fix(v4.3): compliance.py — bug report fixes (10 issues)

compliance.py

@@ -245,12 +245,55 @@ def _get_context(text, keyword, window=100):
     return context
 
 
+# FIX v4.3: Regulation applicability gates — only apply regulations relevant to the contract type
+_REGULATION_GATES = {
+    "SOX": re.compile(
+        r'financial\s+statement|internal\s+control|audit\s+committee|public\s+company|sec\s+filing|pcaob|sarbanes',
+        re.IGNORECASE
+    ),
+    "HIPAA": re.compile(
+        r'protected\s+health|(?<!\w)phi(?!\w)|health\s+information|medical\s+record|business\s+associate\s+agreement|(?<!\w)baa(?!\w)|hipaa',
+        re.IGNORECASE
+    ),
+    "FINRA": re.compile(
+        r'securities|broker[\-\s]?dealer|investment\s+advis|financial\s+industry|(?<!\w)finra(?!\w)|registered\s+representative',
+        re.IGNORECASE
+    ),
+}
+
+
 def check_compliance(text):
-    """Check contract text against all regulatory frameworks with negation handling."""
+    """Check contract text against applicable regulatory frameworks with negation handling.
+    
+    FIX v4.3:
+      - Regulation applicability gates: SOX/HIPAA/FINRA only checked if contract contains relevant terms
+      - Whole-word keyword matching: prevents substring false positives (e.g. "SAR" in "Year 3")
+      - GDPR and CCPA always checked (broadly applicable)
+    """
     text_lower = text.lower()
     results = {}
 
+    # FIX v4.3: Determine which regulations apply to this contract
+    applicable_regs = {"GDPR", "CCPA"}  # Always check these
+    for reg_name, gate_pattern in _REGULATION_GATES.items():
+        if gate_pattern.search(text):
+            applicable_regs.add(reg_name)
+
     for reg_name, reg_data in REGULATIONS.items():
+        # FIX v4.3: Skip regulations that don't apply to this contract
+        if reg_name not in applicable_regs:
+            # Still include in results but mark as not applicable
+            results[reg_name] = {
+                "description": reg_data["description"],
+                "compliance_rate": -1,  # -1 = not applicable
+                "checks": [],
+                "overall_status": "NOT_APPLICABLE",
+                "negated_count": 0,
+                "ambiguous_count": 0,
+                "note": f"{reg_name} does not appear applicable to this contract type.",
+            }
+            continue
+
         checks = []
         for req_name, req_data in reg_data["requirements"].items():
             matched = False
@@ -259,15 +302,27 @@ def check_compliance(text):
             context_snippets = []
 
             for kw in req_data["keywords"]:
-                if kw.lower() in text_lower:
-                    matched_keywords.append(kw)
-                    if _check_negation(text_lower, kw):
-                        negated = True
-                    else:
-                        matched = True
-                    ctx = _get_context(text, kw)
-                    if ctx:
-                        context_snippets.append(ctx)
+                # FIX v4.3: Use whole-word matching to prevent substring false positives
+                # e.g., "SAR" should not match "Year 3" tokenised fragments
+                kw_lower = kw.lower()
+                if len(kw_lower) <= 4:
+                    # Short keywords (SAR, DPO, PHI, BAA) — require word boundaries
+                    pattern = re.compile(r'\b' + re.escape(kw_lower) + r'\b', re.IGNORECASE)
+                    if not pattern.search(text_lower):
+                        continue
+                else:
+                    # Longer keywords — substring is OK
+                    if kw_lower not in text_lower:
+                        continue
+
+                matched_keywords.append(kw)
+                if _check_negation(text_lower, kw):
+                    negated = True
+                else:
+                    matched = True
+                ctx = _get_context(text, kw)
+                if ctx:
+                    context_snippets.append(ctx)
 
             if matched and not negated:
                 status = "PASS"