Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff765b2d71bf4e6d60a3a3936bc8b8de48fd4cb0
breakpilot-compliance/ai-compliance-sdk/internal/ucca/models.go
Benjamin Admin a228b3b528
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 34s
Details
CI / test-python-backend-compliance (push) Successful in 32s
Details
CI / test-python-document-crawler (push) Successful in 23s
Details
CI / test-python-dsms-gateway (push) Successful in 18s
Details
feat: add RAG corpus versioning and source policy backend 
Part 1 — RAG Corpus Versioning:
- New DB table compliance_corpus_versions (migration 017)
- Go CorpusVersionStore with CRUD operations
- Assessment struct extended with corpus_version_id
- API endpoints: GET /rag/corpus-status, /rag/corpus-versions/:collection
- RAG routes (search, regulations) now registered in main.go
- Ingestion script registers corpus versions after each run
- Frontend staleness badge in SDK sidebar

Part 3 — Source Policy Backend:
- New FastAPI router with CRUD for allowed sources, PII rules,
  operations matrix, audit trail, stats, and compliance report
- SQLAlchemy models for all source policy tables (migration 001)
- Frontend API base corrected from edu-search:8088/8089 to
  backend-compliance:8002/api

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 07:58:08 +01:00

528 lines
20 KiB
Go
Raw Blame History

package ucca
import (
"time"
"github.com/google/uuid"
)
// ============================================================================
// Constants / Enums
// ============================================================================
// Feasibility represents the overall assessment result
type Feasibility string
const (
FeasibilityYES Feasibility = "YES"
FeasibilityCONDITIONAL Feasibility = "CONDITIONAL"
FeasibilityNO Feasibility = "NO"
)
// RiskLevel represents the overall risk classification
type RiskLevel string
const (
RiskLevelMINIMAL RiskLevel = "MINIMAL"
RiskLevelLOW RiskLevel = "LOW"
RiskLevelMEDIUM RiskLevel = "MEDIUM"
RiskLevelHIGH RiskLevel = "HIGH"
RiskLevelUNACCEPTABLE RiskLevel = "UNACCEPTABLE"
)
// Complexity represents implementation complexity
type Complexity string
const (
ComplexityLOW Complexity = "LOW"
ComplexityMEDIUM Complexity = "MEDIUM"
ComplexityHIGH Complexity = "HIGH"
)
// Severity represents rule severity
type Severity string
const (
SeverityINFO Severity = "INFO"
SeverityWARN Severity = "WARN"
SeverityBLOCK Severity = "BLOCK"
)
// Domain represents the business domain
type Domain string
const (
// Industrie & Produktion
DomainAutomotive Domain = "automotive"
DomainMechanicalEngineering Domain = "mechanical_engineering"
DomainPlantEngineering Domain = "plant_engineering"
DomainElectricalEngineering Domain = "electrical_engineering"
DomainAerospace Domain = "aerospace"
DomainChemicals Domain = "chemicals"
DomainFoodBeverage Domain = "food_beverage"
DomainTextiles Domain = "textiles"
DomainPackaging Domain = "packaging"
// Energie & Versorgung
DomainUtilities Domain = "utilities"
DomainEnergy Domain = "energy"
DomainOilGas Domain = "oil_gas"
// Land- & Forstwirtschaft
DomainAgriculture Domain = "agriculture"
DomainForestry Domain = "forestry"
DomainFishing Domain = "fishing"
// Bau & Immobilien
DomainConstruction Domain = "construction"
DomainRealEstate Domain = "real_estate"
DomainFacilityManagement Domain = "facility_management"
// Gesundheit & Soziales
DomainHealthcare Domain = "healthcare"
DomainMedicalDevices Domain = "medical_devices"
DomainPharma Domain = "pharma"
DomainElderlyCare Domain = "elderly_care"
DomainSocialServices Domain = "social_services"
// Bildung & Forschung
DomainEducation Domain = "education"
DomainHigherEducation Domain = "higher_education"
DomainVocationalTraining Domain = "vocational_training"
DomainResearch Domain = "research"
// Finanzen & Versicherung
DomainFinance Domain = "finance"
DomainBanking Domain = "banking"
DomainInsurance Domain = "insurance"
DomainInvestment Domain = "investment"
// Handel & Logistik
DomainRetail Domain = "retail"
DomainEcommerce Domain = "ecommerce"
DomainWholesale Domain = "wholesale"
DomainLogistics Domain = "logistics"
// IT & Telekommunikation
DomainITServices Domain = "it_services"
DomainTelecom Domain = "telecom"
DomainCybersecurity Domain = "cybersecurity"
// Recht & Beratung
DomainLegal Domain = "legal"
DomainConsulting Domain = "consulting"
DomainTaxAdvisory Domain = "tax_advisory"
// Oeffentlicher Sektor
DomainPublic Domain = "public_sector"
DomainDefense Domain = "defense"
DomainJustice Domain = "justice"
// Marketing & Medien
DomainMarketing Domain = "marketing"
DomainMedia Domain = "media"
DomainEntertainment Domain = "entertainment"
// HR & Personal
DomainHR Domain = "hr"
DomainRecruiting Domain = "recruiting"
// Tourismus & Gastronomie
DomainHospitality Domain = "hospitality"
DomainTourism Domain = "tourism"
// Sonstige
DomainNonprofit Domain = "nonprofit"
DomainSports Domain = "sports"
DomainGeneral Domain = "general"
)
// ValidDomains contains all valid domain values
var ValidDomains = map[Domain]bool{
DomainAutomotive: true, DomainMechanicalEngineering: true, DomainPlantEngineering: true,
DomainElectricalEngineering: true, DomainAerospace: true, DomainChemicals: true,
DomainFoodBeverage: true, DomainTextiles: true, DomainPackaging: true,
DomainUtilities: true, DomainEnergy: true, DomainOilGas: true,
DomainAgriculture: true, DomainForestry: true, DomainFishing: true,
DomainConstruction: true, DomainRealEstate: true, DomainFacilityManagement: true,
DomainHealthcare: true, DomainMedicalDevices: true, DomainPharma: true,
DomainElderlyCare: true, DomainSocialServices: true,
DomainEducation: true, DomainHigherEducation: true, DomainVocationalTraining: true, DomainResearch: true,
DomainFinance: true, DomainBanking: true, DomainInsurance: true, DomainInvestment: true,
DomainRetail: true, DomainEcommerce: true, DomainWholesale: true, DomainLogistics: true,
DomainITServices: true, DomainTelecom: true, DomainCybersecurity: true,
DomainLegal: true, DomainConsulting: true, DomainTaxAdvisory: true,
DomainPublic: true, DomainDefense: true, DomainJustice: true,
DomainMarketing: true, DomainMedia: true, DomainEntertainment: true,
DomainHR: true, DomainRecruiting: true,
DomainHospitality: true, DomainTourism: true,
DomainNonprofit: true, DomainSports: true, DomainGeneral: true,
}
// AutomationLevel represents the degree of automation
type AutomationLevel string
const (
AutomationAssistive AutomationLevel = "assistive"
AutomationSemiAutomated AutomationLevel = "semi_automated"
AutomationFullyAutomated AutomationLevel = "fully_automated"
)
// TrainingAllowed represents if training with data is permitted
type TrainingAllowed string
const (
TrainingYES TrainingAllowed = "YES"
TrainingCONDITIONAL TrainingAllowed = "CONDITIONAL"
TrainingNO TrainingAllowed = "NO"
)
// ============================================================================
// Input Structs
// ============================================================================
// UseCaseIntake represents the user's input describing their planned AI use case
type UseCaseIntake struct {
// Free-text description of the use case
UseCaseText string `json:"use_case_text"`
// Business domain
Domain Domain `json:"domain"`
// Title for the assessment (optional)
Title string `json:"title,omitempty"`
// Data types involved
DataTypes DataTypes `json:"data_types"`
// Purpose of the processing
Purpose Purpose `json:"purpose"`
// Level of automation
Automation AutomationLevel `json:"automation"`
// Output characteristics
Outputs Outputs `json:"outputs"`
// Hosting configuration
Hosting Hosting `json:"hosting"`
// Model usage configuration
ModelUsage ModelUsage `json:"model_usage"`
// Retention configuration
Retention Retention `json:"retention"`
// Financial regulations context (DORA, MaRisk, BAIT)
// Only applicable for financial domains (banking, finance, insurance, investment)
FinancialContext *FinancialContext `json:"financial_context,omitempty"`
// Opt-in to store raw text (otherwise only hash)
StoreRawText bool `json:"store_raw_text,omitempty"`
}
// DataTypes specifies what kinds of data are processed
type DataTypes struct {
PersonalData bool `json:"personal_data"`
Article9Data bool `json:"article_9_data"` // Special categories (health, religion, etc.)
MinorData bool `json:"minor_data"` // Data of children
LicensePlates bool `json:"license_plates"` // KFZ-Kennzeichen
Images bool `json:"images"` // Photos/images of persons
Audio bool `json:"audio"` // Voice recordings
LocationData bool `json:"location_data"` // GPS/location tracking
BiometricData bool `json:"biometric_data"` // Fingerprints, face recognition
FinancialData bool `json:"financial_data"` // Bank accounts, salaries
EmployeeData bool `json:"employee_data"` // HR/employment data
CustomerData bool `json:"customer_data"` // Customer information
PublicData bool `json:"public_data"` // Publicly available data only
}
// Purpose specifies the processing purpose
type Purpose struct {
CustomerSupport bool `json:"customer_support"`
Marketing bool `json:"marketing"`
Analytics bool `json:"analytics"`
Automation bool `json:"automation"`
EvaluationScoring bool `json:"evaluation_scoring"` // Scoring/ranking of persons
DecisionMaking bool `json:"decision_making"` // Automated decisions
Profiling bool `json:"profiling"`
Research bool `json:"research"`
InternalTools bool `json:"internal_tools"`
PublicService bool `json:"public_service"`
}
// Outputs specifies output characteristics
type Outputs struct {
RecommendationsToUsers bool `json:"recommendations_to_users"`
RankingsOrScores bool `json:"rankings_or_scores"` // Outputs rankings/scores
LegalEffects bool `json:"legal_effects"` // Has legal consequences
AccessDecisions bool `json:"access_decisions"` // Grants/denies access
ContentGeneration bool `json:"content_generation"` // Generates text/media
DataExport bool `json:"data_export"` // Exports data externally
}
// Hosting specifies where the AI runs
type Hosting struct {
Provider string `json:"provider,omitempty"` // e.g., "Azure", "AWS", "Hetzner", "On-Prem"
Region string `json:"region"` // "eu", "third_country", "on_prem"
DataResidency string `json:"data_residency,omitempty"` // Where data is stored
}
// ModelUsage specifies how the model is used
type ModelUsage struct {
RAG bool `json:"rag"` // Retrieval-Augmented Generation only
Finetune bool `json:"finetune"` // Fine-tuning with data
Training bool `json:"training"` // Full training with data
Inference bool `json:"inference"` // Inference only
}
// Retention specifies data retention
type Retention struct {
StorePrompts bool `json:"store_prompts"`
StoreResponses bool `json:"store_responses"`
RetentionDays int `json:"retention_days,omitempty"`
AnonymizeAfterUse bool `json:"anonymize_after_use"`
}
// ============================================================================
// Financial Regulations Structs (DORA, MaRisk, BAIT)
// ============================================================================
// FinancialEntityType represents the type of financial institution
type FinancialEntityType string
const (
FinancialEntityCreditInstitution FinancialEntityType = "CREDIT_INSTITUTION"
FinancialEntityPaymentServiceProvider FinancialEntityType = "PAYMENT_SERVICE_PROVIDER"
FinancialEntityEMoneyInstitution FinancialEntityType = "E_MONEY_INSTITUTION"
FinancialEntityInvestmentFirm FinancialEntityType = "INVESTMENT_FIRM"
FinancialEntityInsuranceCompany FinancialEntityType = "INSURANCE_COMPANY"
FinancialEntityCryptoAssetProvider FinancialEntityType = "CRYPTO_ASSET_PROVIDER"
FinancialEntityOther FinancialEntityType = "OTHER_FINANCIAL"
)
// SizeCategory represents the significance category of a financial institution
type SizeCategory string
const (
SizeCategorySignificant SizeCategory = "SIGNIFICANT"
SizeCategoryLessSignificant SizeCategory = "LESS_SIGNIFICANT"
SizeCategorySmall SizeCategory = "SMALL"
)
// ProviderLocation represents the location of an ICT service provider
type ProviderLocation string
const (
ProviderLocationEU ProviderLocation = "EU"
ProviderLocationEEA ProviderLocation = "EEA"
ProviderLocationAdequacyDecision ProviderLocation = "ADEQUACY_DECISION"
ProviderLocationThirdCountry ProviderLocation = "THIRD_COUNTRY"
)
// FinancialEntity describes the financial institution context
type FinancialEntity struct {
Type FinancialEntityType `json:"type"`
Regulated bool `json:"regulated"`
SizeCategory SizeCategory `json:"size_category"`
}
// ICTService describes ICT service characteristics for DORA compliance
type ICTService struct {
IsCritical bool `json:"is_critical"`
IsOutsourced bool `json:"is_outsourced"`
ProviderLocation ProviderLocation `json:"provider_location"`
ConcentrationRisk bool `json:"concentration_risk"`
}
// FinancialAIApplication describes financial-specific AI application characteristics
type FinancialAIApplication struct {
AffectsCustomerDecisions bool `json:"affects_customer_decisions"`
AlgorithmicTrading bool `json:"algorithmic_trading"`
RiskAssessment bool `json:"risk_assessment"`
AMLKYC bool `json:"aml_kyc"`
ModelValidationDone bool `json:"model_validation_done"`
}
// FinancialContext aggregates all financial regulation-specific information
type FinancialContext struct {
FinancialEntity FinancialEntity `json:"financial_entity"`
ICTService ICTService `json:"ict_service"`
AIApplication FinancialAIApplication `json:"ai_application"`
}
// ============================================================================
// Output Structs
// ============================================================================
// AssessmentResult represents the complete evaluation result
type AssessmentResult struct {
// Overall verdict
Feasibility Feasibility `json:"feasibility"`
RiskLevel RiskLevel `json:"risk_level"`
Complexity Complexity `json:"complexity"`
RiskScore int `json:"risk_score"` // 0-100
// Triggered rules
TriggeredRules []TriggeredRule `json:"triggered_rules"`
// Required controls/mitigations
RequiredControls []RequiredControl `json:"required_controls"`
// Recommended architecture patterns
RecommendedArchitecture []PatternRecommendation `json:"recommended_architecture"`
// Patterns that must NOT be used
ForbiddenPatterns []ForbiddenPattern `json:"forbidden_patterns"`
// Matching didactic examples
ExampleMatches []ExampleMatch `json:"example_matches"`
// Special flags
DSFARecommended bool `json:"dsfa_recommended"`
Art22Risk bool `json:"art22_risk"` // Art. 22 GDPR automated decision risk
TrainingAllowed TrainingAllowed `json:"training_allowed"`
// Summary for humans
Summary string `json:"summary"`
Recommendation string `json:"recommendation"`
AlternativeApproach string `json:"alternative_approach,omitempty"`
}
// TriggeredRule represents a rule that was triggered during evaluation
type TriggeredRule struct {
Code string `json:"code"` // e.g., "R-001"
Category string `json:"category"` // e.g., "A. Datenklassifikation"
Title string `json:"title"`
Description string `json:"description"`
Severity Severity `json:"severity"`
ScoreDelta int `json:"score_delta"`
GDPRRef string `json:"gdpr_ref,omitempty"` // e.g., "Art. 9 DSGVO"
Rationale string `json:"rationale"` // Why this rule triggered
}
// RequiredControl represents a control that must be implemented
type RequiredControl struct {
ID string `json:"id"`
Title string `json:"title"`
Description string `json:"description"`
Severity Severity `json:"severity"`
Category string `json:"category"` // "technical" or "organizational"
GDPRRef string `json:"gdpr_ref,omitempty"`
}
// PatternRecommendation represents a recommended architecture pattern
type PatternRecommendation struct {
PatternID string `json:"pattern_id"` // e.g., "P-RAG-ONLY"
Title string `json:"title"`
Description string `json:"description"`
Rationale string `json:"rationale"`
Priority int `json:"priority"` // 1=highest
}
// ForbiddenPattern represents a pattern that must NOT be used
type ForbiddenPattern struct {
PatternID string `json:"pattern_id"`
Title string `json:"title"`
Description string `json:"description"`
Reason string `json:"reason"`
GDPRRef string `json:"gdpr_ref,omitempty"`
}
// ExampleMatch represents a matching didactic example
type ExampleMatch struct {
ExampleID string `json:"example_id"`
Title string `json:"title"`
Description string `json:"description"`
Similarity float64 `json:"similarity"` // 0.0 - 1.0
Outcome string `json:"outcome"` // What happened / recommendation
Lessons string `json:"lessons"` // Key takeaways
}
// ============================================================================
// Database Entity
// ============================================================================
// Assessment represents a stored assessment in the database
type Assessment struct {
ID uuid.UUID `json:"id"`
TenantID uuid.UUID `json:"tenant_id"`
NamespaceID *uuid.UUID `json:"namespace_id,omitempty"`
Title string `json:"title"`
PolicyVersion string `json:"policy_version"`
Status string `json:"status"` // "completed", "draft"
// Input
Intake UseCaseIntake `json:"intake"`
UseCaseTextStored bool `json:"use_case_text_stored"`
UseCaseTextHash string `json:"use_case_text_hash"`
// Results
Feasibility Feasibility `json:"feasibility"`
RiskLevel RiskLevel `json:"risk_level"`
Complexity Complexity `json:"complexity"`
RiskScore int `json:"risk_score"`
TriggeredRules []TriggeredRule `json:"triggered_rules"`
RequiredControls []RequiredControl `json:"required_controls"`
RecommendedArchitecture []PatternRecommendation `json:"recommended_architecture"`
ForbiddenPatterns []ForbiddenPattern `json:"forbidden_patterns"`
ExampleMatches []ExampleMatch `json:"example_matches"`
DSFARecommended bool `json:"dsfa_recommended"`
Art22Risk bool `json:"art22_risk"`
TrainingAllowed TrainingAllowed `json:"training_allowed"`
// Corpus Versioning (RAG)
CorpusVersionID *uuid.UUID `json:"corpus_version_id,omitempty"`
CorpusVersion string `json:"corpus_version,omitempty"`
// LLM Explanation (optional)
ExplanationText *string `json:"explanation_text,omitempty"`
ExplanationGeneratedAt *time.Time `json:"explanation_generated_at,omitempty"`
ExplanationModel *string `json:"explanation_model,omitempty"`
// Domain
Domain Domain `json:"domain"`
// Audit
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
CreatedBy uuid.UUID `json:"created_by"`
}
// ============================================================================
// API Request/Response Types
// ============================================================================
// AssessRequest is the API request for creating an assessment
type AssessRequest struct {
Intake UseCaseIntake `json:"intake"`
}
// AssessResponse is the API response for an assessment
type AssessResponse struct {
Assessment Assessment `json:"assessment"`
Result AssessmentResult `json:"result"`
Escalation *Escalation `json:"escalation,omitempty"`
}
// ExplainRequest is the API request for generating an explanation
type ExplainRequest struct {
Language string `json:"language,omitempty"` // "de" or "en", default "de"
}
// ExplainResponse is the API response for an explanation
type ExplainResponse struct {
ExplanationText string `json:"explanation_text"`
GeneratedAt time.Time `json:"generated_at"`
Model string `json:"model"`
LegalContext *LegalContext `json:"legal_context,omitempty"`
}
// ExportFormat specifies the export format
type ExportFormat string
const (
ExportFormatJSON ExportFormat = "json"
ExportFormatMarkdown ExportFormat = "md"
)
Reference in New Issue View Git Blame Copy Permalink