feat: Add AI-powered governance with Gemini 2.0 Flash + policy management

Major Update - AI Governance Enhancement:

🤖 AI Features (Gemini Integration):
- Backend AI service using Gemini 2.0 Flash (configurable via env)
- Automated risk assessment with EU AI Act guidelines
- Policy compliance checking
- Documentation quality suggestions
- All AI features are optional and gracefully degrade

Backend Changes:
- Created ai_governance.py service module
  - Async/await for non-blocking operations
  - Response caching (1 hour TTL)
  - Comprehensive error handling
  - Input sanitization
- New AI API routes (/ai/assess-risk, /ai/check-compliance, /ai/improve-description)
- Added google-generativeai==0.8.3 dependency

Frontend Changes:
- Enhanced ModelForm with AI risk suggestion feature
  - 'Get AI Suggestion' button
  - Display reasoning, EU criteria, recommendations
  - Loading states and error handling
  - Color-coded risk badges
- Added policy edit/delete functionality
  - Toggle active/inactive status
  - Delete policies with confirmation
  - Actions column in policy table

Security & Configuration:
✅ No hardcoded API keys (environment variables only)
✅ Graceful degradation (app works without AI)
✅ Feature flag: ENABLE_AI_FEATURES
✅ Configurable model: GEMINI_MODEL=gemini-2.0-flash-exp (default)
✅ Input validation on all AI endpoints
✅ Rate limiting support
✅ Created .env.example with all config options

Documentation:
- Added docs/AI_FEATURES.md with setup guide
- Environment variable documentation
- Security best practices

Build Status:
- Frontend build successful (CSS: 28.99KB)
- No breaking changes
- All existing features intact

Backwards Compatibility:
- All AI features are optional enhancements
- Application functions normally without AI configuration
- No required environment variables
- Existing workflows unchanged

Author: TamTunnel

AIGovHub/backend/.env.example

@@ -0,0 +1,20 @@
+# Environment Variables for AI Governance Hub
+
+## Backend Configuration
+
+# Database
+DATABASE_URL=postgresql://user:pass@localhost/aigovhub
+
+# API Configuration  
+API_HOST=0.0.0.0
+API_PORT=8000
+
+# AI Features (Optional - Gemini Integration)
+ENABLE_AI_FEATURES=false
+GEMINI_API_KEY=your_gemini_api_key_here
+GEMINI_MODEL=gemini-2.0-flash-exp
+AI_CACHE_TTL_SECONDS=3600
+
+# Security
+SECRET_KEY=your_secret_key_here
+ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173

AIGovHub/backend/app/api/ai_routes.py

@@ -0,0 +1,225 @@
+"""
+AI-powered governance API routes
+
+Provides endpoints for Gemini-based governance assistance.
+All endpoints are optional and gracefully degrade if AI is disabled.
+"""
+
+from fastapi import APIRouter, HTTPException, Depends
+from pydantic import BaseModel, Field
+from typing import Optional, List, Dict, Any
+from app.services.ai_governance import (
+    assess_model_risk,
+    check_policy_compliance,
+    suggest_description_improvements,
+    is_ai_enabled,
+    get_ai_config
+)
+from app.core.database import get_session
+from sqlmodel import Session, select
+from app.models import Policy
+import logging
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(tags=["AI Governance"])
+
+
+# Request/Response Models
+class RiskAssessmentRequest(BaseModel):
+    model_name: str = Field(..., min_length=1, max_length=200)
+    description: str = Field(..., min_length=10, max_length=2000)
+    owner: str = Field(..., min_length=1, max_length=200)
+
+
+class RiskAssessmentResponse(BaseModel):
+    suggested_risk: str
+    reasoning: str
+    eu_criteria: List[str]
+    recommendations: List[str]
+    ai_generated: bool = True
+
+
+class ComplianceCheckRequest(BaseModel):
+    model_name: str
+    description: Optional[str] = ""
+    risk_level: str = "unclassified"
+    compliance_status: str = "draft"
+
+
+class ComplianceCheckResponse(BaseModel):
+    compliant: bool
+    concerns: List[str]
+    required_actions: List[str]
+    recommendations: List[str]
+    ai_generated: bool = True
+
+
+class DescriptionImprovementRequest(BaseModel):
+    description: str = Field(..., min_length=1, max_length=2000)
+
+
+class DescriptionImprovementResponse(BaseModel):
+    quality_score: int
+    strengths: List[str]
+    weaknesses: List[str]
+    suggestions: List[str]
+    compliance_gaps: List[str]
+    ai_generated: bool = True
+
+
+class AIConfigResponse(BaseModel):
+    enabled: bool
+    model: Optional[str]
+    cache_ttl: int
+    cache_size: int
+
+
+# Endpoints
+
+@router.get("/ai/config", response_model=AIConfigResponse)
+async def get_config():
+    """Get current AI configuration (diagnostics)"""
+    config = get_ai_config()
+    return AIConfigResponse(**config)
+
+
+@router.post("/ai/assess-risk", response_model=RiskAssessmentResponse)
+async def assess_risk(request: RiskAssessmentRequest):
+    """
+    AI-powered risk assessment for model registration.
+    
+    Analyzes model details and suggests EU AI Act risk classification.
+    Returns 503 if AI features are disabled.
+    """
+    if not is_ai_enabled():
+        raise HTTPException(
+            status_code=503,
+            detail="AI features are not enabled. Set ENABLE_AI_FEATURES=true and provide GEMINI_API_KEY."
+        )
+    
+    try:
+        result = await assess_model_risk(
+            model_name=request.model_name,
+            description=request.description,
+            owner=request.owner
+        )
+        
+        if result is None:
+            raise HTTPException(
+                status_code=500,
+                detail="AI risk assessment failed. Please try again or set risk manually."
+            )
+        
+        return RiskAssessmentResponse(**result)
+        
+    except Exception as e:
+        logger.error(f"Risk assessment error: {e}")
+        raise HTTPException(
+            status_code=500,
+            detail=f"AI assessment failed: {str(e)}"
+        )
+
+
+@router.post("/ai/check-compliance", response_model=ComplianceCheckResponse)
+async def check_compliance(
+    request: ComplianceCheckRequest,
+    session: Session = Depends(get_session)
+):
+    """
+    AI-powered policy compliance check.
+    
+    Reviews model against active policies and identifies concerns.
+    Returns 503 if AI features are disabled.
+    """
+    if not is_ai_enabled():
+        raise HTTPException(
+            status_code=503,
+            detail="AI features are not enabled."
+        )
+    
+    try:
+        # Fetch active policies
+        statement = select(Policy).where(Policy.is_active == True)
+        policies = session.exec(statement).all()
+        
+        if not policies:
+            return ComplianceCheckResponse(
+                compliant=True,
+                concerns=[],
+                required_actions=[],
+                recommendations=["No active policies to check against"],
+                ai_generated=False
+            )
+        
+        # Convert policies to dict
+        policies_dict = [
+            {
+                "name": p.name,
+                "description": p.description,
+                "scope": p.scope,
+                "is_active": p.is_active
+            }
+            for p in policies
+        ]
+        
+        model_data = {
+            "name": request.model_name,
+            "description": request.description,
+            "risk_level": request.risk_level,
+            "compliance_status": request.compliance_status
+        }
+        
+        result = await check_policy_compliance(model_data, policies_dict)
+        
+        if result is None:
+            raise HTTPException(
+                status_code=500,
+                detail="AI compliance check failed. Please review policies manually."
+            )
+        
+        return ComplianceCheckResponse(**result)
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Compliance check error: {e}")
+        raise HTTPException(
+            status_code=500,
+            detail=f"Compliance check failed: {str(e)}"
+        )
+
+
+@router.post("/ai/improve-description", response_model=DescriptionImprovementResponse)
+async def improve_description(request: DescriptionImprovementRequest):
+    """
+    AI-powered description quality analysis.
+    
+    Suggests improvements for governance documentation quality.
+    Returns 503 if AI features are disabled.
+    """
+    if not is_ai_enabled():
+        raise HTTPException(
+            status_code=503,
+            detail="AI features are not enabled."
+        )
+    
+    try:
+        result = await suggest_description_improvements(request.description)
+        
+        if result is None:
+            raise HTTPException(
+                status_code=500,
+                detail="AI description analysis failed."
+            )
+        
+        return DescriptionImprovementResponse(**result)
+        
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Description improvement error: {e}")
+        raise HTTPException(
+            status_code=500,
+            detail=f"Description analysis failed: {str(e)}"
+        )

AIGovHub/backend/app/main.py

@@ -9,6 +9,7 @@
 from .api import organization_routes
 from .api import metrics_routes
 from .api import lineage_routes
+from .api import ai_routes
 
 @asynccontextmanager
 async def lifespan(app: FastAPI):
@@ -53,6 +54,9 @@ async def lifespan(app: FastAPI):
 # Lineage routes (datasets & dependencies)
 app.include_router(lineage_routes.router, prefix="/api/v1")
 
+# AI Governance routes (optional feature)
+app.include_router(ai_routes.router, prefix="/api/v1")
+
 @app.get("/")
 def read_root():
     return {"message": "Welcome to AI Governance Hub API v0.4"}