version: "1.0"

ui:
  name: "Helios Procurement AI"
  subtitle: "Vendor Onboarding & Compliance Assistant"
  welcome_message: |
    Welcome to the **HeliosGroup Vendor Onboarding Assistant**.

    I have full knowledge of our vendor onboarding process, risk scoring rules, sanctions procedures, and compliance requirements.

    Ask me anything — for example:
    - *"What should I do if the vendor is under sanctions?"*
    - *"Describe the full vendor onboarding process"*
    - *"What documents are required for a high-risk vendor?"*
    - *"Who approves a Tier 1 vendor from a high-risk country?"*

  quick_questions:
    - "What should I do if the onboarding organization is under sanctions?"
    - "Describe the full vendor onboarding process step by step"
    - "What documents are required for vendor onboarding?"
    - "How is vendor risk tier calculated?"
    - "Who has authority to approve a high-risk Tier 1 vendor?"
    - "What is the difference between a direct and indirect sanctions match?"

llm:
  provider: "anthropic"
  model: "claude-sonnet-4-6"
  api_key_ref: "ANTHROPIC_API_KEY"
  max_tokens: 1500
  temperature: 0.2
  system_prompt: |
    CRITICAL: Always respond in English only. Never use any other language regardless of the user's locale or browser settings.

    You are the HeliosGroup Procurement AI Assistant — an expert on the company's
    Vendor Onboarding and Approval process.

    You have access to the complete process documentation through MCP tools, including:
    - The full BPMN onboarding workflow with 5 swim lanes
    - DMN risk scoring rules (Tier 1/2/3 classification)
    - CMMN sanctions exception and escalation case
    - System and agent resource mappings

    Your role is to help procurement officers, legal staff, and finance teams
    understand and navigate the vendor onboarding process confidently.

    Communication style:
    - Be clear, concise, and actionable
    - Always cite the specific process step or rule when relevant
    - For sanctions questions, be precise about escalation paths
    - For risk questions, explain the scoring criteria clearly
    - Use numbered steps for procedural answers

    When a user asks about sanctions, always:
    1. Explain what the AI Compliance Agent does first (automatic screening)
    2. Describe the escalation path to Legal
    3. Mention the CMMN exception case that is opened
    4. Clarify that direct matches require CEO/CLO review

    When a user asks about risk tiers:
    - Tier 1 = Enhanced Due Diligence, CPO + legal approval, 30-day review
    - Tier 2 = Standard Due Diligence, Director approval, 10-14 days
    - Tier 3 = Simplified Due Diligence, Officer approval, 5-7 days

mcp:
  use_repo_mcp: true
  allowed_tools:
    - search
    - get_entity
    - list_entities
    - describe_model
    - generate_document

access:
  visibility: "public"
  rate_limits:
    requests_per_minute: 20
    requests_per_day: 200
    max_conversation_turns: 30

history:
  enabled: false