Skip to content

FEAT: add feature to suggest model risk from llm #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
philippestepniewski merged 1 commit into from
Mar 23, 2026
Merged

FEAT: add feature to suggest model risk from llm #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions backend/api/llm_routes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,44 @@ def act_review(
return JSONResponse(content={"review": review, "llm_compliance": llm_status})


@router.post("/{project_name}/{model_name}/{version}/suggest_risk_level")
def suggest_risk_level(
project_name: str,
model_name: str,
version: str,
request: Request,
current_user: dict = Depends(get_current_user),
user_adapter: UserHandler = Depends(get_user_adapter),
model_info_db_handler: ModelInfoDbHandler = Depends(get_model_info_db_handler),
registry_pool: RegistryHandler = Depends(get_registry_pool),
platform_config_handler: PlatformConfigHandler = Depends(get_platform_config_handler),
) -> JSONResponse:
"""Suggest an AI Act risk level for a model version using Claude."""
user_can_perform_action_for_project(
current_user,
project_name=project_name,
action_name=inspect.currentframe().f_code.co_name,
user_adapter=user_adapter,
)
if not llm_usecases.is_available(platform_config_handler):
raise HTTPException(status_code=503, detail="AI assist is not available: no LLM provider configured.")

registry: ModelRegistry = registry_pool.get_registry_adapter(
project_name, get_project_registry_tracking_uri(project_name, request)
)
try:
ai_act_markdown = generate_ai_act_card(registry, model_info_db_handler, project_name, model_name, version)
result = llm_usecases.suggest_risk_level(ai_act_markdown, platform_config_handler)
if result["suggested_risk_level"]:
model_info_db_handler.update_suggested_risk_level(
model_name, version, project_name, result["suggested_risk_level"]
)
except Exception as e:
raise HTTPException(status_code=500, detail=str(e))

return JSONResponse(content=result)


class GatePolicyRequest(BaseModel):
policy: str # "strict" | "permissive" | "disabled"

Expand Down
34 changes: 34 additions & 0 deletions backend/api/model_infos_routes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

from fastapi import APIRouter, Depends, HTTPException, Request
from fastapi.responses import JSONResponse
from pydantic import BaseModel

from backend.api.models_routes import get_project_registry_tracking_uri, get_registry_pool
from backend.domain.ports.model_info_db_handler import ModelInfoDbHandler
Expand Down Expand Up @@ -41,6 +42,8 @@ def list_for_project(
"model_name": i.model_name,
"model_version": i.model_version,
"model_card": i.model_card,
"risk_level": i.risk_level,
"suggested_risk_level": i.suggested_risk_level,
"act_review": i.act_review,
"deterministic_compliance": i.deterministic_compliance or "not_evaluated",
"llm_compliance": i.llm_compliance or "not_evaluated",
Expand Down Expand Up @@ -77,6 +80,37 @@ def get_ai_act_card(
return JSONResponse(content={"markdown": markdown})


class AcceptRiskLevelRequest(BaseModel):
risk_level: str


VALID_RISK_LEVELS = {"unacceptable", "high", "limited", "minimal"}


@router.post("/{project_name}/{model_name}/{version}/accept_risk_level")
def accept_risk_level(
project_name: str,
model_name: str,
version: str,
body: AcceptRiskLevelRequest,
model_info_db_handler: ModelInfoDbHandler = Depends(get_model_info_db_handler),
current_user: dict = Depends(get_current_user),
user_adapter: UserHandler = Depends(get_user_adapter),
) -> JSONResponse:
"""Accept a suggested risk level, setting it as the validated risk_level."""
user_can_perform_action_for_project(
current_user,
project_name=project_name,
action_name=inspect.currentframe().f_code.co_name,
user_adapter=user_adapter,
)
level = body.risk_level.strip().lower()
if level not in VALID_RISK_LEVELS:
raise HTTPException(status_code=400, detail=f"Invalid risk level: {body.risk_level}")
model_info_db_handler.update_risk_level(model_name, version, project_name, level)
return JSONResponse(content={"status": "ok", "risk_level": level})


@router.get("/search")
def search(
query: str,
Expand Down
2 changes: 2 additions & 0 deletions backend/domain/entities/model_info.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ class ModelInfo(BaseModel):
model_card: Optional[str] = None
risk_level: Optional[str] = None # e.g. "unacceptable" | "high" | "limited" | "minimal"
act_review: Optional[str] = None
suggested_risk_level: Optional[str] = None
deterministic_compliance: Optional[str] = "not_evaluated"
llm_compliance: Optional[str] = "not_evaluated"

Expand All @@ -21,6 +22,7 @@ def to_json(self) -> dict:
"project_name": self.project_name,
"model_card": self.model_card,
"risk_level": self.risk_level,
"suggested_risk_level": self.suggested_risk_level,
"act_review": self.act_review,
"deterministic_compliance": self.deterministic_compliance,
"llm_compliance": self.llm_compliance,
Expand Down
6 changes: 6 additions & 0 deletions backend/domain/ports/model_info_db_handler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ def update_act_review(self, model_name: str, model_version: str, project_name: s
def update_risk_level(self, model_name: str, model_version: str, project_name: str, risk_level: str) -> bool:
pass

@abstractmethod
def update_suggested_risk_level(
self, model_name: str, model_version: str, project_name: str, suggested_risk_level: str
) -> bool:
pass

@abstractmethod
def delete_model_info(self, model_name: str, model_version: str, project_name: str) -> bool:
pass
Expand Down
53 changes: 53 additions & 0 deletions backend/domain/use_cases/llm_usecases.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
# Philippe Stepniewski
import json
import os
from pathlib import Path

import anthropic
import boto3
from loguru import logger

from backend.domain.ports.platform_config_handler import PlatformConfigHandler

Expand Down Expand Up @@ -142,3 +144,54 @@ def review_ai_act_compliance(ai_act_card_markdown: str, platform_config_handler:
return next((b.text for b in message.content if b.type == "text"), "")

return _call_bedrock(client, model_id, prompt, max_tokens=4096)


VALID_RISK_LEVELS = {"unacceptable", "high", "limited", "minimal"}


def suggest_risk_level(ai_act_card_markdown: str, platform_config_handler: PlatformConfigHandler = None) -> dict:
"""
Call Claude to suggest an AI Act risk level based on the model's AI Act card.
Returns {"suggested_risk_level": "high", "justification": "..."}.
"""
client = _make_client(platform_config_handler)
provider = get_provider(platform_config_handler)
model_id = ANTHROPIC_MODEL_ID if provider == "anthropic" else get_bedrock_model_id(platform_config_handler)

prompt = _load_prompt("risk_level_suggestion.txt").format(ai_act_card_markdown=ai_act_card_markdown)

if provider == "anthropic":
with client.messages.stream(
model=model_id,
max_tokens=1024,
thinking={"type": "adaptive"},
messages=[{"role": "user", "content": prompt}],
) as stream:
message = stream.get_final_message()
raw_response = next((b.text for b in message.content if b.type == "text"), "")
else:
raw_response = _call_bedrock(client, model_id, prompt, max_tokens=1024)

return _parse_risk_level_response(raw_response)


def _parse_risk_level_response(raw_response: str) -> dict:
"""Extract the suggested risk level and justification from LLM JSON response."""
cleaned = raw_response.strip()
if "```json" in cleaned:
cleaned = cleaned.split("```json")[1].split("```")[0].strip()
elif "```" in cleaned:
cleaned = cleaned.split("```")[1].split("```")[0].strip()

try:
result = json.loads(cleaned)
except json.JSONDecodeError:
logger.warning(f"Failed to parse risk level suggestion as JSON: {raw_response[:200]}")
return {"suggested_risk_level": None, "justification": raw_response}

level = result.get("suggested_risk_level", "").lower().strip()
if level not in VALID_RISK_LEVELS:
logger.warning(f"LLM suggested invalid risk level: {level}")
return {"suggested_risk_level": None, "justification": result.get("justification", raw_response)}

return {"suggested_risk_level": level, "justification": result.get("justification", "")}
17 changes: 17 additions & 0 deletions backend/infrastructure/model_info_pgsql_db_handler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ def _init_table_if_not_exists(self):
cursor.execute(
"ALTER TABLE model_infos ADD COLUMN IF NOT EXISTS llm_compliance TEXT DEFAULT 'not_evaluated'"
)
cursor.execute("ALTER TABLE model_infos ADD COLUMN IF NOT EXISTS suggested_risk_level TEXT")
connection.commit()
finally:
connection.close()
Expand Down Expand Up @@ -156,6 +157,22 @@ def update_risk_level(self, model_name: str, model_version: str, project_name: s
connection.close()
return True

def update_suggested_risk_level(
self, model_name: str, model_version: str, project_name: str, suggested_risk_level: str
) -> bool:
connection = self._connect()
try:
cursor = connection.cursor()
cursor.execute(
"UPDATE model_infos SET suggested_risk_level = %s "
"WHERE model_name = %s AND model_version = %s AND project_name = %s",
(suggested_risk_level, model_name, model_version, project_name),
)
connection.commit()
finally:
connection.close()
return True

def update_act_review(self, model_name: str, model_version: str, project_name: str, text: str) -> bool:
connection = self._connect()
try:
Expand Down
25 changes: 24 additions & 1 deletion backend/infrastructure/model_info_sqlite_db_handler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ def map_rows_to_model_infos(rows: list) -> list[ModelInfo]:
act_review=row[7] if len(row) > 7 else None,
deterministic_compliance=row[8] if len(row) > 8 else "not_evaluated",
llm_compliance=row[9] if len(row) > 9 else "not_evaluated",
suggested_risk_level=row[10] if len(row) > 10 else None,
)
for row in rows
]
Expand Down Expand Up @@ -61,7 +62,13 @@ def _init_table_if_not_exists(self):
)
"""
)
for col in ["generated_model_card", "act_review", "deterministic_compliance", "llm_compliance"]:
for col in [
"generated_model_card",
"act_review",
"deterministic_compliance",
"llm_compliance",
"suggested_risk_level",
]:
try:
cursor.execute(f"ALTER TABLE model_infos ADD COLUMN {col} TEXT")
except Exception:
Expand Down Expand Up @@ -166,6 +173,22 @@ def update_risk_level(self, model_name: str, model_version: str, project_name: s
connection.close()
return True

def update_suggested_risk_level(
self, model_name: str, model_version: str, project_name: str, suggested_risk_level: str
) -> bool:
connection = sqlite3.connect(self.db_path)
try:
cursor = connection.cursor()
cursor.execute(
"UPDATE model_infos SET suggested_risk_level = ? "
"WHERE model_name = ? AND model_version = ? AND project_name = ?",
(suggested_risk_level, model_name, model_version, project_name),
)
connection.commit()
finally:
connection.close()
return True

def update_act_review(self, model_name: str, model_version: str, project_name: str, text: str) -> bool:
connection = sqlite3.connect(self.db_path)
try:
Expand Down
115 changes: 115 additions & 0 deletions frontend/css/style.css
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1779,6 +1779,121 @@ mark.search-mark {
border: 1px solid var(--border-1);
}

/* ── Risk Level Suggestion ─────────────────────────────────── */

.risk-suggestion {
position: relative;
display: inline-flex;
align-items: center;
gap: 4px;
}

.risk-suggestion .risk-badge {
opacity: 0.65;
border-style: dashed;
}

.risk-suggestion-tag {
position: absolute;
top: -7px;
right: -6px;
font-size: 8px;
font-weight: 700;
font-family: var(--font-mono);
letter-spacing: 0.06em;
text-transform: uppercase;
color: var(--ai-light);
background: var(--bg-0);
padding: 0 3px;
border-radius: 3px;
border: 1px solid rgba(123,58,237,0.25);
line-height: 1.5;
}

.risk-suggestion-result {
display: flex;
flex-direction: column;
gap: 20px;
}

.risk-suggestion-result__level {
display: flex;
align-items: center;
gap: 14px;
padding: 16px 20px;
border-radius: var(--radius-base);
background: var(--bg-1);
border: 1px solid var(--border-1);
}

.risk-suggestion-result__icon {
font-size: 28px;
line-height: 1;
}

.risk-suggestion-result__title {
font-family: var(--font-display);
font-size: 22px;
letter-spacing: 0.04em;
color: var(--text-0);
}

.risk-suggestion-result__subtitle {
font-size: 12px;
color: var(--text-2);
margin-top: 2px;
}

.risk-suggestion-result__justification {
padding: 16px 20px;
border-radius: var(--radius-base);
background: var(--bg-1);
border-left: 3px solid var(--ai-mid);
}

.risk-suggestion-result__justification-label {
font-size: 10px;
font-weight: 700;
text-transform: uppercase;
letter-spacing: 0.1em;
color: var(--ai-mid);
font-family: var(--font-body);
margin-bottom: 8px;
}

.risk-suggestion-result__justification-text {
font-size: 13px;
line-height: 1.7;
color: var(--text-1);
}

.risk-suggestion-result__notice {
display: flex;
align-items: flex-start;
gap: 8px;
padding: 12px 16px;
border-radius: var(--radius-sm);
background: rgba(14,35,86,0.03);
border: 1px solid var(--border-0);
font-size: 11px;
line-height: 1.6;
color: var(--text-2);
}

.risk-suggestion-result__notice svg {
flex-shrink: 0;
margin-top: 1px;
color: var(--text-2);
}

.risk-suggestion-result__notice code {
font-family: var(--font-mono);
font-size: 10px;
padding: 1px 5px;
border-radius: 3px;
background: var(--bg-2);
}

/* Empty / tips prompt */
.search-empty-prompt {
display: flex;
Expand Down
Loading
Loading