Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee64b7e95cee8d9b3727042ce0defcbb2d6d2fc4
breakpilot-compliance/ai-compliance-sdk/internal/api/handlers/iace_handler_risk.go
T
Benjamin Admin ee64b7e95c feat(iace): cite ESAW source + license on risk-frequency anchors 
Surfaces the public-statistics provenance for the contact-mode probability
tiers so generated risk numbers are auditable and attributed (not RAG —
~a dozen stable aggregate facts are better as a license-tagged code table).

- risk_data_sources.go: RiskEvidence register (Eurostat ESAW figures + CC BY
  4.0 attribution) for the documented contact modes; RiskDataSourcesNote.
- risk_suggestion.go: the W justification now cites the actual ESAW share +
  license where documented; RiskSuggestion gains a data_source field.
- GET /iace/risk-data-sources returns the evidence register + attribution.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 09:14:36 +02:00

61 lines
2.2 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package handlers
import (
"net/http"
"github.com/breakpilot/ai-compliance-sdk/internal/iace"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
)
// GetRiskSuggestion returns BreakPilot's justified dual-model risk suggestion
// for a hazard: the EN-62061-style F/W/P/S model and the Fine-Kinney P/E/C
// model, each with suggested values, justifications and the visible formula.
// Read-only and computed from public-data anchors — the professional adjusts
// the values; no norm table is stored or reproduced.
//
// GET /projects/:id/hazards/:hid/risk-suggestion
func (h *IACEHandler) GetRiskSuggestion(c *gin.Context) {
hid, err := uuid.Parse(c.Param("hid"))
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid hazard ID"})
return
}
hz, err := h.store.GetHazard(c.Request.Context(), hid)
if err != nil || hz == nil {
c.JSON(http.StatusNotFound, gin.H{"error": "hazard not found"})
return
}
c.JSON(http.StatusOK, iace.BuildRiskSuggestion(hz))
}
// GetRiskMatrix handles GET /projects/:id/risk-matrix.
// Project-wide confidence-aware risk view computed on read from each hazard (no
// persistence): per-hazard risk list + a Severity×Probability aggregation grid.
// Uses the same model as the GT benchmark, so matrix numbers match the
// comparison. Lets a customer see risk for EVERY project, not only GT ones.
func (h *IACEHandler) GetRiskMatrix(c *gin.Context) {
projectID, err := uuid.Parse(c.Param("id"))
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid project ID"})
return
}
hazards, err := h.store.ListHazards(c.Request.Context(), projectID)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, iace.BuildRiskMatrix(hazards))
}
// GetRiskDataSources handles GET /risk-data-sources.
// Returns the license-tagged public-statistics evidence register (Eurostat ESAW,
// CC BY 4.0) that anchors the risk-frequency tiers, plus the overall attribution
// note — so an auditor can see WHERE the risk numbers come from.
func (h *IACEHandler) GetRiskDataSources(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
"note": iace.RiskDataSourcesNote,
"evidence": iace.AllRiskEvidence(),
})
}
Reference in New Issue View Git Blame Copy Permalink