eyeling 1.24.27 → 1.24.28

package/examples/odrl-dpv-ehds-risk-ranked.n3

@@ -410,7 +410,7 @@
 {
   :AgreementEHDS1 dct:title ?alabel .
   :PatientProfileExample dct:title ?plabel .
-  ( "# odrl-dpv-ehds-risk-ranked\n\n## Source files\n\n- [N3 rules](../odrl-dpv-ehds-risk-ranked.n3)\n\n## Ranked DPV Risk Report (EHDS-aligned)\nAgreement: %s\nProfile: %s\n\n"
+  ( "# odrl-dpv-ehds-risk-ranked\n\n## Source files\n\n- [N3 rules](../odrl-dpv-ehds-risk-ranked.n3)\n\n## Ranked DPV Risk Report (EHDS-aligned)\n\n**Agreement:** %s\n**Profile:** %s\n\n"
     ?alabel ?plabel ) string:format ?hdr .
 }
 log:query
@@ -428,8 +428,8 @@ log:query
      dct:description ?why .
   ?clause :clauseId ?cid .
   ( 1000 ?score ) math:difference ?inv .
-  ( "score=%s (%s, %s) clause %s\n %s\n\n"
-    ?score ?lvl ?sev ?cid ?why ) string:format ?line .
+  ( "### Clause %s — score %s\n\n**Risk level:** `%s`\n**Severity:** `%s`\n\n%s\n\n"
+    ?cid ?score ?lvl ?sev ?why ) string:format ?line .
 }
 log:query
 {
@@ -445,7 +445,7 @@ log:query
   ?clause :clauseId ?cid .
   ?m dct:description ?md .
   ( 1000 ?score ) math:difference ?inv .
-  ( " - mitigation for clause %s: %s\n" ?cid ?md ) string:format ?mline .
+  ( "- **Mitigation for clause %s:** %s\n\n" ?cid ?md ) string:format ?mline .
 }
 log:query
 {

package/examples/odrl-dpv-healthcare-risk-ranked.n3

@@ -527,7 +527,7 @@
 {
   :AgreementHC1 dct:title ?alabel .
   :PatientExample dct:title ?plabel .
-  ( "# odrl-dpv-healthcare-risk-ranked\n\n## Source files\n\n- [N3 rules](../odrl-dpv-healthcare-risk-ranked.n3)\n\n## Ranked DPV Risk Report (Healthcare & Life Sciences)\nAgreement: %s\nProfile: %s\n\n"
+  ( "# odrl-dpv-healthcare-risk-ranked\n\n## Source files\n\n- [N3 rules](../odrl-dpv-healthcare-risk-ranked.n3)\n\n## Ranked DPV Risk Report (Healthcare & Life Sciences)\n\n**Agreement:** %s\n**Profile:** %s\n\n"
     ?alabel ?plabel ) string:format ?hdr .
 }
 =>
@@ -547,8 +547,8 @@
 
   ( 1000 ?score ) math:difference ?inv .
 
-  ( "score=%s (%s, %s)  clause %s\n  %s\n\n"
-    ?score ?lvl ?sev ?cid ?why ) string:format ?line .
+  ( "### Clause %s — score %s\n\n**Risk level:** `%s`\n**Severity:** `%s`\n\n%s\n\n"
+    ?cid ?score ?lvl ?sev ?why ) string:format ?line .
 }
 =>
 {
@@ -566,7 +566,7 @@
 
   ( 1000 ?score ) math:difference ?inv .
 
-  ( "  - mitigation for clause %s: %s\n"
+  ( "- **Mitigation for clause %s:** %s\n\n"
     ?cid ?md ) string:format ?mline .
 }
 =>

package/examples/odrl-dpv-risk-ranked.n3

@@ -412,7 +412,7 @@
 {
   :Agreement1 dct:title ?alabel .
   :ConsumerExample dct:title ?plabel .
-  ( "# odrl-dpv-risk-ranked\n\n## Source files\n\n- [N3 rules](../odrl-dpv-risk-ranked.n3)\n\n## Ranked DPV Risk Report\nAgreement: %s\nProfile: %s\n\n"
+  ( "# odrl-dpv-risk-ranked\n\n## Source files\n\n- [N3 rules](../odrl-dpv-risk-ranked.n3)\n\n## Ranked DPV Risk Report\n\n**Agreement:** %s\n**Profile:** %s\n\n"
     ?alabel ?plabel ) string:format ?hdr .
 }
 log:query
@@ -432,8 +432,8 @@ log:query
 
   ( 1000 ?score ) math:difference ?inv .
 
-  ( "score=%s (%s, %s)  clause %s\n  %s\n\n"
-    ?score ?lvl ?sev ?cid ?why ) string:format ?line .
+  ( "### Clause %s — score %s\n\n**Risk level:** `%s`\n**Severity:** `%s`\n\n%s\n\n"
+    ?cid ?score ?lvl ?sev ?why ) string:format ?line .
 }
 log:query
 {
@@ -451,7 +451,7 @@ log:query
 
   ( 1000 ?score ) math:difference ?inv .
 
-  ( "  - mitigation for clause %s: %s\n"
+  ( "- **Mitigation for clause %s:** %s\n\n"
     ?cid ?md ) string:format ?mline .
 }
 log:query

package/examples/odrl-risk-mitigation.n3

@@ -773,7 +773,7 @@
 {
   ?agreement a :Agreement; :label ?alabel.
   ?profile a :ConsumerProfile; :label ?plabel.
-  ( "# odrl-risk-mitigation\n\n## Source files\n\n- [N3 rules](../odrl-risk-mitigation.n3)\n\n## Risk report for %s (profile: %s)\n" ?alabel ?plabel ) string:format ?hdr.
+  ( "# odrl-risk-mitigation\n\n## Source files\n\n- [N3 rules](../odrl-risk-mitigation.n3)\n\n## Risk report\n\n**Agreement:** %s\n**Profile:** %s\n\n" ?alabel ?plabel ) string:format ?hdr.
 }
 =>
 {
@@ -807,8 +807,8 @@
         :title ?title;
         :explanation ?why.
 
-  ( "%s) score=%s (%s), clause %s — %s. %s\n"
-    ?rank ?score ?sev ?cid ?title ?why
+  ( "### %s. Clause %s — %s\n\n**Score:** `%s`\n**Severity:** `%s`\n\n%s\n\n"
+    ?rank ?cid ?title ?score ?sev ?why
   ) string:format ?line.
 }
 =>
@@ -820,7 +820,7 @@
 {
   ?agreement a :Agreement.
   ?profile a :ConsumerProfile.
-  "\n--- Suggested mitigations (highest risk first) ---\n" log:equalTo ?hdr2.
+  "\n## Suggested mitigations (highest risk first)\n\n" log:equalTo ?hdr2.
 }
 =>
 {
@@ -859,7 +859,7 @@
   ?risk :clauseId ?cid;
         :title ?title.
 
-  ( "%s) clause %s — %s (score=%s). %s\n"
+  ( "- **%s. Clause %s — %s** (score `%s`): %s\n"
     ?rank ?cid ?title ?score ?fixText
   ) string:format ?line.
 }

package/examples/odrl-risk.n3

@@ -391,7 +391,7 @@
   ?agreement a :Agreement; :label ?alabel.
   ?profile a :ConsumerProfile; :label ?plabel.
 
-  ( "# odrl-risk\n\n## Source files\n\n- [N3 rules](../odrl-risk.n3)\n\n## Risk report for %s (profile: %s)\n" ?alabel ?plabel ) string:format ?hdr.
+  ( "# odrl-risk\n\n## Source files\n\n- [N3 rules](../odrl-risk.n3)\n\n## Risk report\n\n**Agreement:** %s\n**Profile:** %s\n\n" ?alabel ?plabel ) string:format ?hdr.
 }
 =>
 {
@@ -428,8 +428,8 @@
         :title ?title;
         :explanation ?why.
 
-  ( "%s) score=%s (%s), clause %s — %s. %s\n"
-    ?rank ?score ?sev ?cid ?title ?why
+  ( "### %s. Clause %s — %s\n\n**Score:** `%s`\n**Severity:** `%s`\n\n%s\n\n"
+    ?rank ?cid ?title ?score ?sev ?why
   ) string:format ?line.
 }
 =>

package/examples/output/odrl-dpv-ehds-risk-ranked.md

@@ -5,22 +5,43 @@
 - [N3 rules](../odrl-dpv-ehds-risk-ranked.n3)  
 
 ## Ranked DPV Risk Report (EHDS-aligned)  
-Agreement: EHDS Secondary Use Agreement (example)  
-Profile: Example patient profile (EHDS rights expectations)  
 
-score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H1  
- Risk: secondary use is permitted without an EHDS Data Permit safeguard. Clause H1: Hospital may provide electronic health data for secondary use based on a bilateral data use agreement with the applicant.  
+**Agreement:** EHDS Secondary Use Agreement (example)  
+**Profile:** Example patient profile (EHDS rights expectations)  
 
- - mitigation for clause H1: Require an EHDS Data Permit (eu-ehds:DataPermit) issued by a Health Data Access Body prior to secondary use.  
-score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H2  
- Risk: secondary use may include patients who opted out (EHDS A71). Clause H2: Secondary use may include all patient records for training and evaluating health-related algorithms.  
+### Clause H1 — score 100  
 
- - mitigation for clause H2: Add an explicit safeguard to exclude records of persons who exercised the EHDS opt-out from secondary use (A71).  
-score=88 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H3  
- Risk: the agreement permits local downloads rather than processing within a secure processing environment. Clause H3: The applicant may download a complete local copy of the dataset to its own infrastructure for analysis.  
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
 
- - mitigation for clause H3: Require processing only within a secure processing environment (e.g., eu-dga:SecureProcessingEnvironment), and prohibit local downloads of raw datasets.  
-score=80 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity) clause H4  
- Risk: secondary-use dataset is only described as pseudonymised, without a safeguard requiring statistically anonymised data for secondary use. Clause H4: The dataset will be provided in pseudonymised form by removing direct identifiers.  
+Risk: secondary use is permitted without an EHDS Data Permit safeguard. Clause H1: Hospital may provide electronic health data for secondary use based on a bilateral data use agreement with the applicant.  
+
+- **Mitigation for clause H1:** Require an EHDS Data Permit (eu-ehds:DataPermit) issued by a Health Data Access Body prior to secondary use.  
+
+### Clause H2 — score 100  
+
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
+
+Risk: secondary use may include patients who opted out (EHDS A71). Clause H2: Secondary use may include all patient records for training and evaluating health-related algorithms.  
+
+- **Mitigation for clause H2:** Add an explicit safeguard to exclude records of persons who exercised the EHDS opt-out from secondary use (A71).  
+
+### Clause H3 — score 88  
+
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
+
+Risk: the agreement permits local downloads rather than processing within a secure processing environment. Clause H3: The applicant may download a complete local copy of the dataset to its own infrastructure for analysis.  
+
+- **Mitigation for clause H3:** Require processing only within a secure processing environment (e.g., eu-dga:SecureProcessingEnvironment), and prohibit local downloads of raw datasets.  
+
+### Clause H4 — score 80  
+
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
+
+Risk: secondary-use dataset is only described as pseudonymised, without a safeguard requiring statistically anonymised data for secondary use. Clause H4: The dataset will be provided in pseudonymised form by removing direct identifiers.  
+
+- **Mitigation for clause H4:** Require an EHDS Health Data Request for statistically anonymised data (eu-ehds:HealthDataRequest), and add a constraint that secondary-use data must be statistically anonymised.  
 
- - mitigation for clause H4: Require an EHDS Health Data Request for statistically anonymised data (eu-ehds:HealthDataRequest), and add a constraint that secondary-use data must be statistically anonymised.  

package/examples/output/odrl-dpv-healthcare-risk-ranked.md

@@ -5,18 +5,34 @@
 - [N3 rules](../odrl-dpv-healthcare-risk-ranked.n3)  
 
 ## Ranked DPV Risk Report (Healthcare & Life Sciences)  
-Agreement: Example Healthcare & Life-Sciences Data Use Agreement  
-Profile: Example patient profile  
 
-score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause H1  
-  Risk: health/genomic data may be used for research without explicit opt-in consent. Clause H1: Hospital may use EHR and genomic data for internal clinical research and publication.  
+**Agreement:** Example Healthcare & Life-Sciences Data Use Agreement  
+**Profile:** Example patient profile  
 
-  - mitigation for clause H1: Add an explicit consent constraint for secondary research use.  
-score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause H2  
-  Risk: genomic data may be shared with external pharma partners without a de-identification/pseudonymisation requirement. Clause H2: Hospital may share genomic data with pharmaceutical partners for drug discovery and R&D.  
+### Clause H1 — score 100  
 
-  - mitigation for clause H2: Require de-identification/pseudonymisation before external sharing of genomic data.  
-score=70 (https://w3id.org/dpv/risk#ModerateRisk, https://w3id.org/dpv/risk#ModerateSeverity)  clause H4  
-  Risk: retention (3650 days) exceeds patient preference (1095 days). Clause H4: Hospital retains patient health records for 10 years.  
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
+
+Risk: health/genomic data may be used for research without explicit opt-in consent. Clause H1: Hospital may use EHR and genomic data for internal clinical research and publication.  
+
+- **Mitigation for clause H1:** Add an explicit consent constraint for secondary research use.  
+
+### Clause H2 — score 100  
+
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
+
+Risk: genomic data may be shared with external pharma partners without a de-identification/pseudonymisation requirement. Clause H2: Hospital may share genomic data with pharmaceutical partners for drug discovery and R&D.  
+
+- **Mitigation for clause H2:** Require de-identification/pseudonymisation before external sharing of genomic data.  
+
+### Clause H4 — score 70  
+
+**Risk level:** `https://w3id.org/dpv/risk#ModerateRisk`  
+**Severity:** `https://w3id.org/dpv/risk#ModerateSeverity`  
+
+Risk: retention (3650 days) exceeds patient preference (1095 days). Clause H4: Hospital retains patient health records for 10 years.  
+
+- **Mitigation for clause H4:** Limit retention to 3 years (or document the legal obligation requiring longer retention).  
 
-  - mitigation for clause H4: Limit retention to 3 years (or document the legal obligation requiring longer retention).  

package/examples/output/odrl-dpv-risk-ranked.md

@@ -5,23 +5,45 @@
 - [N3 rules](../odrl-dpv-risk-ranked.n3)  
 
 ## Ranked DPV Risk Report  
-Agreement: Example Agreement  
-Profile: Example consumer profile  
 
-score=100 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C1  
-  Risk: account/data removal is permitted without notice safeguards (no notice constraint and no duty to inform). Clause C1: Provider may remove the user account (and associated data) at its discretion.  
+**Agreement:** Example Agreement  
+**Profile:** Example consumer profile  
 
-  - mitigation for clause C1: Add a notice constraint (minimum noticeDays) before account removal.  
-  - mitigation for clause C1: Add a duty to inform the consumer prior to account removal.  
-score=97 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C3  
-  Risk: user data sharing is permitted without an explicit consent constraint. Clause C3: Provider may share user data with partners for business purposes.  
+### Clause C1 — score 100  
 
-  - mitigation for clause C3: Add an explicit consent constraint before data sharing.  
-score=85 (https://w3id.org/dpv/risk#HighRisk, https://w3id.org/dpv/risk#HighSeverity)  clause C2  
-  Risk: terms may change with notice (3 days) below consumer requirement (14 days). Clause C2: Provider may change terms by informing users at least 3 days in advance.  
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
 
-  - mitigation for clause C2: Increase minimum noticeDays in the inform duty to meet the consumer requirement.  
-score=70 (https://w3id.org/dpv/risk#ModerateRisk, https://w3id.org/dpv/risk#ModerateSeverity)  clause C4  
-  Risk: portability is restricted because exporting user data is prohibited. Clause C4: Users are not permitted to export their data.  
+Risk: account/data removal is permitted without notice safeguards (no notice constraint and no duty to inform). Clause C1: Provider may remove the user account (and associated data) at its discretion.  
+
+- **Mitigation for clause C1:** Add a notice constraint (minimum noticeDays) before account removal.  
+
+- **Mitigation for clause C1:** Add a duty to inform the consumer prior to account removal.  
+
+### Clause C3 — score 97  
+
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
+
+Risk: user data sharing is permitted without an explicit consent constraint. Clause C3: Provider may share user data with partners for business purposes.  
+
+- **Mitigation for clause C3:** Add an explicit consent constraint before data sharing.  
+
+### Clause C2 — score 85  
+
+**Risk level:** `https://w3id.org/dpv/risk#HighRisk`  
+**Severity:** `https://w3id.org/dpv/risk#HighSeverity`  
+
+Risk: terms may change with notice (3 days) below consumer requirement (14 days). Clause C2: Provider may change terms by informing users at least 3 days in advance.  
+
+- **Mitigation for clause C2:** Increase minimum noticeDays in the inform duty to meet the consumer requirement.  
+
+### Clause C4 — score 70  
+
+**Risk level:** `https://w3id.org/dpv/risk#ModerateRisk`  
+**Severity:** `https://w3id.org/dpv/risk#ModerateSeverity`  
+
+Risk: portability is restricted because exporting user data is prohibited. Clause C4: Users are not permitted to export their data.  
+
+- **Mitigation for clause C4:** Add a permission allowing data export (or remove the prohibition) to support portability.  
 
-  - mitigation for clause C4: Add a permission allowing data export (or remove the prohibition) to support portability.  

package/examples/output/odrl-risk-mitigation.md

@@ -4,20 +4,67 @@
 
 - [N3 rules](../odrl-risk-mitigation.n3)  
 
-## Risk report for Example Platform Agreement (with fixes) (profile: Carol (example consumer))  
-1) score=100 (https://example.org/odrl-mitigation-demo#High), clause D6 — Provider can delete user data. This clause is risky because it allows the provider to delete the consumer’s data. Clause D6: We may delete your data at our discretion.  
-2) score=93 (https://example.org/odrl-mitigation-demo#High), clause D5 — No data export / portability. This clause is risky because it prohibits exporting data, undermining portability. Clause D5: You may not export or download your data from the service.  
-3) score=89 (https://example.org/odrl-mitigation-demo#High), clause D4 — Tracking without opt-in. This clause is risky because it permits tracking without explicit opt-in consent. Clause D4: We may track your activity to improve services.  
-4) score=85 (https://example.org/odrl-mitigation-demo#High), clause D2 — Auto-renewal without reminder. This clause is risky because it allows auto-renewal without a reminder. Consumer needs at least 7 days reminder. Clause D2: Your subscription renews automatically unless you cancel.  
-5) score=85 (https://example.org/odrl-mitigation-demo#High), clause D1 — Notice period too short. This clause is risky because the notice period (3 days) is below the consumer requirement (14 days). Clause D1: We may change these terms with notice. Notice may be as short as 3 days.  
-6) score=79 (https://example.org/odrl-mitigation-demo#Medium), clause D3 — Non-refundable fees. This clause is risky because it declares fees non-refundable, conflicting with a refund/cooling-off expectation (>= 14 days). Clause D3: All fees are non-refundable.  
-7) score=73 (https://example.org/odrl-mitigation-demo#Medium), clause D2 — Liability cap too low. This clause is risky because the liability cap (20 EUR) is below the consumer minimum (200 EUR). Clause D2: Your subscription renews automatically unless you cancel.  
-
---- Suggested mitigations (highest risk first) ---  
-1) clause D6 — Provider can delete user data (score=100). Suggested fix: remove provider discretion to delete data; allow deletion only on consumer request or legal obligation.  
-2) clause D5 — No data export / portability (score=93). Suggested fix: add a permission to export/download user data (data portability).  
-3) clause D4 — Tracking without opt-in (score=89). Suggested fix: require opt-in consent for tracking (optInConsent=true).  
-4) clause D2 — Auto-renewal without reminder (score=85). Suggested fix: add a reminder duty for auto-renewal with reminderDays >= 7.  
-5) clause D1 — Notice period too short (score=85). Suggested fix: ensure prior-notice duty specifies noticeDays >= 14.  
-6) clause D3 — Non-refundable fees (score=79). Suggested fix: allow refunds (e.g., refundAllowed=true) or define a cooling-off period >= 14 days.  
-7) clause D2 — Liability cap too low (score=73). Suggested fix: raise liabilityCapEuro so it is >= 200 EUR (or remove the cap where inappropriate).  
+## Risk report  
+
+**Agreement:** Example Platform Agreement (with fixes)  
+**Profile:** Carol (example consumer)  
+
+### 1. Clause D6 — Provider can delete user data  
+
+**Score:** `100`  
+**Severity:** `https://example.org/odrl-mitigation-demo#High`  
+
+This clause is risky because it allows the provider to delete the consumer’s data. Clause D6: We may delete your data at our discretion.  
+
+### 2. Clause D5 — No data export / portability  
+
+**Score:** `93`  
+**Severity:** `https://example.org/odrl-mitigation-demo#High`  
+
+This clause is risky because it prohibits exporting data, undermining portability. Clause D5: You may not export or download your data from the service.  
+
+### 3. Clause D4 — Tracking without opt-in  
+
+**Score:** `89`  
+**Severity:** `https://example.org/odrl-mitigation-demo#High`  
+
+This clause is risky because it permits tracking without explicit opt-in consent. Clause D4: We may track your activity to improve services.  
+
+### 4. Clause D2 — Auto-renewal without reminder  
+
+**Score:** `85`  
+**Severity:** `https://example.org/odrl-mitigation-demo#High`  
+
+This clause is risky because it allows auto-renewal without a reminder. Consumer needs at least 7 days reminder. Clause D2: Your subscription renews automatically unless you cancel.  
+
+### 5. Clause D1 — Notice period too short  
+
+**Score:** `85`  
+**Severity:** `https://example.org/odrl-mitigation-demo#High`  
+
+This clause is risky because the notice period (3 days) is below the consumer requirement (14 days). Clause D1: We may change these terms with notice. Notice may be as short as 3 days.  
+
+### 6. Clause D3 — Non-refundable fees  
+
+**Score:** `79`  
+**Severity:** `https://example.org/odrl-mitigation-demo#Medium`  
+
+This clause is risky because it declares fees non-refundable, conflicting with a refund/cooling-off expectation (>= 14 days). Clause D3: All fees are non-refundable.  
+
+### 7. Clause D2 — Liability cap too low  
+
+**Score:** `73`  
+**Severity:** `https://example.org/odrl-mitigation-demo#Medium`  
+
+This clause is risky because the liability cap (20 EUR) is below the consumer minimum (200 EUR). Clause D2: Your subscription renews automatically unless you cancel.  
+
+
+## Suggested mitigations (highest risk first)  
+
+- **1. Clause D6 — Provider can delete user data** (score `100`): Suggested fix: remove provider discretion to delete data; allow deletion only on consumer request or legal obligation.  
+- **2. Clause D5 — No data export / portability** (score `93`): Suggested fix: add a permission to export/download user data (data portability).  
+- **3. Clause D4 — Tracking without opt-in** (score `89`): Suggested fix: require opt-in consent for tracking (optInConsent=true).  
+- **4. Clause D2 — Auto-renewal without reminder** (score `85`): Suggested fix: add a reminder duty for auto-renewal with reminderDays >= 7.  
+- **5. Clause D1 — Notice period too short** (score `85`): Suggested fix: ensure prior-notice duty specifies noticeDays >= 14.  
+- **6. Clause D3 — Non-refundable fees** (score `79`): Suggested fix: allow refunds (e.g., refundAllowed=true) or define a cooling-off period >= 14 days.  
+- **7. Clause D2 — Liability cap too low** (score `73`): Suggested fix: raise liabilityCapEuro so it is >= 200 EUR (or remove the cap where inappropriate).  

package/examples/output/odrl-risk.md

@@ -4,8 +4,36 @@
 
 - [N3 rules](../odrl-risk.n3)  
 
-## Risk report for Example SaaS Agreement (profile: Alice (example consumer))  
-1) score=100 (https://example.org/agreement#High), clause C2 — Provider can delete user data. This clause is risky because it allows the provider to remove (delete) the consumer’s data. Clause C2: We may delete your data at our discretion, with or without notice.  
-2) score=95 (https://example.org/agreement#High), clause C3 — Data sharing without consent. This clause is risky because it permits data sharing without an explicit consent requirement. Clause C3: We may share your data with partners for any purpose.  
-3) score=95 (https://example.org/agreement#High), clause C1 — Unilateral change without notice. This clause is risky because it allows unilateral changes without any prior notice. Clause C1: We may change these terms at any time. Continued use means acceptance.  
-4) score=60 (https://example.org/agreement#Medium), clause C4 — Court access waiver / mandatory arbitration. This clause is risky because it restricts access to court (mandatory arbitration / waiver). Clause C4: You waive your right to go to court; disputes must be arbitrated.  
+## Risk report  
+
+**Agreement:** Example SaaS Agreement  
+**Profile:** Alice (example consumer)  
+
+### 1. Clause C2 — Provider can delete user data  
+
+**Score:** `100`  
+**Severity:** `https://example.org/agreement#High`  
+
+This clause is risky because it allows the provider to remove (delete) the consumer’s data. Clause C2: We may delete your data at our discretion, with or without notice.  
+
+### 2. Clause C3 — Data sharing without consent  
+
+**Score:** `95`  
+**Severity:** `https://example.org/agreement#High`  
+
+This clause is risky because it permits data sharing without an explicit consent requirement. Clause C3: We may share your data with partners for any purpose.  
+
+### 3. Clause C1 — Unilateral change without notice  
+
+**Score:** `95`  
+**Severity:** `https://example.org/agreement#High`  
+
+This clause is risky because it allows unilateral changes without any prior notice. Clause C1: We may change these terms at any time. Continued use means acceptance.  
+
+### 4. Clause C4 — Court access waiver / mandatory arbitration  
+
+**Score:** `60`  
+**Severity:** `https://example.org/agreement#Medium`  
+
+This clause is risky because it restricts access to court (mandatory arbitration / waiver). Clause C4: You waive your right to go to court; disputes must be arbitrated.  
+