scores"` // Outputs rankings/scores
LegalEffects bool `json:"legal_effects"` // Has legal consequences
AccessDecisions bool `json:"access_decisions"` // Grants/denies access
ContentGeneration bool `json:"content_generation"` // Generates text/media
DataExport bool `json:"data_export"` // Exports data externally
}
// Hosting specifies where the AI runs
type Hosting struct {
Provider string `json:"provider,omitempty"` // e.g., "Azure", "AWS", "Hetzner", "On-Prem"
Region string `json:"region"` // "eu", "third_country", "on_prem"
DataResidency string `json:"data_residency,omitempty"` // Where data is stored
}
// ModelUsage specifies how the model is used
type ModelUsage struct {
RAG bool `json:"rag"` // Retrieval-Augmented Generation only
Finetune bool `json:"finetune"` // Fine-tuning with data
Training bool `json:"training"` // Full training with data
Inference bool `json:"inference"` // Inference only
}
// Retention specifies data retention
type Retention struct {
StorePrompts bool `json:"store_prompts"`
StoreResponses bool `json:"store_responses"`
RetentionDays int `json:"retention_days,omitempty"`
AnonymizeAfterUse bool `json:"anonymize_after_use"`
}
// ============================================================================
// Financial Regulations Structs (DORA, MaRisk, BAIT)
// ============================================================================
// FinancialEntityType represents the type of financial institution
type FinancialEntityType string
const (
FinancialEntityCreditInstitution FinancialEntityType = "CREDIT_INSTITUTION"
FinancialEntityPaymentServiceProvider FinancialEntityType = "PAYMENT_SERVICE_PROVIDER"
FinancialEntityEMoneyInstitution FinancialEntityType = "E_MONEY_INSTITUTION"
FinancialEntityInvestmentFirm FinancialEntityType = "INVESTMENT_FIRM"
FinancialEntityInsuranceCompany FinancialEntityType = "INSURANCE_COMPANY"
FinancialEntityCryptoAssetProvider FinancialEntityType = "CRYPTO_ASSET_PROVIDER"
FinancialEntityOther FinancialEntityType = "OTHER_FINANCIAL"
)
// SizeCategory represents the significance category of a financial institution
type SizeCategory string
const (
SizeCategorySignificant SizeCategory = "SIGNIFICANT"
SizeCategoryLessSignificant SizeCategory = "LESS_SIGNIFICANT"
SizeCategorySmall SizeCategory = "SMALL"
)
// ProviderLocation represents the location of an ICT service provider
type ProviderLocation string
const (
ProviderLocationEU ProviderLocation = "EU"
ProviderLocationEEA ProviderLocation = "EEA"
ProviderLocationAdequacyDecision ProviderLocation = "ADEQUACY_DECISION"
ProviderLocationThirdCountry ProviderLocation = "THIRD_COUNTRY"
)
// FinancialEntity describes the financial institution context
type FinancialEntity struct {
Type FinancialEntityType `json:"type"`
Regulated bool `json:"regulated"`
SizeCategory SizeCategory `json:"size_category"`
}
// ICTService describes ICT service characteristics for DORA compliance
type ICTService struct {
IsCritical bool `json:"is_critical"`
IsOutsourced bool `json:"is_outsourced"`
ProviderLocation ProviderLocation `json:"provider_location"`
ConcentrationRisk bool `json:"concentration_risk"`
}
// FinancialAIApplication describes financial-specific AI application characteristics
type FinancialAIApplication struct {
AffectsCustomerDecisions bool `json:"affects_customer_decisions"`
AlgorithmicTrading bool `json:"algorithmic_trading"`
RiskAssessment bool `json:"risk_assessment"`
AMLKYC bool `json:"aml_kyc"`
ModelValidationDone bool `json:"model_validation_done"`
}
// FinancialContext aggregates all financial regulation-specific information
type FinancialContext struct {
FinancialEntity FinancialEntity `json:"financial_entity"`
ICTService ICTService `json:"ict_service"`
AIApplication FinancialAIApplication `json:"ai_application"`
}
// ============================================================================
// Output Structs
// ============================================================================
// AssessmentResult represents the complete evaluation result
type AssessmentResult struct {
// Overall verdict
Feasibility Feasibility `json:"feasibility"`
RiskLevel RiskLevel `json:"risk_level"`
Complexity Complexity `json:"complexity"`
RiskScore int `json:"risk_score"` // 0-100
// Triggered rules
TriggeredRules []TriggeredRule `json:"triggered_rules"`
// Required controls/mitigations
RequiredControls []RequiredControl `json:"required_controls"`
// Recommended architecture patterns
RecommendedArchitecture []PatternRecommendation `json:"recommended_architecture"`
// Patterns that must NOT be used
ForbiddenPatterns []ForbiddenPattern `json:"forbidden_patterns"`
// Matching didactic examples
ExampleMatches []ExampleMatch `json:"example_matches"`
// Special flags
DSFARecommended bool `json:"dsfa_recommended"`
Art22Risk bool `json:"art22_risk"` // Art. 22 GDPR automated decision risk
TrainingAllowed TrainingAllowed `json:"training_allowed"`
// BetrVG Conflict Score (0-100) — works council escalation risk
BetrvgConflictScore int `json:"betrvg_conflict_score"`
BetrvgConsultationRequired bool `json:"betrvg_consultation_required"`
// Input (needed for escalation logic)
Intake UseCaseIntake `json:"-"` // not serialized, internal use only
// Summary for humans
Summary string `json:"summary"`
Recommendation string `json:"recommendation"`
AlternativeApproach string `json:"alternative_approach,omitempty"`
}
// TriggeredRule represents a rule that was triggered during evaluation
type TriggeredRule struct {
Code string `json:"code"` // e.g., "R-001"
Category string `json:"category"` // e.g., "A. Datenklassifikation"
Title string `json:"title"`
Description string `json:"description"`
Severity Severity `json:"severity"`
ScoreDelta int `json:"score_delta"`
GDPRRef string `json:"gdpr_ref,omitempty"` // e.g., "Art. 9 DSGVO"
Rationale string `json:"rationale"` // Why this rule triggered
}
// RequiredControl represents a control that must be implemented
type RequiredControl struct {
ID string `json:"id"`
Title string `json:"title"`
Description string `json:"description"`
Severity Severity `json:"severity"`
Category string `json:"category"` // "technical" or "organizational"
GDPRRef string `json:"gdpr_ref,omitempty"`
}
// PatternRecommendation represents a recommended architecture pattern
type PatternRecommendation struct {
PatternID string `json:"pattern_id"` // e.g., "P-RAG-ONLY"
Title string `json:"title"`
Description string `json:"description"`
Rationale string `json:"rationale"`
Priority int `json:"priority"` // 1=highest
}
// ForbiddenPattern represents a pattern that must NOT be used
type ForbiddenPattern struct {
PatternID string `json:"pattern_id"`
Title string `json:"title"`
Description string `json:"description"`
Reason string `json:"reason"`
GDPRRef string `json:"gdpr_ref,omitempty"`
}
// ExampleMatch represents a matching didactic example
type ExampleMatch struct {
ExampleID string `json:"example_id"`
Title string `json:"title"`
Description string `json:"description"`
Similarity float64 `json:"similarity"` // 0.0 - 1.0
Outcome string `json:"outcome"` // What happened / recommendation
Lessons string `json:"lessons"` // Key takeaways
}
// ============================================================================
// Database Entity
// ============================================================================
// Assessment represents a stored assessment in the database
type Assessment struct {
ID uuid.UUID `json:"id"`
TenantID uuid.UUID `json:"tenant_id"`
NamespaceID *uuid.UUID `json:"namespace_id,omitempty"`
Title string `json:"title"`
PolicyVersion string `json:"policy_version"`
Status string `json:"status"` // "completed", "draft"
// Input
Intake UseCaseIntake `json:"intake"`
UseCaseTextStored bool `json:"use_case_text_stored"`
UseCaseTextHash string `json:"use_case_text_hash"`
// Results
Feasibility Feasibility `json:"feasibility"`
RiskLevel RiskLevel `json:"risk_level"`
Complexity Complexity `json:"complexity"`
RiskScore int `json:"risk_score"`
TriggeredRules []TriggeredRule `json:"triggered_rules"`
RequiredControls []RequiredControl `json:"required_controls"`
RecommendedArchitecture []PatternRecommendation `json:"recommended_architecture"`
ForbiddenPatterns []ForbiddenPattern `json:"forbidden_patterns"`
ExampleMatches []ExampleMatch `json:"example_matches"`
DSFARecommended bool `json:"dsfa_recommended"`
Art22Risk bool `json:"art22_risk"`
TrainingAllowed TrainingAllowed `json:"training_allowed"`
// BetrVG Conflict Score (0-100) — works council escalation risk
BetrvgConflictScore int `json:"betrvg_conflict_score"`
BetrvgConsultationRequired bool `json:"betrvg_consultation_required"`
// Corpus Versioning (RAG)
CorpusVersionID *uuid.UUID `json:"corpus_version_id,omitempty"`
CorpusVersion string `json:"corpus_version,omitempty"`
// LLM Explanation (optional)
ExplanationText *string `json:"explanation_text,omitempty"`
ExplanationGeneratedAt *time.Time `json:"explanation_generated_at,omitempty"`
ExplanationModel *string `json:"explanation_model,omitempty"`
// Domain
Domain Domain `json:"domain"`
// Audit
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
CreatedBy uuid.UUID `json:"created_by"`
}
// ============================================================================
// API Request/Response Types
// ============================================================================
// AssessRequest is the API request for creating an assessment
type AssessRequest struct {
Intake UseCaseIntake `json:"intake"`
}
// AssessResponse is the API response for an assessment
type AssessResponse struct {
Assessment Assessment `json:"assessment"`
Result AssessmentResult `json:"result"`
Escalation *Escalation `json:"escalation,omitempty"`
}
// ExplainRequest is the API request for generating an explanation
type ExplainRequest struct {
Language string `json:"language,omitempty"` // "de" or "en", default "de"
}
// ExplainResponse is the API response for an explanation
type ExplainResponse struct {
ExplanationText string `json:"explanation_text"`
GeneratedAt time.Time `json:"generated_at"`
Model string `json:"model"`
LegalContext *LegalContext `json:"legal_context,omitempty"`
}
// ExportFormat specifies the export format
type ExportFormat string
const (
ExportFormatJSON ExportFormat = "json"
ExportFormatMarkdown ExportFormat = "md"
)
// ============================================================================
// AI Act Decision Tree Types
// ============================================================================
// GPAICategory represents the GPAI classification result
type GPAICategory string
const (
GPAICategoryNone GPAICategory = "none"
GPAICategoryStandard GPAICategory = "standard"
GPAICategorySystemic GPAICategory = "systemic"
)
// GPAIClassification represents the result of the GPAI axis evaluation
type GPAIClassification struct {
IsGPAI bool `json:"is_gpai"`
IsSystemicRisk bool `json:"is_systemic_risk"`
Category GPAICategory `json:"gpai_category"`
ApplicableArticles []string `json:"applicable_articles"`
Obligations []string `json:"obligations"`
}
// DecisionTreeAnswer represents a user's answer to a decision tree question
type DecisionTreeAnswer struct {
QuestionID string `json:"question_id"`
Value bool `json:"value"`
Note string `json:"note,omitempty"`
}
// DecisionTreeQuestion represents a single question in the decision tree
type DecisionTreeQuestion struct {
ID string `json:"id"`
Axis string `json:"axis"` // "high_risk" or "gpai"
Question string `json:"question"`
Description string `json:"description"` // Additional context
ArticleRef string `json:"article_ref"` // e.g., "Art. 5", "Anhang III"
SkipIf string `json:"skip_if,omitempty"` // Question ID — skip if that was answered "no"
}
// DecisionTreeDefinition represents the full decision tree structure for the frontend
type DecisionTreeDefinition struct {
ID string `json:"id"`
Name string `json:"name"`
Version string `json:"version"`
Questions []DecisionTreeQuestion `json:"questions"`
}
// DecisionTreeEvalRequest is the API request for evaluating the decision tree
type DecisionTreeEvalRequest struct {
SystemName string `json:"system_name"`
SystemDescription string `json:"system_description,omitempty"`
Answers map[string]DecisionTreeAnswer `json:"answers"`
}
// DecisionTreeResult represents the combined evaluation result
type DecisionTreeResult struct {
ID uuid.UUID `json:"id"`
TenantID uuid.UUID `json:"tenant_id"`
ProjectID *uuid.UUID `json:"project_id,omitempty"`
SystemName string `json:"system_name"`
SystemDescription string `json:"system_description,omitempty"`
Answers map[string]DecisionTreeAnswer `json:"answers"`
HighRiskResult AIActRiskLevel `json:"high_risk_result"`
GPAIResult GPAIClassification `json:"gpai_result"`
CombinedObligations []string `json:"combined_obligations"`
ApplicableArticles []string `json:"applicable_articles"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Reference in New Issue View Git Blame Copy Permalink