eyeling 1.16.4 → 1.17.0

package/examples/output/interop-demo.n3

@@ -1,34 +1 @@
-@prefix : <https://example.org/demo#> .
-@prefix c: <https://example.org/appC#> .
-@prefix ex: <https://example.org/common#> .
-@prefix log: <http://www.w3.org/2000/10/swap/log#> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-
-:aliceA a ex:Customer .
-:aliceA ex:email "alice@example.com" .
-:aliceA ex:lifetimeSpendEur "1200"^^xsd:decimal .
-:aliceB a ex:Customer .
-:aliceB ex:email "alice@example.com" .
-:aliceB ex:lifetimeSpendEur "1200.00"^^xsd:decimal .
-:aliceB ex:hasOpenInvoice :invoice42 .
-:invoice42 ex:amountDueEur "200"^^xsd:decimal .
-:aliceC a ex:Customer .
-:aliceC ex:email "alice@example.com" .
-:aliceC ex:marketingOptIn true .
-:aliceC ex:preferredChannel c:Email .
-:aliceA ex:sameCustomerAs :aliceA .
-:aliceA ex:sameCustomerAs :aliceB .
-:aliceA ex:sameCustomerAs :aliceC .
-:aliceB ex:sameCustomerAs :aliceA .
-:aliceB ex:sameCustomerAs :aliceB .
-:aliceB ex:sameCustomerAs :aliceC .
-:aliceC ex:sameCustomerAs :aliceA .
-:aliceC ex:sameCustomerAs :aliceB .
-:aliceC ex:sameCustomerAs :aliceC .
-:aliceA ex:hasOpenInvoice :invoice42 .
-:aliceA ex:lifetimeSpendEur "1200.00"^^xsd:decimal .
-:aliceA ex:marketingOptIn true .
-:aliceA ex:preferredChannel c:Email .
-:aliceA ex:eligibleFor ex:GoldDiscount .
-:aliceA ex:recommendedAction ex:ApplyGoldDiscountAndSendInvoiceReminder .
-"001" log:outputString "ACTION: apply GoldDiscount and send invoice reminder (opt-in confirmed)." .
+ACTION: apply GoldDiscount and send invoice reminder (opt-in confirmed).

package/examples/output/odrl-dpv-ehds-risk-ranked.n3

@@ -1,12 +1,21 @@
-@prefix : <https://example.org/odrl-dpv-ehds-risk-ranked#> .
-@prefix log: <http://www.w3.org/2000/10/swap/log#> .
-
-(:AgreementEHDS1 :PatientProfileExample 0) log:outputString "\n=== Ranked DPV Risk Report (EHDS-aligned) ===\nAgreement: EHDS Secondary Use Agreement (example)\nProfile: Example patient profile (EHDS rights expectations)\n\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 900 "H1" 0 _:sk_1) log:outputString "score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H1\n Risk: secondary use is permitted without an EHDS Data Permit safeguard. Clause H1: Hospital may provide electronic health data for secondary use based on a bilateral data use agreement with the applicant.\n\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 900 "H1" 1 _:sk_1 _:sk_2) log:outputString " - mitigation for clause H1: Require an EHDS Data Permit (eu-ehds:DataPermit) issued by a Health Data Access Body prior to secondary use.\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 900 "H2" 0 _:sk_5) log:outputString "score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H2\n Risk: secondary use may include patients who opted out (EHDS A71). Clause H2: Secondary use may include all patient records for training and evaluating health-related algorithms.\n\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 900 "H2" 1 _:sk_5 _:sk_6) log:outputString " - mitigation for clause H2: Add an explicit safeguard to exclude records of persons who exercised the EHDS opt-out from secondary use (A71).\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 912 "H3" 0 _:sk_9) log:outputString "score=88 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H3\n Risk: the agreement permits local downloads rather than processing within a secure processing environment. Clause H3: The applicant may download a complete local copy of the dataset to its own infrastructure for analysis.\n\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 912 "H3" 1 _:sk_9 _:sk_10) log:outputString " - mitigation for clause H3: Require processing only within a secure processing environment (e.g., eu-dga:SecureProcessingEnvironment), and prohibit local downloads of raw datasets.\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 920 "H4" 0 _:sk_12) log:outputString "score=80 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H4\n Risk: secondary-use dataset is only described as pseudonymised, without a safeguard requiring statistically anonymised data for secondary use. Clause H4: The dataset will be provided in pseudonymised form by removing direct identifiers.\n\n" .
-(:AgreementEHDS1 :PatientProfileExample 1 920 "H4" 1 _:sk_12 _:sk_13) log:outputString " - mitigation for clause H4: Require an EHDS Health Data Request for statistically anonymised data (eu-ehds:HealthDataRequest), and add a constraint that secondary-use data must be statistically anonymised.\n" .
+
+=== Ranked DPV Risk Report (EHDS-aligned) ===
+Agreement: EHDS Secondary Use Agreement (example)
+Profile: Example patient profile (EHDS rights expectations)
+
+score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H1
+ Risk: secondary use is permitted without an EHDS Data Permit safeguard. Clause H1: Hospital may provide electronic health data for secondary use based on a bilateral data use agreement with the applicant.
+
+ - mitigation for clause H1: Require an EHDS Data Permit (eu-ehds:DataPermit) issued by a Health Data Access Body prior to secondary use.
+score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H2
+ Risk: secondary use may include patients who opted out (EHDS A71). Clause H2: Secondary use may include all patient records for training and evaluating health-related algorithms.
+
+ - mitigation for clause H2: Add an explicit safeguard to exclude records of persons who exercised the EHDS opt-out from secondary use (A71).
+score=88 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H3
+ Risk: the agreement permits local downloads rather than processing within a secure processing environment. Clause H3: The applicant may download a complete local copy of the dataset to its own infrastructure for analysis.
+
+ - mitigation for clause H3: Require processing only within a secure processing environment (e.g., eu-dga:SecureProcessingEnvironment), and prohibit local downloads of raw datasets.
+score=80 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H4
+ Risk: secondary-use dataset is only described as pseudonymised, without a safeguard requiring statistically anonymised data for secondary use. Clause H4: The dataset will be provided in pseudonymised form by removing direct identifiers.
+
+ - mitigation for clause H4: Require an EHDS Health Data Request for statistically anonymised data (eu-ehds:HealthDataRequest), and add a constraint that secondary-use data must be statistically anonymised.

package/examples/output/odrl-dpv-healthcare-risk-ranked.n3

@@ -1,117 +1,17 @@
-@prefix : <https://example.org/odrl-dpv-healthcare-risk-ranked#> .
-@prefix dct: <http://purl.org/dc/terms/> .
-@prefix dpv: <https://w3id.org/dpv#> .
-@prefix genid: <https://eyereasoner.github.io/.well-known/genid/> .
-@prefix log: <http://www.w3.org/2000/10/swap/log#> .
-@prefix odrl: <http://www.w3.org/ns/odrl/2/> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix risk: <https://w3id.org/dpv/risk#> .
 
-genid:499c8c88-3ef3-7ae0-932f-c74cf4fb20f4 a risk:RiskSource .
-genid:499c8c88-3ef3-7ae0-932f-c74cf4fb20f4 a risk:LegalComplianceRisk .
-genid:499c8c88-3ef3-7ae0-932f-c74cf4fb20f4 dct:source :PermResearchUse .
-genid:499c8c88-3ef3-7ae0-932f-c74cf4fb20f4 dct:description "Research use permitted without explicit consent constraint." .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 a dpv:Risk .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 a risk:PolicyRisk .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 a risk:CustomerConfidenceLoss .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dct:source :PermResearchUse .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 risk:hasRiskSource genid:499c8c88-3ef3-7ae0-932f-c74cf4fb20f4 .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dpv:hasConsequence risk:CustomerConfidenceLoss .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dpv:hasImpact risk:NonMaterialDamage .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dpv:hasImpact risk:FinancialLoss .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 :aboutClause :ClauseH1 .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 :scoreRaw 120 .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 :violatesNeed :Need_ConsentForResearch .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dct:description "Risk: health/genomic data may be used for research without explicit opt-in consent. Clause H1: Hospital may use EHR and genomic data for internal clinical research and publication." .
-:ProcessContextHC1 dpv:hasRisk genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 .
-genid:d8249b0c-66d8-73a8-c1d0-8c7c5256b338 a dpv:RiskMitigationMeasure .
-genid:d8249b0c-66d8-73a8-c1d0-8c7c5256b338 dct:description "Add an explicit consent constraint for secondary research use." .
-genid:d8249b0c-66d8-73a8-c1d0-8c7c5256b338 dpv:mitigatesRisk genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 .
-genid:d8249b0c-66d8-73a8-c1d0-8c7c5256b338 :suggestAdd {
-    :PermResearchUse odrl:constraint _:sk_0 .
-    _:sk_0 a odrl:Constraint .
-    _:sk_0 odrl:leftOperand :explicitConsent .
-    _:sk_0 odrl:operator odrl:eq .
-    _:sk_0 odrl:rightOperand true .
-} .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dpv:isMitigatedByMeasure genid:d8249b0c-66d8-73a8-c1d0-8c7c5256b338 .
-genid:3c85dd80-8e33-c0fa-8b1c-89f4c16ca4cc a risk:RiskSource .
-genid:3c85dd80-8e33-c0fa-8b1c-89f4c16ca4cc a risk:LegalComplianceRisk .
-genid:3c85dd80-8e33-c0fa-8b1c-89f4c16ca4cc dct:source :PermShareWithPharma .
-genid:3c85dd80-8e33-c0fa-8b1c-89f4c16ca4cc dct:description "External sharing permitted without de-identification/pseudonymisation requirement." .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 a dpv:Risk .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 a risk:UnwantedDisclosureData .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 a risk:ReputationalRisk .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dct:source :PermShareWithPharma .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 risk:hasRiskSource genid:3c85dd80-8e33-c0fa-8b1c-89f4c16ca4cc .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dpv:hasConsequence risk:CustomerConfidenceLoss .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dpv:hasImpact risk:NonMaterialDamage .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dpv:hasImpact risk:FinancialLoss .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dpv:hasImpact risk:Discrimination .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 :aboutClause :ClauseH2 .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 :scoreRaw 125 .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 :violatesNeed :Need_DeIdentifyBeforeSharing .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dct:description "Risk: genomic data may be shared with external pharma partners without a de-identification/pseudonymisation requirement. Clause H2: Hospital may share genomic data with pharmaceutical partners for drug discovery and R&D." .
-:ProcessContextHC1 dpv:hasRisk genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 .
-genid:be734cc0-bf89-eac8-fa57-8bfba350cb64 a dpv:RiskMitigationMeasure .
-genid:be734cc0-bf89-eac8-fa57-8bfba350cb64 dct:description "Require de-identification/pseudonymisation before external sharing of genomic data." .
-genid:be734cc0-bf89-eac8-fa57-8bfba350cb64 dpv:mitigatesRisk genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 .
-genid:be734cc0-bf89-eac8-fa57-8bfba350cb64 :suggestAdd {
-    :PermShareWithPharma odrl:constraint _:sk_1 .
-    _:sk_1 a odrl:Constraint .
-    _:sk_1 odrl:leftOperand :deIdentified .
-    _:sk_1 odrl:operator odrl:eq .
-    _:sk_1 odrl:rightOperand true .
-    :PermShareWithPharma odrl:duty _:sk_2 .
-    _:sk_2 a odrl:Duty .
-    _:sk_2 odrl:action :deIdentify .
-    _:sk_2 odrl:constraint _:sk_3 .
-    _:sk_3 a odrl:Constraint .
-    _:sk_3 odrl:leftOperand :deIdentificationStandard .
-    _:sk_3 odrl:operator odrl:eq .
-    _:sk_3 odrl:rightOperand :StateOfTheArt .
-} .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dpv:isMitigatedByMeasure genid:be734cc0-bf89-eac8-fa57-8bfba350cb64 .
-genid:fc8b3e87-761e-e430-a338-09d827d7d764 a risk:RiskSource .
-genid:fc8b3e87-761e-e430-a338-09d827d7d764 a risk:PolicyRisk .
-genid:fc8b3e87-761e-e430-a338-09d827d7d764 dct:source :PermRetention10y .
-genid:fc8b3e87-761e-e430-a338-09d827d7d764 dct:description "Retention period exceeds patient preference." .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec a dpv:Risk .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec a risk:PolicyRisk .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec a risk:CustomerConfidenceLoss .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec dct:source :PermRetention10y .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec risk:hasRiskSource genid:fc8b3e87-761e-e430-a338-09d827d7d764 .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec dpv:hasConsequence risk:CustomerConfidenceLoss .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec dpv:hasImpact risk:NonMaterialDamage .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec :aboutClause :ClauseH4 .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec :scoreRaw 70 .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec :violatesNeed :Need_RetentionLimit3y .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec dct:description "Risk: retention (3650 days) exceeds patient preference (1095 days). Clause H4: Hospital retains patient health records for 10 years." .
-:ProcessContextHC1 dpv:hasRisk genid:e333f4ec-b543-e01c-ae40-fce8760f4fec .
-genid:4576211e-2495-d7a8-ebb0-5eb4707c9ce4 a dpv:RiskMitigationMeasure .
-genid:4576211e-2495-d7a8-ebb0-5eb4707c9ce4 dct:description "Limit retention to 3 years (or document the legal obligation requiring longer retention)." .
-genid:4576211e-2495-d7a8-ebb0-5eb4707c9ce4 dpv:mitigatesRisk genid:e333f4ec-b543-e01c-ae40-fce8760f4fec .
-genid:4576211e-2495-d7a8-ebb0-5eb4707c9ce4 :suggestAdd {
-    :PermRetention10y odrl:constraint _:sk_4 .
-    _:sk_4 a odrl:Constraint .
-    _:sk_4 odrl:leftOperand :retentionDays .
-    _:sk_4 odrl:operator odrl:lteq .
-    _:sk_4 odrl:rightOperand 1095 .
-} .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec dpv:isMitigatedByMeasure genid:4576211e-2495-d7a8-ebb0-5eb4707c9ce4 .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 :score 100 .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 :score 100 .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec :score 70 .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dpv:hasSeverity risk:HighSeverity .
-genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 dpv:hasRiskLevel risk:HighRisk .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dpv:hasSeverity risk:HighSeverity .
-genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 dpv:hasRiskLevel risk:HighRisk .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec dpv:hasSeverity risk:ModerateSeverity .
-genid:e333f4ec-b543-e01c-ae40-fce8760f4fec dpv:hasRiskLevel risk:ModerateRisk .
-(:AgreementHC1 :PatientExample 0) log:outputString "\n=== Ranked DPV Risk Report (Healthcare & Life Sciences) ===\nAgreement: Example Healthcare & Life-Sciences Data Use Agreement\nProfile: Example patient profile\n\n" .
-(:AgreementHC1 :PatientExample 1 900 "H1" 0 genid:6e6083d0-be14-5284-ce15-b2f04cc273c8) log:outputString "score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause H1\n  Risk: health/genomic data may be used for research without explicit opt-in consent. Clause H1: Hospital may use EHR and genomic data for internal clinical research and publication.\n\n" .
-(:AgreementHC1 :PatientExample 1 900 "H2" 0 genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280) log:outputString "score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause H2\n  Risk: genomic data may be shared with external pharma partners without a de-identification/pseudonymisation requirement. Clause H2: Hospital may share genomic data with pharmaceutical partners for drug discovery and R&D.\n\n" .
-(:AgreementHC1 :PatientExample 1 930 "H4" 0 genid:e333f4ec-b543-e01c-ae40-fce8760f4fec) log:outputString "score=70 (https://w3id.org/dpv/risk#ModerateRisk, https://w3id.org/dpv/risk#ModerateSeverity)  clause H4\n  Risk: retention (3650 days) exceeds patient preference (1095 days). Clause H4: Hospital retains patient health records for 10 years.\n\n" .
-(:AgreementHC1 :PatientExample 1 900 "H1" 1 genid:6e6083d0-be14-5284-ce15-b2f04cc273c8 genid:d8249b0c-66d8-73a8-c1d0-8c7c5256b338) log:outputString "  - mitigation for clause H1: Add an explicit consent constraint for secondary research use.\n" .
-(:AgreementHC1 :PatientExample 1 900 "H2" 1 genid:b9e2eab8-2d4b-c4a4-50ea-6468777be280 genid:be734cc0-bf89-eac8-fa57-8bfba350cb64) log:outputString "  - mitigation for clause H2: Require de-identification/pseudonymisation before external sharing of genomic data.\n" .
-(:AgreementHC1 :PatientExample 1 930 "H4" 1 genid:e333f4ec-b543-e01c-ae40-fce8760f4fec genid:4576211e-2495-d7a8-ebb0-5eb4707c9ce4) log:outputString "  - mitigation for clause H4: Limit retention to 3 years (or document the legal obligation requiring longer retention).\n" .
+=== Ranked DPV Risk Report (Healthcare & Life Sciences) ===
+Agreement: Example Healthcare & Life-Sciences Data Use Agreement
+Profile: Example patient profile
+
+score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause H1
+  Risk: health/genomic data may be used for research without explicit opt-in consent. Clause H1: Hospital may use EHR and genomic data for internal clinical research and publication.
+
+  - mitigation for clause H1: Add an explicit consent constraint for secondary research use.
+score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause H2
+  Risk: genomic data may be shared with external pharma partners without a de-identification/pseudonymisation requirement. Clause H2: Hospital may share genomic data with pharmaceutical partners for drug discovery and R&D.
+
+  - mitigation for clause H2: Require de-identification/pseudonymisation before external sharing of genomic data.
+score=70 (https://w3id.org/dpv/risk#ModerateRisk, https://w3id.org/dpv/risk#ModerateSeverity)  clause H4
+  Risk: retention (3650 days) exceeds patient preference (1095 days). Clause H4: Hospital retains patient health records for 10 years.
+
+  - mitigation for clause H4: Limit retention to 3 years (or document the legal obligation requiring longer retention).

package/examples/output/odrl-dpv-risk-ranked.n3

@@ -1,13 +1,22 @@
-@prefix : <https://example.org/odrl-dpv-risk-ranked#> .
-@prefix log: <http://www.w3.org/2000/10/swap/log#> .
-
-(:Agreement1 :ConsumerExample 0) log:outputString "\n=== Ranked DPV Risk Report ===\nAgreement: Example Agreement\nProfile: Example consumer profile\n\n" .
-(:Agreement1 :ConsumerExample 1 900 "C1" 0 _:sk_1) log:outputString "score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C1\n  Risk: account/data removal is permitted without notice safeguards (no notice constraint and no duty to inform). Clause C1: Provider may remove the user account (and associated data) at its discretion.\n\n" .
-(:Agreement1 :ConsumerExample 1 900 "C1" 1 _:sk_1 _:sk_2) log:outputString "  - mitigation for clause C1: Add a notice constraint (minimum noticeDays) before account removal.\n" .
-(:Agreement1 :ConsumerExample 1 900 "C1" 1 _:sk_1 _:sk_4) log:outputString "  - mitigation for clause C1: Add a duty to inform the consumer prior to account removal.\n" .
-(:Agreement1 :ConsumerExample 1 903 "C3" 0 _:sk_12) log:outputString "score=97 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C3\n  Risk: user data sharing is permitted without an explicit consent constraint. Clause C3: Provider may share user data with partners for business purposes.\n\n" .
-(:Agreement1 :ConsumerExample 1 903 "C3" 1 _:sk_12 _:sk_13) log:outputString "  - mitigation for clause C3: Add an explicit consent constraint before data sharing.\n" .
-(:Agreement1 :ConsumerExample 1 915 "C2" 0 _:sk_7) log:outputString "score=85 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C2\n  Risk: terms may change with notice (3 days) below consumer requirement (14 days). Clause C2: Provider may change terms by informing users at least 3 days in advance.\n\n" .
-(:Agreement1 :ConsumerExample 1 915 "C2" 1 _:sk_7 _:sk_8) log:outputString "  - mitigation for clause C2: Increase minimum noticeDays in the inform duty to meet the consumer requirement.\n" .
-(:Agreement1 :ConsumerExample 1 930 "C4" 0 _:sk_16) log:outputString "score=70 (https://w3id.org/dpv/risk#ModerateRisk, https://w3id.org/dpv/risk#ModerateSeverity)  clause C4\n  Risk: portability is restricted because exporting user data is prohibited. Clause C4: Users are not permitted to export their data.\n\n" .
-(:Agreement1 :ConsumerExample 1 930 "C4" 1 _:sk_16 _:sk_17) log:outputString "  - mitigation for clause C4: Add a permission allowing data export (or remove the prohibition) to support portability.\n" .
+
+=== Ranked DPV Risk Report ===
+Agreement: Example Agreement
+Profile: Example consumer profile
+
+score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C1
+  Risk: account/data removal is permitted without notice safeguards (no notice constraint and no duty to inform). Clause C1: Provider may remove the user account (and associated data) at its discretion.
+
+  - mitigation for clause C1: Add a notice constraint (minimum noticeDays) before account removal.
+  - mitigation for clause C1: Add a duty to inform the consumer prior to account removal.
+score=97 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C3
+  Risk: user data sharing is permitted without an explicit consent constraint. Clause C3: Provider may share user data with partners for business purposes.
+
+  - mitigation for clause C3: Add an explicit consent constraint before data sharing.
+score=85 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C2
+  Risk: terms may change with notice (3 days) below consumer requirement (14 days). Clause C2: Provider may change terms by informing users at least 3 days in advance.
+
+  - mitigation for clause C2: Increase minimum noticeDays in the inform duty to meet the consumer requirement.
+score=70 (https://w3id.org/dpv/risk#ModerateRisk, https://w3id.org/dpv/risk#ModerateSeverity)  clause C4
+  Risk: portability is restricted because exporting user data is prohibited. Clause C4: Users are not permitted to export their data.
+
+  - mitigation for clause C4: Add a permission allowing data export (or remove the prohibition) to support portability.

package/examples/output/odrl-risk-mitigation.n3

@@ -1,207 +1,18 @@
-@prefix : <https://example.org/odrl-mitigation-demo#> .
-@prefix genid: <https://eyereasoner.github.io/.well-known/genid/> .
-@prefix log: <http://www.w3.org/2000/10/swap/log#> .
-@prefix odrl: <http://www.w3.org/ns/odrl/2/> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c a :Risk .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :aboutAgreement :Agreement3 .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :forProfile :ConsumerCarol .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :aboutClause :ClauseD1 .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :clauseId "D1" .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :issue :NoticeTooShort .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :baseScore 70 .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :needWeight 15 .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :rawScore 85 .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :title "Notice period too short" .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :explanation "This clause is risky because the notice period (3 days) is below the consumer requirement (14 days). Clause D1: We may change these terms with notice. Notice may be as short as 3 days." .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :violatesNeed :Need_ChangeOnlyWithPriorNotice .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 a :Risk .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :aboutAgreement :Agreement3 .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :forProfile :ConsumerCarol .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :aboutClause :ClauseD2 .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :clauseId "D2" .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :issue :AutoRenewNoReminder .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :baseScore 75 .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :needWeight 10 .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :rawScore 85 .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :title "Auto-renewal without reminder" .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :explanation "This clause is risky because it allows auto-renewal without a reminder. Consumer needs at least 7 days reminder. Clause D2: Your subscription renews automatically unless you cancel." .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :violatesNeed :Need_ReminderBeforeAutoRenew .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 a :Risk .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :aboutAgreement :Agreement3 .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :forProfile :ConsumerCarol .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :aboutClause :ClauseD3 .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :clauseId "D3" .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :issue :NonRefundableFee .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :baseScore 70 .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :needWeight 9 .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :rawScore 79 .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :title "Non-refundable fees" .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :explanation "This clause is risky because it declares fees non-refundable, conflicting with a refund/cooling-off expectation (>= 14 days). Clause D3: All fees are non-refundable." .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :violatesNeed :Need_RefundRequired .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 a :Risk .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :aboutAgreement :Agreement3 .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :forProfile :ConsumerCarol .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :aboutClause :ClauseD4 .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :clauseId "D4" .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :issue :TrackingNoOptIn .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :baseScore 80 .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :needWeight 9 .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :rawScore 89 .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :title "Tracking without opt-in" .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :explanation "This clause is risky because it permits tracking without explicit opt-in consent. Clause D4: We may track your activity to improve services." .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :violatesNeed :Need_NoTrackingWithoutOptIn .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 a :Risk .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :aboutAgreement :Agreement3 .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :forProfile :ConsumerCarol .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :aboutClause :ClauseD5 .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :clauseId "D5" .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :issue :NoDataExport .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :baseScore 85 .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :needWeight 8 .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :rawScore 93 .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :title "No data export / portability" .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :explanation "This clause is risky because it prohibits exporting data, undermining portability. Clause D5: You may not export or download your data from the service." .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :violatesNeed :Need_DataPortability .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 a :Risk .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :aboutAgreement :Agreement3 .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :forProfile :ConsumerCarol .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :aboutClause :ClauseD6 .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :clauseId "D6" .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :issue :ProviderMayDeleteData .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :baseScore 90 .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :needWeight 12 .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :rawScore 102 .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :title "Provider can delete user data" .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :explanation "This clause is risky because it allows the provider to delete the consumer’s data. Clause D6: We may delete your data at our discretion." .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :violatesNeed :Need_DataNotRemoved .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 a :Risk .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :aboutAgreement :Agreement3 .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :forProfile :ConsumerCarol .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :aboutClause :ClauseD2 .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :clauseId "D2" .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :issue :LiabilityCapTooLow .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :baseScore 65 .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :needWeight 8 .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :rawScore 73 .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :title "Liability cap too low" .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :explanation "This clause is risky because the liability cap (20 EUR) is below the consumer minimum (200 EUR). Clause D2: Your subscription renews automatically unless you cancel." .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :violatesNeed :Need_MinLiabilityCap .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :hasMitigation genid:b3e644a0-842d-779a-8ba9-1dc01addf40c .
-genid:b3e644a0-842d-779a-8ba9-1dc01addf40c a :Mitigation .
-genid:b3e644a0-842d-779a-8ba9-1dc01addf40c :forRisk genid:3f3359e8-5625-adf0-e2cd-874038dc706c .
-genid:b3e644a0-842d-779a-8ba9-1dc01addf40c :fixText "Suggested fix: ensure prior-notice duty specifies noticeDays >= 14." .
-genid:b3e644a0-842d-779a-8ba9-1dc01addf40c :suggestAdd {
-    :PermChangeTerms odrl:duty _:sk_0 .
-    _:sk_0 a odrl:Duty .
-    _:sk_0 odrl:action :notifyPriorNotice .
-    _:sk_0 odrl:constraint _:sk_1 .
-    _:sk_1 a odrl:Constraint .
-    _:sk_1 odrl:leftOperand :noticeDays .
-    _:sk_1 odrl:operator odrl:gteq .
-    _:sk_1 odrl:rightOperand 14 .
-} .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :hasMitigation genid:53e75400-cf4d-9998-7ed7-3eeae4d6be7c .
-genid:53e75400-cf4d-9998-7ed7-3eeae4d6be7c a :Mitigation .
-genid:53e75400-cf4d-9998-7ed7-3eeae4d6be7c :forRisk genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 .
-genid:53e75400-cf4d-9998-7ed7-3eeae4d6be7c :fixText "Suggested fix: add a reminder duty for auto-renewal with reminderDays >= 7." .
-genid:53e75400-cf4d-9998-7ed7-3eeae4d6be7c :suggestAdd {
-    :PermAutoRenew odrl:duty _:sk_2 .
-    _:sk_2 a odrl:Duty .
-    _:sk_2 odrl:action :sendRenewalReminder .
-    _:sk_2 odrl:constraint _:sk_3 .
-    _:sk_3 a odrl:Constraint .
-    _:sk_3 odrl:leftOperand :reminderDays .
-    _:sk_3 odrl:operator odrl:gteq .
-    _:sk_3 odrl:rightOperand 7 .
-} .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :hasMitigation genid:585ce30c-2b91-8280-fe57-6f28f39a3ed8 .
-genid:585ce30c-2b91-8280-fe57-6f28f39a3ed8 a :Mitigation .
-genid:585ce30c-2b91-8280-fe57-6f28f39a3ed8 :forRisk genid:3a9b6398-3d57-879a-90e6-498980eeaf08 .
-genid:585ce30c-2b91-8280-fe57-6f28f39a3ed8 :fixText "Suggested fix: allow refunds (e.g., refundAllowed=true) or define a cooling-off period >= 14 days." .
-genid:585ce30c-2b91-8280-fe57-6f28f39a3ed8 :suggestAdd {
-    :PermChargeFee odrl:constraint _:sk_4 .
-    _:sk_4 a odrl:Constraint .
-    _:sk_4 odrl:leftOperand :refundAllowed .
-    _:sk_4 odrl:operator odrl:eq .
-    _:sk_4 odrl:rightOperand true .
-    :PermChargeFee odrl:constraint _:sk_5 .
-    _:sk_5 a odrl:Constraint .
-    _:sk_5 odrl:leftOperand :coolingOffDays .
-    _:sk_5 odrl:operator odrl:gteq .
-    _:sk_5 odrl:rightOperand 14 .
-} .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :hasMitigation genid:622a8baf-e258-fe50-fb3b-81463784ae40 .
-genid:622a8baf-e258-fe50-fb3b-81463784ae40 a :Mitigation .
-genid:622a8baf-e258-fe50-fb3b-81463784ae40 :forRisk genid:8468c67c-e2dd-8af8-fa31-006485a75788 .
-genid:622a8baf-e258-fe50-fb3b-81463784ae40 :fixText "Suggested fix: require opt-in consent for tracking (optInConsent=true)." .
-genid:622a8baf-e258-fe50-fb3b-81463784ae40 :suggestAdd {
-    :PermTrackUser odrl:constraint _:sk_6 .
-    _:sk_6 a odrl:Constraint .
-    _:sk_6 odrl:leftOperand :optInConsent .
-    _:sk_6 odrl:operator odrl:eq .
-    _:sk_6 odrl:rightOperand true .
-} .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :hasMitigation genid:4728cce8-e55c-33a6-ff43-0284c37b050c .
-genid:4728cce8-e55c-33a6-ff43-0284c37b050c a :Mitigation .
-genid:4728cce8-e55c-33a6-ff43-0284c37b050c :forRisk genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 .
-genid:4728cce8-e55c-33a6-ff43-0284c37b050c :fixText "Suggested fix: add a permission to export/download user data (data portability)." .
-genid:4728cce8-e55c-33a6-ff43-0284c37b050c :suggestAdd {
-    :Policy3 odrl:permission _:sk_7 .
-    _:sk_7 a odrl:Permission .
-    _:sk_7 odrl:action :exportData .
-    _:sk_7 odrl:target :UserData .
-} .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :hasMitigation genid:33f8e7b9-1987-7832-0892-a8ec90448424 .
-genid:33f8e7b9-1987-7832-0892-a8ec90448424 a :Mitigation .
-genid:33f8e7b9-1987-7832-0892-a8ec90448424 :forRisk genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 .
-genid:33f8e7b9-1987-7832-0892-a8ec90448424 :fixText "Suggested fix: remove provider discretion to delete data; allow deletion only on consumer request or legal obligation." .
-genid:33f8e7b9-1987-7832-0892-a8ec90448424 :suggestAdd {
-    :PermDeleteUserData odrl:constraint _:sk_8 .
-    _:sk_8 a odrl:Constraint .
-    _:sk_8 odrl:leftOperand :deletionGround .
-    _:sk_8 odrl:operator odrl:isAnyOf .
-    _:sk_8 odrl:rightOperand (:consumerRequest :legalObligation) .
-} .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :hasMitigation genid:478eac18-8c36-6188-b439-dda12b98fac8 .
-genid:478eac18-8c36-6188-b439-dda12b98fac8 a :Mitigation .
-genid:478eac18-8c36-6188-b439-dda12b98fac8 :forRisk genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 .
-genid:478eac18-8c36-6188-b439-dda12b98fac8 :fixText "Suggested fix: raise liabilityCapEuro so it is >= 200 EUR (or remove the cap where inappropriate)." .
-genid:478eac18-8c36-6188-b439-dda12b98fac8 :suggestAdd {
-    :PermAutoRenew odrl:constraint _:sk_9 .
-    _:sk_9 a odrl:Constraint .
-    _:sk_9 odrl:leftOperand :liabilityCapEuro .
-    _:sk_9 odrl:operator odrl:gteq .
-    _:sk_9 odrl:rightOperand 200 .
-} .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :score 100 .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :score 85 .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :score 85 .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :score 79 .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :score 89 .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :score 93 .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :score 73 .
-genid:3f3359e8-5625-adf0-e2cd-874038dc706c :severity :High .
-genid:d48f3244-c9ff-62e2-46d1-44d4c6a9c3d8 :severity :High .
-genid:8468c67c-e2dd-8af8-fa31-006485a75788 :severity :High .
-genid:e1830d38-0c5f-d24e-add5-a27d9cf99088 :severity :High .
-genid:c5c6e14a-6858-7d40-10ca-c460597f1ae8 :severity :High .
-genid:3a9b6398-3d57-879a-90e6-498980eeaf08 :severity :Medium .
-genid:9bdfab08-d724-d5c8-ba20-5e23053c80f4 :severity :Medium .
-(:Agreement3 :ConsumerCarol 0) log:outputString "\n=== Risk report for Example Platform Agreement (with fixes) (profile: Carol (example consumer)) ===\n" .
-(:Agreement3 :ConsumerCarol 999) log:outputString "\n--- Suggested mitigations (highest risk first) ---\n" .
-(:Agreement3 :ConsumerCarol 1) log:outputString "1) score=100 (https://example.org/odrl-mitigation-demo#High), clause D6 — Provider can delete user data. This clause is risky because it allows the provider to delete the consumer’s data. Clause D6: We may delete your data at our discretion.\n" .
-(:Agreement3 :ConsumerCarol 2) log:outputString "2) score=93 (https://example.org/odrl-mitigation-demo#High), clause D5 — No data export / portability. This clause is risky because it prohibits exporting data, undermining portability. Clause D5: You may not export or download your data from the service.\n" .
-(:Agreement3 :ConsumerCarol 3) log:outputString "3) score=89 (https://example.org/odrl-mitigation-demo#High), clause D4 — Tracking without opt-in. This clause is risky because it permits tracking without explicit opt-in consent. Clause D4: We may track your activity to improve services.\n" .
-(:Agreement3 :ConsumerCarol 4) log:outputString "4) score=85 (https://example.org/odrl-mitigation-demo#High), clause D2 — Auto-renewal without reminder. This clause is risky because it allows auto-renewal without a reminder. Consumer needs at least 7 days reminder. Clause D2: Your subscription renews automatically unless you cancel.\n" .
-(:Agreement3 :ConsumerCarol 5) log:outputString "5) score=85 (https://example.org/odrl-mitigation-demo#High), clause D1 — Notice period too short. This clause is risky because the notice period (3 days) is below the consumer requirement (14 days). Clause D1: We may change these terms with notice. Notice may be as short as 3 days.\n" .
-(:Agreement3 :ConsumerCarol 6) log:outputString "6) score=79 (https://example.org/odrl-mitigation-demo#Medium), clause D3 — Non-refundable fees. This clause is risky because it declares fees non-refundable, conflicting with a refund/cooling-off expectation (>= 14 days). Clause D3: All fees are non-refundable.\n" .
-(:Agreement3 :ConsumerCarol 7) log:outputString "7) score=73 (https://example.org/odrl-mitigation-demo#Medium), clause D2 — Liability cap too low. This clause is risky because the liability cap (20 EUR) is below the consumer minimum (200 EUR). Clause D2: Your subscription renews automatically unless you cancel.\n" .
-(:Agreement3 :ConsumerCarol (1000 1)) log:outputString "1) clause D6 — Provider can delete user data (score=100). Suggested fix: remove provider discretion to delete data; allow deletion only on consumer request or legal obligation.\n" .
-(:Agreement3 :ConsumerCarol (1000 2)) log:outputString "2) clause D5 — No data export / portability (score=93). Suggested fix: add a permission to export/download user data (data portability).\n" .
-(:Agreement3 :ConsumerCarol (1000 3)) log:outputString "3) clause D4 — Tracking without opt-in (score=89). Suggested fix: require opt-in consent for tracking (optInConsent=true).\n" .
-(:Agreement3 :ConsumerCarol (1000 4)) log:outputString "4) clause D2 — Auto-renewal without reminder (score=85). Suggested fix: add a reminder duty for auto-renewal with reminderDays >= 7.\n" .
-(:Agreement3 :ConsumerCarol (1000 5)) log:outputString "5) clause D1 — Notice period too short (score=85). Suggested fix: ensure prior-notice duty specifies noticeDays >= 14.\n" .
-(:Agreement3 :ConsumerCarol (1000 6)) log:outputString "6) clause D3 — Non-refundable fees (score=79). Suggested fix: allow refunds (e.g., refundAllowed=true) or define a cooling-off period >= 14 days.\n" .
-(:Agreement3 :ConsumerCarol (1000 7)) log:outputString "7) clause D2 — Liability cap too low (score=73). Suggested fix: raise liabilityCapEuro so it is >= 200 EUR (or remove the cap where inappropriate).\n" .
+=== Risk report for Example Platform Agreement (with fixes) (profile: Carol (example consumer)) ===
+1) score=100 (https://example.org/odrl-mitigation-demo#High), clause D6 — Provider can delete user data. This clause is risky because it allows the provider to delete the consumer’s data. Clause D6: We may delete your data at our discretion.
+2) score=93 (https://example.org/odrl-mitigation-demo#High), clause D5 — No data export / portability. This clause is risky because it prohibits exporting data, undermining portability. Clause D5: You may not export or download your data from the service.
+3) score=89 (https://example.org/odrl-mitigation-demo#High), clause D4 — Tracking without opt-in. This clause is risky because it permits tracking without explicit opt-in consent. Clause D4: We may track your activity to improve services.
+4) score=85 (https://example.org/odrl-mitigation-demo#High), clause D2 — Auto-renewal without reminder. This clause is risky because it allows auto-renewal without a reminder. Consumer needs at least 7 days reminder. Clause D2: Your subscription renews automatically unless you cancel.
+5) score=85 (https://example.org/odrl-mitigation-demo#High), clause D1 — Notice period too short. This clause is risky because the notice period (3 days) is below the consumer requirement (14 days). Clause D1: We may change these terms with notice. Notice may be as short as 3 days.
+6) score=79 (https://example.org/odrl-mitigation-demo#Medium), clause D3 — Non-refundable fees. This clause is risky because it declares fees non-refundable, conflicting with a refund/cooling-off expectation (>= 14 days). Clause D3: All fees are non-refundable.
+7) score=73 (https://example.org/odrl-mitigation-demo#Medium), clause D2 — Liability cap too low. This clause is risky because the liability cap (20 EUR) is below the consumer minimum (200 EUR). Clause D2: Your subscription renews automatically unless you cancel.
+
+--- Suggested mitigations (highest risk first) ---
+1) clause D6 — Provider can delete user data (score=100). Suggested fix: remove provider discretion to delete data; allow deletion only on consumer request or legal obligation.
+2) clause D5 — No data export / portability (score=93). Suggested fix: add a permission to export/download user data (data portability).
+3) clause D4 — Tracking without opt-in (score=89). Suggested fix: require opt-in consent for tracking (optInConsent=true).
+4) clause D2 — Auto-renewal without reminder (score=85). Suggested fix: add a reminder duty for auto-renewal with reminderDays >= 7.
+5) clause D1 — Notice period too short (score=85). Suggested fix: ensure prior-notice duty specifies noticeDays >= 14.
+6) clause D3 — Non-refundable fees (score=79). Suggested fix: allow refunds (e.g., refundAllowed=true) or define a cooling-off period >= 14 days.
+7) clause D2 — Liability cap too low (score=73). Suggested fix: raise liabilityCapEuro so it is >= 200 EUR (or remove the cap where inappropriate).

package/examples/output/odrl-risk.n3

@@ -1,64 +1,6 @@
-@prefix : <https://example.org/agreement#> .
-@prefix genid: <https://eyereasoner.github.io/.well-known/genid/> .
-@prefix log: <http://www.w3.org/2000/10/swap/log#> .
 
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c a :Risk .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :aboutAgreement :Agreement1 .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :forProfile :ConsumerAlice .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :aboutClause :ClauseC1 .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :clauseId "C1" .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :issue :UnilateralChangeNoNotice .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :baseScore 80 .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :needWeight 15 .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :rawScore 95 .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :title "Unilateral change without notice" .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :explanation "This clause is risky because it allows unilateral changes without any prior notice. Clause C1: We may change these terms at any time. Continued use means acceptance." .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :violatesNeed :Need_ChangeOnlyWithPriorNotice .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 a :Risk .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :aboutAgreement :Agreement1 .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :forProfile :ConsumerAlice .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :aboutClause :ClauseC2 .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :clauseId "C2" .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :issue :ProviderMayDeleteData .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :baseScore 90 .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :needWeight 20 .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :rawScore 110 .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :title "Provider can delete user data" .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :explanation "This clause is risky because it allows the provider to remove (delete) the consumer’s data. Clause C2: We may delete your data at our discretion, with or without notice." .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :violatesNeed :Need_DataNotRemoved .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c a :Risk .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :aboutAgreement :Agreement1 .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :forProfile :ConsumerAlice .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :aboutClause :ClauseC3 .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :clauseId "C3" .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :issue :ShareDataNoConsent .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :baseScore 85 .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :needWeight 10 .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :rawScore 95 .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :title "Data sharing without consent" .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :explanation "This clause is risky because it permits data sharing without an explicit consent requirement. Clause C3: We may share your data with partners for any purpose." .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :violatesNeed :Need_NoDataSharingWithoutConsent .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac a :Risk .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :aboutAgreement :Agreement1 .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :forProfile :ConsumerAlice .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :aboutClause :ClauseC4 .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :clauseId "C4" .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :issue :CourtAccessWaiver .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :baseScore 60 .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :needWeight 0 .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :rawScore 60 .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :title "Court access waiver / mandatory arbitration" .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :explanation "This clause is risky because it restricts access to court (mandatory arbitration / waiver). Clause C4: You waive your right to go to court; disputes must be arbitrated." .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :score 100 .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :score 95 .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :score 95 .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :score 60 .
-genid:9e402628-fc3c-e85a-350e-f368732d4b0c :severity :High .
-genid:0d0c3c78-2199-4018-1033-0b0c76a92e40 :severity :High .
-genid:ebe89ac4-7141-3050-6326-e52c9c7bc26c :severity :High .
-genid:17ae61d8-580b-ff0e-b030-955c75047eac :severity :Medium .
-(:Agreement1 :ConsumerAlice 0) log:outputString "\n=== Risk report for Example SaaS Agreement (profile: Alice (example consumer)) ===\n" .
-(:Agreement1 :ConsumerAlice 1) log:outputString "1) score=100 (https://example.org/agreement#High), clause C2 — Provider can delete user data. This clause is risky because it allows the provider to remove (delete) the consumer’s data. Clause C2: We may delete your data at our discretion, with or without notice.\n" .
-(:Agreement1 :ConsumerAlice 2) log:outputString "2) score=95 (https://example.org/agreement#High), clause C3 — Data sharing without consent. This clause is risky because it permits data sharing without an explicit consent requirement. Clause C3: We may share your data with partners for any purpose.\n" .
-(:Agreement1 :ConsumerAlice 3) log:outputString "3) score=95 (https://example.org/agreement#High), clause C1 — Unilateral change without notice. This clause is risky because it allows unilateral changes without any prior notice. Clause C1: We may change these terms at any time. Continued use means acceptance.\n" .
-(:Agreement1 :ConsumerAlice 4) log:outputString "4) score=60 (https://example.org/agreement#Medium), clause C4 — Court access waiver / mandatory arbitration. This clause is risky because it restricts access to court (mandatory arbitration / waiver). Clause C4: You waive your right to go to court; disputes must be arbitrated.\n" .
+=== Risk report for Example SaaS Agreement (profile: Alice (example consumer)) ===
+1) score=100 (https://example.org/agreement#High), clause C2 — Provider can delete user data. This clause is risky because it allows the provider to remove (delete) the consumer’s data. Clause C2: We may delete your data at our discretion, with or without notice.
+2) score=95 (https://example.org/agreement#High), clause C3 — Data sharing without consent. This clause is risky because it permits data sharing without an explicit consent requirement. Clause C3: We may share your data with partners for any purpose.
+3) score=95 (https://example.org/agreement#High), clause C1 — Unilateral change without notice. This clause is risky because it allows unilateral changes without any prior notice. Clause C1: We may change these terms at any time. Continued use means acceptance.
+4) score=60 (https://example.org/agreement#Medium), clause C4 — Court access waiver / mandatory arbitration. This clause is risky because it restricts access to court (mandatory arbitration / waiver). Clause C4: You waive your right to go to court; disputes must be arbitrated.

package/examples/output/parcellocker.n3

@@ -0,0 +1,20 @@
+ParcelLocker — One-time parcel pickup by a friend
+
+Answer
+PERMIT
+Noah may collect Maya's parcel from locker B17.
+
+Reason Why
+Maya created a one-time authorization for Noah only, for this parcel only, at this locker only, and for pickup only. The token is active, the parcel is ready, and the same authorization does not reveal billing details or allow redirection.
+
+Check
+C1  OK - requester matches the named delegate
+C2  OK - requested parcel matches the authorized parcel
+C3  OK - requested locker matches the authorized locker
+C4  OK - requested action is parcel collection
+C5  OK - requested purpose is pickup only
+C6  OK - authorization is active
+C7  OK - authorization is single-use
+C8  OK - parcel is ready for pickup
+C9  OK - billing details stay hidden
+C10 OK - parcel redirection is not allowed