Custom Domain Profiles

from attesta.domains import DomainProfile, DomainRegistry

education_profile = DomainProfile(
    name="education",
    display_name="Education (FERPA)",
    description="FERPA compliance profile for educational AI agents",
    risk_patterns=[],
    sensitive_terms={},
    critical_actions=[],
    safe_actions=[],
    compliance_frameworks=["FERPA", "COPPA"],
    escalation_rules=[],
    challenge_templates=[],
    min_review_overrides={},
    base_risk_floor=0.10,
    production_multiplier=1.4,
    required_vocabulary=[],
)

# Register the profile
registry = DomainRegistry()
registry.register(education_profile)

from attesta.domains import (
    DomainProfile,
    DomainRegistry,
    RiskPattern,
    EscalationRule,
    DomainChallengeTemplate,
)

education_profile = DomainProfile(
    name="education",
    display_name="Education (FERPA)",
    description="FERPA/COPPA compliance profile for educational AI agents",

    # ── Risk Patterns ──────────────────────────────────────────
    risk_patterns=[
        RiskPattern(
            pattern=r"student_id|student_record|transcript|gpa",
            target="args",
            risk_contribution=0.8,
            name="student_identifiers",
            description="Student PII in function arguments",
            compliance_refs=["FERPA §99.3"],
        ),
        RiskPattern(
            pattern=r"access_student_record|modify_grade|update_transcript",
            target="function_name",
            risk_contribution=0.85,
            name="student_record_operations",
            description="Operations on education records",
            compliance_refs=["FERPA §99.10"],
        ),
        RiskPattern(
            pattern=r"parent_consent|guardian_approval",
            target="any",
            risk_contribution=0.7,
            name="consent_operations",
            description="Parental consent for minors",
            compliance_refs=["COPPA §312.5"],
        ),
        RiskPattern(
            pattern=r"share_with_third_party|directory_information",
            target="function_name",
            risk_contribution=0.75,
            name="third_party_disclosure",
            description="Sharing education records externally",
            compliance_refs=["FERPA §99.31"],
        ),
        RiskPattern(
            pattern=r"disciplinary|behavioral|special_education|iep",
            target="any",
            risk_contribution=0.85,
            name="sensitive_education_records",
            description="Sensitive student records",
            compliance_refs=["FERPA §99.31", "IDEA"],
        ),
        RiskPattern(
            pattern=r"child_under_13|minor|age_verification",
            target="any",
            risk_contribution=0.9,
            name="minor_data",
            description="Data involving minors under 13",
            compliance_refs=["COPPA §312.3"],
        ),
    ],

    # ── Sensitive Terms ────────────────────────────────────────
    sensitive_terms={
        "student": 0.80,
        "transcript": 0.85,
        "grade": 0.75,
        "ferpa": 0.90,
        "minor": 0.90,
        "guardian": 0.70,
        "enrollment": 0.60,
        "discipline": 0.80,
        "iep": 0.85,
    },

    # ── Critical Actions ───────────────────────────────────────
    critical_actions=[
        "delete_student_record",
        "export_student_data",
        "share_records_externally",
        "modify_grade_permanent",
        "override_consent_requirement",
        "bulk_student_export",
    ],

    # ── Safe Actions ───────────────────────────────────────────
    safe_actions=[
        "get_enrollment_count",
        "list_course_catalog",
        "check_system_status",
    ],

    # ── Compliance Frameworks ──────────────────────────────────
    compliance_frameworks=["FERPA", "COPPA", "IDEA", "Title IX"],

    # ── Escalation Rules ───────────────────────────────────────
    escalation_rules=[
        EscalationRule(
            condition="bulk_student_export",
            action="multi_party",
            required_approvers=3,
            notify_roles=["registrar", "ferpa_officer"],
            description="Bulk student data export requires 3-party approval",
        ),
        EscalationRule(
            condition="minor_data_processing",
            action="teach_back",
            required_approvers=2,
            notify_roles=["privacy_officer", "school_admin"],
            description="Processing data of minors under 13 requires teach-back",
        ),
        EscalationRule(
            condition="grade_modification",
            action="multi_party",
            required_approvers=2,
            notify_roles=["department_chair", "registrar"],
            description="Grade changes require dual approval",
        ),
    ],

    # ── Challenge Templates ────────────────────────────────────
    challenge_templates=[
        DomainChallengeTemplate(
            question_template="Under FERPA, what must be obtained before disclosing {record_type} to a third party?",
            answer_hints=["written consent", "parent", "eligible student", "directory"],
            context_vars=["record_type"],
            challenge_type="teach_back",
            min_risk_level="high",
        ),
        DomainChallengeTemplate(
            question_template="What age threshold triggers COPPA requirements for this operation?",
            answer_hints=["13", "under 13", "minor", "parental consent"],
            context_vars=[],
            challenge_type="teach_back",
            min_risk_level="high",
        ),
    ],

    # ── Review Time Overrides ──────────────────────────────────
    min_review_overrides={
        "critical": 45,
        "high": 15,
    },

    # ── Risk Floor and Production Multiplier ───────────────────
    base_risk_floor=0.12,
    production_multiplier=1.5,

    # ── Required Vocabulary ────────────────────────────────────
    required_vocabulary=[
        "FERPA", "education records", "directory information",
        "legitimate educational interest", "eligible student",
    ],
)

from attesta.domains import DomainRegistry, DomainProfile

registry = DomainRegistry()

# Replace a previously registered profile with an updated version
updated_profile = DomainProfile(
    name="education",  # Same name as the existing profile
    display_name="Education (Updated)",
    description="Updated education compliance profile",
    # ... all fields ...
)

registry.replace(updated_profile)

from attesta.domains import DomainRegistry

registry = DomainRegistry()
registry.register(education_profile)
registry.register(other_profile)

# Merge multiple profiles
merged = registry.merge(education_profile, other_profile)
# Result: union of all risk patterns, max of scalar values, etc.

# Good: tests understanding of the specific action
DomainChallengeTemplate(
    question_template="Why does disclosing {record_type} to {recipient} require written consent under FERPA?",
    answer_hints=["not directory information", "education record", "consent", "eligible student"],
    context_vars=["record_type", "recipient"],
    challenge_type="teach_back",
    min_risk_level="high",
)

# Bad: tests rote knowledge, not comprehension
DomainChallengeTemplate(
    question_template="What year was FERPA enacted?",
    answer_hints=["1974"],
    context_vars=[],
    challenge_type="teach_back",
    min_risk_level="high",
)

from attesta import Attesta
from attesta.domains import DomainRegistry, DomainRiskScorer

# Register the custom profile
registry = DomainRegistry()
registry.register(education_profile)

# Create an Attesta instance with a domain-aware scorer
scorer = DomainRiskScorer(education_profile)
attesta = Attesta(risk_scorer=scorer)

# Test risk scoring for domain-specific actions
@attesta.gate()
def access_student_record(student_id: str) -> dict:
    """Access a student's education record."""
    return {"student_id": student_id}

@attesta.gate()
def export_student_data(query: str) -> str:
    """Export student data matching the query."""
    return f"Exported: {query}"

@attesta.gate()
def get_enrollment_count() -> int:
    """Get the total enrollment count."""
    return 5000

# Verify risk levels (using the scorer directly)
# assessment = scorer.assess(...)

# access_student_record should be HIGH (student_id pattern)
# export_student_data should be CRITICAL (critical action)
# get_enrollment_count should be LOW (safe action)