#holmegarth-policy-root { font-family: 'Inter', system-ui, -apple-system, sans-serif; }
.animate-fade-in { animation: fadeIn 0.5s ease-out; }
.animate-slide-up { animation: slideUp 0.5s ease-out; }
@keyframes fadeIn { from { opacity: 0; } to { opacity: 1; } }
@keyframes slideUp { from { opacity: 0; transform: translateY(20px); } to { opacity: 1; transform: translateY(0); } }
.h-card { transition: all 0.2s; }
.h-card:hover { transform: translateY(-2px); }
@media print {
body { background: white; }
.print-hidden, button, nav { display: none !important; }
.tab-content { display: block !important; }
}
(function() {
/* HOLMEGARTH TOOL - PLAYBOOK v10.1 COMPLIANT VERSION */
// -- 1. Configuration (Aligned with Playbook v10.1 Sections 3 & 10) --
// AI Endpoint: General-purpose unstructured text generation (Section 3)
var PROXY_URL = "https://api.holmegarth.com/proxy/raw-service";
// Webhook Endpoint: WordPress Gateway Integration Pattern (Section 10.0)
// NOTE: This points to the client site's WP API, which securely forwards to the Gateway.
var WEBHOOK_URL = "https://holmegarth.com/wp-json/holmegarth/v1/gateway";
var LT = 'x3C';
var GT = 'x3E';
var state = {
step: 0,
formData: {
userName: '', userEmail: '', companyName: '',
regions: [], sector: '', aiTypes: [],
agenticAuth: false, agenticFinancial: false,
dataSovereignty: false, sustainability: false
},
policy: [], aiSummary: '', activeTab: 'policy', webhookStatus: ''
};
// -- 2. Icons (Tag-Broken strings to prevent WP Auto-Formatting) --
function icon(path) { return LT+'svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"'+GT + path + LT+'/svg'+GT; }
var ICONS = {
activity: icon(LT+'path d="M22 12h-4l-3 9L9 3l-3 9H2"/'+GT),
arrowRight: icon(LT+'path d="M5 12h14"/'+GT+LT+'path d="m12 5 7 7-7 7"/'+GT),
arrowLeft: icon(LT+'path d="m12 19-7-7 7-7"/'+GT+LT+'path d="M19 12H5"/'+GT),
check: icon(LT+'path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/'+GT+LT+'polyline points="22 4 12 14.01 9 11.01"/'+GT),
copy: icon(LT+'rect width="14" height="14" x="8" y="8" rx="2" ry="2"/'+GT+LT+'path d="M4 16c-1.1 0-2-.9-2-2V4c0-1.1.9-2 2-2h10c1.1 0 2 .9 2 2"/'+GT),
globe: icon(LT+'circle cx="12" cy="12" r="10"/'+GT+LT+'line x1="2" x2="22" y1="12" y2="12"/'+GT+LT+'path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/'+GT),
shield: icon(LT+'path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/'+GT),
zap: icon(LT+'polygon points="13 2 3 14 12 14 11 22 21 10 12 10 13 2"/'+GT),
database: icon(LT+'ellipse cx="12" cy="5" rx="9" ry="3"/'+GT+LT+'path d="M21 12c0 1.66-4 3-9 3s-9-1.34-9-3"/'+GT+LT+'path d="M3 5v14c0 1.66 4 3 9 3s9-1.34 9-3V5"/'+GT),
bot: icon(LT+'path d="M12 8V4H8"/'+GT+LT+'rect width="16" height="12" x="4" y="8" rx="2"/'+GT+LT+'path d="M2 14h2"/'+GT+LT+'path d="M20 14h2"/'+GT+LT+'path d="M15 13v2"/'+GT+LT+'path d="M9 13v2"/'+GT),
fileText: icon(LT+'path d="M14.5 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V7.5L14.5 2z"/'+GT+LT+'polyline points="14 2 14 8 20 8"/'+GT+LT+'line x1="16" x2="8" y1="13" y2="13"/'+GT+LT+'line x1="16" x2="8" y1="17" y2="17"/'+GT+LT+'polyline points="10 9 9 9 8 9"/'+GT),
shoppingBag: icon(LT+'path d="M6 2 3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4Z"/'+GT+LT+'path d="M3 6h18"/'+GT+LT+'path d="M16 10a4 4 0 0 1-8 0"/'+GT),
alert: icon(LT+'path d="m21.73 18-8-14a2 2 0 0 0-3.48 0l-8 14A2 2 0 0 0 4 21h16a2 2 0 0 0 1.73-3Z"/'+GT+LT+'line x1="12" x2="12" y1="9" y2="13"/'+GT+LT+'line x1="12" x2="12.01" y1="17" y2="17"/'+GT),
cpu: icon(LT+'rect x="4" y="4" width="16" height="16" rx="2"/'+GT+LT+'rect x="9" y="9" width="6" height="6"/'+GT+LT+'path d="M15 2v2"/'+GT+LT+'path d="M15 20v2"/'+GT+LT+'path d="M2 15h2"/'+GT+LT+'path d="M2 9h2"/'+GT+LT+'path d="M20 15h2"/'+GT+LT+'path d="M20 9h2"/'+GT+LT+'path d="M9 2v2"/'+GT+LT+'path d="M9 20v2"/'+GT),
user: icon(LT+'path d="M19 21v-2a4 4 0 0 0-4-4H9a4 4 0 0 0-4 4v2"/'+GT+LT+'circle cx="12" cy="7" r="4"/'+GT),
mail: icon(LT+'rect width="20" height="16" x="2" y="4" rx="2"/'+GT+LT+'path d="m22 7-8.97 5.7a1.94 1.94 0 0 1-2.06 0L2 7"/'+GT),
building: icon(LT+'rect width="16" height="20" x="4" y="2" rx="2" ry="2"/'+GT+LT+'path d="M9 22v-4h6v4"/'+GT+LT+'path d="M8 6h.01"/'+GT+LT+'path d="M16 6h.01"/'+GT+LT+'path d="M8 10h.01"/'+GT+LT+'path d="M16 10h.01"/'+GT+LT+'path d="M8 14h.01"/'+GT+LT+'path d="M16 14h.01"/'+GT+LT+'path d="M8 18h.01"/'+GT+LT+'path d="M16 18h.01"/'+GT),
printer: icon(LT+'polyline points="6 9 6 2 18 2 18 9"/'+GT+LT+'path d="M6 18H4a2 2 0 0 1-2-2v-5a2 2 0 0 1 2-2h16a2 2 0 0 1 2 2v5a2 2 0 0 1-2 2h-2"/'+GT+LT+'rect width="12" height="8" x="6" y="14"/'+GT),
shoppingBag: icon(LT+'path d="M6 2 3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4Z"/'+GT+LT+'path d="M3 6h18"/'+GT+LT+'path d="M16 10a4 4 0 0 1-8 0"/'+GT),
info: icon(LT+'circle cx="12" cy="12" r="10"/'+GT+LT+'path d="M12 16v-4"/'+GT+LT+'path d="M12 8h.01"/'+GT),
briefcase: icon(LT+'rect width="20" height="14" x="2" y="7" rx="2" ry="2"/'+GT+LT+'path d="M16 21V5a2 2 0 0 0-2-2h-4a2 2 0 0 0-2 2v16"/'+GT),
book: icon(LT+'path d="M2 3h6a4 4 0 0 1 4 4v14a3 3 0 0 0-3-3H2z"/'+GT+LT+'path d="M22 3h-6a4 4 0 0 0-4 4v14a3 3 0 0 1 3-3h7z"/'+GT),
handshake: icon(LT+'path d="m11 17 2 2a1 1 0 1 0 3-3"/'+GT+LT+'path d="m14 14 2.5 2.5a1 1 0 1 0 3-3l-3.88-3.88a3 3 0 0 0-4.24 0l-.88.88a1 1 0 1 1-3-3l2.81-2.81a5.79 5.79 0 0 1 7.06-.87l.47.28a2 2 0 0 0 2 2h3a2 2 0 0 1 2 2v1a2 2 0 0 1-2 2h-3a2 2 0 0 0-2 2l-3 3"/'+GT+LT+'path d="m8 17-2 2a1 1 0 1 1-3-3l3.88-3.88a3 3 0 0 1 4.24 0l.88.88a1 1 0 1 0 3-3l-2.81-2.81a5.79 5.79 0 0 0-7.06-.87l-.47.28a2 2 0 0 1-2 2h-3a2 2 0 0 0-2 2v1a2 2 0 0 0 2 2h3a2 2 0 0 1 2 2l3 3"/'+GT),
sparkles: icon(LT+'path d="m12 3-1.912 5.813a2 2 0 0 1-1.275 1.275L3 12l5.813 1.912a2 2 0 0 1 1.275 1.275L12 21l1.912-5.813a2 2 0 0 1 1.275-1.275L21 12l-5.813-1.912a2 2 0 0 1-1.275-1.275L12 3Z"/'+GT+LT+'path d="M5 3v4"/'+GT+LT+'path d="M9 3v4"/'+GT+LT+'path d="M3 5h4"/'+GT+LT+'path d="M3 9h4"/'+GT),
X: icon(LT+'path d="M18 6 6 18"/'+GT+LT+'path d="m6 6 18 18"/'+GT)
};
// --- FULL DATA CONTENT ---
var GLOSSARY_TERMS = [
{ id: 'aigc', term: 'AI Governance Committee (AIGC)', definition: 'A centralized internal body comprising cross-functional leaders (Legal, IT, HR, Security) responsible for approving AI procurement, enforcing policy standards, and reviewing high-risk use cases.' },
{ id: 'caio', term: 'Chief AI Agent Officer (CAIO)', definition: 'A senior executive role responsible for the behavioral oversight, strategic alignment, and ethical deployment of autonomous AI agents within the workforce.' },
{ id: 'fria', term: 'Fundamental Rights Impact Assessment (FRIA)', definition: 'A mandatory evaluation under the EU AI Act for high-risk systems, designed to identify and mitigate potential negative impacts on human rights before deployment.' },
{ id: 'crypto-id', term: 'Cryptographically Identifiable', definition: 'The technical requirement that AI agents possess a verifiable digital identity (e.g., via private keys or blockchain) to distinguish non-human actions from human ones in audit logs.' },
{ id: 'shadow-ai', term: 'Shadow AI', definition: 'The use of artificial intelligence tools, apps, or models by employees without the explicit approval, knowledge, or oversight of the organization's IT and security departments.' },
{ id: 'data-class', term: 'Data Classification', definition: 'The process of organizing data into categories (e.g., Public, Internal, Confidential, Restricted) to apply appropriate security controls.' },
{ id: 'geopatriation', term: 'Geopatriation Mandate', definition: 'A data sovereignty policy requiring specific sensitive data to remain physically stored and processed within the national borders of its origin.' },
{ id: 'skill-preservation', term: 'Skill Preservation (Anti-Deskilling)', definition: 'A strategic mandate to ensure human employees maintain manual proficiency in core cognitive tasks, preventing dependency on AI automation.' },
{ id: 'article-22', term: 'Article 22 of the UK GDPR', definition: 'A regulation protecting individuals from decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects.' },
{ id: 'shadow-registry', term: 'Shadow AI Registry', definition: 'An internal governance log used to track "Shadow AI"—tools and models adopted by employees without formal IT approval.' },
{ id: 'external-advisor', term: 'External AI Advisor', definition: 'An independent third-party expert retained to provide objective oversight, conduct impartial algorithmic audits, and ensure strategic alignment with regulations.' },
{ id: 'uk-framework', term: 'UK Pro-Innovation AI Framework', definition: 'The United Kingdom’s context-specific approach to AI regulation, empowering existing sector regulators to apply cross-cutting principles.' },
{ id: 'iso-42001', term: 'ISO/IEC 42001', definition: 'The international standard for Artificial Intelligence Management Systems (AIMS), providing a certifiable framework for organizations to manage AI risks.' }
];
var SERVICES = {
external: [
{ title: "External AI Advisor", desc: "Independent auditing of high-risk systems to ensure regulatory compliance (EU AI Act, ISO 42001)." },
{ title: "Shadow AI Registry Management", desc: "Compiling and assessing the 'Amnesty List' of employee tools." },
{ title: "Red Teaming", desc: "Adversarial testing of autonomous agents." },
{ title: "Workforce Training", desc: "Delivering 'AI License' training modules." }
],
internal: [
{ title: "Final Sign-Off", desc: "The internal AIGC or CAIO must retain ultimate legal accountability." },
{ title: "Culture & Enforcement", desc: "Day-to-day policing of policy adherence." },
{ title: "Data Ownership", desc: "Custody of sensitive customer data and IP keys." },
{ title: "Operational Continuity", desc: "Ensuring business processes can function if AI systems fail." }
]
};
// --- LOGIC ---
function generatePolicy() {
var d = state.formData;
var company = d.companyName || "[Company Name]";
var date = new Date().toLocaleDateString('en-US', { year: 'numeric', month: 'long', day: 'numeric' });
var sections = [];
// Flags
var isEU = d.regions.indexOf('EU') > -1;
var isUK = d.regions.indexOf('UK') > -1;
var isChina = d.regions.indexOf('China') > -1;
var isHighRisk = d.sector === 'Healthcare' || d.sector === 'Finance' || d.sector === 'Critical Infrastructure';
var isEcommerce = d.sector === 'E-commerce';
var hasAgents = d.aiTypes.indexOf('Autonomous Agents') > -1;
var hasGenAI = d.aiTypes.indexOf('Coding Assistants') > -1 || d.aiTypes.indexOf('Chatbots') > -1;
// 1. Preamble
sections.push({
title: '1. Preamble & Strategic Intent',
content: 'This Corporate AI Policy, effective as of ' + date + ', establishes the governance framework for ' + company + ''s use of Artificial Intelligence. In alignment with the 2026 regulatory landscape, this policy balances operational velocity with strict adherence to safety, ethics, and legal compliance. It is designed to prepare ' + company + ' for ISO 42001 certification' + (isEU ? ', the EU AI Act' : '') + (isUK ? ', and the UK Pro-Innovation AI Framework' : '') + '.'
});
// 2. Governance
var govContent = 'A centralized AI Governance Committee (AIGC) is hereby established to oversee all AI procurement and deployment at ' + company + '.nn**2.1 External AI Governance Advisor:** To ensure objective oversight and alignment with rapidly evolving regulations, ' + company + ' shall retain an independent External AI Advisor. This role provides third-party auditing of high-stakes systems and strategic guidance on compliance architecture.';
if (hasAgents) {
govContent += 'nn**2.2 Chief AI Agent Officer (CAIO):** Given the deployment of autonomous agents, ' + company + ' shall appoint a CAIO responsible for the behavioral oversight and "intent alignment" of non-human actors.';
}
sections.push({ title: '2. Governance & Roles', content: govContent });
// 3. Risk
var riskContent = 'All AI systems must be categorized prior to deployment using the following tiers:nn* **Prohibited:** Social scoring systems, biometric categorization, and manipulative subliminal techniques are strictly banned.n* **Limited Risk:** Chatbots and basic automation (subject to transparency rules).';
if (isHighRisk || d.aiTypes.indexOf('Recruiting') > -1 || d.aiTypes.indexOf('Biometric ID') > -1) {
riskContent += 'n* **High Risk:** Recruitment tools, credit scoring, and critical infrastructure control systems. These require a Fundamental Rights Impact Assessment (FRIA) and Conformity Assessment prior to launch.';
}
sections.push({ title: '3. Risk Classification & Prohibitions', content: riskContent });
// 4. Human Oversight
var humanContent = '**4.1 Oversight:** High-risk outputs requires positive human affirmation before actioning.nn**4.2 Skill Preservation (Anti-Deskilling):** To prevent critical thinking atrophy, specific workflows will be designated as "Human-Only Zones." Employees must demonstrate manual proficiency in core tasks via annual "AI-free" assessments.';
sections.push({ title: '4. Human Oversight & Workforce Protection', content: humanContent });
// 5. Agents
if (hasAgents || d.agenticAuth) {
var agentContent = '**5.1 Non-Human Identity:** All autonomous agents must be cryptographically identifiable. They may not impersonate humans.nn**5.2 Intent Guardrails:** Agents are prohibited from self-defining high-level goals. All "Intent" must be defined by a human operator.';
if (d.agenticFinancial) agentContent += 'nn**5.3 Financial Authority:** Agents executing transactions are subject to a hard-coded spending limit per transaction and per day.';
if (d.aiTypes.indexOf('Coding Assistants') > -1) agentContent += 'nn**5.4 Autonomous Coding:** Agents may generate code but cannot commit to the "Main" or "Production" branch without human code review.';
sections.push({ title: '5. Agentic AI Rules of Engagement', content: agentContent });
}
// 6. Procurement
sections.push({
title: '6. Procurement & Shadow AI Protocol',
content: '**6.1 Shadow AI Amnesty & Audit:** Rather than a blanket ban, ' + company + ' implements a "Register & Review" protocol. Employees must declare all external AI tools currently in use to the AIGC via the Shadow AI Registry. nn**6.2 The AI Safe Zone:** Following the audit period, approved tools will be migrated to the corporate "AI Sandbox," which is air-gapped from production customer data.'
});
// 7. Data
var dataContent = '**7.1 Data Classification:** All inputs must be classified (Public, Internal, Confidential, Restricted).';
if (d.dataSovereignty) dataContent += 'nn**7.2 Geopatriation Mandate:** Critical data defined as "Sovereign" must be processed and stored exclusively within the physical borders of the originating jurisdiction.';
if (isUK) dataContent += 'nn**7.3 UK GDPR Alignment:** Any automated decision-making affecting UK data subjects must adhere to Article 22 of the UK GDPR, ensuring the right to human intervention and explanation.';
if (hasGenAI && (isEU || isChina)) dataContent += 'nn**7.4 Content Labeling & Watermarking:** To comply with ' + (isEU ? 'the EU AI Act' : '') + (isEU && isChina ? ' and ' : '') + (isChina ? 'CAC Regulations' : '') + ', all AI-generated output published externally must be clearly labeled as machine-generated.';
sections.push({ title: '7. Data Sovereignty & Intellectual Property', content: dataContent });
// 8. Commerce (Optional)
if (isEcommerce) {
sections.push({ title: '8. Algorithmic Fairness in Commerce', content: '**8.1 Recommender Systems:** All product recommendation engines must be audited quarterly for bias.nn**8.2 Dynamic Pricing:** The use of AI for personalized pricing is restricted. Prices must be transparent.' });
}
// 9. Sustainability
if (d.sustainability) {
sections.push({ title: (isEcommerce ? '9' : '8') + '. Environmental Sustainability', content: 'In alignment with corporate Net-Zero goals, AI inference compute must differ to energy-efficient models where possible. A "Token-per-Watt" threshold will be enforced.' });
}
state.policy = sections;
}
// --- WEBHOOK LOGIC (Playbook v10.1 - Section 10.0 Compliant) ---
function fireWebhook() {
var d = state.formData;
// Parse Name (First/Last split required by gateway schema)
var names = (d.userName || '').trim().split(' ');
var firstName = names[0] || '';
var lastName = names.slice(1).join(' ') || '';
// Construct JSON Payload (Schema: Playbook Section 10.0)
// Note: client_key and source_site are handled by the WP plugin.
// We send tool-specific fields in the payload which the gateway wraps in 'context'.
var payload = {
email: d.userEmail,
first_name: firstName,
last_name: lastName,
company: d.companyName,
// Fixed Fields for Routing
event_type: 'lead',
tool: 'ai-policy-tool',
// Custom Tool Data (Passed to Zapier in context)
sector: d.sector,
regions: d.regions.join(', '),
aiTypes: d.aiTypes.join(', '),
agenticAuth: d.agenticAuth ? 'Yes' : 'No',
agenticFinancial: d.agenticFinancial ? 'Yes' : 'No',
dataSovereignty: d.dataSovereignty ? 'Yes' : 'No',
generatedAt: new Date().toISOString()
};
console.log("Firing Webhook (JSON) to " + WEBHOOK_URL);
// Use JSON body as preferred in Playbook
fetch(WEBHOOK_URL, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(payload)
}).then(function(res) {
if(res.ok) {
state.webhookStatus = "Sent to Gateway";
} else {
state.webhookStatus = "Gateway Status: " + res.status;
}
render();
}).catch(function(e) {
console.error("Webhook Failed", e);
state.webhookStatus = "Connection Error";
render();
});
}
// --- AI SUMMARY GENERATION ---
function generateSummary() {
var d = state.formData;
var prompt = 'Write a high-level, strategic executive summary (1 paragraph) for an AI Policy for ' + d.companyName + ', operating in ' + d.regions.join(', ') + ' in the ' + d.sector + ' sector. They are deploying ' + d.aiTypes.join(', ') + '. Mention key risks and strategic value. Professional tone.';
try {
fetch(PROXY_URL, {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({ prompt: prompt, system: "You are a Chief Risk Officer." })
})
.then(function(res){ return res.json(); })
.then(function(json){
if(json.candidates) {
state.aiSummary = json.candidates[0].content.parts[0].text;
render();
}
})
.catch(function(e){ console.error(e); });
} catch(e) { console.error(e); }
}
// --- GLOBAL ACTIONS ---
window.hTool = {
setStep: function(n) { state.step = n; render(); },
setTab: function(t) { state.activeTab = t; render(); },
updateForm: function(k, v) {
state.formData[k] = v;
renderNextBtn();
},
toggle: function(k, v, isRadio) {
if(isRadio) {
if(typeof v === 'boolean') state.formData[k] = !state.formData[k];
else state.formData[k] = (state.formData[k] === v) ? '' : v;
} else {
var idx = state.formData[k].indexOf(v);
if(idx > -1) state.formData[k].splice(idx, 1);
else state.formData[k].push(v);
}
render();
renderNextBtn();
},
next: function() {
if(state.step === 4) {
generatePolicy();
fireWebhook();
generateSummary();
state.step = 5;
} else {
state.step++;
}
render();
},
copy: function() {
var t = "HOLMEGARTH POLICY for " + state.formData.companyName.toUpperCase() + "nn";
if(state.aiSummary) t += "EXECUTIVE SUMMARYn" + state.aiSummary + "nn";
state.policy.forEach(function(s){
t += s.title.toUpperCase() + "n" + s.content.replace(/]*>/g, '') + "nn";
});
var area = document.createElement("textarea");
area.value = t; area.style.position="fixed"; area.style.left="-9999px";
document.body.appendChild(area); area.select();
try { document.execCommand('copy'); alert("Policy Copied!"); } catch(e){}
document.body.removeChild(area);
}
};
function renderNextBtn() {
var btn = document.getElementById('h-next-btn');
if(!btn) return;
var valid = false;
var d = state.formData;
if(state.step === 1) valid = d.userName && d.userEmail && d.companyName;
else if(state.step === 2) valid = d.regions.length > 0 && d.sector;
else if(state.step === 3) valid = d.aiTypes.length > 0;
else if(state.step === 4) valid = true;
btn.disabled = !valid;
btn.style.opacity = valid ? '1' : '0.5';
btn.style.cursor = valid ? 'pointer' : 'not-allowed';
}
// --- RENDERERS ---
function render() {
var root = document.getElementById('app-content');
if(!root) return;
var h = '';
// STEP 0: INTRO
if (state.step === 0) {
h += LT+'div class="text-center py-16 animate-slide-up"'+GT;
h += LT+'div class="inline-block p-6 rounded-3xl bg-slate-800 text-white mb-8"'+GT + ICONS.activity + LT+'/div'+GT;
h += LT+'h1 class="text-5xl font-extrabold mb-6 text-slate-900"'+GT+'Holmegarth '+LT+'span class="text-[#a43b45]"'+GT+'AI Policy Tool'+LT+'/span'+GT+LT+'/h1'+GT;
h += LT+'p class="text-lg text-slate-600 mb-12 max-w-2xl mx-auto"'+GT+'Create a regulatory-compliant Corporate AI Policy tailored for the Agentic Era. Aligns with '+LT+'strong'+GT+'ISO 42001'+LT+'/strong'+GT+' and the '+LT+'strong'+GT+'EU AI Act'+LT+'/strong'+GT+'.'+LT+'/p'+GT;
h += LT+'button onclick="window.hTool.setStep(1)" class="bg-[#a43b45] text-white font-bold py-4 px-10 rounded-full shadow-lg hover:scale-105 transition-transform flex items-center gap-2 mx-auto"'+GT+'Start Generator '+LT+'span class="w-5 h-5"'+GT+ICONS.arrowRight+LT+'/span'+GT+LT+'/button'+GT;
h += LT+'/div'+GT;
}
// STEPS 1-4 WRAPPER
else if (state.step > 0 && state.step < 5) {
h += LT+'div class="max-w-3xl mx-auto animate-fade-in"'+GT;
h += LT+'div class="flex justify-between text-xs font-bold text-slate-400 uppercase mb-2"'+GT+LT+'span'+GT+'Step '+state.step+' of 4'+LT+'/span'+GT+LT+'/div'+GT;
h += LT+'div class="w-full bg-slate-200 rounded-full h-2 mb-8"'+GT+LT+'div class="bg-[#a43b45] h-2 rounded-full" style="width:'+((state.step/4)*100)+'%"'+GT+LT+'/div'+GT+LT+'/div'+GT;
// Content
if(state.step===1) {
h += LT+'h2 class="text-3xl font-bold mb-8 text-center"'+GT+'Organization Identity'+LT+'/h2'+GT+LT+'div class="bg-white p-8 rounded-3xl border border-slate-200 shadow-xl space-y-6"'+GT;
h += renderInput('Full Name', 'userName', ICONS.user);
h += renderInput('Work Email', 'userEmail', ICONS.mail);
h += renderInput('Company Name', 'companyName', ICONS.building);
h += LT+'/div'+GT;
} else if(state.step===2) {
h += LT+'h2 class="text-3xl font-bold mb-8"'+GT+'Operational Context'+LT+'/h2'+GT;
h += LT+'label class="block text-xs font-bold text-slate-500 uppercase mb-2"'+GT+'Jurisdictions'+LT+'/label'+GT;
h += LT+'div class="grid grid-cols-2 md:grid-cols-5 gap-3 mb-8"'+GT;
['UK','EU','US','China','Global'].forEach(function(r){ h += renderCard(r, 'regions', state.formData.regions.indexOf(r)>-1, ICONS.globe); });
h += LT+'/div'+GT+LT+'label class="block text-xs font-bold text-slate-500 uppercase mb-2"'+GT+'Primary Sector'+LT+'/label'+GT+LT+'div class="grid grid-cols-1 md:grid-cols-3 gap-3"'+GT;
['General Business','Healthcare','Finance','E-commerce','Critical Infrastructure'].forEach(function(s){ h += renderCard(s, 'sector', state.formData.sector === s, ICONS.building, true); });
h += LT+'/div'+GT;
} else if(state.step===3) {
h += LT+'h2 class="text-3xl font-bold mb-8"'+GT+'System Inventory'+LT+'/h2'+GT+LT+'div class="grid grid-cols-1 md:grid-cols-2 gap-4"'+GT;
['Chatbots','Coding Assistants','Autonomous Agents','Recruiting','Biometric ID'].forEach(function(t){ h += renderCard(t, 'aiTypes', state.formData.aiTypes.indexOf(t)>-1, ICONS.cpu); });
h += LT+'/div'+GT;
} else if(state.step===4) {
h += LT+'h2 class="text-3xl font-bold mb-8"'+GT+'Controls'+LT+'/h2'+GT;
if(state.formData.aiTypes.indexOf('Autonomous Agents') > -1 || state.formData.aiTypes.indexOf('Coding Assistants') > -1) {
h += LT+'div class="bg-pink-50 border border-pink-100 rounded-3xl p-6 shadow-sm mb-6"'+GT+LT+'h3 class="font-bold text-[#a43b45] text-lg mb-4 flex items-center gap-2"'+GT+LT+'span class="w-5 h-5"'+GT+ICONS.bot+LT+'/span'+GT+' Agent Protocols'+LT+'/h3'+GT+LT+'div class="space-y-3"'+GT;
h += LT+'label class="flex items-center gap-3 cursor-pointer"'+GT+LT+'input type="checkbox" onchange="window.hTool.toggle('agenticAuth', true, true)" '+(state.formData.agenticAuth?'checked':'')+' class="accent-[#a43b45] w-5 h-5"'+GT+' '+LT+'span class="font-medium text-slate-800"'+GT+'General Autonomy'+LT+'/span'+GT+LT+'/label'+GT;
h += LT+'label class="flex items-center gap-3 cursor-pointer"'+GT+LT+'input type="checkbox" onchange="window.hTool.toggle('agenticFinancial', true, true)" '+(state.formData.agenticFinancial?'checked':'')+' class="accent-[#a43b45] w-5 h-5"'+GT+' '+LT+'span class="font-medium text-slate-800"'+GT+'Financial Authority'+LT+'/span'+GT+LT+'/label'+GT;
h += LT+'/div'+GT+LT+'/div'+GT;
}
h += LT+'div class="grid grid-cols-1 gap-4"'+GT;
h += renderCard('Data Sovereignty', 'dataSovereignty', state.formData.dataSovereignty, ICONS.database, true);
h += renderCard('Sustainability', 'sustainability', state.formData.sustainability, ICONS.zap, true);
h += LT+'/div'+GT;
}
// Nav
h += LT+'div class="flex justify-between mt-12 pt-8 border-t border-slate-200"'+GT;
h += LT+'button onclick="window.hTool.setStep('+(state.step-1)+')" class="text-slate-500 font-bold flex items-center gap-2 hover:text-slate-800"'+GT+LT+'span class="w-4 h-4"'+GT+ICONS.arrowLeft+LT+'/span'+GT+' Back'+LT+'/button'+GT;
h += LT+'button id="h-next-btn" onclick="window.hTool.next()" class="bg-[#a43b45] text-white font-bold py-3 px-8 rounded-full shadow-lg hover:bg-pink-800 flex items-center gap-2"'+GT+(state.step===4?'Generate':'Next')+' '+LT+'span class="w-4 h-4"'+GT+ICONS.arrowRight+LT+'/span'+GT+LT+'/button'+GT;
h += LT+'/div'+GT+LT+'/div'+GT;
}
// STEP 5: RESULTS (Tabs Implementation)
else if (state.step === 5) {
h += LT+'div class="max-w-4xl mx-auto animate-fade-in"'+GT+LT+'div class="bg-slate-800 text-white p-8 rounded-t-3xl shadow-xl"'+GT+LT+'div class="flex justify-between items-end"'+GT+LT+'div'+GT+LT+'h2 class="text-3xl font-bold mb-1"'+GT+'Governance Suite'+LT+'/h2'+GT+LT+'p class="text-slate-400"'+GT+state.formData.companyName+LT+'/p'+GT+LT+'/div'+GT+LT+'div class="text-right"'+GT+LT+'div class="text-xs uppercase tracking-wider text-emerald-400 font-bold mb-1"'+GT+'Status'+LT+'/div'+GT+LT+'div class="text-xl font-bold"'+GT+'Generated'+LT+'/div'+GT+LT+'/div'+GT+LT+'/div'+GT+LT+'/div'+GT;
h += LT+'div class="bg-white border-x border-b border-slate-200 p-8 min-h-[500px]"'+GT;
// Tabs
h += LT+'div class="flex flex-wrap gap-2 mb-8 border-b border-slate-100 pb-4"'+GT;
['policy','job','services','glossary'].forEach(function(t){
var a = state.activeTab === t;
var lbl = t==='policy'?'Policy Document':(t==='job'?'Job Desc':(t==='services'?'Services':'Glossary'));
var icn = t==='policy'?ICONS.fileText:(t==='job'?ICONS.briefcase:(t==='services'?ICONS.sparkles:ICONS.book));
h += LT+'button onclick="window.hTool.setTab(''+t+'')" class="px-4 py-2 rounded-lg text-sm font-bold flex items-center gap-2 transition-colors '+(a?'bg-[#a43b45] text-white shadow-md':'text-slate-500 hover:bg-slate-100')+'"'+GT+LT+'span class="w-4 h-4"'+GT+icn+LT+'/span'+GT+' '+lbl+LT+'/button'+GT;
});
h += LT+'/div'+GT;
// Content
if(state.activeTab === 'policy') {
h += LT+'div class="space-y-8 animate-fade-in"'+GT+LT+'div class="text-center pb-6 border-b border-slate-100"'+GT+LT+'h1 class="text-3xl font-extrabold text-slate-900 uppercase tracking-tight"'+GT+state.formData.companyName+LT+'/h1'+GT+LT+'h2 class="text-lg text-slate-500 uppercase tracking-widest mt-2"'+GT+'Corporate AI Policy'+LT+'/h2'+GT+LT+'div class="flex justify-center gap-8 text-xs font-bold text-slate-400 uppercase tracking-wider mt-4"'+GT+LT+'span'+GT+'Version 2026.1'+LT+'/span'+GT+LT+'span'+GT+'•'+LT+'/span'+GT+LT+'span'+GT+'Internal'+LT+'/span'+GT+LT+'/div'+GT+LT+'/div'+GT;
if(state.aiSummary) h += LT+'div class="bg-amber-50 p-6 rounded-xl border border-amber-100 relative"'+GT+LT+'h3 class="text-xs font-bold text-amber-800 uppercase mb-2 flex items-center gap-2"'+GT+LT+'span class="w-4 h-4"'+GT+ICONS.sparkles+LT+'/span'+GT+' Executive Summary'+LT+'/h3'+GT+LT+'p class="text-slate-800 italic leading-relaxed"'+GT+'"'+state.aiSummary+'"'+LT+'/p'+GT+LT+'/div'+GT;
else h += LT+'div class="text-center text-slate-400 italic py-4 animate-pulse"'+GT+'Generating strategic summary...'+LT+'/div'+GT;
state.policy.forEach(function(s){
h += LT+'div class="group"'+GT+LT+'h3 class="text-lg font-bold text-slate-900 uppercase mb-3 flex items-center gap-3"'+GT+LT+'span class="bg-[#a43b45] w-1 h-5 rounded-full block"'+GT+LT+'/span'+GT+s.title+LT+'/h3'+GT+LT+'div class="text-slate-700 leading-relaxed whitespace-pre-wrap pl-4 border-l border-slate-100"'+GT+s.content.replace(/**(.*?)**/g, '
$1')+LT+'/div'+GT+LT+'/div'+GT;
});
h += LT+'/div'+GT;
} else if(state.activeTab === 'job') {
h += LT+'div class="animate-fade-in prose max-w-none"'+GT+LT+'div class="border-b-4 border-[#a43b45] pb-6 mb-8"'+GT+LT+'h2 class="text-3xl font-extrabold text-slate-900 uppercase"'+GT+'Job Description'+LT+'/h2'+GT+LT+'h3 class="text-xl font-bold text-[#a43b45] mt-2"'+GT+'Chief AI Agent Officer (CAIO)'+LT+'/h3'+GT+LT+'/div'+GT;
h += LT+'div class="bg-slate-50 p-6 rounded-2xl border border-slate-200 mb-8"'+GT+LT+'h4 class="font-bold text-slate-900 uppercase text-sm mb-2"'+GT+'Role Overview'+LT+'/h4'+GT+LT+'p class="text-slate-700 leading-relaxed"'+GT+'The CAIO is responsible for the strategic orchestration, ethical deployment, and operational oversight of the company's autonomous agent workforce. This executive role bridges the gap between technical capability and human intent, ensuring that all non-human actors align with corporate values and regulatory frameworks like the UK Pro-Innovation AI Framework.'+LT+'/p'+GT+LT+'/div'+GT;
h += LT+'div class="grid grid-cols-1 md:grid-cols-2 gap-8"'+GT+LT+'div'+GT+LT+'h4 class="font-bold text-slate-900 uppercase text-sm mb-4 flex items-center gap-2"'+GT+LT+'span class="w-4 h-4 text-[#a43b45]"'+GT+ICONS.shield+LT+'/span'+GT+' Key Responsibilities'+LT+'/h4'+GT+LT+'ul class="space-y-3 text-sm text-slate-700"'+GT+LT+'li'+GT+'• Orchestrate the "Intent Architecture" for all autonomous agents.'+LT+'/li'+GT+LT+'li'+GT+'• Maintain and audit the Shadow AI Registry.'+LT+'/li'+GT+LT+'li'+GT+'• Liaise with the External AI Advisor to conduct quarterly audits.'+LT+'/li'+GT+LT+'li'+GT+'• Enforce Article 22 of the UK GDPR compliance.'+LT+'/li'+GT+LT+'/ul'+GT+LT+'/div'+GT+LT+'div'+GT+LT+'h4 class="font-bold text-slate-900 uppercase text-sm mb-4 flex items-center gap-2"'+GT+LT+'span class="w-4 h-4 text-[#a43b45]"'+GT+ICONS.briefcase+LT+'/span'+GT+' Qualifications'+LT+'/h4'+GT+LT+'ul class="space-y-3 text-sm text-slate-700"'+GT+LT+'li'+GT+'• 10+ years in Technology Strategy or AI Ethics.'+LT+'/li'+GT+LT+'li'+GT+'• Deep understanding of the EU AI Act and ISO 42001.'+LT+'/li'+GT+LT+'li'+GT+'• Experience managing hybrid human-agent workflows.'+LT+'/li'+GT+LT+'/ul'+GT+LT+'/div'+GT+LT+'/div'+GT+LT+'/div'+GT;
} else if(state.activeTab === 'services') {
h += LT+'div class="animate-fade-in space-y-8"'+GT+LT+'div class="border-b-4 border-[#a43b45] pb-6"'+GT+LT+'h2 class="text-3xl font-extrabold text-slate-900 uppercase"'+GT+'Holmegarth Services'+LT+'/h2'+GT+LT+'p class="text-slate-500 mt-2"'+GT+'Strategic Division of Responsibility'+LT+'/p'+GT+LT+'/div'+GT+LT+'div class="grid grid-cols-1 md:grid-cols-2 gap-6"'+GT;
h += LT+'div class="bg-pink-50 border border-pink-100 rounded-2xl p-6"'+GT+LT+'div class="bg-[#a43b45] w-12 h-12 rounded-xl flex items-center justify-center mb-6 text-white shadow-lg"'+GT+ICONS.sparkles+LT+'/div'+GT+LT+'h3 class="text-xl font-bold text-slate-900 mb-2"'+GT+'External Support'+LT+'/h3'+GT+LT+'p class="text-sm text-[#a43b45] font-bold uppercase mb-6"'+GT+'Subcontracted Responsibilities'+LT+'/p'+GT+LT+'ul class="space-y-4"'+GT;
SERVICES.external.forEach(function(s){ h += LT+'li class="bg-white/60 p-3 rounded-lg"'+GT+LT+'h4 class="font-bold text-slate-800 text-sm"'+GT+s.title+LT+'/h4'+GT+LT+'p class="text-xs text-slate-600"'+GT+s.desc+LT+'/p'+GT+LT+'/li'+GT; });
h += LT+'/ul'+GT+LT+'/div'+GT;
h += LT+'div class="bg-white border border-slate-200 rounded-2xl p-6"'+GT+LT+'div class="bg-slate-800 w-12 h-12 rounded-xl flex items-center justify-center mb-6 text-white shadow-lg"'+GT+ICONS.building+LT+'/div'+GT+LT+'h3 class="text-xl font-bold text-slate-900 mb-2"'+GT+'Internal Governance'+LT+'/h3'+GT+LT+'p class="text-sm text-slate-500 font-bold uppercase mb-6"'+GT+'Retained Responsibilities'+LT+'/p'+GT+LT+'ul class="space-y-4"'+GT;
SERVICES.internal.forEach(function(s){ h += LT+'li class="bg-slate-50 p-3 rounded-lg"'+GT+LT+'h4 class="font-bold text-slate-800 text-sm"'+GT+s.title+LT+'/h4'+GT+LT+'p class="text-xs text-slate-600"'+GT+s.desc+LT+'/p'+GT+LT+'/li'+GT; });
h += LT+'/ul'+GT+LT+'/div'+GT+LT+'/div'+GT+LT+'/div'+GT;
} else if(state.activeTab === 'glossary') {
h += LT+'div class="animate-fade-in space-y-6"'+GT+LT+'div class="border-b-4 border-[#a43b45] pb-6"'+GT+LT+'h2 class="text-3xl font-extrabold text-slate-900 uppercase"'+GT+'Glossary'+LT+'/h2'+GT+LT+'p class="text-slate-500 mt-2"'+GT+'Key regulatory terms.'+LT+'/p'+GT+LT+'/div'+GT+LT+'div class="grid gap-4"'+GT;
GLOSSARY_TERMS.forEach(function(g){ h += LT+'div id="'+g.id+'" class="bg-white border border-slate-200 rounded-xl p-6 hover:shadow-md transition-shadow"'+GT+LT+'h3 class="text-lg font-bold text-[#a43b45] mb-2 flex items-center gap-2"'+GT+LT+'span class="w-5 h-5"'+GT+ICONS.book+LT+'/span'+GT+' '+g.term+LT+'/h3'+GT+LT+'p class="text-slate-700 text-sm leading-relaxed"'+GT+g.definition+LT+'/p'+GT+LT+'/div'+GT; });
h += LT+'/div'+GT+LT+'/div'+GT;
}
h += LT+'div class="mt-12 text-center pt-8 border-t border-slate-100"'+GT+LT+'button onclick="window.hTool.copy()" class="text-slate-500 hover:text-[#a43b45] font-bold text-sm flex items-center justify-center gap-2 mx-auto mb-2"'+GT+LT+'span class="w-4 h-4"'+GT+ICONS.copy+LT+'/span'+GT+' Copy to Clipboard'+LT+'/button'+GT+LT+'div class="text-xs text-slate-400 mt-2"'+GT+state.webhookStatus+LT+'/div'+GT+LT+'button onclick="window.hTool.setStep(0)" class="mt-4 text-xs text-slate-400 hover:text-slate-600 underline"'+GT+'Start New Assessment'+LT+'/button'+GT+LT+'/div'+GT+LT+'/div'+GT+LT+'/div'+GT;
}
root.innerHTML = h;
}
function renderInput(label, key, icon) {
return LT+'div class="relative"'+GT+LT+'label class="block text-xs font-bold text-slate-500 uppercase mb-1"'+GT+label+LT+'/label'+GT+LT+'div class="relative"'+GT+LT+'div class="absolute right-4 top-1/2 transform -translate-y-1/2 text-slate-400 w-5 h-5"'+GT+icon+LT+'/div'+GT+LT+'input type="text" value="'+state.formData[key]+'" oninput="window.hTool.updateForm(''+key+'', this.value)" class="w-full bg-slate-50 border border-slate-300 rounded-xl h-14 pl-4 pr-12 outline-none focus:border-pink-500 transition" placeholder="Enter '+label+'..."'+GT+LT+'/div'+GT+LT+'/div'+GT;
}
function renderCard(label, key, active, icon, isRadio) {
var click = "window.hTool.toggle('"+key+"', '"+label+"', "+(isRadio?'true':'false')+")";
var cls = "cursor-pointer border rounded-xl p-4 font-bold flex items-center justify-between h-card shadow-sm transition-all " + (active ? 'bg-[#a43b45] text-white border-[#a43b45]' : 'bg-white text-slate-700 border-slate-200 hover:border-pink-300');
return LT+'div onclick="'+click+'" class="'+cls+'"'+GT+LT+'div class="flex items-center gap-3"'+GT+(icon ? LT+'span class="w-5 h-5 '+(active ? 'text-white' : 'text-[#a43b45]')+'"'+GT+icon+LT+'/span'+GT : '')+LT+'span'+GT+label+LT+'/span'+GT+LT+'/div'+GT+(active ? LT+'span class="w-5 h-5 bg-white/20 rounded-full p-0.5"'+GT+ICONS.check+LT+'/span'+GT : '')+LT+'/div'+GT;
}
// Start
var interval = setInterval(function() {
var root = document.getElementById('app-content');
if(root) { clearInterval(interval); render(); }
}, 100);
})();
