Added Enterprise RA

API_DOCUMENTATION.md

@@ -0,0 +1,537 @@
+# EY Catalyst Risk Analysis API Documentation
+
+## Overview
+This document describes the AI-powered generation endpoints for the EY Catalyst Risk Analysis platform. These endpoints generate risk-related data using advanced language models and are designed to work independently of database operations.
+
+---
+
+## Enterprise Risk Assessment (RA) Endpoints
+
+### 1. Generate Enterprise Risks
+
+**Endpoint:** `POST /api/enterprise-ra/generate-risks`
+
+**Purpose:** Generate comprehensive enterprise risks based on category, department, and business context.
+
+**Request Body:**
+```json
+{
+  "category": "Technology",
+  "department": "IT",
+  "business_context": "Financial services organization with cloud infrastructure",
+  "specific_concerns": "Data security and regulatory compliance",
+  "number_of_risks": 5
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "risks": [
+    {
+      "id": "r1a2b3c4",
+      "category": "Technology",
+      "name": "Data Breach",
+      "description": "Sensitive customer data could be exposed through inadequate security measures",
+      "likelihood": 4,
+      "impact": 5,
+      "treatment": "Implement multi-factor authentication and encrypt all data at rest",
+      "department": "IT",
+      "escalated": false,
+      "threats": [
+        {
+          "name": "Phishing Attack",
+          "description": "Attackers trick employees into revealing credentials."
+        },
+        {
+          "name": "Malware",
+          "description": "Malicious software used to steal or corrupt data."
+        }
+      ]
+    }
+  ],
+  "message": "Successfully generated 5 enterprise risks"
+}
+```
+
+### 2. Generate Threats for Risk
+
+**Endpoint:** `POST /api/enterprise-ra/generate-threats`
+
+**Purpose:** Generate specific threats for a given risk scenario.
+
+**Request Body:**
+```json
+{
+  "risk_name": "Data Breach",
+  "category": "Technology",
+  "department": "IT",
+  "number_of_threats": 3
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "threats": [
+    {
+      "name": "Advanced Persistent Threat",
+      "description": "Sophisticated, long-term cyber attack targeting sensitive data"
+    },
+    {
+      "name": "Insider Threat",
+      "description": "Malicious or negligent actions by employees with system access"
+    },
+    {
+      "name": "Third-Party Breach",
+      "description": "Security compromise through vendor or partner systems"
+    }
+  ],
+  "message": "Successfully generated 3 threats for risk: Data Breach"
+}
+```
+
+---
+
+## Threat Risk Assessment Endpoints
+
+### 3. Generate Threat Risk Records
+
+**Endpoint:** `POST /api/threat-ra/generate-threat-risks`
+
+**Purpose:** Generate comprehensive threat risk records for threat risk assessment tables.
+
+**Request Body:**
+```json
+{
+  "domain": "IT",
+  "category": "Technology",
+  "business_context": "Cloud-based infrastructure with remote workforce",
+  "specific_focus": "Network security and endpoint protection",
+  "number_of_records": 10
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "threatRisks": [
+    {
+      "id": "tr1a2b3c",
+      "domain": "IT",
+      "riskName": "Network Intrusion",
+      "threat": "External Hacker",
+      "vulnerability": "Unpatched Network Equipment",
+      "category": "Technology",
+      "likelihood": 4,
+      "impact": 5,
+      "rating": 20
+    },
+    {
+      "id": "tr4d5e6f",
+      "domain": "IT",
+      "riskName": "Data Exfiltration",
+      "threat": "Malicious Insider",
+      "vulnerability": "Excessive User Privileges",
+      "category": "Technology",
+      "likelihood": 3,
+      "impact": 4,
+      "rating": 12
+    }
+  ],
+  "message": "Successfully generated 10 threat risk records"
+}
+```
+
+### 4. Analyze Threat Risk Scenario
+
+**Endpoint:** `POST /api/threat-ra/analyze-threat-risk`
+
+**Purpose:** Provide detailed analysis and recommendations for a specific threat risk scenario.
+
+**Request Body:**
+```json
+{
+  "domain": "HR",
+  "risk_name": "Key Personnel Loss",
+  "threat": "Employee Resignation",
+  "vulnerability": "No Succession Planning",
+  "category": "People"
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "analysis": {
+    "id": "ana1b2c3",
+    "domain": "HR",
+    "riskName": "Key Personnel Loss",
+    "threat": "Employee Resignation",
+    "vulnerability": "No Succession Planning",
+    "category": "People",
+    "likelihood": 3,
+    "impact": 4,
+    "rating": 12
+  },
+  "recommendations": [
+    "Develop comprehensive succession plans for key roles",
+    "Implement knowledge transfer and documentation processes",
+    "Create retention strategies for critical personnel",
+    "Establish cross-training programs to reduce single points of failure"
+  ],
+  "message": "Successfully analyzed threat risk scenario"
+}
+```
+
+### 5. Generate Bulk Threat Analysis
+
+**Endpoint:** `POST /api/threat-ra/generate-bulk-analysis`
+
+**Purpose:** Generate comprehensive threat risk analysis across multiple domains and categories.
+
+**Request Body:**
+```json
+{
+  "domains": ["IT", "HR", "Finance", "Operations"],
+  "categories": ["Technology", "People", "Process", "External"]
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "total_records": 80,
+  "threat_risks": [
+    {
+      "id": "bulk1a2b",
+      "domain": "IT",
+      "riskName": "System Downtime",
+      "threat": "Hardware Failure",
+      "vulnerability": "Aging Infrastructure",
+      "category": "Technology",
+      "likelihood": 3,
+      "impact": 4,
+      "rating": 12
+    }
+  ],
+  "message": "Successfully generated 80 threat risk records across 4 domains and 4 categories"
+}
+```
+
+---
+
+## Dashboard Analytics Endpoints
+
+### 6. Generate Dashboard KPIs
+
+**Endpoint:** `POST /api/dashboard/generate-kpis`
+
+**Purpose:** Generate realistic KPI metrics for the main dashboard based on organization context.
+
+**Request Body:**
+```json
+{
+  "organization_name": "TechCorp Inc",
+  "industry": "Technology",
+  "departments": ["IT", "HR", "Finance", "Operations", "Legal", "Marketing"],
+  "time_period": "last_30_days"
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "kpis": {
+    "totalRisks": 124,
+    "totalThreats": 37,
+    "criticalRisks": 8,
+    "departments": 6
+  },
+  "message": "Successfully generated dashboard KPI metrics"
+}
+```
+
+### 7. Generate Assessment Summaries
+
+**Endpoint:** `POST /api/dashboard/generate-assessment-summaries`
+
+**Purpose:** Generate assessment summaries with realistic progress and key findings.
+
+**Request Body:**
+```json
+{
+  "assessment_types": [
+    "Critical Process RA",
+    "Threat Risk Assessment", 
+    "Site Assessment",
+    "Vendor Risk Assessment"
+  ],
+  "organization_context": "Mid-size financial services firm with 500+ employees"
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "summaries": [
+    {
+      "assessmentType": "Critical Process RA",
+      "completed": 12,
+      "inProgress": 3,
+      "pending": 2,
+      "keyFindings": [
+        "Most processes are up to date.",
+        "2 processes need urgent review."
+      ]
+    },
+    {
+      "assessmentType": "Threat Risk Assessment",
+      "completed": 8,
+      "inProgress": 4,
+      "pending": 1,
+      "keyFindings": [
+        "Phishing is the top threat.",
+        "Training is needed for IT staff."
+      ]
+    }
+  ],
+  "message": "Successfully generated assessment summaries"
+}
+```
+
+### 8. Generate Recent Activities
+
+**Endpoint:** `GET /api/dashboard/generate-recent-activities?days=7&limit=10`
+
+**Purpose:** Generate realistic recent activities for the dashboard activity feed.
+
+**Query Parameters:**
+- `days` (optional): Number of days to look back (default: 7)
+- `limit` (optional): Maximum number of activities to return (default: 10)
+
+**Response:**
+```json
+{
+  "success": true,
+  "activities": [
+    {
+      "action": "Risk escalated",
+      "user": "Jane Doe",
+      "timestamp": "2024-06-01T10:15:00Z",
+      "meta": "Risk: Data Breach"
+    },
+    {
+      "action": "Threat added",
+      "user": "John Smith",
+      "timestamp": "2024-05-31T16:42:00Z",
+      "meta": "Threat: Ransomware"
+    }
+  ],
+  "message": "Successfully generated 10 recent activities"
+}
+```
+
+### 9. Generate Risk Insights
+
+**Endpoint:** `POST /api/dashboard/generate-risk-insights`
+
+**Purpose:** Generate strategic risk insights and recommendations for executive dashboard.
+
+**Request Body:**
+```json
+{
+  "organization_context": "Global technology company with remote workforce",
+  "focus_areas": ["Cybersecurity", "Supply Chain", "Regulatory Compliance"]
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "insights": [
+    {
+      "title": "Cybersecurity Threat Evolution",
+      "description": "Increasing sophistication of cyber attacks requires enhanced security measures",
+      "priority": "High",
+      "recommendation": "Implement zero-trust architecture and advanced threat detection"
+    }
+  ],
+  "trends": [
+    "Increased remote work security challenges",
+    "Regulatory compliance complexity"
+  ],
+  "kpis_to_monitor": [
+    "Mean time to detect threats",
+    "Risk mitigation completion rate"
+  ],
+  "message": "Successfully generated risk insights"
+}
+```
+
+---
+
+## Risk Mitigation Endpoint (Updated)
+
+### 10. Generate Risk Mitigation Analysis
+
+**Endpoint:** `POST /api/risk-mitigation`
+
+**Purpose:** Generate comprehensive risk analysis and mitigation plan based on user responses to risk assessment questions.
+
+**Request Body:**
+```json
+{
+  "responses": [
+    {
+      "category": "Fire",
+      "question": "Is the data centre equipped with an appropriate fire suppression system?",
+      "user_answer": "We only have a few handheld fire extinguishers, and there's no automated system."
+    }
+  ]
+}
+```
+
+**Response:**
+```json
+{
+  "risk_analysis": {
+    "risk_id": "RISK-001",
+    "category": "Fire",
+    "question": "Is the data centre equipped with an appropriate fire suppression system?",
+    "user_answer": "We only have a few handheld fire extinguishers, and there's no automated system.",
+    "risk_name": "Absence of automated fire suppression system",
+    "identified_threat": "Increased risk of fire damage and personnel danger due to lack of automatic suppression systems.",
+    "likelihood": "High",
+    "impact": "Severe",
+    "risk_value": 9,
+    "residual_risk": "Critical",
+    "current_control_description": "Only basic handheld extinguishers are available; no active fire suppression in place.",
+    "current_control_rating": "Poor",
+    "business_unit": "Facilities",
+    "risk_owner": "Fire Safety Officer",
+    "timeline": "Immediate",
+    "mitigation_plan": "Install automated suppression systems like FM200 or Inergen and integrate with fire alarms.",
+    "summary": {
+      "risk_classification_summary": "This is a critical fire safety risk with a high likelihood and severe impact. It requires immediate action.",
+      "mitigation_suggestions": [
+        "Deploy automated gas-based fire suppression systems.",
+        "Conduct fire safety training and drills.",
+        "Regularly inspect and maintain suppression systems."
+      ],
+      "risk_trends": {
+        "top_category": "Fire",
+        "risk_severity": "Critical",
+        "observations": [
+          "Many facilities lack automated fire suppression.",
+          "High fire risks stem from outdated or manual systems.",
+          "Immediate remediation is crucial to prevent major incidents."
+        ]
+      }
+    }
+  }
+}
+```
+
+---
+
+## Error Handling
+
+All endpoints follow consistent error handling patterns:
+
+**Success Response Structure:**
+```json
+{
+  "success": true,
+  "data": { ... },
+  "message": "Success message"
+}
+```
+
+**Error Response Structure:**
+```json
+{
+  "success": false,
+  "error": "Error description",
+  "status_code": 500,
+  "details": "Detailed error information"
+}
+```
+
+**Common HTTP Status Codes:**
+- `200`: Success
+- `400`: Bad Request (invalid input)
+- `422`: Validation Error
+- `500`: Internal Server Error
+
+---
+
+## Usage Notes
+
+1. **AI-Generated Content**: All endpoints use advanced language models to generate realistic, contextually appropriate risk data.
+
+2. **Fallback Mechanisms**: Each endpoint includes intelligent fallback responses in case of AI processing issues.
+
+3. **Unique Identifiers**: Generated records include unique IDs for tracking and reference.
+
+4. **Customizable Parameters**: Most endpoints accept optional parameters to customize the generated content.
+
+5. **Industry-Specific Logic**: Responses are tailored based on industry, department, and organizational context.
+
+6. **Rate Limiting**: Consider implementing rate limiting for production use to manage AI API costs.
+
+7. **Validation**: All request models include validation to ensure data quality and consistency.
+
+---
+
+## Integration Examples
+
+### PowerShell Example:
+```powershell
+$body = @{
+  category = "Technology"
+  department = "IT"
+  business_context = "Cloud infrastructure with remote workforce"
+  number_of_risks = 5
+} | ConvertTo-Json
+
+$response = Invoke-RestMethod -Uri "http://localhost:8000/api/enterprise-ra/generate-risks" -Method Post -Body $body -ContentType "application/json"
+```
+
+### Python Example:
+```python
+import requests
+
+data = {
+    "category": "Technology",
+    "department": "IT", 
+    "business_context": "Cloud infrastructure with remote workforce",
+    "number_of_risks": 5
+}
+
+response = requests.post(
+    "http://localhost:8000/api/enterprise-ra/generate-risks",
+    json=data
+)
+result = response.json()
+```
+
+### cURL Example:
+```bash
+curl -X POST "http://localhost:8000/api/enterprise-ra/generate-risks" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "category": "Technology",
+    "department": "IT",
+    "business_context": "Cloud infrastructure with remote workforce",
+    "number_of_risks": 5
+  }'
+```

app.py

@@ -6,7 +6,17 @@ import os
 import openai
 import json
 
-app = FastAPI()
+# Import the new routers
+from enterprise_ra import enterprise_ra_router
+from threat_ra import threat_ra_router
+from dashboard_analytics import dashboard_router
+
+app = FastAPI(title="EY Catalyst Risk Analysis API", version="1.0.0")
+
+# Include the routers
+app.mount("/enterprise", enterprise_ra_router)
+app.mount("/threat", threat_ra_router) 
+app.mount("/dashboard", dashboard_router)
 
 # Environment Variables
 GROQ_API_KEY = os.environ.get("GROQ_API_KEY").strip()

dashboard_analytics.py

@@ -0,0 +1,443 @@
+# dashboard_analytics.py
+from fastapi import FastAPI, HTTPException
+from pydantic import BaseModel
+from typing import List, Optional, Dict, Any
+import os
+import openai
+import json
+from datetime import datetime, timedelta
+import random
+
+# Environment Variables
+GROQ_API_KEY = os.environ.get("GROQ_API_KEY")
+
+# Model Setup
+def generate_response(system_prompt: str, user_message: str):
+    client = openai.OpenAI(api_key=GROQ_API_KEY, base_url="https://api.groq.com/openai/v1")
+    response = client.chat.completions.create(
+        model="llama3-8b-8192",
+        messages=[
+            {"role": "system", "content": system_prompt},
+            {"role": "user", "content": user_message}
+        ],
+        temperature=0.4
+    )
+    return response.choices[0].message.content
+
+# Request Models
+class DashboardAnalyticsRequest(BaseModel):
+    organization_name: Optional[str] = "Organization"
+    industry: Optional[str] = "Technology"
+    departments: Optional[List[str]] = ["IT", "HR", "Finance", "Operations"]
+    time_period: Optional[str] = "last_30_days"
+
+class AssessmentSummaryRequest(BaseModel):
+    assessment_types: List[str]
+    organization_context: Optional[str] = ""
+
+# Response Models
+class KPIMetrics(BaseModel):
+    totalRisks: int
+    totalThreats: int
+    criticalRisks: int
+    departments: int
+
+class AssessmentSummary(BaseModel):
+    assessmentType: str
+    completed: int
+    inProgress: int
+    pending: int
+    keyFindings: List[str]
+
+class RecentActivity(BaseModel):
+    action: str
+    user: str
+    timestamp: str
+    meta: str
+
+class DashboardKPIResponse(BaseModel):
+    success: bool
+    kpis: KPIMetrics
+    message: str
+
+class AssessmentSummariesResponse(BaseModel):
+    success: bool
+    summaries: List[AssessmentSummary]
+    message: str
+
+class RecentActivitiesResponse(BaseModel):
+    success: bool
+    activities: List[RecentActivity]
+    message: str
+
+# Dashboard Analytics Router
+dashboard_router = FastAPI()
+
+@dashboard_router.post("/api/dashboard/generate-kpis", response_model=DashboardKPIResponse)
+def generate_dashboard_kpis(request: DashboardAnalyticsRequest):
+    """
+    Generate realistic KPI metrics for the main dashboard based on organization context
+    """
+    system_prompt = """
+You are an expert risk analytics specialist. Your task is to generate realistic KPI metrics for an organization's risk management dashboard.
+
+Based on the organization context, generate appropriate metrics that reflect:
+1. Total number of identified risks
+2. Total number of distinct threats
+3. Number of critical risks (high likelihood and high impact)
+4. Number of departments involved in risk management
+
+Consider:
+- Organization size and industry standards
+- Typical risk profiles for different industries
+- Realistic proportions between total risks and critical risks
+- Department involvement based on organization structure
+
+Respond strictly in this JSON format:
+{
+  "kpis": {
+    "totalRisks": 125,
+    "totalThreats": 45,
+    "criticalRisks": 12,
+    "departments": 6
+  },
+  "rationale": "Brief explanation of the metrics provided"
+}
+"""
+
+    user_message = f"""
+Generate KPI metrics for the following organization:
+
+Organization: {request.organization_name}
+Industry: {request.industry}
+Departments: {', '.join(request.departments)}
+Time Period: {request.time_period}
+
+Please provide realistic metrics that align with this organization's profile and industry standards.
+"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Extract JSON from the response
+        json_start = result.find('{')
+        json_end = result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = result[json_start:json_end]
+            kpi_data = json.loads(json_str)
+            
+            kpis = KPIMetrics(**kpi_data.get("kpis", {}))
+            
+            return DashboardKPIResponse(
+                success=True,
+                kpis=kpis,
+                message="Successfully generated dashboard KPI metrics"
+            )
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except (json.JSONDecodeError, ValueError) as e:
+        # Fallback response with industry-appropriate metrics
+        base_multiplier = len(request.departments) * 10
+        
+        if request.industry.lower() in ["technology", "financial services", "healthcare"]:
+            risk_multiplier = 1.5
+        elif request.industry.lower() in ["manufacturing", "retail"]:
+            risk_multiplier = 1.2
+        else:
+            risk_multiplier = 1.0
+        
+        total_risks = int(base_multiplier * risk_multiplier)
+        total_threats = int(total_risks * 0.3)
+        critical_risks = int(total_risks * 0.08)
+        departments = len(request.departments)
+        
+        fallback_kpis = KPIMetrics(
+            totalRisks=total_risks,
+            totalThreats=total_threats,
+            criticalRisks=critical_risks,
+            departments=departments
+        )
+        
+        return DashboardKPIResponse(
+            success=True,
+            kpis=fallback_kpis,
+            message="Generated fallback KPI metrics"
+        )
+    
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error generating KPIs: {str(e)}")
+
+@dashboard_router.post("/api/dashboard/generate-assessment-summaries", response_model=AssessmentSummariesResponse)
+def generate_assessment_summaries(request: AssessmentSummaryRequest):
+    """
+    Generate assessment summaries with realistic progress and key findings
+    """
+    system_prompt = """
+You are an expert risk assessment analyst. Your task is to generate realistic assessment summaries for different types of risk assessments.
+
+For each assessment type, provide:
+1. Number of completed assessments
+2. Number of assessments in progress
+3. Number of pending assessments
+4. Key findings relevant to that assessment type
+
+Consider:
+- Realistic distribution of assessment states
+- Assessment-specific findings and insights
+- Current risk landscape and common issues
+- Actionable and meaningful key findings
+
+Respond strictly in this JSON format:
+{
+  "summaries": [
+    {
+      "assessmentType": "Assessment Type Name",
+      "completed": 12,
+      "inProgress": 3,
+      "pending": 2,
+      "keyFindings": [
+        "Finding 1",
+        "Finding 2"
+      ]
+    }
+  ]
+}
+"""
+
+    user_message = f"""
+Generate assessment summaries for the following assessment types:
+
+Assessment Types: {', '.join(request.assessment_types)}
+Organization Context: {request.organization_context}
+
+Please provide realistic progress numbers and meaningful key findings for each assessment type.
+"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Extract JSON from the response
+        json_start = result.find('{')
+        json_end = result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = result[json_start:json_end]
+            summary_data = json.loads(json_str)
+            
+            summaries = [AssessmentSummary(**summary) for summary in summary_data.get("summaries", [])]
+            
+            return AssessmentSummariesResponse(
+                success=True,
+                summaries=summaries,
+                message="Successfully generated assessment summaries"
+            )
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except (json.JSONDecodeError, ValueError) as e:
+        # Fallback response with default summaries
+        fallback_summaries = []
+        
+        for assessment_type in request.assessment_types:
+            # Generate realistic numbers
+            total_assessments = random.randint(15, 25)
+            completed = random.randint(int(total_assessments * 0.6), int(total_assessments * 0.8))
+            in_progress = random.randint(2, 5)
+            pending = total_assessments - completed - in_progress
+            
+            # Generate assessment-specific findings
+            if "critical process" in assessment_type.lower():
+                key_findings = [
+                    "Most critical processes are properly documented",
+                    "2-3 processes require immediate review",
+                    "Backup procedures need enhancement"
+                ]
+            elif "threat" in assessment_type.lower():
+                key_findings = [
+                    "Phishing remains the top threat vector",
+                    "Insider threat controls need strengthening",
+                    "Third-party risks require attention"
+                ]
+            elif "site" in assessment_type.lower():
+                key_findings = [
+                    "Physical security controls are adequate",
+                    "Some locations need access control upgrades",
+                    "Emergency procedures are well-established"
+                ]
+            else:
+                key_findings = [
+                    f"{assessment_type} controls are generally effective",
+                    "Some areas need improvement",
+                    "Regular monitoring is recommended"
+                ]
+            
+            summary = AssessmentSummary(
+                assessmentType=assessment_type,
+                completed=completed,
+                inProgress=in_progress,
+                pending=pending,
+                keyFindings=key_findings[:2]  # Limit to 2 findings
+            )
+            fallback_summaries.append(summary)
+        
+        return AssessmentSummariesResponse(
+            success=True,
+            summaries=fallback_summaries,
+            message="Generated fallback assessment summaries"
+        )
+    
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error generating assessment summaries: {str(e)}")
+
+@dashboard_router.get("/api/dashboard/generate-recent-activities", response_model=RecentActivitiesResponse)
+def generate_recent_activities(days: int = 7, limit: int = 10):
+    """
+    Generate realistic recent activities for the dashboard activity feed
+    """
+    try:
+        # Generate sample activities with realistic timestamps
+        activity_types = [
+            ("Risk escalated", "Risk: Data Breach"),
+            ("Threat added", "Threat: Ransomware"),
+            ("Assessment completed", "Critical Process RA"),
+            ("Risk mitigated", "Risk: System Failure"),
+            ("Threat updated", "Threat: Phishing Attack"),
+            ("Assessment started", "Site Assessment"),
+            ("Risk reviewed", "Risk: Supply Chain"),
+            ("Control implemented", "Multi-factor Authentication"),
+            ("Vulnerability identified", "Network Security Gap"),
+            ("Training completed", "Security Awareness")
+        ]
+        
+        users = ["Jane Doe", "John Smith", "Alice Johnson", "Bob Wilson", "Carol Brown", "David Lee"]
+        
+        activities = []
+        
+        for i in range(min(limit, len(activity_types))):
+            # Generate timestamp within the last 'days' days
+            days_ago = random.randint(0, days)
+            hours_ago = random.randint(0, 23)
+            minutes_ago = random.randint(0, 59)
+            
+            timestamp = datetime.now() - timedelta(days=days_ago, hours=hours_ago, minutes=minutes_ago)
+            
+            action, meta = activity_types[i]
+            user = random.choice(users)
+            
+            activity = RecentActivity(
+                action=action,
+                user=user,
+                timestamp=timestamp.isoformat() + "Z",
+                meta=meta
+            )
+            activities.append(activity)
+        
+        # Sort by timestamp (most recent first)
+        activities.sort(key=lambda x: x.timestamp, reverse=True)
+        
+        return RecentActivitiesResponse(
+            success=True,
+            activities=activities,
+            message=f"Successfully generated {len(activities)} recent activities"
+        )
+        
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error generating recent activities: {str(e)}")
+
+@dashboard_router.post("/api/dashboard/generate-risk-insights")
+def generate_risk_insights(organization_context: str = "", focus_areas: List[str] = []):
+    """
+    Generate strategic risk insights and recommendations for executive dashboard
+    """
+    system_prompt = """
+You are a senior risk management consultant. Your task is to generate strategic risk insights and recommendations for executive leadership.
+
+Provide:
+1. Top 3-5 strategic risk insights
+2. Trend analysis and predictions
+3. Actionable recommendations for senior management
+4. Key performance indicators to monitor
+
+Consider:
+- Current business environment and market conditions
+- Emerging risks and threat landscapes
+- Regulatory and compliance considerations
+- Business continuity and operational resilience
+
+Respond strictly in this JSON format:
+{
+  "insights": [
+    {
+      "title": "Insight Title",
+      "description": "Detailed insight description",
+      "priority": "High/Medium/Low",
+      "recommendation": "Specific recommendation"
+    }
+  ],
+  "trends": [
+    "Trend observation 1",
+    "Trend observation 2"
+  ],
+  "kpis_to_monitor": [
+    "KPI 1",
+    "KPI 2"
+  ]
+}
+"""
+
+    user_message = f"""
+Generate strategic risk insights for the following context:
+
+Organization Context: {organization_context}
+Focus Areas: {', '.join(focus_areas) if focus_areas else 'General risk management'}
+
+Please provide executive-level insights and recommendations.
+"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Extract JSON from the response
+        json_start = result.find('{')
+        json_end = result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = result[json_start:json_end]
+            insights_data = json.loads(json_str)
+            
+            return {
+                "success": True,
+                "insights": insights_data.get("insights", []),
+                "trends": insights_data.get("trends", []),
+                "kpis_to_monitor": insights_data.get("kpis_to_monitor", []),
+                "message": "Successfully generated risk insights"
+            }
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except Exception as e:
+        # Fallback response
+        fallback_insights = [
+            {
+                "title": "Cybersecurity Threat Evolution",
+                "description": "Increasing sophistication of cyber attacks requires enhanced security measures",
+                "priority": "High",
+                "recommendation": "Implement zero-trust architecture and advanced threat detection"
+            },
+            {
+                "title": "Supply Chain Resilience",
+                "description": "Global supply chain disruptions pose ongoing operational risks",
+                "priority": "Medium",
+                "recommendation": "Diversify supplier base and establish contingency plans"
+            }
+        ]
+        
+        return {
+            "success": True,
+            "insights": fallback_insights,
+            "trends": ["Increased remote work security challenges", "Regulatory compliance complexity"],
+            "kpis_to_monitor": ["Mean time to detect threats", "Risk mitigation completion rate"],
+            "message": "Generated fallback risk insights"
+        }

enterprise_ra.py

@@ -0,0 +1,280 @@
+# enterprise_ra.py
+from fastapi import FastAPI, HTTPException
+from pydantic import BaseModel
+from typing import List, Optional
+import os
+import openai
+import json
+import uuid
+
+# Environment Variables
+GROQ_API_KEY = os.environ.get("GROQ_API_KEY")
+
+# Model Setup
+def generate_response(system_prompt: str, user_message: str):
+    client = openai.OpenAI(api_key=GROQ_API_KEY, base_url="https://api.groq.com/openai/v1")
+    response = client.chat.completions.create(
+        model="llama3-8b-8192",
+        messages=[
+            {"role": "system", "content": system_prompt},
+            {"role": "user", "content": user_message}
+        ],
+        temperature=0.4
+    )
+    return response.choices[0].message.content
+
+# Request Models
+class RiskGenerationRequest(BaseModel):
+    category: str
+    department: str
+    business_context: Optional[str] = ""
+    specific_concerns: Optional[str] = ""
+    number_of_risks: Optional[int] = 5
+
+class ThreatGenerationRequest(BaseModel):
+    risk_name: str
+    category: str
+    department: str
+    number_of_threats: Optional[int] = 3
+
+# Response Models
+class Threat(BaseModel):
+    name: str
+    description: str
+
+class Risk(BaseModel):
+    id: str
+    category: str
+    name: str
+    description: str
+    likelihood: int
+    impact: int
+    treatment: str
+    department: str
+    escalated: bool
+    threats: List[Threat]
+
+class RiskGenerationResponse(BaseModel):
+    success: bool
+    risks: List[Risk]
+    message: str
+
+class ThreatGenerationResponse(BaseModel):
+    success: bool
+    threats: List[Threat]
+    message: str
+
+# Enterprise RA Router
+enterprise_ra_router = FastAPI()
+
+@enterprise_ra_router.post("/api/enterprise-ra/generate-risks", response_model=RiskGenerationResponse)
+def generate_enterprise_risks(request: RiskGenerationRequest):
+    """
+    Generate comprehensive enterprise risks based on category and department
+    """
+    system_prompt = """
+You are an expert enterprise risk analyst. Your task is to generate comprehensive risks for organizations based on the provided category, department, and business context.
+
+For each risk, you need to:
+1. Create a clear, specific risk name
+2. Provide a detailed description of the risk
+3. Assess likelihood (1-5 scale, where 1=very unlikely, 5=very likely)
+4. Assess impact (1-5 scale, where 1=minimal impact, 5=catastrophic impact)
+5. Provide appropriate treatment strategies
+6. Generate relevant threats associated with each risk
+
+Consider:
+- Industry best practices for risk identification
+- Department-specific risks and challenges
+- Current business environment factors
+- Regulatory and compliance considerations
+- Technological and operational dependencies
+
+Respond strictly in this JSON format:
+{
+  "risks": [
+    {
+      "name": "Clear, specific risk name",
+      "description": "Detailed description of the risk and its potential impact on the organization",
+      "likelihood": 3,
+      "impact": 4,
+      "treatment": "Specific treatment strategies to mitigate the risk",
+      "threats": [
+        {
+          "name": "Threat name",
+          "description": "Detailed description of the threat"
+        }
+      ]
+    }
+  ]
+}
+"""
+
+    user_message = f"""
+Generate {request.number_of_risks} enterprise risks for the following context:
+
+Category: {request.category}
+Department: {request.department}
+Business Context: {request.business_context}
+Specific Concerns: {request.specific_concerns}
+
+Please provide comprehensive risks that are relevant to this department and category, including appropriate likelihood and impact assessments, treatment strategies, and associated threats.
+"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Extract JSON from the response
+        json_start = result.find('{')
+        json_end = result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = result[json_start:json_end]
+            risks_data = json.loads(json_str)
+            
+            # Convert to our response format
+            risks = []
+            for risk_data in risks_data.get("risks", []):
+                risk = Risk(
+                    id=str(uuid.uuid4())[:8],  # Generate unique ID
+                    category=request.category,
+                    name=risk_data.get("name", ""),
+                    description=risk_data.get("description", ""),
+                    likelihood=risk_data.get("likelihood", 3),
+                    impact=risk_data.get("impact", 3),
+                    treatment=risk_data.get("treatment", ""),
+                    department=request.department,
+                    escalated=False,
+                    threats=[Threat(**threat) for threat in risk_data.get("threats", [])]
+                )
+                risks.append(risk)
+            
+            return RiskGenerationResponse(
+                success=True,
+                risks=risks,
+                message=f"Successfully generated {len(risks)} enterprise risks"
+            )
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except (json.JSONDecodeError, ValueError) as e:
+        # Fallback response with sample risks
+        fallback_risks = [
+            Risk(
+                id=str(uuid.uuid4())[:8],
+                category=request.category,
+                name=f"{request.category} Risk Assessment",
+                description=f"Potential risks related to {request.category} operations in {request.department} department",
+                likelihood=3,
+                impact=3,
+                treatment=f"Implement comprehensive {request.category} risk management framework",
+                department=request.department,
+                escalated=False,
+                threats=[
+                    Threat(
+                        name="Operational Disruption",
+                        description="Potential for operational processes to be disrupted"
+                    ),
+                    Threat(
+                        name="Compliance Violation",
+                        description="Risk of non-compliance with regulatory requirements"
+                    )
+                ]
+            )
+        ]
+        
+        return RiskGenerationResponse(
+            success=True,
+            risks=fallback_risks,
+            message="Generated fallback risks due to processing error"
+        )
+    
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error generating risks: {str(e)}")
+
+@enterprise_ra_router.post("/api/enterprise-ra/generate-threats", response_model=ThreatGenerationResponse)
+def generate_threats_for_risk(request: ThreatGenerationRequest):
+    """
+    Generate specific threats for a given risk
+    """
+    system_prompt = """
+You are an expert threat analyst. Your task is to generate specific threats that could lead to or contribute to a given risk.
+
+For each threat, provide:
+1. A clear, specific threat name
+2. A detailed description of how this threat could manifest and impact the organization
+
+Consider:
+- Direct and indirect threat vectors
+- Internal and external threat sources
+- Current threat landscape and emerging risks
+- Department-specific threat considerations
+- Industry-relevant threat patterns
+
+Respond strictly in this JSON format:
+{
+  "threats": [
+    {
+      "name": "Specific threat name",
+      "description": "Detailed description of the threat and how it could impact the organization"
+    }
+  ]
+}
+"""
+
+    user_message = f"""
+Generate {request.number_of_threats} specific threats for the following risk:
+
+Risk Name: {request.risk_name}
+Category: {request.category}
+Department: {request.department}
+
+Please provide threats that are directly relevant to this risk and could realistically occur in this department context.
+"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Extract JSON from the response
+        json_start = result.find('{')
+        json_end = result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = result[json_start:json_end]
+            threats_data = json.loads(json_str)
+            
+            threats = [Threat(**threat) for threat in threats_data.get("threats", [])]
+            
+            return ThreatGenerationResponse(
+                success=True,
+                threats=threats,
+                message=f"Successfully generated {len(threats)} threats for risk: {request.risk_name}"
+            )
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except (json.JSONDecodeError, ValueError) as e:
+        # Fallback response
+        fallback_threats = [
+            Threat(
+                name="System Failure",
+                description="Critical system components may fail leading to operational disruption"
+            ),
+            Threat(
+                name="Human Error",
+                description="Mistakes by personnel could trigger or worsen the risk scenario"
+            ),
+            Threat(
+                name="External Dependencies",
+                description="Failure of external services or suppliers could contribute to the risk"
+            )
+        ]
+        
+        return ThreatGenerationResponse(
+            success=True,
+            threats=fallback_threats[:request.number_of_threats],
+            message="Generated fallback threats due to processing error"
+        )
+    
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error generating threats: {str(e)}")

threat_ra.py

@@ -0,0 +1,337 @@
+# threat_ra.py
+from fastapi import FastAPI, HTTPException
+from pydantic import BaseModel
+from typing import List, Optional
+import os
+import openai
+import json
+import uuid
+
+# Environment Variables
+GROQ_API_KEY = os.environ.get("GROQ_API_KEY")
+
+# Model Setup
+def generate_response(system_prompt: str, user_message: str):
+    client = openai.OpenAI(api_key=GROQ_API_KEY, base_url="https://api.groq.com/openai/v1")
+    response = client.chat.completions.create(
+        model="llama3-8b-8192",
+        messages=[
+            {"role": "system", "content": system_prompt},
+            {"role": "user", "content": user_message}
+        ],
+        temperature=0.4
+    )
+    return response.choices[0].message.content
+
+# Request Models
+class ThreatRiskGenerationRequest(BaseModel):
+    domain: str
+    category: str
+    business_context: Optional[str] = ""
+    specific_focus: Optional[str] = ""
+    number_of_records: Optional[int] = 10
+
+class ThreatRiskAnalysisRequest(BaseModel):
+    domain: str
+    risk_name: str
+    threat: str
+    vulnerability: str
+    category: str
+
+# Response Models
+class ThreatRisk(BaseModel):
+    id: str
+    domain: str
+    riskName: str
+    threat: str
+    vulnerability: str
+    category: str
+    likelihood: int
+    impact: int
+    rating: int
+
+class ThreatRiskGenerationResponse(BaseModel):
+    success: bool
+    threatRisks: List[ThreatRisk]
+    message: str
+
+class ThreatRiskAnalysisResponse(BaseModel):
+    success: bool
+    analysis: ThreatRisk
+    recommendations: List[str]
+    message: str
+
+# Threat RA Router
+threat_ra_router = FastAPI()
+
+@threat_ra_router.post("/api/threat-ra/generate-threat-risks", response_model=ThreatRiskGenerationResponse)
+def generate_threat_risks(request: ThreatRiskGenerationRequest):
+    """
+    Generate comprehensive threat risk records for threat risk assessment
+    """
+    system_prompt = """
+You are an expert threat risk analyst. Your task is to generate comprehensive threat risk records that include domain-specific risks, threats, vulnerabilities, and their assessments.
+
+For each threat risk record, you need to:
+1. Create a specific risk name relevant to the domain
+2. Identify a credible threat that could exploit vulnerabilities
+3. Identify specific vulnerabilities that could be exploited
+4. Assess likelihood (1-5 scale, where 1=very unlikely, 5=very likely)
+5. Assess impact (1-5 scale, where 1=minimal impact, 5=catastrophic impact)
+6. Calculate rating (likelihood × impact)
+
+Consider:
+- Domain-specific threats and vulnerabilities
+- Current threat landscape and attack vectors
+- Industry-specific risk factors
+- Realistic likelihood and impact assessments
+- Emerging threats and evolving attack methods
+
+Respond strictly in this JSON format:
+{
+  "threatRisks": [
+    {
+      "riskName": "Specific risk name",
+      "threat": "Specific threat vector",
+      "vulnerability": "Specific vulnerability that could be exploited",
+      "likelihood": 3,
+      "impact": 4
+    }
+  ]
+}
+"""
+
+    user_message = f"""
+Generate {request.number_of_records} threat risk records for the following context:
+
+Domain: {request.domain}
+Category: {request.category}
+Business Context: {request.business_context}
+Specific Focus: {request.specific_focus}
+
+Please provide comprehensive threat risk records that include specific risks, threats, and vulnerabilities relevant to this domain and category.
+"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Extract JSON from the response
+        json_start = result.find('{')
+        json_end = result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = result[json_start:json_end]
+            risks_data = json.loads(json_str)
+            
+            # Convert to our response format
+            threat_risks = []
+            for risk_data in risks_data.get("threatRisks", []):
+                likelihood = risk_data.get("likelihood", 3)
+                impact = risk_data.get("impact", 3)
+                rating = likelihood * impact
+                
+                threat_risk = ThreatRisk(
+                    id=str(uuid.uuid4())[:8],  # Generate unique ID
+                    domain=request.domain,
+                    riskName=risk_data.get("riskName", ""),
+                    threat=risk_data.get("threat", ""),
+                    vulnerability=risk_data.get("vulnerability", ""),
+                    category=request.category,
+                    likelihood=likelihood,
+                    impact=impact,
+                    rating=rating
+                )
+                threat_risks.append(threat_risk)
+            
+            return ThreatRiskGenerationResponse(
+                success=True,
+                threatRisks=threat_risks,
+                message=f"Successfully generated {len(threat_risks)} threat risk records"
+            )
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except (json.JSONDecodeError, ValueError) as e:
+        # Fallback response with sample threat risks
+        fallback_risks = []
+        for i in range(min(request.number_of_records, 3)):
+            likelihood = 3
+            impact = 3
+            rating = likelihood * impact
+            
+            fallback_risk = ThreatRisk(
+                id=str(uuid.uuid4())[:8],
+                domain=request.domain,
+                riskName=f"{request.category} Risk {i+1}",
+                threat=f"Generic {request.category} Threat",
+                vulnerability=f"System vulnerability in {request.domain}",
+                category=request.category,
+                likelihood=likelihood,
+                impact=impact,
+                rating=rating
+            )
+            fallback_risks.append(fallback_risk)
+        
+        return ThreatRiskGenerationResponse(
+            success=True,
+            threatRisks=fallback_risks,
+            message="Generated fallback threat risks due to processing error"
+        )
+    
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error generating threat risks: {str(e)}")
+
+@threat_ra_router.post("/api/threat-ra/analyze-threat-risk", response_model=ThreatRiskAnalysisResponse)
+def analyze_threat_risk(request: ThreatRiskAnalysisRequest):
+    """
+    Provide detailed analysis and recommendations for a specific threat risk scenario
+    """
+    system_prompt = """
+You are an expert threat risk analyst. Your task is to provide detailed analysis and recommendations for a specific threat risk scenario.
+
+Analyze the provided threat risk scenario and provide:
+1. Likelihood assessment (1-5 scale) with justification
+2. Impact assessment (1-5 scale) with justification  
+3. Overall risk rating (likelihood × impact)
+4. Specific recommendations for risk mitigation
+5. Detection and prevention strategies
+
+Consider:
+- Current threat landscape and attack trends
+- Domain-specific vulnerabilities and exposures
+- Industry best practices for risk mitigation
+- Cost-effective security controls
+- Realistic implementation timelines
+
+Respond strictly in this JSON format:
+{
+  "analysis": {
+    "likelihood": 3,
+    "impact": 4,
+    "justification": "Detailed justification for the likelihood and impact assessments"
+  },
+  "recommendations": [
+    "Specific recommendation 1",
+    "Specific recommendation 2",
+    "Specific recommendation 3"
+  ]
+}
+"""
+
+    user_message = f"""
+Analyze the following threat risk scenario:
+
+Domain: {request.domain}
+Risk Name: {request.risk_name}
+Threat: {request.threat}
+Vulnerability: {request.vulnerability}
+Category: {request.category}
+
+Please provide a comprehensive analysis including likelihood and impact assessments, and specific recommendations for mitigating this threat risk.
+"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Extract JSON from the response
+        json_start = result.find('{')
+        json_end = result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = result[json_start:json_end]
+            analysis_data = json.loads(json_str)
+            
+            # Extract analysis data
+            analysis_info = analysis_data.get("analysis", {})
+            likelihood = analysis_info.get("likelihood", 3)
+            impact = analysis_info.get("impact", 3)
+            rating = likelihood * impact
+            
+            # Create analysis response
+            analysis = ThreatRisk(
+                id=str(uuid.uuid4())[:8],
+                domain=request.domain,
+                riskName=request.risk_name,
+                threat=request.threat,
+                vulnerability=request.vulnerability,
+                category=request.category,
+                likelihood=likelihood,
+                impact=impact,
+                rating=rating
+            )
+            
+            recommendations = analysis_data.get("recommendations", [])
+            
+            return ThreatRiskAnalysisResponse(
+                success=True,
+                analysis=analysis,
+                recommendations=recommendations,
+                message="Successfully analyzed threat risk scenario"
+            )
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except (json.JSONDecodeError, ValueError) as e:
+        # Fallback response
+        likelihood = 3
+        impact = 3
+        rating = likelihood * impact
+        
+        fallback_analysis = ThreatRisk(
+            id=str(uuid.uuid4())[:8],
+            domain=request.domain,
+            riskName=request.risk_name,
+            threat=request.threat,
+            vulnerability=request.vulnerability,
+            category=request.category,
+            likelihood=likelihood,
+            impact=impact,
+            rating=rating
+        )
+        
+        fallback_recommendations = [
+            f"Implement security controls specific to {request.category}",
+            f"Regular assessment and monitoring of {request.domain} systems",
+            f"Employee training on {request.threat} prevention",
+            f"Establish incident response procedures for {request.risk_name}"
+        ]
+        
+        return ThreatRiskAnalysisResponse(
+            success=True,
+            analysis=fallback_analysis,
+            recommendations=fallback_recommendations,
+            message="Generated fallback analysis due to processing error"
+        )
+    
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error analyzing threat risk: {str(e)}")
+
+@threat_ra_router.post("/api/threat-ra/generate-bulk-analysis")
+def generate_bulk_threat_analysis(domains: List[str], categories: List[str]):
+    """
+    Generate bulk threat risk analysis for multiple domains and categories
+    """
+    try:
+        results = []
+        
+        for domain in domains:
+            for category in categories:
+                request = ThreatRiskGenerationRequest(
+                    domain=domain,
+                    category=category,
+                    number_of_records=5
+                )
+                
+                response = generate_threat_risks(request)
+                if response.success:
+                    results.extend(response.threatRisks)
+        
+        return {
+            "success": True,
+            "total_records": len(results),
+            "threat_risks": results,
+            "message": f"Successfully generated {len(results)} threat risk records across {len(domains)} domains and {len(categories)} categories"
+        }
+        
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error in bulk analysis: {str(e)}")