# 🏛️ JUSTITIA Demo: Transparent AI Policy Compiler

**Justified System for Transparent Institutional Trust Intelligence & Audit**

## 🎯 OpenAI Open Model Hackathon 2025

This notebook demonstrates how JUSTITIA transforms organizational norms into executable, auditable policies using gpt-oss models with transparent reasoning.

### Key Features:
- 🔧 **Harmony format** for structured policy generation
- 🧠 **Transparent chain-of-thought** reasoning
- 🐍 **Executable policy validation** with comprehensive testing
- 🔒 **Offline-first operation** for sensitive data
- ⚖️ **Multi-domain support** (content moderation, code review, compliance)

In [None]:
# Setup and imports
import sys
import json
from pathlib import Path
from rich.console import Console
from rich.panel import Panel
from rich.syntax import Syntax
from rich.table import Table

# Import JUSTITIA modules
from justitia.policy import PolicyGenerator
from justitia.tests import PolicyTestSuite
from justitia.harmony import create_policy_generation_prompt

console = Console()
console.print("[bold green]🏛️ JUSTITIA Demo Environment Ready![/bold green]")

## 📋 Step 1: Define Policy Norms

Let's start by defining organizational norms in natural language:

In [None]:
# Content Moderation Policy Norms
content_norms = """
Content Moderation Policy for Community Platform

Our platform is committed to maintaining a safe and inclusive environment. We prohibit:

1. Hate Speech: Content that attacks individuals or groups based on protected characteristics
   including race, ethnicity, religion, gender, sexual orientation, or disability.

2. Harassment: Personal attacks, threats, doxxing, stalking, or coordinated harassment 
   campaigns against users.

3. Explicit Content: Pornographic material, graphic violence, gore, or content that 
   sexualizes minors.

4. Spam and Scams: Unsolicited promotional content, phishing attempts, fraudulent 
   schemes, or repeated posting of identical content.

Generate comprehensive JSON rules with regex patterns to automatically detect these 
violations. Include clear rationale for each rule and appropriate severity levels.
"""

console.print(Panel(content_norms, title="[bold blue]📋 Content Moderation Norms[/bold blue]", expand=False))

## 🧠 Step 2: Generate Policy with gpt-oss

Now we'll use the gpt-oss model via Ollama to transform these norms into executable policies:

In [None]:
# Create policy generator with high reasoning effort
console.print("[yellow]⏳ Initializing Policy Generator with gpt-oss...[/yellow]")

pg = PolicyGenerator(
    domain="content-moderation",
    reasoning_effort="high"  # Request detailed chain-of-thought
)

console.print("[green]✅ Policy Generator ready![/green]")

In [None]:
# Generate policy with transparent reasoning
console.print("[yellow]🧠 Generating policy with gpt-oss (this may take 30-60 seconds)...[/yellow]")

try:
    result = pg.generate_policy(content_norms)
    
    policy_json = result.get("policy_json", {})
    audit_notebook = result.get("audit_notebook", "")
    
    console.print("[bold green]✅ Policy generation complete![/bold green]")
    
    # Display policy summary
    if policy_json:
        rules_count = len(policy_json.get("rules", []))
        console.print(f"[cyan]📋 Generated {rules_count} policy rules[/cyan]")
        
        # Show first rule as example
        if policy_json.get("rules"):
            first_rule = policy_json["rules"][0]
            rule_display = {
                "ID": first_rule.get("id", "N/A"),
                "Description": first_rule.get("description", "N/A"),
                "Pattern": first_rule.get("pattern", "N/A")[:50] + "...",
                "Severity": first_rule.get("severity", "N/A"),
                "Rationale": first_rule.get("rationale", "N/A")[:100] + "..."
            }
            
            table = Table(title="[bold cyan]Example Generated Rule[/bold cyan]")
            table.add_column("Field", style="cyan")
            table.add_column("Value", style="white")
            
            for field, value in rule_display.items():
                table.add_row(field, str(value))
            
            console.print(table)
    
except Exception as e:
    console.print(f"[red]❌ Error: {str(e)}[/red]")
    console.print("[yellow]💡 Make sure Ollama is running: ollama serve[/yellow]")

## 🔍 Step 3: Examine Transparent Reasoning

Let's look at the AI's chain-of-thought reasoning process:

In [None]:
# Display the reasoning process
if 'audit_notebook' in locals() and audit_notebook:
    console.print(Panel(
        audit_notebook[:500] + "..." if len(audit_notebook) > 500 else audit_notebook,
        title="[bold magenta]🔍 AI Reasoning Process (Chain-of-Thought)[/bold magenta]",
        expand=False
    ))
else:
    console.print("[yellow]No reasoning captured in this session[/yellow]")

## 📊 Step 4: Display Complete Policy JSON

Here's the complete generated policy in structured JSON format:

In [None]:
# Display the complete policy JSON
if 'policy_json' in locals() and policy_json:
    # Format JSON for display
    policy_str = json.dumps(policy_json, indent=2)
    syntax = Syntax(policy_str, "json", theme="monokai", line_numbers=True)
    
    console.print(Panel(
        syntax,
        title="[bold green]📄 Generated Policy JSON[/bold green]",
        expand=False
    ))
else:
    console.print("[yellow]No policy JSON available from previous step[/yellow]")

## 🧪 Step 5: Create Test Cases

Now let's create test cases to validate our policy:

In [None]:
# Create comprehensive test cases
test_cases = {
    "test_cases": [
        {
            "id": "hate_speech_1",
            "text": "Those black people, I hate them all",
            "expected_violations": ["rule_001"],  # Assuming rule_001 is hate speech
            "description": "Clear hate speech targeting protected group",
            "category": "hate_speech"
        },
        {
            "id": "harassment_1",
            "text": "You're stupid @user stop posting here nobody likes you",
            "expected_violations": ["rule_002"],  # Assuming rule_002 is harassment
            "description": "Personal attack and harassment",
            "category": "harassment"
        },
        {
            "id": "clean_content_1",
            "text": "I love this new feature, great job team!",
            "expected_violations": [],
            "description": "Positive, clean content",
            "category": "clean"
        },
        {
            "id": "spam_1",
            "text": "Buy cheap viagra now! Click here: http://spam-site.com",
            "expected_violations": ["rule_004"],  # Assuming rule_004 is spam
            "description": "Spam with promotional link",
            "category": "spam"
        }
    ]
}

console.print("[green]✅ Created 4 test cases covering different violation types[/green]")

# Display test cases
test_table = Table(title="[bold cyan]📋 Test Cases[/bold cyan]")
test_table.add_column("ID", style="cyan")
test_table.add_column("Text", style="white")
test_table.add_column("Expected", style="yellow")
test_table.add_column("Category", style="green")

for case in test_cases["test_cases"]:
    text_preview = case["text"][:40] + "..." if len(case["text"]) > 40 else case["text"]
    expected = ", ".join(case["expected_violations"]) if case["expected_violations"] else "None"
    test_table.add_row(
        case["id"],
        text_preview,
        expected,
        case["category"]
    )

console.print(test_table)

## ⚖️ Step 6: Run Policy Validation Tests

Now let's test our generated policy against the test cases:

In [None]:
# Run policy tests
if 'policy_json' in locals() and policy_json:
    console.print("[yellow]🧪 Running policy validation tests...[/yellow]")
    
    # Create test suite
    test_suite = PolicyTestSuite()
    
    try:
        # Run tests
        results = test_suite.run_tests(policy_json, test_cases)
        
        # Display results
        console.print(f"[bold green]✅ Test execution complete![/bold green]")
        console.print(f"[cyan]📊 Tests run: {results.total_tests}[/cyan]")
        console.print(f"[green]✅ Passed: {results.passed} ({results.pass_rate:.1%})[/green]")
        console.print(f"[red]❌ Failed: {results.failed}[/red]")
        console.print(f"[blue]📈 Average Score: {results.average_score:.3f}[/blue]")
        
        # Show detailed results table
        results_table = Table(title="[bold cyan]📊 Detailed Test Results[/bold cyan]")
        results_table.add_column("Test ID", style="cyan")
        results_table.add_column("Status", style="white")
        results_table.add_column("Score", style="yellow")
        results_table.add_column("Violations Found", style="green")
        results_table.add_column("Issues", style="red")
        
        for result in results.test_results:
            status = "✅ PASS" if result.passed else "❌ FAIL"
            violations = ", ".join(result.violations_found) if result.violations_found else "None"
            issues = []
            if result.false_positives:
                issues.append(f"FP: {', '.join(result.false_positives)}")
            if result.false_negatives:
                issues.append(f"FN: {', '.join(result.false_negatives)}")
            issues_str = "; ".join(issues) if issues else "None"
            
            results_table.add_row(
                result.test_id,
                status,
                f"{result.score:.2f}",
                violations,
                issues_str
            )
        
        console.print(results_table)
        
    except Exception as e:
        console.print(f"[red]❌ Testing failed: {str(e)}[/red]")
else:
    console.print("[yellow]No policy available for testing[/yellow]")

## 🛠️ Step 7: Code Review Policy Example

Let's demonstrate JUSTITIA's versatility with a different domain - code review security:

In [None]:
# Code Review Security Norms
code_norms = """
Code Review Security Policy

All code submissions must meet the following security requirements:

1. No Hardcoded Secrets: Source code must not contain hardcoded passwords, API keys, 
   tokens, or other sensitive credentials.

2. Input Validation: All user inputs must be properly validated and sanitized before 
   processing to prevent injection attacks.

3. Secure Functions: Deprecated or inherently unsafe functions (strcpy, gets, eval, etc.) 
   are prohibited.

4. Database Security: All database queries must use parameterized statements or prepared 
   statements to prevent SQL injection.

Generate comprehensive regex patterns to automatically detect these security violations 
during code review process.
"""

console.print(Panel(code_norms, title="[bold blue]🔒 Code Review Security Norms[/bold blue]", expand=False))

In [None]:
# Generate code review policy
console.print("[yellow]🧠 Generating code review policy...[/yellow]")

try:
    code_pg = PolicyGenerator(
        domain="code-review",
        reasoning_effort="medium"
    )
    
    code_result = code_pg.generate_policy(code_norms)
    code_policy = code_result.get("policy_json", {})
    
    if code_policy:
        console.print("[green]✅ Code review policy generated![/green]")
        
        # Show rules summary
        rules_summary = Table(title="[bold cyan]🔒 Code Review Rules Summary[/bold cyan]")
        rules_summary.add_column("Rule ID", style="cyan")
        rules_summary.add_column("Description", style="white")
        rules_summary.add_column("Severity", style="red")
        
        for rule in code_policy.get("rules", []):
            rules_summary.add_row(
                rule.get("id", "N/A"),
                rule.get("description", "N/A")[:60] + "...",
                rule.get("severity", "N/A")
            )
        
        console.print(rules_summary)
        
except Exception as e:
    console.print(f"[red]❌ Error generating code policy: {str(e)}[/red]")

## 🎯 Step 8: Summary and Next Steps

### What We've Demonstrated:

1. **🔧 Harmony Format**: Structured prompts for reliable gpt-oss interaction
2. **🧠 Transparent Reasoning**: Full audit trail of AI decision-making
3. **🐍 Executable Policies**: Not just text, but testable regex rules
4. **📊 Comprehensive Testing**: False positive/negative detection
5. **🔄 Multi-Domain Support**: Works across different policy areas
6. **🔒 Offline Operation**: Complete local processing for sensitive data

### JUSTITIA's Unique Value:

Unlike generic AI assistants, JUSTITIA specializes in:
- **Policy Compilation**: Transform norms → executable rules
- **Transparent Governance**: Every decision is auditable
- **Domain Expertise**: Tailored for compliance and risk management
- **Enterprise Ready**: Offline-first, secure, Apache 2.0 licensed

In [None]:
# Final summary
console.print(Panel(
    """[bold green]🎉 JUSTITIA Demo Complete![/bold green]

[cyan]✅ Policy Generation:[/cyan] Transform natural language norms into structured rules
[cyan]✅ Transparent Reasoning:[/cyan] Full audit trail of AI decision-making process  
[cyan]✅ Comprehensive Testing:[/cyan] Validate policies with real test cases
[cyan]✅ Multi-Domain Support:[/cyan] Content moderation, code review, and more
[cyan]✅ Offline Operation:[/cyan] Complete local processing with gpt-oss

[bold yellow]🏆 Ready for OpenAI Open Model Hackathon 2025![/bold yellow]

Try the CLI: [bold]justitia --help[/bold]
Try the TUI: [bold]python run_tui.py[/bold]""",
    title="[bold magenta]🏛️ JUSTITIA: Transparent AI Policy Compiler[/bold magenta]",
    expand=False
))