Skip to content

MALathon/ai-oversight-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

132 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
packages/rules-data
packages/rules-data
 
 
planning
planning
 
 
references
references
 
 
webapp
webapp
 
 
worker
worker
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 

Repository files navigation

AI Oversight Tools

Interactive web tools for AI research oversight and IRB review, built with SvelteKit 5.

Overview

This project provides web-based tools to help IRBs, researchers, and developers:

  • Identify and assess AI-specific risks in human subjects research
  • Navigate the 3-Stage IRB Review Framework
  • Generate protocol requirements and mitigation strategies
  • Trace connections between risks, mitigations, controls, and regulations

All risk content is derived from the SME-reviewed AIHSR Risk Reference Tool v1.5 by Tamiko Eto, augmented with the MIT AI Risk Repository mitigation database.

Live Demo

https://malathon.github.io/ai-oversight-tools/

Tools

Route Tool Primary User Purpose
/risk-matrix Risk Matrix IRB Reviewers Visual 3×3 risk assessment grid (Stage × Patient Impact)
/reviewer Reviewer Checklist IRB Reviewers Structured prompts for systematic protocol review
/innovator Innovator Checklist Researchers Self-assessment to identify risks and get mitigation guidance
/admin Traceability Editor Developers Graph-based editor for risk-mitigation-control linkages

Architecture

Graph-First Design

The application uses Graphology as the single source of truth for all entity relationships. The directed graph contains:

  1. Explicit Links - From traceability data (trigger, mitigation, control, regulation relationships)
  2. Question Dependencies - showIf conditions as dependency edges
  3. Control-Subcategory - contains edges linking controls to their mitigation strategies

All derived data (link counts, connections, dependencies) are computed as cached graph queries using Svelte 5's $derived.by() reactive system.

┌────────────────────────────────────────────────────────────────────┐
│                      traceGraph (Graphology)                       │
│  ┌─────────┐    trigger    ┌──────┐   mitigation   ┌────────────┐ │
│  │Question │──────────────▶│ Risk │──────────────▶│ Subcategory │ │
│  └─────────┘               └──────┘               └────────────┘  │
│       │                        │                       │          │
│       │ dependency             │ regulation            │ contains │
│       ▼                        ▼                       ▼          │
│  ┌─────────┐              ┌──────────┐            ┌─────────┐     │
│  │Question │              │Regulation│            │ Control │     │
│  └─────────┘              └──────────┘            └─────────┘     │
└────────────────────────────────────────────────────────────────────┘

Guidance Accumulation

The system collects stage-specific guidance during graph traversal:

  • Risks: stageGuidance - risk context per stage
  • Subcategories: stageGuidance + stageAppropriateness - strategy guidance + importance level
  • Controls: implementationNotes - implementation guidance per stage

This enables LLM synthesis by collecting all relevant guidance along traversal paths from any starting node.

Project Structure

ai-oversight-tools/
├── webapp/                         # SvelteKit 5 application
│   ├── src/
│   │   ├── routes/
│   │   │   ├── admin/             # Traceability graph editor
│   │   │   ├── innovator/         # Innovator self-assessment
│   │   │   ├── reviewer/          # Reviewer checklist
│   │   │   └── risk-matrix/       # Risk assessment matrix
│   │   └── lib/
│   │       └── admin.ts           # Shared filters and utilities
│   └── static/data/               # JSON data files
│       ├── assessment-questions.json
│       ├── risk-domains.json
│       ├── risk-subdomains.json
│       ├── mitigation-strategies.json
│       ├── technical-controls.json  # 600+ controls from MIT AI Risk Repository
│       ├── traceability.json        # Entity linkages
│       └── unified-schema.json
│
├── packages/rules-data/            # Legacy data (deprecated)
│
└── docs/
    ├── reference/aihsr/            # AIHSR Risk Reference Tool source data
    └── planning/                   # Implementation plans

Key Data Files

File Content
risk-subdomains.json 24 risk subdomains with CFR references and stage guidance
risk-domains.json 7 risk domain categories
mitigation-strategies.json Mitigation subcategories with stage guidance and appropriateness
technical-controls.json 600+ controls from MIT AI Risk Repository with implementation notes
traceability.json Graph edges linking entities
assessment-questions.json Questions that trigger risk identification
cfr-regulations.json CFR regulation citations

The 3-Stage IRB Review Framework

Stage Name Risk Level Key Focus
1 Discovery & Ideation Low Data governance, privacy, bias identification
2 Analytic & Performance Validation Moderate Performance validation, fairness testing
3 Real-World Deployment Higher Safety, human-in-the-loop, ongoing monitoring

Technology Stack

  • Framework: SvelteKit 5 with Svelte 5 runes ($state, $derived, $effect)
  • Graph Library: Graphology for directed graph operations
  • Build: Vite 7
  • Deployment: GitHub Pages via GitHub Actions

Development

cd webapp
npm install
npm run dev

Build and check:

npm run build
npm run check

License

AIHSR Risk Reference Tool © 2025 by Tamiko Eto Licensed under CC BY-NC-SA 4.0

MIT AI Risk Repository data used under MIT license.

Credits

  • AIHSR Risk Reference Tool: Tamiko Eto, MA CIP (TechInHSR.com)
  • 3-Stage IRB Review Framework: Eto, Lifson, Vidal (Frontiers in Systems Biology, 2026)
  • MIT AI Risk Repository: Primary source for risk taxonomy and technical controls

Contact

About

Interactive web tools for AI research oversight and IRB review

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages