veylant/internal/routing/sensitivity.go

package routing

import (
	"github.com/veylant/ia-gateway/internal/pii"
)

// Entity type constants mirror the values emitted by the PII detection layers.
// Regex layer types (high-precision):
const (
	entityIBAN       = "IBAN"
	entityFRSSN      = "FR_SSN"
	entityCreditCard = "CREDIT_CARD"
	entityEmailAddr  = "EMAIL"
	entityPhoneFR    = "PHONE_FR"
	entityPhoneIntl  = "PHONE_INTL"
)

// NER layer types (Presidio / spaCy):
const (
	entityPerson   = "PERSON"
	entityLocation = "LOCATION"
	entityOrg      = "ORGANIZATION"
)

// entitySensitivity maps known entity types to their sensitivity level.
// Types not listed are treated as Low.
var entitySensitivity = map[string]Sensitivity{
	// Critical — financial / identity data; highest regulatory risk
	entityIBAN:       SensitivityCritical,
	entityFRSSN:      SensitivityCritical,
	entityCreditCard: SensitivityCritical,
	// High — personal identifiable data
	entityPerson:   SensitivityHigh,
	entityLocation: SensitivityHigh,
	entityOrg:      SensitivityHigh,
	// Medium — contact information
	entityEmailAddr: SensitivityMedium,
	entityPhoneFR:   SensitivityMedium,
	entityPhoneIntl: SensitivityMedium,
}

// ScoreFromEntities derives a single Sensitivity level from a slice of detected PII entities.
// The score is the maximum level across all entities.
// If no entities are detected, SensitivityNone is returned.
func ScoreFromEntities(entities []pii.Entity) Sensitivity {
	max := SensitivityNone
	for _, e := range entities {
		level, ok := entitySensitivity[e.EntityType]
		if !ok {
			level = SensitivityLow // unknown entity types are at least low
		}
		if level > max {
			max = level
		}
	}
	return max
}