# dashboard_analytics.py from fastapi import APIRouter, HTTPException from pydantic import BaseModel from typing import List, Optional, Dict, Any import os import openai import json from datetime import datetime, timedelta import random # Environment Variables GROQ_API_KEY = os.environ.get("GROQ_API_KEY") if GROQ_API_KEY: GROQ_API_KEY = GROQ_API_KEY.strip()# Model Setup def generate_response(system_prompt: str, user_message: str): if not GROQ_API_KEY: raise Exception("GROQ_API_KEY environment variable is not set") client = openai.OpenAI(api_key=GROQ_API_KEY, base_url="https://api.groq.com/openai/v1") try: response = client.chat.completions.create( model="llama3-8b-8192", messages=[ {"role": "system", "content": system_prompt}, {"role": "user", "content": user_message} ], temperature=0.4 ) return response.choices[0].message.content except Exception as e: raise Exception(f"GROQ API connection failed: {str(e)}") # Request Models class DashboardAnalyticsRequest(BaseModel): organization_name: Optional[str] = "Organization" industry: Optional[str] = "Technology" departments: Optional[List[str]] = ["IT", "HR", "Finance", "Operations"] time_period: Optional[str] = "last_30_days" class AssessmentSummaryRequest(BaseModel): assessment_types: List[str] organization_context: Optional[str] = "" # Response Models class KPIMetrics(BaseModel): totalRisks: int totalThreats: int criticalRisks: int departments: int kpi_justification: str class AssessmentSummary(BaseModel): assessmentType: str completed: int inProgress: int pending: int keyFindings: List[str] progress_justification: str class RecentActivity(BaseModel): action: str user: str timestamp: str meta: str class DashboardKPIResponse(BaseModel): success: bool kpis: KPIMetrics message: str class AssessmentSummariesResponse(BaseModel): success: bool summaries: List[AssessmentSummary] message: str class RecentActivitiesResponse(BaseModel): success: bool activities: List[RecentActivity] message: str # Dashboard Analytics Router dashboard_router = APIRouter() @dashboard_router.post("/api/dashboard/generate-kpis", response_model=DashboardKPIResponse) def generate_dashboard_kpis(request: DashboardAnalyticsRequest): """ Generate realistic KPI metrics for the main dashboard based on organization context """ system_prompt = """ You are an expert risk analytics specialist. Your task is to generate realistic KPI metrics for an organization's risk management dashboard. Based on the organization context, generate appropriate metrics that reflect: 1. Total number of identified risks with industry benchmarking justification 2. Total number of distinct threats with threat landscape analysis 3. Number of critical risks (high likelihood and high impact) with risk profile justification 4. Number of departments involved in risk management with organizational structure analysis Consider: - Organization size and industry standards - Typical risk profiles for different industries - Realistic proportions between total risks and critical risks - Department involvement based on organization structure - Industry benchmarks and statistical data - Regulatory requirements and compliance factors - Technology adoption and digital transformation impacts - Geographic and market-specific risk factors Provide specific justifications that reference: - Industry risk statistics and benchmarks - Regulatory requirements for the sector - Common risk patterns in similar organizations - Technology and operational risk factors - Market conditions and business environment - Organizational maturity and risk management capabilities Respond strictly in this JSON format: { "kpis": { "totalRisks": 125, "totalThreats": 45, "criticalRisks": 12, "departments": 6, "kpi_justification": "Detailed explanation of why these metrics are appropriate for this organization, including industry benchmarks, risk factors, and organizational characteristics" }, "rationale": "Brief explanation of the metrics provided" } """ user_message = f""" Generate KPI metrics for the following organization: Organization: {request.organization_name} Industry: {request.industry} Departments: {', '.join(request.departments)} Time Period: {request.time_period} Please provide realistic metrics that align with this organization's profile and industry standards. """ try: result = generate_response(system_prompt, user_message) # Extract JSON from the response json_start = result.find('{') json_end = result.rfind('}') + 1 if json_start != -1 and json_end > json_start: json_str = result[json_start:json_end] kpi_data = json.loads(json_str) kpis = KPIMetrics(**kpi_data.get("kpis", {})) return DashboardKPIResponse( success=True, kpis=kpis, message="Successfully generated dashboard KPI metrics" ) else: raise ValueError("No valid JSON found in response") except (json.JSONDecodeError, ValueError) as e: # Fallback response with industry-appropriate metrics base_multiplier = len(request.departments) * 10 if request.industry.lower() in ["technology", "financial services", "healthcare"]: risk_multiplier = 1.5 elif request.industry.lower() in ["manufacturing", "retail"]: risk_multiplier = 1.2 else: risk_multiplier = 1.0 total_risks = int(base_multiplier * risk_multiplier) total_threats = int(total_risks * 0.3) critical_risks = int(total_risks * 0.08) departments = len(request.departments) fallback_kpis = KPIMetrics( totalRisks=total_risks, totalThreats=total_threats, criticalRisks=critical_risks, departments=departments, kpi_justification=f"Generated for {request.industry} industry with {departments} departments. Risk counts based on industry standards where organizations typically identify 10-15 risks per department. Critical risk ratio of {critical_risks/total_risks:.1%} aligns with industry benchmarks." ) return DashboardKPIResponse( success=True, kpis=fallback_kpis, message="Generated fallback KPI metrics" ) except Exception as e: raise HTTPException(status_code=500, detail=f"Error generating KPIs: {str(e)}") @dashboard_router.post("/api/dashboard/generate-assessment-summaries", response_model=AssessmentSummariesResponse) def generate_assessment_summaries(request: AssessmentSummaryRequest): """ Generate assessment summaries with realistic progress and key findings """ system_prompt = """ You are an expert risk assessment analyst. Your task is to generate realistic assessment summaries for different types of risk assessments. For each assessment type, provide: 1. Number of completed assessments with completion rate justification 2. Number of assessments in progress with resource allocation reasoning 3. Number of pending assessments with prioritization justification 4. Key findings relevant to that assessment type with industry context Consider: - Realistic distribution of assessment states based on organizational capacity - Assessment-specific findings and insights with industry relevance - Current risk landscape and common issues with statistical backing - Actionable and meaningful key findings with regulatory context - Resource constraints and assessment complexity factors - Industry benchmarks for assessment completion rates - Regulatory requirements and compliance timelines - Organizational maturity and risk management capabilities Provide specific justifications that reference: - Industry standards for assessment completion rates - Common findings patterns in similar organizations - Regulatory requirements and compliance deadlines - Resource allocation best practices - Risk assessment methodologies and frameworks - Technology and operational assessment challenges Respond strictly in this JSON format: { "summaries": [ { "assessmentType": "Assessment Type Name", "completed": 12, "inProgress": 3, "pending": 2, "keyFindings": [ "Finding 1 with industry context", "Finding 2 with regulatory reference" ], "progress_justification": "Explanation of why this progress distribution is realistic for this assessment type, including resource constraints, complexity factors, and industry benchmarks" } ] } """ user_message = f""" Generate assessment summaries for the following assessment types: Assessment Types: {', '.join(request.assessment_types)} Organization Context: {request.organization_context} Please provide realistic progress numbers and meaningful key findings for each assessment type. """ try: result = generate_response(system_prompt, user_message) # Extract JSON from the response json_start = result.find('{') json_end = result.rfind('}') + 1 if json_start != -1 and json_end > json_start: json_str = result[json_start:json_end] summary_data = json.loads(json_str) summaries = [AssessmentSummary(**summary) for summary in summary_data.get("summaries", [])] return AssessmentSummariesResponse( success=True, summaries=summaries, message="Successfully generated assessment summaries" ) else: raise ValueError("No valid JSON found in response") except (json.JSONDecodeError, ValueError) as e: # Fallback response with default summaries fallback_summaries = [] for assessment_type in request.assessment_types: # Generate realistic numbers total_assessments = random.randint(15, 25) completed = random.randint(int(total_assessments * 0.6), int(total_assessments * 0.8)) in_progress = random.randint(2, 5) pending = total_assessments - completed - in_progress # Generate assessment-specific findings if "critical process" in assessment_type.lower(): key_findings = [ "85% of critical processes meet documentation standards per ISO 22301", "2-3 processes require immediate review due to regulatory changes", "Backup procedures need enhancement based on RTO/RPO analysis" ] progress_justification = f"Critical process assessments typically take 2-3 weeks each. Current progress reflects standard organizational capacity and regulatory compliance timelines." elif "threat" in assessment_type.lower(): key_findings = [ "Phishing remains top threat (42% of incidents per SANS report)", "Insider threat controls need strengthening per NIST framework", "Third-party risks increased 35% due to digital transformation" ] progress_justification = f"Threat assessments require specialized expertise and threat intelligence analysis. Progress aligns with industry standards for comprehensive threat evaluation." elif "site" in assessment_type.lower(): key_findings = [ "Physical security controls meet 90% of ASIS guidelines", "Some locations need access control upgrades per corporate policy", "Emergency procedures comply with local regulatory requirements" ] progress_justification = f"Site assessments depend on geographic distribution and local compliance requirements. Current progress reflects travel constraints and coordination complexity." else: key_findings = [ f"{assessment_type} controls are generally effective per industry standards", "Some areas need improvement based on regulatory updates", "Regular monitoring recommended per risk management framework" ] progress_justification = f"Assessment progress reflects standard organizational capacity and complexity of {assessment_type} evaluation requirements." summary = AssessmentSummary( assessmentType=assessment_type, completed=completed, inProgress=in_progress, pending=pending, keyFindings=key_findings[:2], # Limit to 2 findings progress_justification=progress_justification ) fallback_summaries.append(summary) return AssessmentSummariesResponse( success=True, summaries=fallback_summaries, message="Generated fallback assessment summaries" ) except Exception as e: raise HTTPException(status_code=500, detail=f"Error generating assessment summaries: {str(e)}") @dashboard_router.get("/api/dashboard/generate-recent-activities", response_model=RecentActivitiesResponse) def generate_recent_activities(days: int = 7, limit: int = 10): """ Generate realistic recent activities for the dashboard activity feed """ try: # Generate sample activities with realistic timestamps activity_types = [ ("Risk escalated", "Risk: Data Breach"), ("Threat added", "Threat: Ransomware"), ("Assessment completed", "Critical Process RA"), ("Risk mitigated", "Risk: System Failure"), ("Threat updated", "Threat: Phishing Attack"), ("Assessment started", "Site Assessment"), ("Risk reviewed", "Risk: Supply Chain"), ("Control implemented", "Multi-factor Authentication"), ("Vulnerability identified", "Network Security Gap"), ("Training completed", "Security Awareness") ] users = ["Jane Doe", "John Smith", "Alice Johnson", "Bob Wilson", "Carol Brown", "David Lee"] activities = [] for i in range(min(limit, len(activity_types))): # Generate timestamp within the last 'days' days days_ago = random.randint(0, days) hours_ago = random.randint(0, 23) minutes_ago = random.randint(0, 59) timestamp = datetime.now() - timedelta(days=days_ago, hours=hours_ago, minutes=minutes_ago) action, meta = activity_types[i] user = random.choice(users) activity = RecentActivity( action=action, user=user, timestamp=timestamp.isoformat() + "Z", meta=meta ) activities.append(activity) # Sort by timestamp (most recent first) activities.sort(key=lambda x: x.timestamp, reverse=True) return RecentActivitiesResponse( success=True, activities=activities, message=f"Successfully generated {len(activities)} recent activities" ) except Exception as e: raise HTTPException(status_code=500, detail=f"Error generating recent activities: {str(e)}") @dashboard_router.post("/api/dashboard/generate-risk-insights") def generate_risk_insights(organization_context: str = "", focus_areas: List[str] = []): """ Generate strategic risk insights and recommendations for executive dashboard """ system_prompt = """ You are a senior risk management consultant. Your task is to generate strategic risk insights and recommendations for executive leadership. Provide: 1. Top 3-5 strategic risk insights 2. Trend analysis and predictions 3. Actionable recommendations for senior management 4. Key performance indicators to monitor Consider: - Current business environment and market conditions - Emerging risks and threat landscapes - Regulatory and compliance considerations - Business continuity and operational resilience Respond strictly in this JSON format: { "insights": [ { "title": "Insight Title", "description": "Detailed insight description", "priority": "High/Medium/Low", "recommendation": "Specific recommendation" } ], "trends": [ "Trend observation 1", "Trend observation 2" ], "kpis_to_monitor": [ "KPI 1", "KPI 2" ] } """ user_message = f""" Generate strategic risk insights for the following context: Organization Context: {organization_context} Focus Areas: {', '.join(focus_areas) if focus_areas else 'General risk management'} Please provide executive-level insights and recommendations. """ try: result = generate_response(system_prompt, user_message) # Extract JSON from the response json_start = result.find('{') json_end = result.rfind('}') + 1 if json_start != -1 and json_end > json_start: json_str = result[json_start:json_end] insights_data = json.loads(json_str) return { "success": True, "insights": insights_data.get("insights", []), "trends": insights_data.get("trends", []), "kpis_to_monitor": insights_data.get("kpis_to_monitor", []), "message": "Successfully generated risk insights" } else: raise ValueError("No valid JSON found in response") except Exception as e: # Fallback response fallback_insights = [ { "title": "Cybersecurity Threat Evolution", "description": "Increasing sophistication of cyber attacks requires enhanced security measures", "priority": "High", "recommendation": "Implement zero-trust architecture and advanced threat detection" }, { "title": "Supply Chain Resilience", "description": "Global supply chain disruptions pose ongoing operational risks", "priority": "Medium", "recommendation": "Diversify supplier base and establish contingency plans" } ] return { "success": True, "insights": fallback_insights, "trends": ["Increased remote work security challenges", "Regulatory compliance complexity"], "kpis_to_monitor": ["Mean time to detect threats", "Risk mitigation completion rate"], "message": "Generated fallback risk insights" }