app.py

import gradio as gr

def audit_check(vendor_name, server_location, model_type):
    # This is simple logic to simulate your "Audit"
    risk_score = 0
    logs = []

    logs.append(f"🔍 Auditing {vendor_name}...")
    
    if server_location == "USA" or server_location == "Unknown":
        risk_score += 50
        logs.append("❌ CRITICAL: Data hosted in US Jurisdiction (Cloud Act Risk).")
    else:
        logs.append("✅ PASS: Data hosted in Safe Jurisdiction.")

    if model_type == "Public LLM (ChatGPT/Claude)":
        risk_score += 30
        logs.append("⚠️ HIGH: Public Model detected. Zero-Retention Agreement required.")
    else:
        logs.append("✅ PASS: Private/Local Model detected.")

    if risk_score > 40:
        verdict = "🔴 NO-GO: High Compliance Risk"
    elif risk_score > 20:
        verdict = "🟡 CAUTION: Manual Review Needed"
    else:
        verdict = "🟢 GO: Low Risk / Approved"

    return verdict, "\n".join(logs)

# The Interface
with gr.Blocks(theme=gr.themes.Soft()) as demo:
    gr.Markdown("# 🛡️ Toro Governance Lab: Vendor Risk Engine")
    gr.Markdown("Instant preliminary risk assessment for Swiss/UK Banking Compliance (nFADP / EU AI Act).")
    
    with gr.Row():
        v_name = gr.Textbox(label="Vendor Name")
        loc = gr.Dropdown(["Switzerland", "EU (Germany/France)", "USA", "Unknown"], label="Server Location")
        model = gr.Dropdown(["Private/Local Model", "Public LLM (ChatGPT/Claude)"], label="AI Model Type")
    
    btn = gr.Button("Run Audit")
    
    out_verdict = gr.Label(label="Audit Verdict")
    out_logs = gr.Textbox(label="Audit Logs")

    btn.click(audit_check, inputs=[v_name, loc, model], outputs=[out_verdict, out_logs])

demo.launch()