""" ClauseGuard — FastAPI Backend (Production) Clause classification + explanations + history + JWT auth. FastAPI 0.136, Pydantic 2.13, Python 3.12 (April 2026) """ import os import time import re from contextlib import asynccontextmanager from typing import Optional import httpx import numpy as np from fastapi import FastAPI, HTTPException, Depends from fastapi.middleware.cors import CORSMiddleware from pydantic import BaseModel, Field from auth import get_current_user, require_auth # ─── Config ─── MODEL_PATH = os.environ.get("MODEL_PATH", "./clauseguard-model/final") ONNX_MODEL_PATH = os.environ.get("ONNX_MODEL_PATH", "./clauseguard-model-onnx") USE_ONNX = os.environ.get("USE_ONNX", "true").lower() == "true" SUPABASE_URL = os.environ.get("SUPABASE_URL", "") SUPABASE_SERVICE_KEY = os.environ.get("SUPABASE_SERVICE_ROLE_KEY", "") HF_API_TOKEN = os.environ.get("HF_API_TOKEN", "") SAULLM_ENDPOINT = os.environ.get("SAULLM_ENDPOINT", "") LABEL_NAMES = [ "Limitation of liability", "Unilateral termination", "Unilateral change", "Content removal", "Contract by using", "Choice of law", "Jurisdiction", "Arbitration", ] LABEL_DESCRIPTIONS = { "Limitation of liability": "Company limits or excludes liability for losses, data breaches, or service failures.", "Unilateral termination": "Company can terminate your account at any time without reason.", "Unilateral change": "Company can change terms at any time without your consent.", "Content removal": "Company can delete your content without notice or justification.", "Contract by using": "You are bound to the contract simply by using the service.", "Choice of law": "Governing law may differ from your country, reducing your legal protections.", "Jurisdiction": "Disputes must be resolved in a jurisdiction that may disadvantage you.", "Arbitration": "Forces disputes to arbitration instead of court. You waive your right to sue.", } SEVERITY_MAP = { "Limitation of liability": "HIGH", "Unilateral termination": "HIGH", "Arbitration": "HIGH", "Unilateral change": "MEDIUM", "Content removal": "MEDIUM", "Choice of law": "MEDIUM", "Jurisdiction": "MEDIUM", "Contract by using": "LOW", } LEGAL_BASIS = { "Arbitration": "EU Directive 93/13/EEC Art. 3; CFPB arbitration rule (US).", "Unilateral change": "EU Directive 93/13/EEC Annex 1(j) — unilateral alteration.", "Content removal": "EU Digital Services Act Art. 17 — statement of reasons required.", "Jurisdiction": "EU Regulation 1215/2012 Art. 18 — consumer domicile prevails.", "Choice of law": "EU Regulation 593/2008 Art. 6 — consumer protection of habitual residence.", "Limitation of liability": "EU Directive 93/13/EEC Annex 1(a) — excluding statutory rights.", "Unilateral termination": "EU Directive 93/13/EEC Annex 1(f)(g) — termination without notice.", "Contract by using": "EU Directive 2011/83/EU Art. 8 — active consent required.", } # ─── Model ─── classifier = None def load_model(): global classifier try: if USE_ONNX and os.path.exists(ONNX_MODEL_PATH): from optimum.onnxruntime import ORTModelForSequenceClassification from transformers import AutoTokenizer, pipeline model = ORTModelForSequenceClassification.from_pretrained(ONNX_MODEL_PATH) tokenizer = AutoTokenizer.from_pretrained(ONNX_MODEL_PATH) classifier = pipeline("text-classification", model=model, tokenizer=tokenizer, top_k=None) elif os.path.exists(MODEL_PATH): from transformers import pipeline classifier = pipeline("text-classification", model=MODEL_PATH, top_k=None, device=-1) except Exception as e: print(f"Model load failed: {e}") # ─── Regex fallback ─── PATTERNS = { 0: [r"not liable", r"shall not be (liable|responsible)", r"in no event.*liable", r"limitation of liability", r"without warranty", r"disclaim"], 1: [r"terminat.*at any time", r"suspend.*account.*without", r"we may (terminat|suspend|discontinu)", r"right to (terminat|suspend)"], 2: [r"sole discretion", r"reserves? the right to (modify|change|update|amend)", r"at any time.*without (prior )?notice", r"we may (modify|change|update)"], 3: [r"remove.*content.*without", r"right to remove", r"we may.*remove"], 4: [r"by (using|accessing).*you agree", r"continued use.*constitutes? acceptance"], 5: [r"governed by.*laws? of", r"shall be governed", r"laws of the state of"], 6: [r"exclusive jurisdiction", r"courts? of.*(california|delaware|new york|ireland|england)", r"submit to.*jurisdiction"], 7: [r"arbitrat", r"binding arbitration", r"waive.*right.*court", r"class action waiver"], } def classify_clause(text: str) -> list[dict]: if classifier: try: preds = classifier(text, truncation=True, max_length=512) items = preds[0] if isinstance(preds[0], list) else preds return [ {"name": p["label"], "severity": SEVERITY_MAP.get(p["label"], "MEDIUM"), "description": LABEL_DESCRIPTIONS.get(p["label"], ""), "confidence": round(p["score"], 3)} for p in items if p["score"] > 0.5 and p["label"] in LABEL_DESCRIPTIONS ] except Exception: pass # Regex fallback results = [] text_lower = text.lower() for lid, pats in PATTERNS.items(): for p in pats: if re.search(p, text_lower): name = LABEL_NAMES[lid] results.append({"name": name, "severity": SEVERITY_MAP[name], "description": LABEL_DESCRIPTIONS[name], "confidence": 0.7}) break return results # ─── Supabase helper ─── async def supabase_insert(table: str, data: dict): if not SUPABASE_URL or not SUPABASE_SERVICE_KEY: return async with httpx.AsyncClient() as client: await client.post( f"{SUPABASE_URL}/rest/v1/{table}", json=data, headers={"apikey": SUPABASE_SERVICE_KEY, "Authorization": f"Bearer {SUPABASE_SERVICE_KEY}", "Content-Type": "application/json", "Prefer": "return=minimal"}, ) async def supabase_query(table: str, params: dict, headers_extra: dict = {}): if not SUPABASE_URL or not SUPABASE_SERVICE_KEY: return [] async with httpx.AsyncClient() as client: resp = await client.get( f"{SUPABASE_URL}/rest/v1/{table}", params=params, headers={"apikey": SUPABASE_SERVICE_KEY, "Authorization": f"Bearer {SUPABASE_SERVICE_KEY}", **headers_extra}, ) return resp.json() if resp.status_code == 200 else [] # ─── Models ─── class AnalyzeRequest(BaseModel): clauses: list[str] = Field(..., min_length=1, max_length=500) source_url: Optional[str] = None class AnalyzeResponse(BaseModel): risk_score: int grade: str total_clauses: int flagged_count: int results: list[dict] model: str latency_ms: int class ExplainRequest(BaseModel): clause: str = Field(..., min_length=10, max_length=2000) category: str class ExplainResponse(BaseModel): clause: str category: str explanation: str legal_basis: str recommendation: str # ─── App ─── @asynccontextmanager async def lifespan(app: FastAPI): load_model() yield app = FastAPI(title="ClauseGuard API", version="1.0.0", lifespan=lifespan) app.add_middleware( CORSMiddleware, allow_origins=["https://clauseguardweb.netlify.app", "https://clauseguardweb.netlify.app", "chrome-extension://*", "http://localhost:3000"], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) @app.get("/health") async def health(): return {"status": "ok", "model": "ml" if classifier else "regex"} @app.post("/api/analyze", response_model=AnalyzeResponse) async def analyze(req: AnalyzeRequest, user: Optional[dict] = Depends(get_current_user)): start = time.time() results = [{"text": c, "categories": classify_clause(c)} for c in req.clauses] flagged = [r for r in results if r["categories"]] sev = {"HIGH": 0, "MEDIUM": 0, "LOW": 0} for r in flagged: for c in r["categories"]: sev[c.get("severity", "LOW")] += 1 total = len(req.clauses) risk = min(100, round((sev["HIGH"] * 20 + sev["MEDIUM"] * 10 + sev["LOW"] * 5) / max(1, total) * 100)) grade = "F" if risk >= 60 else "D" if risk >= 40 else "C" if risk >= 20 else "B" if risk >= 10 else "A" latency = int((time.time() - start) * 1000) # Save to DB if authenticated if user: await supabase_insert("analyses", { "user_id": user["id"], "source_url": req.source_url, "total_clauses": total, "flagged_count": len(flagged), "risk_score": risk, "grade": grade, "clauses": results, }) return AnalyzeResponse(risk_score=risk, grade=grade, total_clauses=total, flagged_count=len(flagged), results=results, model="ml" if classifier else "regex", latency_ms=latency) @app.post("/api/explain", response_model=ExplainResponse) async def explain(req: ExplainRequest, user: dict = Depends(require_auth)): desc = LABEL_DESCRIPTIONS.get(req.category, "Unknown category.") legal = LEGAL_BASIS.get(req.category, "Consult local consumer protection laws.") recommendation = "Review this clause carefully. Consider negotiating or seeking legal advice before agreeing." # Try SaulLM-7B if endpoint configured if SAULLM_ENDPOINT and HF_API_TOKEN: try: prompt = f"""You are a consumer protection legal analyst. Analyze this clause and explain why it may be unfair. Clause: "{req.clause}" Category: {req.category} Provide: 1. A plain-English explanation of why this is problematic 2. The specific legal basis (EU/US consumer protection law) 3. A practical recommendation for the consumer Be concise. 3-4 sentences maximum per section.""" async with httpx.AsyncClient(timeout=30.0) as client: resp = await client.post( SAULLM_ENDPOINT, json={"inputs": prompt, "parameters": {"max_new_tokens": 300, "temperature": 0.3}}, headers={"Authorization": f"Bearer {HF_API_TOKEN}"}, ) if resp.status_code == 200: output = resp.json() generated = output[0]["generated_text"] if isinstance(output, list) else output.get("generated_text", "") if generated and len(generated) > 50: parts = generated.split("\n\n") desc = parts[0] if len(parts) > 0 else desc legal = parts[1] if len(parts) > 1 else legal recommendation = parts[2] if len(parts) > 2 else recommendation except Exception: pass # Fall back to static responses return ExplainResponse(clause=req.clause, category=req.category, explanation=desc, legal_basis=legal, recommendation=recommendation) @app.get("/api/history") async def history(user: dict = Depends(require_auth), limit: int = 20, offset: int = 0): limit = min(limit, 100) data = await supabase_query("analyses", { "user_id": f"eq.{user['id']}", "select": "*", "order": "created_at.desc", "limit": str(limit), "offset": str(offset), }) return {"analyses": data, "limit": limit, "offset": offset} if __name__ == "__main__": import uvicorn uvicorn.run(app, host="0.0.0.0", port=8000)