Demo updates Sept 2025 (#7)

- enhancement: update the model (d030d25796ce0ea019eb2a6c2f207a2378f06bf8)
- add a network subgraph (5c083ab760b9ce8c3f5b5d09d31df68edeef992e)


Co-authored-by: Inge V <[email protected]>

app.py

@@ -6,6 +6,7 @@ from executor import clear_previous_risks, clear_previous_mitigations, risk_iden
 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)
 
+
 class UI:
 
     def __init__(self):
@@ -48,14 +49,14 @@ class UI:
                 )
                 self.model_name_or_path = gr.Dropdown(
                     #choices=['codellama/codellama-34b-instruct-hf', 'google/flan-t5-xl', 'google/flan-t5-xxl', 'google/flan-ul2', 'ibm/granite-13b-instruct-v2', 'ibm/granite-3-3-8b-instruct', 'ibm/granite-20b-multilingual', 'ibm/granite-3-2-8b-instruct-preview-rc', 'ibm/granite-3-2b-instruct', 'ibm/granite-3-8b-instruct', 'ibm/granite-34b-code-instruct', 'ibm/granite-3b-code-instruct', 'ibm/granite-8b-code-instruct', 'ibm/granite-guardian-3-2b', 'ibm/granite-guardian-3-8b', 'meta-llama/llama-2-13b-chat', 'meta-llama/llama-3-1-70b-instruct', 'meta-llama/llama-3-1-8b-instruct', 'meta-llama/llama-3-2-11b-vision-instruct', 'meta-llama/llama-3-2-1b-instruct', 'meta-llama/llama-3-2-3b-instruct', 'meta-llama/llama-3-2-90b-vision-instruct', 'meta-llama/llama-3-3-70b-instruct', 'meta-llama/llama-3-405b-instruct', 'meta-llama/llama-guard-3-11b-vision', 'mistralai/mistral-large', 'mistralai/mixtral-8x7b-instruct-v01'],
-                    choices=["ibm/granite-3-3-8b-instruct"],
-                    value="ibm/granite-3-3-8b-instruct",
+                    choices=["meta-llama/llama-3-3-70b-instruct"],
+                    value="meta-llama/llama-3-3-70b-instruct",
                     multiselect=False,
                     label="Choose language model to use",
                     info="Language model used to assess risks (This is not the model being assessed).",
                     interactive=True
                 )
-                examples = gr.Examples([["A medical chatbot for a triage system to assesses symptoms and provide advice based on patient medical history and current condition. The chatbot will analyze the patient input, identify potential medical issues, and offer recommendations to the patient or healthcare provider.", "ibm-risk-atlas"],
+                examples = gr.Examples([["A medical chatbot for a triage system to assess symptoms and provide advice based on patient medical history and conditions. The chatbot will analyze the patient input, identify potential medical issues, and offer recommendations to the patient or healthcare provider.", "ibm-risk-atlas"],
                                         ["Building a customer support agent that automatically triages common problems with services.", "ibm-risk-atlas"]],
                                        [self.usecase, self.taxonomy],
                                         label='Example use cases', example_labels=["Medical chatbot", "Customer service agent"] 
@@ -92,12 +93,18 @@ class UI:
                     self.benchmarks_text = gr.Markdown()
                     self.benchmarks = gr.DataFrame(label=None, visible=False)
 
+                    gr.Markdown(
+                    """<h2>Network </h2> 
+                    Select a potential risk to see its network. """
+                    )
+
+                    self.networks = gr.Markdown()
+
                     self.download = gr.DownloadButton("Download JSON", visible=False)
 
         gr.Markdown("---")
         gr.Markdown("<br>")
 
-   
     def load_css(self):
         with open("static/style.css", "r") as file: 
             self.css = file.read()
@@ -117,7 +124,7 @@ class UI:
             self.risk_execute.click(
                 fn=clear_previous_risks,
                 inputs=[],
-                outputs=[self.assessment_sec, self.risks, self.assessed_risks, self.download, self.assessed_risk_definition, self.relatedrisks, self.mitigations, self.benchmarks, self.mitigations_text],
+                outputs=[self.assessment_sec, self.risks, self.assessed_risks, self.download, self.assessed_risk_definition, self.relatedrisks, self.mitigations, self.benchmarks, self.mitigations_text, self.networks],
             ).then(
                 fn=risk_identifier,
                 inputs=[
@@ -132,17 +139,16 @@ class UI:
             self.assessed_risks.select(
                 fn=clear_previous_mitigations,
                 inputs=[],
-                outputs=[self.assessed_risk_definition, self.relatedrisks, self.mitigations, self.benchmarks, self.mitigations_text]
+                outputs=[self.assessed_risk_definition, self.relatedrisks, self.mitigations, self.benchmarks, self.mitigations_text, self.networks]
             ).then(
                 fn=mitigations,
                 inputs=[self.assessed_risks, self.taxonomy], 
                 # NOTETOSELF: Intent based risk is stored in self.risk (if needed)
-                outputs=[self.assessed_risk_definition, self.relatedrisks, self.mitigations, self.benchmarks, self.mitigations_text]
+                outputs=[self.assessed_risk_definition, self.relatedrisks, self.mitigations, self.benchmarks, self.mitigations_text, self.networks]
             )
 
         return demo
 
-
     def run(self): 
         self.ui = self.layout()
         self.ui.queue().launch(allowed_paths=["static/"], ssr_mode=False)

executor.py

@@ -1,14 +1,5 @@
-from ast import Attribute
-from dotenv import load_dotenv
-
-load_dotenv(override=True)
-
-import re
 import os
 import pandas as pd
-import json
-from typing import List, Dict, Any
-import pandas as pd
 import gradio as gr
 import datetime
 from pathlib import Path
@@ -19,6 +10,9 @@ from risk_atlas_nexus.blocks.inference.params import WMLInferenceEngineParams
 from risk_atlas_nexus.library import RiskAtlasNexus
 
 from functools import lru_cache
+from dotenv import load_dotenv
+
+load_dotenv(override=True)
 
 # Load the taxonomies
 ran = RiskAtlasNexus() # type: ignore
@@ -27,14 +21,53 @@ ran = RiskAtlasNexus() # type: ignore
 def clear_previous_risks():
     return gr.Markdown("""<h2> Potential Risks </h2> """), [], gr.Dataset(samples=[], 
                                      sample_labels=[], 
-                                     samples_per_page=50, visible=False), gr.DownloadButton("Download JSON", visible=False, ), "", gr.Dataset(samples=[], sample_labels=[], visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.Markdown(" ") 
+                                     samples_per_page=50, visible=False), gr.DownloadButton("Download JSON", visible=False, ), "", gr.Dataset(samples=[], sample_labels=[], visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.Markdown(" "), gr.Markdown(" "), 
 
 def clear_previous_mitigations():
-     return "", gr.Dataset(samples=[], sample_labels=[], visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.Markdown(" ") 
+     return "", gr.Dataset(samples=[], sample_labels=[], visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.DataFrame([], wrap=True, show_copy_button=True, show_search="search", visible=False), gr.Markdown(" "), gr.Markdown(" ")
+
+def generate_subgraph(risk):
+    lines =[f'```mermaid\n', '---\n'
+'config:\n'
+'  layout: "tidy-tree"\n'
+'---\n',
+'mindmap\n']
+    
+    lines.append(f'  root(("{risk.name}"))\n')
+    # origin info
+    lines.append(f'    Origins\n')
+    lines.append(f'      Riskgroup: {risk.isPartOf}\n')
+    lines.append(f'      Taxonomy: {risk.isDefinedByTaxonomy}\n')
+
+    # add related risks
+    rrs = ran.get_related_risks(id=risk.id)
+    if len(rrs) > 0:
+        lines.append(f'    Related Risks\n')
+        for rr in rrs:
+            lines.append(f'      {rr.name}\n')
+    
+    # add related evals
+    revals = ran.get_related_evaluations(risk_id=risk.id)
+    if len(revals) > 0:
+        lines.append(f'    Related AI evaluations\n')
+        for reval in revals:
+            lines.append(f'      {reval.name}\n')
+    
+    # add related mitigations
+    rmits = get_controls_and_actions(risk.id, risk.isDefinedByTaxonomy)
+    if len(rmits) > 0:
+        lines.append(f'    Related mitigations\n')
+        for rmit in rmits:
+            lines.append(f'      {rmit}\n')
+
+    lines.append(f"```")
+    diagram_string = "".join(lines)
+    return gr.Markdown(value = diagram_string)
+
 
 @lru_cache
 def risk_identifier(usecase: str, 
-                    model_name_or_path: str = "ibm/granite-3-3-8b-instruct", 
+                    model_name_or_path: str = "meta-llama/llama-3-3-70b-instruct", 
                     taxonomy: str = "ibm-risk-atlas"): # -> List[Dict[str, Any]]: #pd.DataFrame:
 
     downloadable = False
@@ -50,12 +83,15 @@ def risk_identifier(usecase: str,
         ),  # type: ignore
     )
 
-    risks = ran.identify_risks_from_usecases( # type: ignore
+    risks_a = ran.identify_risks_from_usecases(# type: ignore
         usecases=[usecase],
         inference_engine=inference_engine,
         taxonomy=taxonomy,
+        zero_shot_only=True,
         max_risk=5
-    )[0]
+    )
+
+    risks = risks_a[0]
     
 
     sample_labels = [r.name if r else r.id for r in risks]
@@ -74,26 +110,56 @@ def risk_identifier(usecase: str,
         f.write(json.dumps(data, indent=4))
         downloadable = True
 
-   
-    #return out_df
+    # return out_df
     return out_sec, gr.State(risks), gr.Dataset(samples=[r.id for r in risks], 
                                      sample_labels=sample_labels, 
                                      samples_per_page=50, visible=True, label="Estimated by an LLM."), gr.DownloadButton("Download JSON", "static/download.json", visible=(downloadable and len(risks) > 0))
     
 
+def get_controls_and_actions(riskid, taxonomy):
+    selected_risk = ran.get_risk(id=riskid)
+    related_risk_ids = [r.id for r in ran.get_related_risks(id=riskid)]
+    action_ids = []
+    control_ids =[]
+
+    if taxonomy == "ibm-risk-atlas":
+        # look for actions associated with related risks    
+        if related_risk_ids:
+            for i in related_risk_ids:
+                rai = ran.get_related_actions(id=i)
+                if rai:
+                    action_ids += rai
+                
+                rac = ran.get_related_risk_controls(id=i)
+                if rac:
+                    control_ids += rac
+    
+        else:
+            action_ids = []
+            control_ids = []
+    else:
+        # Use only actions related to primary risks
+        action_ids = ran.get_related_actions(id=riskid)
+        control_ids = ran.get_related_risk_controls(id=riskid)
+
+    return [ran.get_action_by_id(i).name for i in action_ids] + [ran.get_risk_control(i.id).name for i in control_ids] #type: ignore
+
+
 @lru_cache
-def mitigations(riskid: str, taxonomy: str) -> tuple[gr.Markdown, gr.Dataset, gr.DataFrame, gr.DataFrame, gr.Markdown]:
+def mitigations(riskid: str, taxonomy: str) -> tuple[gr.Markdown, gr.Dataset, gr.DataFrame, gr.DataFrame, gr.Markdown, gr.Markdown]:
     """
     For a specific risk (riskid), returns
     (a) a risk description
     (b) related risks - as a dataset
     (c) mitigations
-    (d) related ai evaluations
+    (d) related AI evaluations
+    (e) A subgraph of risk to mitigations
 
     """
     
     try:
-        risk_desc = ran.get_risk(id=riskid).description # type: ignore
+        selected_risk = ran.get_risk(id=riskid)
+        risk_desc = selected_risk.description # type: ignore
         risk_sec = f"<h3>Description: </h3> {risk_desc}"
     except AttributeError:
         risk_sec = ""
@@ -123,8 +189,7 @@ def mitigations(riskid: str, taxonomy: str) -> tuple[gr.Markdown, gr.Dataset, gr
         # Use only actions related to primary risks
         action_ids = ran.get_related_actions(id=riskid)
         control_ids = ran.get_related_risk_controls(id=riskid)
-       
-    
+
     # Sanitize outputs
     if not related_risk_ids:
         label = "No related risks found."
@@ -163,9 +228,11 @@ def mitigations(riskid: str, taxonomy: str) -> tuple[gr.Markdown, gr.Dataset, gr
     
     status = gr.Markdown(" ") if len(mitdf) > 0 else gr.Markdown("No mitigations found.")
 
+    fig = gr.Markdown(" ") if not selected_risk else generate_subgraph(selected_risk)
+
     return (gr.Markdown(risk_sec), 
             gr.Dataset(samples=samples, label=label, sample_labels=sample_labels, visible=True),
             gr.DataFrame(mitdf, wrap=True, show_copy_button=True, show_search="search", label=alabel, visible=True),
             gr.DataFrame(aievalsdf, wrap=True, show_copy_button=True, show_search="search", label=blabel, visible=True),
-            status) 
+            status, fig) 
 

requirements.txt

@@ -1,4 +1,4 @@
-gradio==5.18.0
+gradio==5.45.0
 pydantic==2.9.2
 linkml==1.8.6
 linkml_runtime==1.8.3