{ "cells": [ { "cell_type": "code", "execution_count": 1, "id": "9fc74685", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "True" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "import json\n", "from langraph_agent import CyberLegalAgent\n", "from dotenv import load_dotenv\n", "load_dotenv()" ] }, { "cell_type": "code", "execution_count": 7, "id": "d3ad35b4", "metadata": {}, "outputs": [], "source": [ "history=[{'role': 'user', 'content': 'I need help with a data breach issue'}, {'role': 'assistant', 'content': 'I can help with that. Can you tell me more about the breach?'}, {'role': 'user', 'content': \"My company is in Romania and experienced a data breach. Customer names, addresses, and SSNs were stolen. We have about 500 affected customers. The breach occurred 2 days ago. We haven't notified authorities yet. I need a lawyer to help with GDPR compliance and breach notification.\"}, {'role': 'assistant', 'content': \"I understand. To find the best lawyer for you, could you tell me: Are you looking for a Romanian-based firm or international? What language do you prefer? What's your budget range?\"}]\n", "user_query='I prefer a Romanian-based firm, English language is not fine, and my budget is around 2000-5000 EUR for this incident. I need help immediately with breach notification.'\n", "\n" ] }, { "cell_type": "code", "execution_count": 8, "id": "a45517e7", "metadata": {}, "outputs": [ { "name": "stderr", "output_type": "stream", "text": [ "INFO:langraph_agent:πŸ€– Initialized with OpenAI (gpt-5-nano)\n" ] } ], "source": [ "agent=CyberLegalAgent()" ] }, { "cell_type": "code", "execution_count": 11, "id": "589dc2c3", "metadata": {}, "outputs": [ { "name": "stderr", "output_type": "stream", "text": [ "INFO:langraph_agent:οΏ½ Starting query processing: I prefer a Romanian-based firm, English language is not fine, and my budget is around 2000-5000 EUR ...\n", "INFO:langraph_agent:οΏ½ Conversation history length: 4 messages\n", "WARNING:utils:Query timeout, attempt 1\n", "INFO:utils:Query successful;{'response': 'Thanks for the details. Given the breach happened in Romania and involves sensitive customer data (names, addresses, SSNs) affecting about 500 people, you should act quickly to align with GDPR obligations and the EU cyber-notification framework. Here’s a practical, lawyer-focused plan you can use right away.\\n\\nImmediate next steps (urgent)\\n- Engage a Romanian-based GDPR/legal firm now (you’ve indicated a preference for a Romanian-language, Romania-based firm within a 2,000–5,000 EUR range). A local lawyer can lead the breach-notification process, coordinate with authorities, and help prepare communications to customers.\\n- Prepare a rapid internal factsheet for the lawyer and the incident response team (what happened, when it started, what data were affected, which systems were involved, what containment steps have been taken, and who is affected). This will support the legal review and notifications.\\n- Initiate coordination with the relevant authorities and incident-response bodies. In the EU framework you’re operating under, important entities handle incident notifications and information sharing (Single Points of Contact and CSIRTs). Your Romanian-based counsel can establish the right communication channel immediately.\\n- Do not delay notifications if advised by your lawyer. The directive framework requires timely reporting to the appropriate authorities and, where required, to the data subjects.\\n\\nKey regulatory obligations to address with your lawyer (based on the context you provided)\\n- Early warning and incident notification timing: The Directive (EU) 2022/2555 envisions an early warning within 24 hours and an incident notification within 72 hours of becoming aware of a significant incident, with a final report not later than one month after notification. Your lawyer can help determine if the breach qualifies as a significant incident and ensure the required timelines are met through the proper channels. [2]\\n- Personal data breach notification to supervisory authorities: If the breach involves personal data, authorities emphasize informing the supervisory authority without undue delay and within the established timeframes when applicable. Your lawyer will assess the specifics of your breach under GDPR and initiate the correct notification process. [2]\\n- Cooperation channels (SPOCs and CSIRTs): In the EU context, Single Points of Contact (SPOCs) and Computer Security Incident Response Teams (CSIRTs) play a central role in coordinating notifications and information sharing across competent authorities. Your Romanian counsel can engage these channels to ensure fast, compliant communication and support. [2]\\n- Civil-law liability context in Romania: Under Romanian Civil Code provisions, contractual and other damages liabilities arise if obligations are not fulfilled, which underscores why timely breach notification and remediation are important from a legal-arbitration risk perspective. This helps explain why a formal notification and remediation plan are essential. [1]\\n\\nWhat to expect from a Romanian-based GDPR lawyer (typical scope, aligned with your budget)\\n- Immediate breach-notification package: assessment of whether the breach triggers GDPR notification to the supervisory authority and/or to data subjects; drafting and coordinating the actual notices; ensuring timelines are met under the directive and Romanian law.\\n- Coordination with authorities and incident-response bodies: establishing contact with the applicable SPOC/CSIRT and managing liaison with the supervisory authority.\\n- Data-subject communications: drafting clear, compliant notices to affected customers, including information to help them mitigate risk (this is standard practice to minimize harm and regulatory risk).\\n- Documentation and follow-up plan: producing a formal incident report outline, a remediation plan, and a schedule for final reporting as required.\\n\\nPractical steps you can start today (to share with the lawyer)\\n- Share the breach details: approximate time of discovery, systems involved, data categories (names, addresses, SSNs), estimated number of affected individuals, current containment actions, and any steps already taken to secure data.\\n- Confirm the fastest permissible notification path: whether to file an early warning to the SPOC/CSIRT, followed by a 72-hour incident notification to the supervisory authority and affected individuals (if required), plus a final monthly report.\\n- Establish who will draft and approve all communications (legal, privacy/compliance lead, and senior management sign-off).\\n- Set clear expectations on cost and deliverables within your 2,000–5,000 EUR budget for this incident, with scope defined (not just advisory, but practical drafting, notifications, and coordination).\\n\\nNotes on grounding in the Context\\n- The described 24-hour/72-hour/one-month timelines and the roles of SPOCs/CSIRTs come from the EU Directive material you provided. They guide the notification cadence and the cooperation framework your lawyer will implement. [2]\\n- Romanian civil-law background underscores the importance of timely and proper remediation and communications to limit liability in contractual or civil-fault contexts. This supports using early, formal notifications as part of the overall risk management. [1]\\n\\nIf you’d like, I can help you draft a quick briefing for a Romanian GDPR lawyer (including the key questions to ask and the documents to provide) to accelerate starting the engagement and the breach-notification process.\\n\\n### References\\n\\n- [1] romanian_civil_code_2009.txt\\n- [2] gdpr_2022_2555.txt', 'references': [{'reference_id': '1', 'file_path': 'romanian_civil_code_2009.txt', 'content': None}, {'reference_id': '2', 'file_path': 'gdpr_2022_2555.txt', 'content': None}]}\n", "INFO:langraph_agent:πŸ” LightRAG response received:\n", "INFO:langraph_agent:πŸ“„ Context length: 5594 characters\n", "INFO:langraph_agent:πŸ“š References found: 2\n", "INFO:langraph_agent:πŸ“ Context preview: Thanks for the details. Given the breach happened in Romania and involves sensitive customer data (names, addresses, SSNs) affecting about 500 people, you should act quickly to align with GDPR obligations and the EU cyber-notification framework. Here’s a practical, lawyer-focused plan you can use right away.\n", "\n", "Immediate next steps (urgent)\n", "- Engage a Romanian-based GDPR/legal firm now (you’ve indicated a preference for a Romanian-language, Romania-based firm within a 2,000–5,000 EUR range). A loc...\n", "INFO:langraph_agent:⏱️ LightRAG query processing time: 64.635s\n", "INFO:langraph_agent:πŸ“ Conversation history: [{'role': 'user', 'content': 'I need help with a data breach issue'}, {'role': 'assistant', 'content': 'I can help with that. Can you tell me more about the breach?'}, {'role': 'user', 'content': \"My company is in Romania and experienced a data breach. Customer names, addresses, and SSNs were stolen. We have about 500 affected customers. The breach occurred 2 days ago. We haven't notified authorities yet. I need a lawyer to help with GDPR compliance and breach notification.\"}, {'role': 'assistant', 'content': \"I understand. To find the best lawyer for you, could you tell me: Are you looking for a Romanian-based firm or international? What language do you prefer? What's your budget range?\"}]\n", "INFO:langraph_agent:πŸ“ Message: {'role': 'user', 'content': 'I need help with a data breach issue'}\n", "INFO:langraph_agent:πŸ“ Message type: \n", "INFO:langraph_agent:πŸ“ Message keys: dict_keys(['role', 'content'])\n", "INFO:langraph_agent:πŸ“ Message: {'role': 'assistant', 'content': 'I can help with that. Can you tell me more about the breach?'}\n", "INFO:langraph_agent:πŸ“ Message type: \n", "INFO:langraph_agent:πŸ“ Message keys: dict_keys(['role', 'content'])\n", "INFO:langraph_agent:πŸ“ Message: {'role': 'user', 'content': \"My company is in Romania and experienced a data breach. Customer names, addresses, and SSNs were stolen. We have about 500 affected customers. The breach occurred 2 days ago. We haven't notified authorities yet. I need a lawyer to help with GDPR compliance and breach notification.\"}\n", "INFO:langraph_agent:πŸ“ Message type: \n", "INFO:langraph_agent:πŸ“ Message keys: dict_keys(['role', 'content'])\n", "INFO:langraph_agent:πŸ“ Message: {'role': 'assistant', 'content': \"I understand. To find the best lawyer for you, could you tell me: Are you looking for a Romanian-based firm or international? What language do you prefer? What's your budget range?\"}\n", "INFO:langraph_agent:πŸ“ Message type: \n", "INFO:langraph_agent:πŸ“ Message keys: dict_keys(['role', 'content'])\n", "INFO:langraph_agent:πŸ“ Created Messages stack: [HumanMessage(content='I need help with a data breach issue', additional_kwargs={}, response_metadata={}), AIMessage(content='I can help with that. Can you tell me more about the breach?', additional_kwargs={}, response_metadata={}, tool_calls=[], invalid_tool_calls=[]), HumanMessage(content=\"My company is in Romania and experienced a data breach. Customer names, addresses, and SSNs were stolen. We have about 500 affected customers. The breach occurred 2 days ago. We haven't notified authorities yet. I need a lawyer to help with GDPR compliance and breach notification.\", additional_kwargs={}, response_metadata={}), AIMessage(content=\"I understand. To find the best lawyer for you, could you tell me: Are you looking for a Romanian-based firm or international? What language do you prefer? What's your budget range?\", additional_kwargs={}, response_metadata={}, tool_calls=[], invalid_tool_calls=[])]\n", "INFO:httpx:HTTP Request: POST https://api.openai.com/v1/chat/completions \"HTTP/1.1 200 OK\"\n", "INFO:langraph_agent:πŸ€– LLM Response type: \n", "INFO:langraph_agent:πŸ€– LLM Response content length: 0\n", "INFO:langraph_agent:πŸ€– LLM Response has tool_calls: True\n", "INFO:langraph_agent:πŸ€– LLM Response tool_calls: [{'name': 'find_lawyers', 'args': {'query': 'Romanian-based GDPR breach-notification lawyer for a data breach in Romania involving 500 customers with names, addresses, and SSNs; urgent breach notification within GDPR timelines; Romanian language; budget 2000-5000 EUR; immediate help with notification to authorities and data subjects; experienced with SPOCs/CSIRTs and ANSPDCP coordination.'}, 'id': 'call_DYoaaEVoh5tCVoKjlnD3r2dy', 'type': 'tool_call'}]\n", "INFO:langraph_agent:πŸ€– LLM Response has invalid_tool_calls: True\n", "INFO:langraph_agent:πŸ€– LLM Response invalid_tool_calls: []\n", "INFO:langraph_agent:⏱️ Answer generation processing time: 9.758s\n", "INFO:langraph_agent:⏱️ Total query processing time: 74.393s\n", "INFO:langraph_agent:πŸ“š References found: 2\n", "INFO:langraph_agent:πŸ” Checking for tool calls in response_message...\n", "INFO:langraph_agent: Response type: \n", "INFO:langraph_agent: No response_message found in state\n", "INFO:langraph_agent: No tool calls, routing to end\n", "INFO:langraph_agent:final state: {'user_query': 'I prefer a Romanian-based firm, English language is not fine, and my budget is around 2000-5000 EUR for this incident. I need help immediately with breach notification.', 'conversation_history': [{'role': 'user', 'content': 'I need help with a data breach issue'}, {'role': 'assistant', 'content': 'I can help with that. Can you tell me more about the breach?'}, {'role': 'user', 'content': \"My company is in Romania and experienced a data breach. Customer names, addresses, and SSNs were stolen. We have about 500 affected customers. The breach occurred 2 days ago. We haven't notified authorities yet. I need a lawyer to help with GDPR compliance and breach notification.\"}, {'role': 'assistant', 'content': \"I understand. To find the best lawyer for you, could you tell me: Are you looking for a Romanian-based firm or international? What language do you prefer? What's your budget range?\"}], 'lightrag_response': {'response': 'Thanks for the details. Given the breach happened in Romania and involves sensitive customer data (names, addresses, SSNs) affecting about 500 people, you should act quickly to align with GDPR obligations and the EU cyber-notification framework. Here’s a practical, lawyer-focused plan you can use right away.\\n\\nImmediate next steps (urgent)\\n- Engage a Romanian-based GDPR/legal firm now (you’ve indicated a preference for a Romanian-language, Romania-based firm within a 2,000–5,000 EUR range). A local lawyer can lead the breach-notification process, coordinate with authorities, and help prepare communications to customers.\\n- Prepare a rapid internal factsheet for the lawyer and the incident response team (what happened, when it started, what data were affected, which systems were involved, what containment steps have been taken, and who is affected). This will support the legal review and notifications.\\n- Initiate coordination with the relevant authorities and incident-response bodies. In the EU framework you’re operating under, important entities handle incident notifications and information sharing (Single Points of Contact and CSIRTs). Your Romanian-based counsel can establish the right communication channel immediately.\\n- Do not delay notifications if advised by your lawyer. The directive framework requires timely reporting to the appropriate authorities and, where required, to the data subjects.\\n\\nKey regulatory obligations to address with your lawyer (based on the context you provided)\\n- Early warning and incident notification timing: The Directive (EU) 2022/2555 envisions an early warning within 24 hours and an incident notification within 72 hours of becoming aware of a significant incident, with a final report not later than one month after notification. Your lawyer can help determine if the breach qualifies as a significant incident and ensure the required timelines are met through the proper channels. [2]\\n- Personal data breach notification to supervisory authorities: If the breach involves personal data, authorities emphasize informing the supervisory authority without undue delay and within the established timeframes when applicable. Your lawyer will assess the specifics of your breach under GDPR and initiate the correct notification process. [2]\\n- Cooperation channels (SPOCs and CSIRTs): In the EU context, Single Points of Contact (SPOCs) and Computer Security Incident Response Teams (CSIRTs) play a central role in coordinating notifications and information sharing across competent authorities. Your Romanian counsel can engage these channels to ensure fast, compliant communication and support. [2]\\n- Civil-law liability context in Romania: Under Romanian Civil Code provisions, contractual and other damages liabilities arise if obligations are not fulfilled, which underscores why timely breach notification and remediation are important from a legal-arbitration risk perspective. This helps explain why a formal notification and remediation plan are essential. [1]\\n\\nWhat to expect from a Romanian-based GDPR lawyer (typical scope, aligned with your budget)\\n- Immediate breach-notification package: assessment of whether the breach triggers GDPR notification to the supervisory authority and/or to data subjects; drafting and coordinating the actual notices; ensuring timelines are met under the directive and Romanian law.\\n- Coordination with authorities and incident-response bodies: establishing contact with the applicable SPOC/CSIRT and managing liaison with the supervisory authority.\\n- Data-subject communications: drafting clear, compliant notices to affected customers, including information to help them mitigate risk (this is standard practice to minimize harm and regulatory risk).\\n- Documentation and follow-up plan: producing a formal incident report outline, a remediation plan, and a schedule for final reporting as required.\\n\\nPractical steps you can start today (to share with the lawyer)\\n- Share the breach details: approximate time of discovery, systems involved, data categories (names, addresses, SSNs), estimated number of affected individuals, current containment actions, and any steps already taken to secure data.\\n- Confirm the fastest permissible notification path: whether to file an early warning to the SPOC/CSIRT, followed by a 72-hour incident notification to the supervisory authority and affected individuals (if required), plus a final monthly report.\\n- Establish who will draft and approve all communications (legal, privacy/compliance lead, and senior management sign-off).\\n- Set clear expectations on cost and deliverables within your 2,000–5,000 EUR budget for this incident, with scope defined (not just advisory, but practical drafting, notifications, and coordination).\\n\\nNotes on grounding in the Context\\n- The described 24-hour/72-hour/one-month timelines and the roles of SPOCs/CSIRTs come from the EU Directive material you provided. They guide the notification cadence and the cooperation framework your lawyer will implement. [2]\\n- Romanian civil-law background underscores the importance of timely and proper remediation and communications to limit liability in contractual or civil-fault contexts. This supports using early, formal notifications as part of the overall risk management. [1]\\n\\nIf you’d like, I can help you draft a quick briefing for a Romanian GDPR lawyer (including the key questions to ask and the documents to provide) to accelerate starting the engagement and the breach-notification process.\\n\\n### References\\n\\n- [1] romanian_civil_code_2009.txt\\n- [2] gdpr_2022_2555.txt', 'references': [{'reference_id': '1', 'file_path': 'romanian_civil_code_2009.txt', 'content': None}, {'reference_id': '2', 'file_path': 'gdpr_2022_2555.txt', 'content': None}]}, 'processed_context': None, 'relevant_documents': ['romanian_civil_code_2009.txt', 'gdpr_2022_2555.txt'], 'analysis_thoughts': None, 'final_response': '', 'query_timestamp': '2026-01-03T18:32:20.045214', 'processing_time': 74.39322590827942}\n", "INFO:langraph_agent:βœ… Query processing completed successfully\n", "INFO:langraph_agent:πŸ“„ Response length: 0 characters\n" ] }, { "data": { "text/plain": [ "{'response': '',\n", " 'processing_time': 74.39322590827942,\n", " 'references': ['romanian_civil_code_2009.txt', 'gdpr_2022_2555.txt'],\n", " 'timestamp': '2026-01-03T18:32:20.045214'}" ] }, "execution_count": 11, "metadata": {}, "output_type": "execute_result" } ], "source": [ "await agent.process_query(conversation_history=history,user_query=user_query)" ] } ], "metadata": { "kernelspec": { "display_name": "cyberlgl", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.12.12" } }, "nbformat": 4, "nbformat_minor": 5 }