Add risk treatment flow Sankey chart to dashboard

Render a cash-flow style Sankey diagram above the dashboard risk
matrices, visualising how treatment moves each risk from its current
severity level (before treatment) to its residual level (after
treatment). Each flow's thickness is the number of risks making that
transition, so effective treatment reads as a heavy downward flow.

- build_risk_treatment_flow() in risks/views.py aggregates risks by
  (current level, residual level); levels are derived from the
  likelihood/impact pairs with the same default 5x5 ISO 27005 fallback
  as the matrices, so the chart stays consistent when no criteria exist.
- Columns keep severity order (highest at top, lowest at bottom) via
  ECharts layoutIterations: 0; nodes use the configured risk-level
  palette; light/dark mode aware.
- Rendered with Apache ECharts (sankey series), loaded from CDN like the
  other vendored frontend libraries.
- French translations, README/CHANGELOG/features docs, and tests.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: claude

CHANGELOG.md

@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- **Dashboard risk treatment flow (Sankey)**: a new Sankey (cash-flow style) chart on the home dashboard, displayed above the risk matrices, visualises how treatment moves each risk from its current severity level (before treatment) to its residual level (after treatment). Each column lists the severity levels present (highest at the top, lowest at the bottom), coloured with the configured risk-level palette, and each flow's thickness is the number of risks making that transition - so a heavy downward flow reads as effective treatment and a flat flow as untreated risk. Levels are derived from the likelihood/impact pairs (with the same default 5x5 ISO 27005 fallback as the matrices), so the chart stays consistent with the matrices below even when no risk criteria are configured. The chart honours light/dark mode and is rendered with Apache ECharts. Built from a new `build_risk_treatment_flow()` helper in `risks/views.py`.
 - **Ask Cairn: OpenAI and OpenAI-compatible providers**: the assistant gains an `openai` backend (`AI_ASSISTANT_PROVIDER=openai`) that targets OpenAI (ChatGPT, e.g. `gpt-4o-mini`) out of the box and, via `AI_ASSISTANT_BASE_URL`, any other endpoint implementing the OpenAI `/chat/completions` and `/embeddings` API (vLLM, LiteLLM, LocalAI, Together, Groq...). The shared request/response handling was extracted into a generic `OpenAICompatibleClient`; the existing `MistralClient` is now a thin subclass of it (Mistral already exposes an OpenAI-compatible API), so behaviour is unchanged for Mistral users. `AI_ASSISTANT_BASE_URL` now defaults to empty and each provider falls back to its own endpoint (`mistral` -> `api.mistral.ai`, `openai` -> `api.openai.com`, `anthropic` -> `api.anthropic.com`); set it only to target a custom gateway.
 - **Ask Cairn: Claude (Anthropic) provider**: a native `anthropic` backend (`AI_ASSISTANT_PROVIDER=anthropic`) talks to Claude through the Messages API (`POST /v1/messages`, `x-api-key` header, top-level `system`, `content` block list) - Claude is not OpenAI-compatible, so it has its own client. Routing uses forced tool use (a `plan` tool whose `input_schema` is the routing schema) and no `temperature`/`thinking` is sent (both 400 on the current Opus family). Set `AI_ASSISTANT_MODEL` to a Claude model id (e.g. `claude-opus-4-8`). Semantic search is not available with this provider, since Anthropic has no embeddings API.
 - **Ask Cairn: automatic semantic index maintenance**: the requirement semantic index now stays fresh without a manual command. A `post_delete` signal prunes a deleted requirement's embedding immediately (no provider call); the index is refreshed in a guarded background thread when a server process starts (when `AI_ASSISTANT_SEMANTIC_ENABLED`); and a dedicated **Administration -> Semantic index** page shows an index-status panel (indexed / total requirements, last updated, embedding model) with an **"Update the index now"** button (gated by `system.config.update`) that triggers a background rebuild. Embedding stays off the request path - requirement saves never embed inline; the documented daily `rebuild_semantic_index` cron remains the self-healing backstop. The rebuild logic was extracted into `assistant.semantic.rebuild_index` / `rebuild_index_async` (cache-locked to dedupe overlapping triggers) and reused by the management command.

README.md

@@ -12,7 +12,7 @@ Manage your organisation's security posture, track compliance with regulatory fr
 - **Assets** : essential and support assets with CIA valuation, dependencies, SPOF detection and a supplier registry
 - **Risks** : ISO 27005 and EBIOS RM (ANSSI v1.5, workshops 0 to 5) assessments, threat and vulnerability catalogs, treatment plans and formal risk acceptance
 - **Compliance** : frameworks, requirements, assessments, findings, action plans and inter-framework mappings, with Excel import
-- **Steering** : real-time dashboard, KPI indicators, ISO 27001 management reviews, and PDF/DOCX/PPTX report generation (SoA, audit report, risk register, meeting minutes)
+- **Steering** : real-time dashboard (risk matrices and a current-to-residual risk treatment flow chart), KPI indicators, ISO 27001 management reviews, and PDF/DOCX/PPTX report generation (SoA, audit report, risk register, meeting minutes)
 - **Ask Cairn (optional)** : natural-language questions in the command palette ("Which decisions were made at the last management review?"), answered by a pluggable LLM provider (Mistral AI by default; OpenAI / any OpenAI-compatible endpoint; Claude; self-hosted Ollama) that cites real records and enforces your permissions, with thumbs up/down feedback that admins can export to improve the assistant
 
 Everything is bilingual (English/French), audit-ready (full change history, versioning, lifecycle workflows with approvals) and access-controlled (role-based permissions, scope-based tenancy, passkey login).
@@ -47,7 +47,7 @@ To run the published image without cloning the repository, and for production no
 
 ## Tech stack
 
-Django 5.2 LTS, PostgreSQL 16, Django REST Framework, Django Channels + Redis (real-time), Bootstrap 5.3 + HTMX (frontend), Docker. Optional: Mistral AI, OpenAI / OpenAI-compatible endpoints, Claude (Anthropic), or self-hosted Ollama (Ask Cairn assistant).
+Django 5.2 LTS, PostgreSQL 16, Django REST Framework, Django Channels + Redis (real-time), Bootstrap 5.3 + HTMX + Apache ECharts (frontend), Docker. Optional: Mistral AI, OpenAI / OpenAI-compatible endpoints, Claude (Anthropic), or self-hosted Ollama (Ask Cairn assistant).
 
 ## Licence
 

core/tests/test_dashboard.py

@@ -630,6 +630,62 @@ def test_matrix_with_risks(self):
         assert resp.context["matrix_residual"] is not None
 
 
+class TestDashboardRiskTreatmentFlow:
+    """Sankey flow from current risk level to residual risk level."""
+
+    def test_no_flow_without_risks(self):
+        client, user = _superuser_client()
+        resp = client.get(reverse("home"))
+        assert resp.context["risk_treatment_flow"] is None
+
+    def test_flow_with_risk(self):
+        RiskFactory(
+            current_likelihood=4,
+            current_impact=5,
+            residual_likelihood=2,
+            residual_impact=2,
+        )
+        client, user = _superuser_client()
+        resp = client.get(reverse("home"))
+        flow = resp.context["risk_treatment_flow"]
+        assert flow is not None
+        assert flow["total"] == 1
+        assert len(flow["links"]) == 1
+        # One current-level node and one residual-level node.
+        assert len(flow["nodes"]) == 2
+        link = flow["links"][0]
+        assert link["value"] == 1
+        assert link["source"].startswith("c")
+        assert link["target"].startswith("r")
+
+    def test_flow_aggregates_identical_transitions(self):
+        for _i in range(3):
+            RiskFactory(
+                current_likelihood=4,
+                current_impact=5,
+                residual_likelihood=2,
+                residual_impact=2,
+            )
+        client, user = _superuser_client()
+        resp = client.get(reverse("home"))
+        flow = resp.context["risk_treatment_flow"]
+        assert flow["total"] == 3
+        assert len(flow["links"]) == 1
+        assert flow["links"][0]["value"] == 3
+
+    def test_flow_skips_risks_without_both_levels(self):
+        # Current evaluated but no residual evaluation -> excluded.
+        RiskFactory(
+            current_likelihood=3,
+            current_impact=3,
+            residual_likelihood=None,
+            residual_impact=None,
+        )
+        client, user = _superuser_client()
+        resp = client.get(reverse("home"))
+        assert resp.context["risk_treatment_flow"] is None
+
+
 # ── Company identity in the header ──────────────────────────
 
 

core/views.py

@@ -44,7 +44,11 @@
     Threat,
     Vulnerability,
 )
-from risks.views import build_default_risk_matrix, build_risk_matrix
+from risks.views import (
+    build_default_risk_matrix,
+    build_risk_matrix,
+    build_risk_treatment_flow,
+)
 
 
 class GeneralDashboardView(LoginRequiredMixin, TemplateView):
@@ -178,6 +182,10 @@ def get_context_data(self, **kwargs):
                 all_risks, "residual_likelihood", "residual_impact"
             )
 
+        # Risk treatment flow (current level -> residual level), rendered as a
+        # Sankey diagram above the matrices.
+        ctx["risk_treatment_flow"] = build_risk_treatment_flow(all_risks, criteria)
+
         # ── Conformité ───────────────────────────────────
         # Per-framework compliance segments and the overall average come
         # from compliance.services (shared with the WebSocket refresh and

docs/features.md

@@ -53,6 +53,7 @@ Detailed feature reference for Cairn. For module-level specifications (business
 | Treatment Plans | Structured remediation with ordered actions, progress tracking, cost estimates and linkage to compliance action plans |
 | Risk Acceptance | Formal acceptance records with expiry dates, conditions, review tracking and two-step approval workflow |
 | Risk Matrices | Visual heatmaps (current vs residual) |
+| Risk Treatment Flow | Sankey (cash-flow style) chart on the dashboard showing how treatment moves risks from their current level to their residual level, weighted by the number of risks per transition |
 
 ## Compliance
 

locale/fr/LC_MESSAGES/django.po

@@ -9911,3 +9911,27 @@ msgstr "Index sémantique"
 
 msgid "Semantic index - Cairn"
 msgstr "Index sémantique - Cairn"
+
+msgid "Risk treatment flow"
+msgstr "Flux de traitement des risques"
+
+msgid ""
+"How treatment moves risks from their current level (before treatment) to "
+"their residual level (after treatment)"
+msgstr ""
+"Comment le traitement fait passer les risques de leur niveau actuel (avant "
+"traitement) à leur niveau résiduel (après traitement)"
+
+msgid "Sankey diagram of risk treatment flow from current to residual level"
+msgstr ""
+"Diagramme de Sankey du flux de traitement des risques, du niveau actuel au "
+"niveau résiduel"
+
+msgid "1 risk"
+msgstr "1 risque"
+
+msgid "risks"
+msgstr "risques"
+
+msgid "Level %(n)s"
+msgstr "Niveau %(n)s"

risks/views.py

@@ -200,6 +200,110 @@ def build_default_risk_matrix(risks_qs=None, likelihood_field="current_likelihoo
     }
 
 
+def build_risk_treatment_flow(risks_qs, criteria=None):
+    """Build Sankey flow data : current risk level -> residual risk level.
+
+    Visualises how treatment moves each risk from its current (before
+    treatment) severity level to its residual (after treatment) level, in the
+    spirit of a cash-flow / Sankey diagram. Each link is one transition
+    (current level -> residual level) weighted by the number of risks.
+
+    Returns a JSON-serialisable dict ``{nodes, links, total}`` consumed by the
+    ECharts sankey on the dashboard, or ``None`` when no risk carries both a
+    current and a residual evaluation.
+    """
+    # Resolve each severity level -> {name, color} and the (likelihood, impact)
+    # -> level matrix, from the configured criteria when available, otherwise
+    # from the default 5-level ISO 27005 scale. Levels are derived from the
+    # likelihood/impact pairs (mirroring the matrices) so the flow stays
+    # consistent even when risks were saved without a criteria snapshot.
+    level_info = {}
+    matrix = None
+    if criteria:
+        for rl in criteria.risk_levels.all():
+            level_info[rl.level] = {"name": str(rl.name), "color": rl.color}
+        if criteria.risk_matrix:
+            matrix = {
+                key: int(val) for key, val in criteria.risk_matrix.items()
+            }
+    if not level_info:
+        level_info = {
+            lvl: {"name": str(info["name"]), "color": info["color"]}
+            for lvl, info in DEFAULT_RISK_LEVELS.items()
+        }
+    if not matrix:
+        matrix = {f"{l},{i}": lvl for (l, i), lvl in DEFAULT_RISK_MATRIX.items()}
+
+    def level_of(likelihood, impact):
+        if likelihood is None or impact is None:
+            return None
+        return matrix.get(f"{likelihood},{impact}")
+
+    # Count transitions and per-column totals.
+    flow = {}
+    current_totals = {}
+    residual_totals = {}
+    for risk in risks_qs:
+        cl = risk.current_risk_level or level_of(
+            risk.current_likelihood, risk.current_impact
+        )
+        rl = risk.residual_risk_level or level_of(
+            risk.residual_likelihood, risk.residual_impact
+        )
+        if cl is None or rl is None:
+            continue
+        flow[(cl, rl)] = flow.get((cl, rl), 0) + 1
+        current_totals[cl] = current_totals.get(cl, 0) + 1
+        residual_totals[rl] = residual_totals.get(rl, 0) + 1
+
+    if not flow:
+        return None
+
+    default_color = "#9ca3af"
+
+    def label_for(level):
+        info = level_info.get(level)
+        if info:
+            return info["name"]
+        return _("Level %(n)s") % {"n": level}
+
+    def color_for(level):
+        info = level_info.get(level)
+        return info["color"] if info else default_color
+
+    # Nodes : current column (depth 0, label on the left) then residual column
+    # (depth 1, label on the right). Highest severity first so the heavy,
+    # high-risk flows sit at the top of each column.
+    nodes = []
+    for lvl in sorted(current_totals, reverse=True):
+        nodes.append({
+            "name": f"c{lvl}",
+            "displayName": f"{label_for(lvl)} ({current_totals[lvl]})",
+            "depth": 0,
+            "itemStyle": {"color": color_for(lvl)},
+            "label": {"position": "left"},
+        })
+    for lvl in sorted(residual_totals, reverse=True):
+        nodes.append({
+            "name": f"r{lvl}",
+            "displayName": f"{label_for(lvl)} ({residual_totals[lvl]})",
+            "depth": 1,
+            "itemStyle": {"color": color_for(lvl)},
+            "label": {"position": "right"},
+        })
+
+    links = [
+        {"source": f"c{cl}", "target": f"r{rl}", "value": count}
+        for (cl, rl), count in flow.items()
+    ]
+
+    return {
+        "nodes": nodes,
+        "links": links,
+        "total": sum(flow.values()),
+    }
+
+
 class CreatedByMixin:
     def form_valid(self, form):
         form.instance.created_by = self.request.user

templates/home.html

@@ -757,6 +757,26 @@ <h2 class="mb-0">{% trans "Risk management" %}</h2>
   </div>
 </div>
 
+{# ── Risk treatment flow (current → residual) ───────── #}
+{% if risk_treatment_flow %}
+<div class="d-flex align-items-center mb-3 flex-wrap gap-2">
+  <h5 class="mb-0"><i class="bi bi-diagram-3 me-1" style="color:var(--accent)"></i> {% trans "Risk treatment flow" %}</h5>
+  <span class="text-muted" style="font-size:.8125rem">{% trans "How treatment moves risks from their current level (before treatment) to their residual level (after treatment)" %}</span>
+</div>
+<div class="row g-3 mb-4">
+  <div class="col-12">
+    <div class="card">
+      <div class="card-body">
+        {{ risk_treatment_flow|json_script:"risk-flow-data" }}
+        <div id="risk-treatment-flow" role="img"
+             aria-label="{% trans 'Sankey diagram of risk treatment flow from current to residual level' %}"
+             style="width:100%;height:360px"></div>
+      </div>
+    </div>
+  </div>
+</div>
+{% endif %}
+
 {# ── Risk matrices ─────────────────────────────────── #}
 {% if matrix_current or matrix_residual %}
 <div class="d-flex align-items-center mb-3 flex-wrap gap-2">
@@ -893,6 +913,76 @@ <h6 class="fw-bold mb-3" style="color:var(--accent)">
 {% endblock %}
 
 {% block extra_js %}
+
+{# ── Risk treatment flow (Sankey) ────────────────────── #}
+{% if risk_treatment_flow %}
+<script src="https://cdn.jsdelivr.net/npm/echarts@5.5.1/dist/echarts.min.js"></script>
+<script>
+(function() {
+  var el = document.getElementById('risk-treatment-flow');
+  var dataEl = document.getElementById('risk-flow-data');
+  if (!el || !dataEl || typeof echarts === 'undefined') return;
+
+  var flow = JSON.parse(dataEl.textContent);
+  var chart = echarts.init(el, null, {renderer: 'svg'});
+
+  function textColor() {
+    return getComputedStyle(document.documentElement)
+      .getPropertyValue('--text-secondary').trim() || '#475569';
+  }
+
+  function render() {
+    var color = textColor();
+    chart.setOption({
+      tooltip: {
+        trigger: 'item',
+        triggerOn: 'mousemove',
+        formatter: function(p) {
+          if (p.dataType === 'edge') {
+            return (p.data.value === 1
+              ? '{% trans "1 risk" %}'
+              : p.data.value + ' {% trans "risks" %}');
+          }
+          return p.data.displayName;
+        }
+      },
+      series: [{
+        type: 'sankey',
+        left: '8%',
+        right: '8%',
+        top: 20,
+        bottom: 20,
+        nodeGap: 14,
+        nodeWidth: 16,
+        draggable: false,
+        // Keep the column order we sent (highest severity at the top, lowest
+        // at the bottom) instead of ECharts reordering to reduce crossings.
+        layoutIterations: 0,
+        emphasis: {focus: 'adjacency'},
+        label: {
+          color: color,
+          fontFamily: 'Inter, sans-serif',
+          fontSize: 12,
+          formatter: function(p) { return p.data.displayName; }
+        },
+        lineStyle: {color: 'gradient', opacity: 0.45, curveness: 0.5},
+        data: flow.nodes,
+        links: flow.links
+      }]
+    });
+  }
+
+  render();
+  window.addEventListener('resize', function() { chart.resize(); });
+
+  // Re-render labels when the colour theme changes.
+  new MutationObserver(function() { render(); }).observe(
+    document.documentElement, {attributes: true, attributeFilter: ['data-bs-theme']}
+  );
+})();
+</script>
+{% endif %}
+
 {% if changelog_entries %}
 <script>
 (function() {