Upload compliance.py

compliance.py

@@ -0,0 +1,245 @@
+"""
+ClauseGuard — Compliance Checker
+════════════════════════════════
+Check contracts against regulatory frameworks:
+  • GDPR (EU General Data Protection Regulation)
+  • CCPA (California Consumer Privacy Act)
+  • SOX (Sarbanes-Oxley)
+  • HIPAA (Health Insurance Portability and Accountability Act)
+  • FINRA (Financial Industry Regulatory Authority)
+"""
+
+import re
+from collections import defaultdict
+
+# Regulatory requirement definitions
+REGULATIONS = {
+    "GDPR": {
+        "description": "EU General Data Protection Regulation (Regulation 2016/679)",
+        "requirements": {
+            "lawful_basis": {
+                "keywords": ["lawful basis", "legal basis", "legitimate interest", "consent", "performance of contract", "legal obligation"],
+                "description": "Must specify lawful basis for data processing (Art. 6)",
+                "severity": "HIGH",
+            },
+            "data_subject_rights": {
+                "keywords": ["right to access", "right to erasure", "right to be forgotten", "data portability", "rectification", "object to processing"],
+                "description": "Must acknowledge data subject rights (Arts. 15-22)",
+                "severity": "HIGH",
+            },
+            "data_breach_notification": {
+                "keywords": ["data breach", "breach notification", "notify supervisory authority", "72 hours"],
+                "description": "Must include data breach notification obligations (Art. 33)",
+                "severity": "MEDIUM",
+            },
+            "data_protection_officer": {
+                "keywords": ["data protection officer", "DPO"],
+                "description": "Should reference Data Protection Officer if applicable (Art. 37)",
+                "severity": "LOW",
+            },
+            "cross_border_transfer": {
+                "keywords": ["standard contractual clauses", "SCCs", "adequacy decision", "transfer mechanism", "third country"],
+                "description": "Must specify transfer safeguards for cross-border data (Arts. 44-49)",
+                "severity": "HIGH",
+            },
+            "privacy_by_design": {
+                "keywords": ["privacy by design", "privacy by default", "data minimization", "purpose limitation"],
+                "description": "Should reference privacy-by-design principles (Art. 25)",
+                "severity": "MEDIUM",
+            },
+        },
+    },
+    "CCPA": {
+        "description": "California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.)",
+        "requirements": {
+            "consumer_rights": {
+                "keywords": ["right to know", "right to delete", "right to opt out", "right to non-discrimination", "consumer rights"],
+                "description": "Must acknowledge California consumer rights",
+                "severity": "HIGH",
+            },
+            "data_categories": {
+                "keywords": ["categories of personal information", "personal information categories", "identifiers", "commercial information"],
+                "description": "Must disclose categories of personal information collected",
+                "severity": "HIGH",
+            },
+            "sale_of_data": {
+                "keywords": ["do not sell my personal information", "opt-out of sale", "sale of personal information"],
+                "description": "Must provide opt-out mechanism for data sales",
+                "severity": "HIGH",
+            },
+            "service_providers": {
+                "keywords": ["service provider", "third party", "contractor", "business purpose"],
+                "description": "Should limit data use to business/service provider purposes",
+                "severity": "MEDIUM",
+            },
+        },
+    },
+    "SOX": {
+        "description": "Sarbanes-Oxley Act (US, 2002)",
+        "requirements": {
+            "internal_controls": {
+                "keywords": ["internal controls", "internal control over financial reporting", "ICFR"],
+                "description": "Must reference internal controls over financial reporting (§ 404)",
+                "severity": "HIGH",
+            },
+            "audit_committee": {
+                "keywords": ["audit committee", "independent auditor", "PCAOB"],
+                "description": "Should reference audit committee oversight",
+                "severity": "MEDIUM",
+            },
+            "whistleblower": {
+                "keywords": ["whistleblower", "anonymous reporting", "reporting hotline", "retaliation"],
+                "description": "Should protect whistleblower provisions (§ 806)",
+                "severity": "HIGH",
+            },
+            "document_retention": {
+                "keywords": ["document retention", "record retention", "retention policy", "preserve records"],
+                "description": "Must include document retention obligations (§ 802)",
+                "severity": "HIGH",
+            },
+        },
+    },
+    "HIPAA": {
+        "description": "Health Insurance Portability and Accountability Act (US, 1996)",
+        "requirements": {
+            "phi_protection": {
+                "keywords": ["protected health information", "PHI", "health information", "ePHI"],
+                "description": "Must protect PHI and limit uses/disclosures",
+                "severity": "CRITICAL",
+            },
+            "business_associate": {
+                "keywords": ["business associate agreement", "BAA", "business associate", "covered entity"],
+                "description": "Should reference Business Associate Agreement (§ 164.504(e))",
+                "severity": "HIGH",
+            },
+            "security_safeguards": {
+                "keywords": ["administrative safeguards", "technical safeguards", "physical safeguards", "encryption", "access controls"],
+                "description": "Must implement security safeguards (§ 164.308-312)",
+                "severity": "HIGH",
+            },
+            "breach_notification": {
+                "keywords": ["breach notification", "notification of breach", "unauthorized access"],
+                "description": "Must include breach notification obligations (§ 164.400-414)",
+                "severity": "HIGH",
+            },
+        },
+    },
+    "FINRA": {
+        "description": "Financial Industry Regulatory Authority (US)",
+        "requirements": {
+            "recordkeeping": {
+                "keywords": ["recordkeeping", "books and records", "retain records", "SEC Rule 17a-4"],
+                "description": "Must comply with recordkeeping rules (FINRA Rule 4511)",
+                "severity": "HIGH",
+            },
+            "supervision": {
+                "keywords": ["supervision", "supervisory system", "review and approval"],
+                "description": "Should reference supervisory obligations (FINRA Rule 3110)",
+                "severity": "MEDIUM",
+            },
+            "anti_money_laundering": {
+                "keywords": ["anti-money laundering", "AML", "suspicious activity", "SAR", "OFAC"],
+                "description": "Must reference AML compliance (FINRA Rule 3310)",
+                "severity": "HIGH",
+            },
+            "privacy": {
+                "keywords": ["privacy policy", "customer information", "Regulation S-P", "nonpublic personal information"],
+                "description": "Must protect customer information (Regulation S-P)",
+                "severity": "HIGH",
+            },
+        },
+    },
+}
+
+RISK_STYLES = {
+    "CRITICAL": ("#dc2626", "#fef2f2"),
+    "HIGH": ("#ea580c", "#fff7ed"),
+    "MEDIUM": ("#ca8a04", "#fefce8"),
+    "LOW": ("#16a34a", "#f0fdf4"),
+}
+
+
+def check_compliance(text):
+    """Check contract text against all regulatory frameworks."""
+    text_lower = text.lower()
+    results = {}
+
+    for reg_name, reg_data in REGULATIONS.items():
+        checks = []
+        for req_name, req_data in reg_data["requirements"].items():
+            matched = False
+            matched_keywords = []
+            for kw in req_data["keywords"]:
+                if kw.lower() in text_lower:
+                    matched = True
+                    matched_keywords.append(kw)
+            checks.append({
+                "requirement": req_name,
+                "description": req_data["description"],
+                "severity": req_data["severity"],
+                "status": "PASS" if matched else "MISSING",
+                "matched_keywords": matched_keywords,
+            })
+
+        passed = sum(1 for c in checks if c["status"] == "PASS")
+        total = len(checks)
+        compliance_rate = round(passed / total * 100) if total > 0 else 0
+
+        results[reg_name] = {
+            "description": reg_data["description"],
+            "compliance_rate": compliance_rate,
+            "checks": checks,
+            "overall_status": "COMPLIANT" if compliance_rate >= 80 else "PARTIAL" if compliance_rate >= 40 else "NON-COMPLIANT",
+        }
+
+    return results
+
+
+def render_compliance_html(results):
+    """Render compliance results as HTML for Gradio."""
+    html = '<div style="font-family:system-ui,sans-serif;">'
+
+    for reg_name, reg_result in results.items():
+        rate = reg_result["compliance_rate"]
+        status = reg_result["overall_status"]
+        status_color = "#16a34a" if status == "COMPLIANT" else "#ca8a04" if status == "PARTIAL" else "#dc2626"
+        status_bg = "#f0fdf4" if status == "COMPLIANT" else "#fefce8" if status == "PARTIAL" else "#fef2f2"
+
+        html += f'''
+        <div style="border:1px solid #e5e7eb;border-radius:10px;margin-bottom:16px;overflow:hidden;">
+          <div style="display:flex;justify-content:space-between;align-items:center;padding:12px 16px;background:{status_bg};border-bottom:1px solid #e5e7eb;">
+            <div>
+              <span style="font-size:16px;font-weight:700;color:#1f2937;">{reg_name}</span>
+              <p style="font-size:11px;color:#6b7280;margin:2px 0 0 0;">{reg_result["description"]}</p>
+            </div>
+            <div style="text-align:right;">
+              <div style="font-size:24px;font-weight:700;color:{status_color};">{rate}%</div>
+              <div style="font-size:11px;color:{status_color};font-weight:500;">{status}</div>
+            </div>
+          </div>
+          <div style="padding:8px 16px;">
+        '''
+
+        for check in reg_result["checks"]:
+            color, bg = RISK_STYLES[check["severity"]]
+            status_icon = "✅" if check["status"] == "PASS" else "❌"
+            status_text = "Found" if check["status"] == "PASS" else "Missing"
+            keywords = ", ".join(check["matched_keywords"][:3]) if check["matched_keywords"] else "—"
+
+            html += f'''
+            <div style="display:flex;justify-content:space-between;align-items:flex-start;padding:8px 0;border-bottom:1px solid #f3f4f6;">
+              <div style="flex:1;">
+                <div style="font-size:12px;font-weight:500;color:#374151;">{check["description"]}</div>
+                <div style="font-size:10px;color:#9ca3af;margin-top:2px;">Keywords: {keywords}</div>
+              </div>
+              <div style="display:flex;align-items:center;gap:6px;margin-left:8px;">
+                <span style="font-size:10px;color:{color};font-weight:600;background:{bg};padding:2px 8px;border-radius:4px;">{check["severity"]}</span>
+                <span style="font-size:13px;">{status_icon}</span>
+              </div>
+            </div>
+            '''
+
+        html += '</div></div>'
+
+    html += '</div>'
+    return html