OpenMetadata icon indicating copy to clipboard operation
OpenMetadata copied to clipboard
verified publisher icon open-metadata

Fix #23853: AI Governance and Compliance Framework for AI Applications

Open harshach opened this issue 2 months ago • 9 comments

Describe your changes:

Fixes #23853

I worked on ... because ...

Type of change:

  • [ ] Bug fix
  • [ ] Improvement
  • [ ] New feature
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] Documentation

Checklist:

  • [x] I have read the CONTRIBUTING document.
  • [ ] My PR title is Fixes <issue-number>: <short explanation>
  • [ ] I have commented on my code, particularly in hard-to-understand areas.
  • [ ] For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

Summary by Gitar

  • New AI governance framework:

    • Implements comprehensive compliance tracking for AI applications supporting 9 regulatory frameworks (EU AI Act, NIST AI RMF, Singapore Model AI Governance, Canada AIDA, US AI Bill of Rights, ISO/IEC 42001, UK AI Regulation, China AI Regulations, Custom)
    • Detailed EU AI Act compliance structure with Articles 5 & 6 assessments, risk classification, conformity assessment, and transparency obligations

  • New entity types:

    • AIApplication in entity/ai/aiApplication.json for AI systems (chatbots, agents, copilots, RAG, code generators) with governance metadata and multi-model support
    • AIGovernancePolicy in entity/ai/aiGovernancePolicy.json for policy rules including bias thresholds, data access controls, cost controls, and violation tracking
    • LLMModel in entity/ai/llmModel.json for LLM catalog with capabilities, cost tracking, and bias/performance metrics
    • PromptTemplate in entity/ai/promptTemplate.json for reusable prompt management
    • AgentExecution in entity/ai/agentExecution.json for AI agent execution logging with token usage and cost tracking
    • LLMService for LLM service connections (Anthropic, Azure OpenAI, Bedrock, HuggingFace, Ollama, OpenAI, VertexAI)

  • Reusable compliance type:

    • aiCompliance.json in type/aiCompliance.json with framework-specific assessments, ethical AI evaluation (privacy, fairness, reliability, transparency, accountability, environmental impact), and verification/certification tracking

  • Backend infrastructure:

    • 6 repository classes extending EntityRepository with full CRUD operations, updaters, and relationship management
    • 6 REST resource classes with mappers for entity transformations
    • 5 search index classes with Elasticsearch mappings for metadata discovery
    • Database migrations for MySQL and PostgreSQL creating entity tables with JSON storage and generated columns

  • Shadow AI detection:

    • Registration status tracking (Registered, Unregistered, PendingApproval, Approved, Rejected) in governance metadata
    • Risk assessment with levels, factors, mitigations, and approval workflow support

harshach avatar Oct 13 '25 04:10 harshach

TypeScript types have been updated based on the JSON schema changes in the PR

github-actions[bot] avatar Oct 13 '25 04:10 github-actions[bot]

Jest test Coverage

UI tests summary

Lines Statements Branches Functions
Coverage: 63%
 63.99% (50492/78905) 41.42% (24431/58988) 44.96% (7726/17183)

github-actions[bot] avatar Oct 13 '25 18:10 github-actions[bot]

Quality Gate Passed Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Oct 13 '25 20:10 sonarqubecloud[bot]

TypeScript types have been updated based on the JSON schema changes in the PR

github-actions[bot] avatar Oct 28 '25 10:10 github-actions[bot]

TypeScript types have been updated based on the JSON schema changes in the PR

github-actions[bot] avatar Nov 24 '25 03:11 github-actions[bot]

Quality Gate Passed Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Nov 24 '25 06:11 sonarqubecloud[bot]

CI failed for fa523b6: CI failure: py-run-tests (3.12) - pyodbc 4.0.39 incompatible with Python 3.12 due to removed C-API functions

Issue

The CI job py-run-tests (3.12) fails during dependency installation when building the pyodbc wheel.

Root Cause

The pyodbc package version 4.0.39 uses deprecated Python C-API functions that were removed in Python 3.12:

  • PyUnicode_FromUnicode
  • PyUnicode_AS_UNICODE
  • PyUnicode_GET_SIZE

These functions were deprecated in Python 3.3 and officially removed in Python 3.12.

Error

src/pyodbccompat.h:75:12: error: 'PyUnicode_FromUnicode' was not declared
ERROR: Failed to build installable wheels for some pyproject.toml based projects (pyodbc)
make: *** [ingestion/Makefile:32: install_all] Error 1

Suggested Fix

The solution is to upgrade pyodbc to version 5.0.0 or later in ingestion/pyproject.toml:

# Change from:
pyodbc<5,>=4.0.35

# To:
pyodbc>=5.0.0

Note: pyodbc 5.0.0 was released specifically to add Python 3.12+ support with modern Unicode C-API.

Relationship to PR

This CI failure is NOT related to the PR changes. This PR introduces AI governance backend entities (AIApplication, LLMModel, AIGovernancePolicy, etc.) and does not modify Python dependencies. This is a build environment compatibility issue that affects Python 3.12 test runs.

Reply with Gitar please fix to apply these suggestions.
Auto-apply is off - enable it here to let Gitar commit future updates automatically.
Did we get this right? 👍 / 👎 to help improve future analysis.

gitar-bot[bot] avatar Nov 24 '25 07:11 gitar-bot[bot]

TypeScript types have been updated based on the JSON schema changes in the PR

github-actions[bot] avatar Dec 10 '25 23:12 github-actions[bot]

TypeScript types have been updated based on the JSON schema changes in the PR

github-actions[bot] avatar Dec 11 '25 01:12 github-actions[bot]

🔍 CI failure analysis for 2c36fd6: Multiple CI failures across 7 jobs: (1) Docker build - IBM package, (2) DBT test - consistent Python failure, (3) Playwright - 1 failed/7 flaky, (4) Maven MySQL CI - NEW: test failure + schema file errors for new AI entities.

Issue

Multiple CI job failures detected across 7 jobs:

  1. Docker build failure
  2. DBT Cloud test - consistent across Python versions
  3. Playwright E2E - 1 failed, 7 flaky
  4. Maven MySQL CI - NEW - test failure + schema errors

Root Cause 4 - Maven MySQL CI Failure (NEW - CRITICAL)

Build Result

  • Tests run: 7669
  • Failures: 1
  • Errors: 0
  • Skipped: 707
  • BUILD FAILURE

Failed Test

org.openmetadata.service.resources.apis.APIEndpointResourceTest.postPutPatch_entityCertification

Test suite: APIEndpointResourceTest (100 tests, 1 failure, 6 skipped)

Critical Schema Errors - DIRECTLY RELATED TO PR

Missing schema files for ALL new AI governance entities:

ERROR o.o.s.u.SchemaFieldExtractor - Schema file not found at path: json/schema/entity/data/promptTemplate.json
ERROR o.o.s.u.SchemaFieldExtractor - Schema file not found at path: json/schema/entity/data/llmModel.json
ERROR o.o.s.u.SchemaFieldExtractor - Schema file not found at path: json/schema/entity/data/agentExecution.json
ERROR o.o.s.u.SchemaFieldExtractor - Schema file not found at path: json/schema/entity/data/aiGovernancePolicy.json
ERROR o.o.s.u.SchemaFieldExtractor - Schema file not found at path: json/schema/entity/data/aiApplication.json

All 5 new AI governance entities are missing their schema files in the json/schema/entity/data/ directory.

Additional Errors

  • Multiple lineage migration errors: "Error while updating null json rows with createdAt, createdBy, updatedAt and updatedBy for lineage"
  • RdfIndexApp installation failures (4 occurrences)
  • SecretsManager errors extracting tags

Assessment - PR HAS CRITICAL ISSUES

This failure is DIRECTLY RELATED to the PR:

  1. Missing schema files: The PR adds 5 new AI governance entity types but the schema JSON files are not found at runtime:

    • promptTemplate.json
    • llmModel.json
    • agentExecution.json
    • aiGovernancePolicy.json
    • aiApplication.json

  2. Incorrect schema path: The schemas are likely defined in openmetadata-spec/src/main/resources/json/schema/entity/ai/ but the code is looking for them in json/schema/entity/data/

  3. Test failure: The APIEndpointResourceTest.postPutPatch_entityCertification test failure may be related to the schema errors or entity registration issues

Root cause: The new AI entity schemas need to be:

  • Either moved to the expected entity/data/ directory
  • OR the SchemaFieldExtractor code needs to be updated to look in entity/ai/ directory
  • OR the entity type registration needs to specify the correct schema path

Previous Failures Summary

  1. Docker build: External IBM package issue - Low priority
  2. DBT Cloud test: Consistent failure from main merge - High priority
  3. Playwright E2E: 1 failed (Spreadsheet version), 7 flaky - Medium priority

Details

Jobs Affected:

  • py-run-build-tests (57817681316) - Docker build
  • py-run-tests (3.11/3.10) (3 jobs) - DBT test
  • playwright-ci-postgresql (6, 6) (57817682105) - E2E tests
  • maven-mysql-ci (57817681185) - Maven build/test failure

Suggested Actions

For Maven MySQL CI Failure (URGENT - BLOCKS MERGE)

  1. Verify schema file locations:

    find openmetadata-spec -name "*aiApplication*" -o -name "*llmModel*" -o -name "*promptTemplate*"

  2. Check entity registration - verify how these entities are registered and what schema path they specify

  3. Fix schema path - either:

    • Move schema files from entity/ai/ to entity/data/ if that's the expected location
    • Update SchemaFieldExtractor to look in entity/ai/ for AI governance entities
    • Update entity type definitions to use correct schema paths

  4. Investigate test failure - run APIEndpointResourceTest.postPutPatch_entityCertification locally to understand the root cause

  5. Check build process - ensure schema files are properly included in the build artifacts

For Other Failures

  • Docker build: Low - retry/skip
  • DBT test: High - investigate main branch changes
  • Playwright: Medium - monitor/retry

Priority Summary:

  • Maven MySQL CI: CRITICAL - schema files missing, blocks merge
  • DBT Cloud test: HIGH - needs investigation
  • Playwright E2E: Medium - environmental/flaky
  • Docker build: Low - external dependency

[!TIP] Comment Gitar fix CI or enable auto apply.

Auto-apply is off - Gitar will not commit updates to this branch. Enable by commenting gitar auto-apply:on. Was this helpful? React with 👍 / 👎 | This comment will update automatically (Docs)

gitar-bot[bot] avatar Dec 11 '25 18:12 gitar-bot[bot]

Quality Gate Passed Quality Gate passed for 'open-metadata-ui'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Dec 11 '25 19:12 sonarqubecloud[bot]