<a href="https://colab.research.google.com/github/micah-shull/AI_Agents/blob/main/380_GCO_ViolationDetection_Utils.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [None]:
"""Violation detection utilities for Governance & Compliance Orchestrator

Detects policy violations and generates compliance events.
"""

from typing import Dict, Any, List
from datetime import datetime


def generate_compliance_event(
    evaluation: Dict[str, Any],
    event_counter: int
) -> Dict[str, Any]:
    """
    Generate a compliance event from a policy evaluation that indicates a violation.

    Args:
        evaluation: Policy evaluation result with violation=True
        event_counter: Counter for generating unique compliance event IDs

    Returns:
        Compliance event dict
    """
    compliance_event_id = f"cmp_{event_counter:04d}"

    # Determine recommended action based on severity
    severity = evaluation.get("severity", "medium")
    required_action = evaluation.get("required_action", "review")

    recommended_actions = {
        "critical": "Immediate escalation to compliance officer and block action",
        "high": "Escalate to compliance officer",
        "medium": "Require human review before next action",
        "low": "Log for review and request explanation"
    }

    recommended_action = recommended_actions.get(severity, "Review and document")

    return {
        "compliance_event_id": compliance_event_id,
        "event_id": evaluation.get("event_id"),
        "risk_type": "policy_violation",
        "policy_id": evaluation.get("policy_id"),
        "severity": severity,
        "status": "open",
        "recommended_action": recommended_action,
        "reason": evaluation.get("reason", "Policy violation detected"),
        "timestamp": datetime.utcnow().isoformat() + "Z"
    }


def detect_violations(
    policy_evaluations: List[Dict[str, Any]]
) -> List[Dict[str, Any]]:
    """
    Detect all violations from policy evaluations and generate compliance events.

    Args:
        policy_evaluations: List of policy evaluation results

    Returns:
        List of compliance events (one per violation)
    """
    violations = [e for e in policy_evaluations if e.get("violation", False)]

    compliance_events = []
    event_counter = 1

    for violation in violations:
        compliance_event = generate_compliance_event(violation, event_counter)
        compliance_events.append(compliance_event)
        event_counter += 1

    return compliance_events





# Violation Detection ‚Äî Converting Policy Breaches into Auditable Events

## What This Code Does

This module is where **governance findings become formal accountability artifacts**.

Its responsibility is straightforward but critical:

> **When a policy evaluation indicates a violation, this code converts that finding into a structured compliance event that can be tracked, escalated, and audited.**

At this point in the system:

* Interpretation is over
* Judgment is complete
* Documentation begins

This mirrors how real compliance systems operate in regulated organizations.

---

## 1. Why Violations Become Events (Not Just Flags)

A key architectural decision here is that violations are not treated as boolean flags or log messages.

Instead, each violation becomes a **first-class compliance event** with:

* A unique identifier
* A clear severity
* An explicit recommended action
* A timestamp
* A trace back to the original agent action

This is essential for:

* Audits
* Investigations
* Executive reporting
* Long-term risk tracking

Governance only works when findings are *recorded*, not just detected.

---

## 2. Generating a Compliance Event

### `generate_compliance_event(...)`

This function performs the formal transition from *evaluation* to *enforcement*.

### What It Produces

Each compliance event includes:

* A deterministic ID (`cmp_0001`, `cmp_0002`, ‚Ä¶)
* The originating agent event
* The violated policy
* Severity classification
* A human-readable reason
* A concrete recommended action
* A timestamp suitable for audit logs

Nothing here is inferred later. Everything needed for accountability is captured immediately.

---

## 3. Severity-Driven Enforcement Logic

One of the strongest aspects of this design is how **severity directly controls the response**.

Instead of vague alerts, the system produces **clear operational guidance**:

| Severity | Resulting Action                  |
| -------- | --------------------------------- |
| Critical | Immediate escalation and blocking |
| High     | Escalate to compliance            |
| Medium   | Require human review              |
| Low      | Log and request explanation       |

This ensures that:

* Serious issues interrupt automation
* Minor issues don‚Äôt overwhelm operators
* Leadership can trust the system‚Äôs proportionality

And importantly, these actions are **transparent and configurable**, not hardcoded judgments.

---

## 4. Detecting Violations at Scale

### `detect_violations(...)`

This function performs a clean, organization-wide sweep:

1. Filters policy evaluations for true violations
2. Generates a compliance event for each
3. Returns a structured list ready for downstream use

This separation of concerns matters:

* Policy evaluation determines *what went wrong*
* Violation detection determines *what to do about it*

That clarity is what allows the system to scale responsibly.

---

## 5. Why This Design Builds Executive Confidence

From a business and governance perspective, this module does three very important things:

### üîπ It Creates a Permanent Record

Nothing is ephemeral. Every violation is documented.

### üîπ It Enables Action Without Interpretation

Compliance officers and leaders don‚Äôt need to ‚Äúread the logs‚Äù ‚Äî the system tells them what to do.

### üîπ It Supports Metrics and Trends

Because violations are structured events, you can:

* Count them
* Trend them
* Prioritize them
* Report on them over time

This is how governance becomes measurable instead of anecdotal.

---

## 6. How This Fits the Larger Architecture

By the time this module runs:

* Agent behavior has been captured
* Policies have been applied
* Violations have been objectively identified

What this code adds is **institutional memory**.

It ensures that governance decisions:

* Persist beyond a single run
* Can be reviewed weeks or months later
* Stand up to external scrutiny

---

## Bottom Line

This module transforms governance from ‚Äúmonitoring‚Äù into **accountability**.

By turning violations into formal, traceable compliance events with clear recommended actions, it creates the bridge between AI behavior and real organizational control.

This is exactly the kind of system that allows enterprises to scale AI **without losing oversight**.


