Business continuity endpoint

API_DOCUMENTATION.md

@@ -589,3 +589,185 @@ curl -X POST "http://localhost:8000/api/enterprise-ra/generate-risks" \
     "number_of_risks": 5
   }'
 ```
+
+---
+
+## Business Continuity Recovery Strategies Endpoint
+
+### Generate Recovery Strategies
+
+**Endpoint:** `POST /api/business-continuity/generate-recovery-strategies`
+
+**Purpose:** Generate comprehensive business continuity recovery strategies for specific business processes, covering people, technology, site, and vendor unavailability scenarios.
+
+**Use Cases:**
+- Business continuity planning and strategy development
+- Disaster recovery planning for critical business processes
+- Resilience planning for operational dependencies
+- Risk mitigation strategy development
+- Compliance with business continuity standards (ISO 22301)
+
+**Request Body:**
+```json
+{
+  "business_process": {
+    "department": "Finance",
+    "sub_department": "Accounts Payable",
+    "process_name": "Invoice Processing",
+    "process_description": "Processing vendor invoices, approval workflows, and payment authorization for all company purchases"
+  },
+  "analysis_data": {
+    "impact_analysis": {
+      "rto": "4 hours",
+      "rpo": "1 hour",
+      "maximum_tolerable_downtime": "24 hours",
+      "annual_revenue_impact": "$2.5M",
+      "dependencies": ["ERP system", "banking systems", "approval workflows"]
+    },
+    "minimum_operating_requirements": {
+      "staff_minimum": "2 senior staff",
+      "technology_requirements": ["ERP access", "banking portal", "email system"],
+      "workspace_requirements": "Secure location with internet access",
+      "vendor_dependencies": ["primary bank", "ERP vendor", "internet provider"]
+    }
+  }
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "people_unavailability_strategy": "Establish cross-training programs for all invoice processing roles with documented procedures, maintain a rotation schedule to ensure multiple staff are familiar with critical functions, and create emergency contact lists for temporary qualified personnel from other departments. Implement role-based access controls and approval delegation workflows to ensure processing can continue with reduced staff.",
+  "people_reasoning": "Cross-training and documentation are essential for invoice processing continuity since financial processes require specific expertise and regulatory compliance knowledge that cannot be easily replaced.",
+  
+  "technology_data_unavailability_strategy": "Implement automated daily backups of all invoice data with cloud-based storage, establish redundant ERP system access through secondary data centers, and maintain offline copies of critical vendor information and payment instructions. Deploy backup internet connections and mobile hotspots for emergency connectivity to banking systems.",
+  "technology_reasoning": "Financial processes like invoice processing require real-time access to accurate data and secure banking connections, making technology redundancy critical for meeting payment deadlines and avoiding vendor relationship damage.",
+  
+  "site_unavailability_strategy": "Pre-configure secure remote access to all financial systems with VPN and multi-factor authentication, establish agreements for temporary workspace at alternate company locations, and ensure key personnel have secure home office setups with dedicated internet connections. Maintain physical copies of emergency vendor contact information and critical payment authorization documents.",
+  "site_reasoning": "Invoice processing can be performed remotely when proper security controls are in place, but requires secure access to sensitive financial systems and confidential vendor information.",
+  
+  "third_party_vendors_unavailability_strategy": "Maintain relationships with backup banking partners for payment processing, establish secondary internet service providers with automatic failover, and negotiate service level agreements with ERP vendor for priority support during outages. Keep emergency contact information for all critical vendors and establish alternative communication channels.",
+  "vendor_reasoning": "Invoice processing depends heavily on external banking systems and ERP infrastructure, requiring vendor diversification to ensure payment capabilities remain operational during service disruptions.",
+  
+  "message": "Successfully generated comprehensive recovery strategies"
+}
+```
+
+**Key Features:**
+- **Process-Specific Strategies**: Tailored recommendations based on the specific business process and its dependencies
+- **Industry Best Practices**: Strategies aligned with ISO 22301 business continuity standards and industry frameworks
+- **Actionable Recommendations**: Detailed, implementable steps with specific technologies and procedures
+- **Risk-Based Reasoning**: Clear explanations for why each strategy is appropriate for the specific process
+- **Comprehensive Coverage**: Addresses all major disruption scenarios (people, technology, site, vendor)
+- **Regulatory Awareness**: Considers compliance requirements and regulatory impacts in strategy development
+
+**Response Fields:**
+
+| Field | Description |
+|-------|-------------|
+| `people_unavailability_strategy` | Detailed strategy for maintaining operations when key personnel are unavailable |
+| `people_reasoning` | Justification for the people strategy based on process requirements |
+| `technology_data_unavailability_strategy` | Strategy for handling IT system failures, data loss, or technology disruptions |
+| `technology_reasoning` | Explanation of why the technology strategy fits the process requirements |
+| `site_unavailability_strategy` | Plans for continuing operations when primary work locations are inaccessible |
+| `site_reasoning` | Justification for site strategy based on process location dependencies |
+| `third_party_vendors_unavailability_strategy` | Contingency plans for vendor, supplier, or service provider disruptions |
+| `vendor_reasoning` | Explanation of vendor strategy relevance to process dependencies |
+
+**Error Handling:**
+- Provides intelligent fallback strategies when AI service is unavailable
+- Generates process-specific recommendations based on request parameters
+- Includes comprehensive error messages for troubleshooting
+
+### cURL Example:
+```bash
+curl -X POST "http://localhost:8000/api/business-continuity/generate-recovery-strategies" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "business_process": {
+      "department": "Finance",
+      "sub_department": "Accounts Payable",
+      "process_name": "Invoice Processing",
+      "process_description": "Processing vendor invoices, approval workflows, and payment authorization"
+    },
+    "analysis_data": {
+      "impact_analysis": {
+        "rto": "4 hours",
+        "rpo": "1 hour",
+        "maximum_tolerable_downtime": "24 hours"
+      },
+      "minimum_operating_requirements": {
+        "staff_minimum": "2 senior staff",
+        "technology_requirements": ["ERP access", "banking portal"],
+        "workspace_requirements": "Secure location with internet access"
+      }
+    }
+  }'
+```
+
+### Postman Collection Setup:
+
+**Request Configuration:**
+- **Method**: POST
+- **URL**: `{{base_url}}/business-continuity/api/business-continuity/generate-recovery-strategies`
+- **Headers**: `Content-Type: application/json`
+
+**Test Scenarios:**
+
+*Financial Process Example:*
+```json
+{
+  "business_process": {
+    "department": "Finance",
+    "sub_department": "Treasury",
+    "process_name": "Cash Management",
+    "process_description": "Daily cash flow monitoring, bank reconciliation, and liquidity management"
+  },
+  "analysis_data": {
+    "impact_analysis": {
+      "rto": "2 hours",
+      "maximum_tolerable_downtime": "8 hours",
+      "dependencies": ["banking systems", "treasury management system"]
+    }
+  }
+}
+```
+
+*IT Operations Example:*
+```json
+{
+  "business_process": {
+    "department": "IT",
+    "sub_department": "Infrastructure",
+    "process_name": "Server Monitoring",
+    "process_description": "24/7 monitoring of critical IT infrastructure and incident response"
+  },
+  "analysis_data": {
+    "impact_analysis": {
+      "rto": "15 minutes",
+      "maximum_tolerable_downtime": "1 hour",
+      "dependencies": ["monitoring tools", "alerting systems", "ticketing system"]
+    }
+  }
+}
+```
+
+*HR Process Example:*
+```json
+{
+  "business_process": {
+    "department": "Human Resources",
+    "sub_department": "Payroll",
+    "process_name": "Payroll Processing",
+    "process_description": "Bi-weekly payroll calculation, tax withholding, and direct deposit processing"
+  },
+  "analysis_data": {
+    "impact_analysis": {
+      "rto": "24 hours",
+      "maximum_tolerable_downtime": "72 hours",
+      "dependencies": ["HRIS system", "banking integration", "tax calculation system"]
+    }
+  }
+}
+```

app.py

@@ -10,6 +10,7 @@ import json
 from enterprise_ra import enterprise_ra_router
 from threat_ra import threat_ra_router
 from dashboard_analytics import dashboard_router
+from business_continuity import business_continuity_router
 
 app = FastAPI(title="EY Catalyst Risk Analysis API", version="1.0.0")
 
@@ -17,6 +18,7 @@ app = FastAPI(title="EY Catalyst Risk Analysis API", version="1.0.0")
 app.include_router(enterprise_ra_router, prefix="/enterprise")
 app.include_router(threat_ra_router, prefix="/threat") 
 app.include_router(dashboard_router, prefix="/dashboard")
+app.include_router(business_continuity_router, prefix="/business-continuity")
 
 # Environment Variables
 GROQ_API_KEY = os.environ.get("GROQ_API_KEY")

business_continuity.py

@@ -0,0 +1,216 @@
+# business_continuity.py
+from fastapi import APIRouter, HTTPException
+from pydantic import BaseModel
+from typing import List, Optional, Dict, Any
+import os
+import openai
+import json
+import uuid
+
+# Environment Variables
+GROQ_API_KEY = os.environ.get("GROQ_API_KEY")
+if GROQ_API_KEY:
+    GROQ_API_KEY = GROQ_API_KEY.strip()
+
+# Model Setup
+def generate_response(system_prompt: str, user_message: str):
+    if not GROQ_API_KEY:
+        raise Exception("GROQ_API_KEY environment variable is not set")
+    
+    client = openai.OpenAI(api_key=GROQ_API_KEY, base_url="https://api.groq.com/openai/v1")
+    try:
+        response = client.chat.completions.create(
+            model="llama3-8b-8192",
+            messages=[
+                {"role": "system", "content": system_prompt},
+                {"role": "user", "content": user_message}
+            ],
+            temperature=0.4
+        )
+        return response.choices[0].message.content
+    except Exception as e:
+        raise Exception(f"GROQ API connection failed: {str(e)}")
+
+# Request Models
+class BusinessProcess(BaseModel):
+    department: str
+    sub_department: Optional[str] = ""
+    process_name: str
+    process_description: str
+
+class AnalysisData(BaseModel):
+    impact_analysis: Optional[Dict[str, Any]] = {}
+    minimum_operating_requirements: Optional[Dict[str, Any]] = {}
+
+class BusinessContinuityRequest(BaseModel):
+    business_process: BusinessProcess
+    analysis_data: AnalysisData
+
+# Response Models
+class RecoveryStrategiesResponse(BaseModel):
+    success: bool
+    people_unavailability_strategy: str
+    people_reasoning: str
+    technology_data_unavailability_strategy: str
+    technology_reasoning: str
+    site_unavailability_strategy: str
+    site_reasoning: str
+    third_party_vendors_unavailability_strategy: str
+    vendor_reasoning: str
+    message: str
+
+# Business Continuity Router
+business_continuity_router = APIRouter()
+
+@business_continuity_router.post("/api/business-continuity/generate-recovery-strategies", response_model=RecoveryStrategiesResponse)
+def generate_recovery_strategies(request: BusinessContinuityRequest):
+    """
+    Generate comprehensive business continuity recovery strategies for a business process
+    """
+    system_prompt = """You are a business continuity expert with extensive experience in developing recovery strategies for various business processes. Your task is to generate comprehensive, actionable recovery strategies and their reasoning for specific business processes.
+
+CRITICAL: You must respond with ONLY a valid JSON object. Do not include any markdown formatting, code blocks, or additional text.
+
+For each recovery strategy, you need to:
+1. Provide detailed, actionable steps that can be immediately implemented
+2. Consider the specific nature of the business process and its dependencies
+3. Include realistic timelines and resource requirements
+4. Reference industry best practices and standards (ISO 22301, NIST, COOP guidelines)
+5. Provide clear reasoning that explains why each strategy is appropriate for the specific process
+
+Consider these factors:
+- Business process criticality and dependencies
+- Resource requirements (human, technology, facilities)
+- Regulatory and compliance considerations
+- Cost-effectiveness and feasibility
+- Recovery time objectives (RTO) and recovery point objectives (RPO)
+- Industry-specific risks and challenges
+- Stakeholder communication requirements
+- Testing and maintenance needs
+
+Provide specific justifications that reference:
+- Industry standards and best practices
+- Historical incident data and lessons learned
+- Process-specific vulnerabilities and requirements
+- Resource availability and constraints
+- Regulatory requirements and compliance needs
+- Business impact considerations
+- Technology dependencies and alternatives
+
+RESPOND WITH ONLY THIS EXACT JSON FORMAT (no markdown, no code blocks, no additional text):
+{
+  "people_unavailability_strategy": "Detailed strategy for handling personnel unavailability with specific actionable steps",
+  "people_reasoning": "Clear explanation of why this strategy is appropriate for this specific business process",
+  "technology_data_unavailability_strategy": "Detailed strategy for handling technology and data unavailability with specific steps",
+  "technology_reasoning": "Clear explanation of why this technology strategy fits this process",
+  "site_unavailability_strategy": "Detailed strategy for handling site unavailability with actionable steps",
+  "site_reasoning": "Clear explanation of why this site strategy is suitable for this process",
+  "third_party_vendors_unavailability_strategy": "Detailed strategy for handling vendor/supplier disruptions with specific steps",
+  "vendor_reasoning": "Clear explanation of why this vendor strategy is appropriate for this process"
+}"""
+
+    # Convert request to JSON for the prompt
+    input_json = {
+        "business_process": {
+            "department": request.business_process.department,
+            "sub_department": request.business_process.sub_department,
+            "process_name": request.business_process.process_name,
+            "process_description": request.business_process.process_description
+        },
+        "analysis_data": {
+            "impact_analysis": request.analysis_data.impact_analysis,
+            "minimum_operating_requirements": request.analysis_data.minimum_operating_requirements
+        }
+    }
+
+    user_message = f"""You are a business continuity expert. Generate comprehensive recovery strategies AND their reasoning for the business process described in the following JSON data:
+
+{json.dumps(input_json, indent=2)}
+
+Please analyze the provided business process information and provide specific, actionable recovery strategies for each of the following scenarios. Each strategy should be detailed, practical, and specific to this business process.
+
+For EACH strategy, also provide a clear reasoning explanation of WHY this strategy was recommended for this specific process.
+
+Strategy Categories Required:
+1. People Unavailability Strategy - What to do when key personnel are unavailable
+2. Technology/Data Unavailability Strategy - How to handle IT system failures or data loss  
+3. Site Unavailability Strategy - Plans for when the primary work location is inaccessible
+4. Third Party Vendors Unavailability Strategy - Contingencies for vendor/supplier disruptions
+
+Output Requirements:
+- Format your response as a valid JSON object with these exact keys:
+  - people_unavailability_strategy
+  - people_reasoning
+  - technology_data_unavailability_strategy
+  - technology_reasoning
+  - site_unavailability_strategy
+  - site_reasoning
+  - third_party_vendors_unavailability_strategy
+  - vendor_reasoning
+
+- Each strategy should be a detailed string (2-3 sentences minimum) with actionable steps
+- Each reasoning should explain WHY this strategy was chosen for this specific process (1-2 sentences)
+- Return ONLY the JSON object, no additional text or formatting"""
+
+    try:
+        result = generate_response(system_prompt, user_message)
+        
+        # Clean the response - remove markdown code blocks if present
+        cleaned_result = result.strip()
+        if cleaned_result.startswith('```json'):
+            cleaned_result = cleaned_result[7:]  # Remove ```json
+        elif cleaned_result.startswith('```'):
+            cleaned_result = cleaned_result[3:]   # Remove ```
+        if cleaned_result.endswith('```'):
+            cleaned_result = cleaned_result[:-3]  # Remove trailing ```
+        cleaned_result = cleaned_result.strip()
+        
+        # Extract JSON from the response
+        json_start = cleaned_result.find('{')
+        json_end = cleaned_result.rfind('}') + 1
+        
+        if json_start != -1 and json_end > json_start:
+            json_str = cleaned_result[json_start:json_end]
+            strategies_data = json.loads(json_str)
+            
+            return RecoveryStrategiesResponse(
+                success=True,
+                people_unavailability_strategy=strategies_data.get("people_unavailability_strategy", ""),
+                people_reasoning=strategies_data.get("people_reasoning", ""),
+                technology_data_unavailability_strategy=strategies_data.get("technology_data_unavailability_strategy", ""),
+                technology_reasoning=strategies_data.get("technology_reasoning", ""),
+                site_unavailability_strategy=strategies_data.get("site_unavailability_strategy", ""),
+                site_reasoning=strategies_data.get("site_reasoning", ""),
+                third_party_vendors_unavailability_strategy=strategies_data.get("third_party_vendors_unavailability_strategy", ""),
+                vendor_reasoning=strategies_data.get("vendor_reasoning", ""),
+                message="Successfully generated comprehensive recovery strategies"
+            )
+        else:
+            raise ValueError("No valid JSON found in response")
+            
+    except (json.JSONDecodeError, ValueError) as e:
+        # Fallback response with generic but relevant strategies
+        process_name = request.business_process.process_name
+        department = request.business_process.department
+        
+        fallback_response = RecoveryStrategiesResponse(
+            success=True,
+            people_unavailability_strategy=f"Develop cross-training programs for key roles in {process_name}, maintain updated contact lists for temporary staff, and establish clear escalation procedures for critical decision-making. Document all critical processes to ensure knowledge transfer and implement a buddy system for essential personnel.",
+            people_reasoning=f"Cross-training and documentation are essential for {process_name} in {department} to reduce single points of failure and ensure continuity when key personnel are unavailable.",
+            
+            technology_data_unavailability_strategy=f"Implement regular automated data backups for {process_name} systems, establish redundant systems and failover procedures, and maintain updated disaster recovery documentation. Test backup systems monthly and ensure all critical data is replicated to secure off-site locations.",
+            technology_reasoning=f"Data protection and system redundancy are critical for {process_name} operations to minimize downtime and ensure rapid recovery from technology failures.",
+            
+            site_unavailability_strategy=f"Identify and pre-approve alternative work locations for {process_name} operations, enable remote work capabilities with necessary tools and secure access, and establish communication protocols for distributed teams. Maintain emergency supplies and equipment at alternate locations.",
+            site_reasoning=f"Alternative work arrangements ensure {process_name} operations can continue even when primary {department} facilities are inaccessible due to emergencies or disasters.",
+            
+            third_party_vendors_unavailability_strategy=f"Maintain relationships with alternate vendors and suppliers critical to {process_name}, keep emergency contact information updated, and develop contingency contracts for essential services. Regularly assess vendor stability and maintain inventory buffers for critical supplies.",
+            vendor_reasoning=f"Vendor diversification and contingency planning reduce dependency risks for {process_name} and ensure continuity of critical external services and supplies.",
+            
+            message="Generated fallback recovery strategies due to processing error"
+        )
+        
+        return fallback_response
+    
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Error generating recovery strategies: {str(e)}")

enterprise_ra.py

@@ -83,8 +83,9 @@ def generate_enterprise_risks(request: RiskGenerationRequest):
     """
     Generate comprehensive enterprise risks based on category and department
     """
-    system_prompt = """
-You are an expert enterprise risk analyst. Your task is to generate comprehensive risks for organizations based on the provided category, department, and business context.
+    system_prompt = """You are an expert enterprise risk analyst. Your task is to generate comprehensive risks for organizations based on the provided category, department, and business context.
+
+CRITICAL: You must respond with ONLY a valid JSON object. Do not include any markdown formatting, code blocks, or additional text.
 
 For each risk, you need to:
 1. Create a clear, specific risk name
@@ -111,7 +112,7 @@ Provide specific justifications that reference:
 - Technology adoption patterns
 - Business model vulnerabilities
 
-Respond strictly in this JSON format:
+RESPOND WITH ONLY THIS EXACT JSON FORMAT (no markdown, no code blocks, no additional text):
 {
   "risks": [
     {
@@ -131,8 +132,7 @@ Respond strictly in this JSON format:
       ]
     }
   ]
-}
-"""
+}"""
 
     user_message = f"""
 Generate {request.number_of_risks} enterprise risks for the following context:
@@ -148,12 +148,22 @@ Please provide comprehensive risks that are relevant to this department and cate
     try:
         result = generate_response(system_prompt, user_message)
         
+        # Clean the response - remove markdown code blocks if present
+        cleaned_result = result.strip()
+        if cleaned_result.startswith('```json'):
+            cleaned_result = cleaned_result[7:]  # Remove ```json
+        elif cleaned_result.startswith('```'):
+            cleaned_result = cleaned_result[3:]   # Remove ```
+        if cleaned_result.endswith('```'):
+            cleaned_result = cleaned_result[:-3]  # Remove trailing ```
+        cleaned_result = cleaned_result.strip()
+        
         # Extract JSON from the response
-        json_start = result.find('{')
-        json_end = result.rfind('}') + 1
+        json_start = cleaned_result.find('{')
+        json_end = cleaned_result.rfind('}') + 1
         
         if json_start != -1 and json_end > json_start:
-            json_str = result[json_start:json_end]
+            json_str = cleaned_result[json_start:json_end]
             risks_data = json.loads(json_str)
             
             # Convert to our response format
@@ -227,8 +237,9 @@ def generate_threats_for_risk(request: ThreatGenerationRequest):
     """
     Generate specific threats for a given risk
     """
-    system_prompt = """
-You are an expert threat analyst. Your task is to generate specific threats that could lead to or contribute to a given risk.
+    system_prompt = """You are an expert threat analyst. Your task is to generate specific threats that could lead to or contribute to a given risk.
+
+CRITICAL: You must respond with ONLY a valid JSON object. Do not include any markdown formatting, code blocks, or additional text.
 
 For each threat, provide:
 1. A clear, specific threat name
@@ -255,7 +266,7 @@ Provide specific justifications that reference:
 - Supply chain and third-party risks
 - Insider threat patterns specific to the department
 
-Respond strictly in this JSON format:
+RESPOND WITH ONLY THIS EXACT JSON FORMAT (no markdown, no code blocks, no additional text):
 {
   "threats": [
     {
@@ -264,8 +275,7 @@ Respond strictly in this JSON format:
       "justification": "Industry-specific reasoning for why this threat is particularly relevant, including statistics, trends, regulatory factors, or common occurrences in this sector and department"
     }
   ]
-}
-"""
+}"""
 
     user_message = f"""
 Generate {request.number_of_threats} specific threats for the following risk:
@@ -280,12 +290,22 @@ Please provide threats that are directly relevant to this risk and could realist
     try:
         result = generate_response(system_prompt, user_message)
         
+        # Clean the response - remove markdown code blocks if present
+        cleaned_result = result.strip()
+        if cleaned_result.startswith('```json'):
+            cleaned_result = cleaned_result[7:]  # Remove ```json
+        elif cleaned_result.startswith('```'):
+            cleaned_result = cleaned_result[3:]   # Remove ```
+        if cleaned_result.endswith('```'):
+            cleaned_result = cleaned_result[:-3]  # Remove trailing ```
+        cleaned_result = cleaned_result.strip()
+        
         # Extract JSON from the response
-        json_start = result.find('{')
-        json_end = result.rfind('}') + 1
+        json_start = cleaned_result.find('{')
+        json_end = cleaned_result.rfind('}') + 1
         
         if json_start != -1 and json_end > json_start:
-            json_str = result[json_start:json_end]
+            json_str = cleaned_result[json_start:json_end]
             threats_data = json.loads(json_str)
             
             threats = [Threat(**threat) for threat in threats_data.get("threats", [])]

threat_ra.py

@@ -81,8 +81,9 @@ def generate_threat_risks(request: ThreatRiskGenerationRequest):
     """
     Generate comprehensive threat risk records for threat risk assessment
     """
-    system_prompt = """
-You are an expert threat risk analyst. Your task is to generate comprehensive threat risk records that include domain-specific risks, threats, vulnerabilities, and their assessments.
+    system_prompt = """You are an expert threat risk analyst. Your task is to generate comprehensive threat risk records that include domain-specific risks, threats, vulnerabilities, and their assessments.
+
+CRITICAL: You must respond with ONLY a valid JSON object. Do not include any markdown formatting, code blocks, or additional text.
 
 For each threat risk record, you need to:
 1. Create a specific risk name relevant to the domain
@@ -111,7 +112,7 @@ Provide specific justifications that reference:
 - Technology adoption risks
 - Operational and process weaknesses
 
-Respond strictly in this JSON format:
+RESPOND WITH ONLY THIS EXACT JSON FORMAT (no markdown, no code blocks, no additional text):
 {
   "threatRisks": [
     {
@@ -126,8 +127,7 @@ Respond strictly in this JSON format:
       "impact_justification": "Specific reasons for this impact score based on business dependencies and potential consequences"
     }
   ]
-}
-"""
+}"""
 
     user_message = f"""
 Generate {request.number_of_records} threat risk records for the following context:
@@ -143,12 +143,22 @@ Please provide comprehensive threat risk records that include specific risks, th
     try:
         result = generate_response(system_prompt, user_message)
         
+        # Clean the response - remove markdown code blocks if present
+        cleaned_result = result.strip()
+        if cleaned_result.startswith('```json'):
+            cleaned_result = cleaned_result[7:]  # Remove ```json
+        elif cleaned_result.startswith('```'):
+            cleaned_result = cleaned_result[3:]   # Remove ```
+        if cleaned_result.endswith('```'):
+            cleaned_result = cleaned_result[:-3]  # Remove trailing ```
+        cleaned_result = cleaned_result.strip()
+        
         # Extract JSON from the response
-        json_start = result.find('{')
-        json_end = result.rfind('}') + 1
+        json_start = cleaned_result.find('{')
+        json_end = cleaned_result.rfind('}') + 1
         
         if json_start != -1 and json_end > json_start:
-            json_str = result[json_start:json_end]
+            json_str = cleaned_result[json_start:json_end]
             risks_data = json.loads(json_str)
             
             # Convert to our response format
@@ -222,8 +232,9 @@ def analyze_threat_risk(request: ThreatRiskAnalysisRequest):
     """
     Provide detailed analysis and recommendations for a specific threat risk scenario
     """
-    system_prompt = """
-You are an expert threat risk analyst. Your task is to provide detailed analysis and recommendations for a specific threat risk scenario.
+    system_prompt = """You are an expert threat risk analyst. Your task is to provide detailed analysis and recommendations for a specific threat risk scenario.
+
+CRITICAL: You must respond with ONLY a valid JSON object. Do not include any markdown formatting, code blocks, or additional text.
 
 Analyze the provided threat risk scenario and provide:
 1. Likelihood assessment (1-5 scale) with detailed justification
@@ -252,7 +263,7 @@ Provide specific justifications that reference:
 - Technology-specific risk factors
 - Geographic and sector-specific considerations
 
-Respond strictly in this JSON format:
+RESPOND WITH ONLY THIS EXACT JSON FORMAT (no markdown, no code blocks, no additional text):
 {
   "analysis": {
     "likelihood": 3,
@@ -265,8 +276,7 @@ Respond strictly in this JSON format:
     "Specific recommendation 2 with regulatory reference",
     "Specific recommendation 3 with cost-benefit analysis"
   ]
-}
-"""
+}"""
 
     user_message = f"""
 Analyze the following threat risk scenario:
@@ -283,12 +293,22 @@ Please provide a comprehensive analysis including likelihood and impact assessme
     try:
         result = generate_response(system_prompt, user_message)
         
+        # Clean the response - remove markdown code blocks if present
+        cleaned_result = result.strip()
+        if cleaned_result.startswith('```json'):
+            cleaned_result = cleaned_result[7:]  # Remove ```json
+        elif cleaned_result.startswith('```'):
+            cleaned_result = cleaned_result[3:]   # Remove ```
+        if cleaned_result.endswith('```'):
+            cleaned_result = cleaned_result[:-3]  # Remove trailing ```
+        cleaned_result = cleaned_result.strip()
+        
         # Extract JSON from the response
-        json_start = result.find('{')
-        json_end = result.rfind('}') + 1
+        json_start = cleaned_result.find('{')
+        json_end = cleaned_result.rfind('}') + 1
         
         if json_start != -1 and json_end > json_start:
-            json_str = result[json_start:json_end]
+            json_str = cleaned_result[json_start:json_end]
             analysis_data = json.loads(json_str)
             
             # Extract analysis data