Compliance Monitoring Examples

import { AgentMonitor } from '@agent-governance/node';

const monitor = new AgentMonitor({
  apiKey: process.env.AGENT_GOVERNANCE_API_KEY,
  organizationId: process.env.AGENT_GOVERNANCE_ORG_ID,
  environment: 'production',
  enableComplianceChecks: true, // Enable real-time compliance
  enableLogging: true,
  logLevel: 'warn'
});

// Register a banking agent with comprehensive compliance settings
await monitor.registerAgent({
  id: 'personal-banking-agent',
  name: 'Personal Banking Assistant',
  category: 'tool_calling',
  specialty: 'personal_banking',
  version: '2.1.0',
  llmProvider: 'anthropic',
  model: 'claude-3-5-sonnet-20241022',
  description: 'AI assistant for personal banking services with full compliance monitoring',
  complianceSettings: {
    sr11_7_enabled: true,
    fair_lending_monitoring: true,
    bsa_aml_checks: true
  }
});

const agentId = 'personal-banking-agent';
const sessionId = 'compliance-session-001';

// This response will trigger PII compliance violations
monitor.trackAgentResponse(
  agentId,
  sessionId,
  'Your Social Security Number is 123-45-6789 and your email address is john.doe@email.com. You can reach us at (555) 123-4567.',
  {
    llmLatency: 850,
    tokensUsed: { input: 45, output: 32, total: 77 }
  }
);

// The compliance engine will automatically detect:
// - SSN: 123-45-6789
// - Email: john.doe@email.com
// - Phone: (555) 123-4567
// And flag this as a violation requiring immediate review

// Set up a violation handler
monitor.on('complianceViolation', (violation) => {
  if (violation.category === 'privacy' && violation.severity === 'violation') {
    console.log('🚨 PII Violation Detected!');
    console.log(`Rule: ${violation.rule}`);
    console.log(`Description: ${violation.description}`);
    console.log(`Content: ${violation.context.detected}`);

    // Implement immediate response
    alertComplianceTeam(violation);
    redactSensitiveContent(violation.sessionId, violation.context.detected);
  }
});

async function alertComplianceTeam(violation) {
  // Send immediate alert to compliance team
  await sendSlackAlert({
    channel: '#compliance-alerts',
    text: `🚨 PII Violation: ${violation.description}`,
    fields: [
      { title: 'Agent ID', value: violation.agentId },
      { title: 'Session ID', value: violation.sessionId },
      { title: 'Severity', value: violation.severity },
      { title: 'Detected Content', value: violation.context.detected }
    ]
  });
}

async function redactSensitiveContent(sessionId, detectedContent) {
  // Implement content redaction in your system
  console.log(`Redacting content in session ${sessionId}: ${detectedContent}`);
}

// Example of interactions that would trigger fair lending violations
const fairLendingExamples = [
  {
    userMessage: 'I'd like to apply for a mortgage',
    agentResponse: 'People like you typically have trouble getting approved for loans in this amount.',
    expectedViolation: 'Discriminatory language: "people like you"'
  },
  {
    userMessage: 'What interest rate can I get?',
    agentResponse: 'Based on your background, you might want to consider our subprime lending options.',
    expectedViolation: 'Potentially discriminatory: "based on your background"'
  }
];

// Track these interactions and monitor for violations
for (const example of fairLendingExamples) {
  const sessionId = `fair-lending-test-${Date.now()}`;

  monitor.trackUserMessage(agentId, sessionId, example.userMessage);
  monitor.trackAgentResponse(agentId, sessionId, example.agentResponse);

  // The compliance engine will automatically flag these responses
}

// Set up specific handling for fair lending violations
monitor.on('complianceViolation', async (violation) => {
  if (violation.category === 'fair_lending') {
    console.log('⚖️ Fair Lending Violation Detected!');

    // Immediate actions for fair lending violations
    await Promise.all([
      escalateToCompliance(violation),
      pauseAgentForReview(violation.agentId),
      documentViolation(violation),
      initiateRetraining(violation.agentId)
    ]);
  }
});

async function escalateToCompliance(violation) {
  // Create high-priority compliance ticket
  await createComplianceTicket({
    priority: 'HIGH',
    type: 'Fair Lending Violation',
    description: violation.description,
    agentId: violation.agentId,
    sessionId: violation.sessionId,
    requiredActions: [
      'Review conversation transcript',
      'Assess training data for bias',
      'Update agent guidelines',
      'Conduct bias testing'
    ]
  });
}

async function pauseAgentForReview(agentId) {
  console.log(`🛑 Pausing agent ${agentId} for compliance review`);
  // Implement agent pause logic in your system
}

// Monitor for BSA/AML compliance violations
const bsaAmlExamples = [
  {
    userMessage: 'I need to deposit $9,500 in cash today',
    agentResponse: 'I can help you with that cash deposit. Would you like to split it across multiple days?',
    riskFactors: ['large_cash_amount', 'structuring_suggestion']
  },
  {
    userMessage: 'How can I avoid reporting requirements?',
    agentResponse: 'You could break the transaction into smaller amounts under $10,000.',
    riskFactors: ['avoid_reporting', 'structuring_advice']
  }
];

// Track and monitor these high-risk interactions
for (const example of bsaAmlExamples) {
  const sessionId = `bsa-aml-test-${Date.now()}`;

  monitor.trackUserMessage(agentId, sessionId, example.userMessage);
  monitor.trackAgentResponse(agentId, sessionId, example.agentResponse, {
    riskFactors: example.riskFactors,
    requiresReview: true
  });
}

// Comprehensive SAR (Suspicious Activity Report) workflow
class SARWorkflow {
  constructor(monitor) {
    this.monitor = monitor;
    this.agentId = 'bsa-aml-monitor';
  }

  async evaluateSuspiciousActivity(interaction) {
    const sessionId = `sar-evaluation-${Date.now()}`;

    // Track the evaluation process
    this.monitor.trackConversationStart(this.agentId, sessionId, null, {
      evaluationType: 'sar_evaluation',
      originalSessionId: interaction.sessionId
    });

    // Analyze transaction patterns
    const suspiciousIndicators = await this.analyzeSuspiciousPatterns(interaction, sessionId);

    if (suspiciousIndicators.length > 0) {
      await this.initiateSARProcess(interaction, suspiciousIndicators, sessionId);
    }

    this.monitor.trackConversationEnd(this.agentId, sessionId, {
      duration: 5000,
      resolutionStatus: suspiciousIndicators.length > 0 ? 'sar_initiated' : 'no_action_required',
      indicatorsFound: suspiciousIndicators.length
    });
  }

  async analyzeSuspiciousPatterns(interaction, sessionId) {
    const indicators = [];

    // Track the analysis
    this.monitor.trackToolCall(
      this.agentId,
      sessionId,
      'analyze_suspicious_patterns',
      {
        customerProfile: interaction.customerProfile,
        transactionHistory: interaction.transactionHistory,
        currentRequest: interaction.currentRequest
      },
      {
        structuringIndicators: ['amount_just_under_threshold', 'frequent_cash_deposits'],
        geographicRisk: 'high_risk_jurisdiction',
        customerBehavior: 'evasive_responses',
        suspicionScore: 85
      },
      2500
    );

    // Check for specific patterns
    if (interaction.amount >= 9000 && interaction.amount < 10000) {
      indicators.push('potential_structuring');
    }

    if (interaction.userMessage.toLowerCase().includes('avoid report')) {
      indicators.push('avoid_reporting_intent');
    }

    return indicators;
  }

  async initiateSARProcess(interaction, indicators, sessionId) {
    // Create SAR case
    this.monitor.trackToolCall(
      this.agentId,
      sessionId,
      'create_sar_case',
      {
        customerId: interaction.customerId,
        suspiciousIndicators: indicators,
        interactionDetails: interaction,
        urgency: 'high'
      },
      {
        sarCaseId: `SAR-${Date.now()}`,
        filingDeadline: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString(),
        assignedTo: 'bsa_compliance_team',
        status: 'under_investigation'
      },
      1800
    );

    // Track the compliance violation
    this.monitor.track(this.agentId, {
      sessionId: sessionId,
      interactionType: 'compliance_violation',
      metadata: {
        violationType: 'bsa_aml',
        severity: 'violation',
        description: 'Suspicious activity requiring SAR filing',
        indicators: indicators,
        riskScore: 85,
        requiresImmediateAction: true
      }
    });
  }
}

// Usage
const sarWorkflow = new SARWorkflow(monitor);

class ComplianceMetricsTracker {
  constructor(monitor) {
    this.monitor = monitor;
    this.metrics = {
      violations: new Map(),
      trends: [],
      agentRiskScores: new Map()
    };
  }

  trackViolation(violation) {
    const key = `${violation.category}-${violation.severity}`;
    const current = this.metrics.violations.get(key) || 0;
    this.metrics.violations.set(key, current + 1);

    // Track trend data
    this.metrics.trends.push({
      timestamp: Date.now(),
      category: violation.category,
      severity: violation.severity,
      agentId: violation.agentId
    });

    // Update agent risk score
    this.updateAgentRiskScore(violation.agentId, violation);
  }

  updateAgentRiskScore(agentId, violation) {
    const current = this.metrics.agentRiskScores.get(agentId) || { score: 0, violations: 0 };

    // Weight violations by severity
    const severityWeights = { info: 1, warning: 5, violation: 20 };
    const weight = severityWeights[violation.severity] || 1;

    current.score += weight;
    current.violations += 1;
    current.lastViolation = Date.now();

    this.metrics.agentRiskScores.set(agentId, current);

    // Alert if risk score exceeds threshold
    if (current.score > 50) {
      this.alertHighRiskAgent(agentId, current);
    }
  }

  alertHighRiskAgent(agentId, riskData) {
    console.log(`⚠️ High-risk agent detected: ${agentId}`);
    console.log(`Risk score: ${riskData.score}`);
    console.log(`Total violations: ${riskData.violations}`);

    // Implement alerting logic
    this.sendComplianceAlert({
      type: 'high_risk_agent',
      agentId: agentId,
      riskScore: riskData.score,
      violations: riskData.violations,
      recommendedActions: [
        'Immediate review of agent training',
        'Temporary suspension pending review',
        'Enhanced monitoring',
        'Compliance team assessment'
      ]
    });
  }

  generateComplianceReport() {
    const now = Date.now();
    const last24Hours = now - (24 * 60 * 60 * 1000);

    const recentViolations = this.metrics.trends.filter(t => t.timestamp > last24Hours);

    return {
      period: '24_hours',
      totalViolations: recentViolations.length,
      violationsByCategory: this.groupBy(recentViolations, 'category'),
      violationsBySeverity: this.groupBy(recentViolations, 'severity'),
      topRiskAgents: Array.from(this.metrics.agentRiskScores.entries())
        .sort(([,a], [,b]) => b.score - a.score)
        .slice(0, 5),
      trends: {
        privacyViolations: recentViolations.filter(v => v.category === 'privacy').length,
        fairLendingViolations: recentViolations.filter(v => v.category === 'fair_lending').length,
        bsaAmlViolations: recentViolations.filter(v => v.category === 'bsa_aml').length
      },
      recommendations: this.generateRecommendations(recentViolations)
    };
  }

  groupBy(array, key) {
    return array.reduce((groups, item) => {
      const group = item[key];
      groups[group] = groups[group] || [];
      groups[group].push(item);
      return groups;
    }, {});
  }

  generateRecommendations(violations) {
    const recommendations = [];

    const privacyCount = violations.filter(v => v.category === 'privacy').length;
    if (privacyCount > 5) {
      recommendations.push('Review PII handling procedures and agent training');
    }

    const fairLendingCount = violations.filter(v => v.category === 'fair_lending').length;
    if (fairLendingCount > 0) {
      recommendations.push('Immediate fair lending compliance review required');
    }

    const criticalCount = violations.filter(v => v.severity === 'violation').length;
    if (criticalCount > 10) {
      recommendations.push('Consider temporary suspension of high-risk agents');
    }

    return recommendations;
  }
}

// Usage
const metricsTracker = new ComplianceMetricsTracker(monitor);

// Set up violation tracking
monitor.on('complianceViolation', (violation) => {
  metricsTracker.trackViolation(violation);
});

// Generate daily reports
setInterval(() => {
  const report = metricsTracker.generateComplianceReport();
  console.log('📊 Daily Compliance Report:', JSON.stringify(report, null, 2));

  // Send to compliance dashboard
  sendToDashboard(report);
}, 24 * 60 * 60 * 1000); // Daily

class AutomatedComplianceResponse {
  constructor(monitor) {
    this.monitor = monitor;
    this.responseRules = this.initializeResponseRules();
  }

  initializeResponseRules() {
    return [
      {
        trigger: { category: 'privacy', severity: 'violation' },
        actions: ['immediate_redaction', 'compliance_alert', 'session_review'],
        escalation: 'immediate'
      },
      {
        trigger: { category: 'fair_lending', severity: 'violation' },
        actions: ['agent_pause', 'compliance_escalation', 'bias_review'],
        escalation: 'critical'
      },
      {
        trigger: { category: 'bsa_aml', severity: 'violation' },
        actions: ['sar_evaluation', 'transaction_review', 'customer_investigation'],
        escalation: 'regulatory'
      }
    ];
  }

  async handleViolation(violation) {
    const matchingRules = this.responseRules.filter(rule =>
      this.matchesTrigger(violation, rule.trigger)
    );

    for (const rule of matchingRules) {
      await this.executeActions(violation, rule.actions);
      await this.handleEscalation(violation, rule.escalation);
    }
  }

  matchesTrigger(violation, trigger) {
    return Object.keys(trigger).every(key => violation[key] === trigger[key]);
  }

  async executeActions(violation, actions) {
    for (const action of actions) {
      try {
        await this.executeAction(violation, action);
      } catch (error) {
        console.error(`Failed to execute action ${action}:`, error);
      }
    }
  }

  async executeAction(violation, action) {
    switch (action) {
      case 'immediate_redaction':
        await this.redactContent(violation);
        break;
      case 'compliance_alert':
        await this.sendComplianceAlert(violation);
        break;
      case 'agent_pause':
        await this.pauseAgent(violation.agentId);
        break;
      case 'session_review':
        await this.flagSessionForReview(violation.sessionId);
        break;
      case 'sar_evaluation':
        await this.initiateSARProcess(violation);
        break;
      default:
        console.warn(`Unknown action: ${action}`);
    }
  }

  async redactContent(violation) {
    console.log(`🔒 Redacting content for violation: ${violation.rule}`);
    // Implement content redaction logic
  }

  async sendComplianceAlert(violation) {
    console.log(`🚨 Sending compliance alert for: ${violation.description}`);
    // Implement alert logic
  }

  async pauseAgent(agentId) {
    console.log(`⏸️ Pausing agent: ${agentId}`);
    // Implement agent pause logic
  }
}

// Set up automated response
const automatedResponse = new AutomatedComplianceResponse(monitor);
monitor.on('complianceViolation', (violation) => {
  automatedResponse.handleViolation(violation);
});

class ComplianceTestSuite {
  constructor(monitor) {
    this.monitor = monitor;
    this.testResults = [];
  }

  async runComplianceTests() {
    console.log('🧪 Running compliance test suite...');

    const tests = [
      this.testPIIDetection,
      this.testFairLendingDetection,
      this.testBSAAMLDetection,
      this.testFalsePositives
    ];

    for (const test of tests) {
      try {
        const result = await test.call(this);
        this.testResults.push(result);
      } catch (error) {
        this.testResults.push({
          testName: test.name,
          passed: false,
          error: error.message
        });
      }
    }

    return this.generateTestReport();
  }

  async testPIIDetection() {
    const testCases = [
      {
        input: 'Your SSN is 123-45-6789',
        expectedViolations: ['ssn_detected']
      },
      {
        input: 'Contact us at john@example.com or (555) 123-4567',
        expectedViolations: ['email_detected', 'phone_detected']
      },
      {
        input: 'Your account balance is $1,234.56',
        expectedViolations: [] // Should not trigger PII
      }
    ];

    const results = [];
    for (const testCase of testCases) {
      const sessionId = `pii-test-${Date.now()}`;
      this.monitor.trackAgentResponse('test-agent', sessionId, testCase.input);

      // Check if violations were detected
      const violations = await this.getViolationsForSession(sessionId);
      const violationTypes = violations.map(v => v.type);

      const passed = testCase.expectedViolations.every(expected =>
        violationTypes.includes(expected)
      ) && violationTypes.length === testCase.expectedViolations.length;

      results.push({ passed, testCase, actualViolations: violationTypes });
    }

    return {
      testName: 'PII Detection',
      passed: results.every(r => r.passed),
      details: results
    };
  }

  async testFairLendingDetection() {
    const discriminatoryPhrases = [
      'people like you',
      'your kind typically',
      'based on your background'
    ];

    const results = [];
    for (const phrase of discriminatoryPhrases) {
      const sessionId = `fair-lending-test-${Date.now()}`;
      this.monitor.trackAgentResponse('test-agent', sessionId, `Unfortunately, ${phrase} usually don't qualify.`);

      const violations = await this.getViolationsForSession(sessionId);
      const hasFairLendingViolation = violations.some(v => v.category === 'fair_lending');

      results.push({
        phrase,
        passed: hasFairLendingViolation,
        violations: violations.length
      });
    }

    return {
      testName: 'Fair Lending Detection',
      passed: results.every(r => r.passed),
      details: results
    };
  }

  async testBSAAMLDetection() {
    const suspiciousKeywords = [
      'avoid reporting',
      'split the transaction',
      'cash structuring',
      'just under 10000'
    ];

    const results = [];
    for (const keyword of suspiciousKeywords) {
      const sessionId = `bsa-aml-test-${Date.now()}`;
      this.monitor.trackAgentResponse('test-agent', sessionId, `You could try to ${keyword} to make it easier.`);

      const violations = await this.getViolationsForSession(sessionId);
      const hasBSAViolation = violations.some(v => v.category === 'bsa_aml');

      results.push({
        keyword,
        passed: hasBSAViolation,
        violations: violations.length
      });
    }

    return {
      testName: 'BSA/AML Detection',
      passed: results.every(r => r.passed),
      details: results
    };
  }

  async testFalsePositives() {
    const safePhrases = [
      'Your account number ends in 1234',
      'We serve customers from all backgrounds',
      'Large deposits are processed securely',
      'Please provide your contact information'
    ];

    const results = [];
    for (const phrase of safePhrases) {
      const sessionId = `false-positive-test-${Date.now()}`;
      this.monitor.trackAgentResponse('test-agent', sessionId, phrase);

      const violations = await this.getViolationsForSession(sessionId);
      const criticalViolations = violations.filter(v => v.severity === 'violation');

      results.push({
        phrase,
        passed: criticalViolations.length === 0, // Should not have critical violations
        violations: violations.length
      });
    }

    return {
      testName: 'False Positive Prevention',
      passed: results.every(r => r.passed),
      details: results
    };
  }

  async getViolationsForSession(sessionId) {
    // This would integrate with your actual violation tracking system
    // For testing purposes, we'll simulate this
    return this.mockViolationDatabase.filter(v => v.sessionId === sessionId);
  }

  generateTestReport() {
    const totalTests = this.testResults.length;
    const passedTests = this.testResults.filter(r => r.passed).length;
    const failedTests = totalTests - passedTests;

    return {
      summary: {
        total: totalTests,
        passed: passedTests,
        failed: failedTests,
        passRate: `${((passedTests / totalTests) * 100).toFixed(1)}%`
      },
      results: this.testResults,
      recommendations: this.generateTestRecommendations()
    };
  }

  generateTestRecommendations() {
    const failedTests = this.testResults.filter(r => !r.passed);
    const recommendations = [];

    if (failedTests.some(t => t.testName === 'PII Detection')) {
      recommendations.push('Review PII detection patterns and update regex rules');
    }

    if (failedTests.some(t => t.testName === 'Fair Lending Detection')) {
      recommendations.push('Update fair lending keyword detection and add training data');
    }

    if (failedTests.some(t => t.testName === 'False Positive Prevention')) {
      recommendations.push('Tune compliance rules to reduce false positives');
    }

    return recommendations;
  }
}

// Run compliance tests
const testSuite = new ComplianceTestSuite(monitor);
const testResults = await testSuite.runComplianceTests();
console.log('📋 Compliance Test Results:', JSON.stringify(testResults, null, 2));