Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ac716261cb6d62576688200eeeb2ccd7fa45428
breakpilot-compliance/ai-compliance-sdk/internal/maximizer/optimizer.go
Benjamin Admin 1ac716261c
Some checks failed
Build + Deploy / build-admin-compliance (push) Successful in 1m45s
Details
Build + Deploy / build-backend-compliance (push) Successful in 4m42s
Details
Build + Deploy / build-ai-sdk (push) Successful in 46s
Details
Build + Deploy / build-developer-portal (push) Successful in 1m6s
Details
Build + Deploy / build-tts (push) Successful in 1m14s
Details
Build + Deploy / build-document-crawler (push) Successful in 31s
Details
Build + Deploy / build-dsms-gateway (push) Successful in 24s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / loc-budget (push) Failing after 15s
Details
CI / secret-scan (push) Has been skipped
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m27s
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / test-go (push) Failing after 37s
Details
CI / test-python-backend (push) Successful in 42s
Details
CI / test-python-document-crawler (push) Successful in 25s
Details
CI / test-python-dsms-gateway (push) Successful in 23s
Details
CI / validate-canonical-controls (push) Successful in 18s
Details
Build + Deploy / trigger-orca (push) Successful in 4m35s
Details
feat: Compliance Maximizer — Regulatory Optimization Engine 
Neues Modul das den regulatorischen Spielraum fuer KI-Use-Cases
deterministisch berechnet und optimale Konfigurationen vorschlaegt.

Kernfeatures:
- 13-Dimensionen Constraint-Space (DSGVO + AI Act)
- 3-Zonen-Analyse: Verboten / Eingeschraenkt / Erlaubt
- Deterministische Optimizer-Engine (kein LLM im Kern)
- 28 Constraint-Regeln aus DSGVO, AI Act, EDPB Guidelines
- 28 Tests (Golden Suite + Meta-Tests)
- REST API: /sdk/v1/maximizer/* (9 Endpoints)
- Frontend: 3-Zonen-Visualisierung, Dimension-Form, Score-Gauges

[migration-approved]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-23 09:10:20 +02:00

292 lines
8.2 KiB
Go
Raw Blame History

package maximizer
import "sort"
const maxVariants = 5
// OptimizedVariant is a single compliant configuration with scoring.
type OptimizedVariant struct {
Config DimensionConfig `json:"config"`
Evaluation *EvaluationResult `json:"evaluation"`
Deltas []DimensionDelta `json:"deltas"`
DeltaCount int `json:"delta_count"`
SafetyScore int `json:"safety_score"`
UtilityScore int `json:"utility_score"`
CompositeScore float64 `json:"composite_score"`
Rationale string `json:"rationale"`
}
// OptimizationResult contains the original evaluation and ranked compliant variants.
type OptimizationResult struct {
OriginalConfig DimensionConfig `json:"original_config"`
OriginalCompliant bool `json:"original_compliant"`
OriginalEval *EvaluationResult `json:"original_evaluation"`
Variants []OptimizedVariant `json:"variants"`
MaxSafeConfig *OptimizedVariant `json:"max_safe_config"`
}
// Optimizer finds the maximum compliant configuration variant.
type Optimizer struct {
evaluator *Evaluator
weights ScoreWeights
}
// NewOptimizer creates an optimizer backed by the given evaluator.
func NewOptimizer(evaluator *Evaluator) *Optimizer {
return &Optimizer{evaluator: evaluator, weights: DefaultWeights}
}
// Optimize takes a desired (possibly non-compliant) config and returns
// ranked compliant alternatives.
func (o *Optimizer) Optimize(desired *DimensionConfig) *OptimizationResult {
eval := o.evaluator.Evaluate(desired)
result := &OptimizationResult{
OriginalConfig: *desired,
OriginalCompliant: eval.IsCompliant,
OriginalEval: eval,
}
if eval.IsCompliant {
variant := o.scoreVariant(desired, desired, eval)
variant.Rationale = "Konfiguration ist bereits konform"
result.Variants = []OptimizedVariant{variant}
result.MaxSafeConfig = &result.Variants[0]
return result
}
// Check for hard prohibitions that cannot be optimized
if o.hasProhibitedClassification(desired) {
result.Variants = []OptimizedVariant{}
return result
}
candidates := o.generateCandidates(desired, eval)
result.Variants = candidates
if len(candidates) > 0 {
result.MaxSafeConfig = &result.Variants[0]
}
return result
}
func (o *Optimizer) hasProhibitedClassification(config *DimensionConfig) bool {
return config.RiskClassification == RiskProhibited
}
// generateCandidates builds compliant variants by fixing violations.
func (o *Optimizer) generateCandidates(desired *DimensionConfig, eval *EvaluationResult) []OptimizedVariant {
// Strategy 1: Fix all violations in one pass (greedy nearest fix)
greedy := o.greedyFix(desired, eval)
var candidates []OptimizedVariant
if greedy != nil {
greedyEval := o.evaluator.Evaluate(&greedy.Config)
if greedyEval.IsCompliant {
v := o.scoreVariant(desired, &greedy.Config, greedyEval)
v.Rationale = "Minimale Anpassung — naechster konformer Zustand"
candidates = append(candidates, v)
}
}
// Strategy 2: Conservative variant (maximum safety)
conservative := o.conservativeFix(desired, eval)
if conservative != nil {
consEval := o.evaluator.Evaluate(&conservative.Config)
if consEval.IsCompliant {
v := o.scoreVariant(desired, &conservative.Config, consEval)
v.Rationale = "Konservative Variante — maximale regulatorische Sicherheit"
candidates = append(candidates, v)
}
}
// Strategy 3: Fix restricted dimensions too (belt-and-suspenders)
enhanced := o.enhancedFix(desired, eval)
if enhanced != nil {
enhEval := o.evaluator.Evaluate(&enhanced.Config)
if enhEval.IsCompliant {
v := o.scoreVariant(desired, &enhanced.Config, enhEval)
v.Rationale = "Erweiterte Variante — alle Einschraenkungen vorab behoben"
candidates = append(candidates, v)
}
}
// Deduplicate and sort by composite score
candidates = deduplicateVariants(candidates)
sort.Slice(candidates, func(i, j int) bool {
return candidates[i].CompositeScore > candidates[j].CompositeScore
})
if len(candidates) > maxVariants {
candidates = candidates[:maxVariants]
}
return candidates
}
// greedyFix applies the minimum change per violated dimension.
func (o *Optimizer) greedyFix(desired *DimensionConfig, eval *EvaluationResult) *OptimizedVariant {
fixed := desired.Clone()
// Fix FORBIDDEN zones
for dim, zi := range eval.ZoneMap {
if zi.Zone != ZoneForbidden {
continue
}
o.fixDimension(&fixed, dim, eval)
}
// Fix RESTRICTED zones (required values not met)
for _, restriction := range eval.Restrictions {
for dim, requiredVal := range restriction.Required {
fixed.SetValue(dim, requiredVal)
}
}
// Re-evaluate and iterate (max 3 passes to converge)
for i := 0; i < 3; i++ {
reEval := o.evaluator.Evaluate(&fixed)
if reEval.IsCompliant {
break
}
for dim, zi := range reEval.ZoneMap {
if zi.Zone == ZoneForbidden {
o.fixDimension(&fixed, dim, reEval)
}
}
for _, restriction := range reEval.Restrictions {
for dim, requiredVal := range restriction.Required {
fixed.SetValue(dim, requiredVal)
}
}
}
return &OptimizedVariant{Config: fixed}
}
// conservativeFix chooses the safest allowed value for each violated dimension.
func (o *Optimizer) conservativeFix(desired *DimensionConfig, eval *EvaluationResult) *OptimizedVariant {
fixed := desired.Clone()
for dim, zi := range eval.ZoneMap {
if zi.Zone == ZoneSafe {
continue
}
// Use the safest (lowest ordinal risk) value
vals := AllValues[dim]
if len(vals) > 0 {
fixed.SetValue(dim, vals[0]) // index 0 = safest
}
}
// Apply all required values
for _, restriction := range eval.Restrictions {
for dim, val := range restriction.Required {
fixed.SetValue(dim, val)
}
}
return &OptimizedVariant{Config: fixed}
}
// enhancedFix fixes violations AND proactively resolves restrictions.
func (o *Optimizer) enhancedFix(desired *DimensionConfig, eval *EvaluationResult) *OptimizedVariant {
fixed := desired.Clone()
// Fix all non-SAFE dimensions
for dim, zi := range eval.ZoneMap {
if zi.Zone == ZoneSafe {
continue
}
if len(zi.AllowedValues) > 0 {
fixed.SetValue(dim, zi.AllowedValues[0])
} else {
o.fixDimension(&fixed, dim, eval)
}
}
// Apply required values
for _, restriction := range eval.Restrictions {
for dim, val := range restriction.Required {
fixed.SetValue(dim, val)
}
}
// Re-evaluate to converge
for i := 0; i < 3; i++ {
reEval := o.evaluator.Evaluate(&fixed)
if reEval.IsCompliant {
break
}
for _, restriction := range reEval.Restrictions {
for dim, val := range restriction.Required {
fixed.SetValue(dim, val)
}
}
}
return &OptimizedVariant{Config: fixed}
}
// fixDimension steps the dimension to the nearest safer value.
func (o *Optimizer) fixDimension(config *DimensionConfig, dim string, eval *EvaluationResult) {
vals := AllValues[dim]
if len(vals) == 0 {
return
}
current := config.GetValue(dim)
currentIdx := indexOf(vals, current)
if currentIdx < 0 {
config.SetValue(dim, vals[0])
return
}
// For risk-ordered dimensions, step toward the safer end (lower index).
// For inverse dimensions (human_in_loop, explainability), lower index = more safe.
if currentIdx > 0 {
config.SetValue(dim, vals[currentIdx-1])
}
}
func (o *Optimizer) scoreVariant(original, variant *DimensionConfig, eval *EvaluationResult) OptimizedVariant {
deltas := original.Diff(variant)
safety := ComputeSafetyScore(eval)
utility := ComputeUtilityScore(original, variant)
composite := ComputeCompositeScore(safety, utility, o.weights)
return OptimizedVariant{
Config: *variant,
Evaluation: eval,
Deltas: deltas,
DeltaCount: len(deltas),
SafetyScore: safety,
UtilityScore: utility,
CompositeScore: composite,
}
}
func indexOf(slice []string, val string) int {
for i, v := range slice {
if v == val {
return i
}
}
return -1
}
func deduplicateVariants(variants []OptimizedVariant) []OptimizedVariant {
seen := make(map[string]bool)
var unique []OptimizedVariant
for _, v := range variants {
key := configKey(&v.Config)
if !seen[key] {
seen[key] = true
unique = append(unique, v)
}
}
return unique
}
func configKey(c *DimensionConfig) string {
var key string
for _, dim := range allDimensions {
key += dim + "=" + c.GetValue(dim) + ";"
}
return key
}
Reference in New Issue View Git Blame Copy Permalink