⚙️ build-legal

Build a GDPR-compliant legal contract review system with clause extraction, risk scoring, compliance reports, and human approval for high-risk decisions

v1.0 Iteration 1 2026-04-17T10:51:34.341849 legal domain
4
Agents
pipeline
Pattern
crewai
Framework
$0.1940
Cost / Request
95%
Security Score
Human-in-Loop
Architecture
Agents
Security
Cost Analysis
Decisions
Compliance
graph TD INPUT(["User Input"]) orchestrator{"⚙ orchestrator"} INPUT --> orchestrator doc_analyzer["doc_analyzer"] orchestrator --> doc_analyzer risk_evaluator["risk_evaluator"] orchestrator --> risk_evaluator guardian[/"🛡 guardian"/] INPUT -.->|filter| guardian guardian -.-> orchestrator OUTPUT(["Response"]) orchestrator --> OUTPUT style INPUT fill:#1f6feb,stroke:#58a6ff,color:#fff style OUTPUT fill:#1f6feb,stroke:#58a6ff,color:#fff style orchestrator fill:#d29922,stroke:#e3b341,color:#000 style guardian fill:#f85149,stroke:#f85149,color:#fff

Architecture Summary

System Typepipeline
Patternpipeline
Frameworkcrewai
Scalemedium
Autonomy LevelL3
InfrastructureVector DB: pinecone | Graph DB: neo4j | Queue: redis | Observability: langfuse

orchestrator orchestrator

RolePlan decomposition, task routing, result synthesis
Modelclaude-opus-4-6
Reasoningreact
HITLpre-action
Token Budget2,000
MemoryShort-term
Input Guardsinjection_detection, encoding_detection
Output Guardsschema_validation
Metricsrouting_accuracy: 0.95, recovery_rate: 0.8

doc_analyzer specialist

RoleExtract clauses, obligations, and terms from legal documents
Modelclaude-sonnet-4-6
Reasoningreact
HITLnone
Token Budget4,000
MemoryShort-term, GraphRAG
Input GuardsNone
Output Guardsschema_validation, confidence_threshold
Metricsextraction_accuracy: 0.92

risk_evaluator specialist

RoleScore and categorize contractual risks by severity
Modelclaude-sonnet-4-6
Reasoningreflection
HITLpost-action
Token Budget3,000
MemoryShort-term, GraphRAG
Input GuardsNone
Output Guardsschema_validation
Metricsrisk_classification_accuracy: 0.9

guardian guardian

RoleInput/output safety filtering, PII detection, compliance checks
Modelclaude-haiku-4-5
Reasoningreact
HITLnone
Token Budget500
MemoryShort-term
Input Guardsinjection_detection, encoding_detection, pii_detection
Output Guardspii_masking, content_filter
Metricsdetection_rate: 0.99, false_positive_rate: 0.05

Security Score

95

80/84 checks passed

Findings by Category

Security Findings

StatusCategoryAgentCheckDetail
ATK-1doc_analyzersystem_prompt_isolationAgent 'doc_analyzer' missing input injection detection
ATK-1doc_analyzerinput_sanitizationAgent 'doc_analyzer' missing input injection detection
ATK-1doc_analyzerinstruction_hierarchyConsider HITL for sensitive operations
ATK-1risk_evaluatorsystem_prompt_isolationAgent 'risk_evaluator' missing input injection detection
ATK-1risk_evaluatorinput_sanitizationAgent 'risk_evaluator' missing input injection detection
ATK-1guardianinstruction_hierarchyConsider HITL for sensitive operations
ATK-2doc_analyzerrole_boundary_enforcementConsider HITL for sensitive operations
ATK-2doc_analyzermulti_turn_trackingConsider HITL for sensitive operations
ATK-2guardianrole_boundary_enforcementConsider HITL for sensitive operations
ATK-2guardianmulti_turn_trackingConsider HITL for sensitive operations
ATK-3orchestratorsystem_prompt_protectionEnsure system prompts are not exposed in tool outputs
ATK-3doc_analyzersystem_prompt_protectionEnsure system prompts are not exposed in tool outputs
ATK-3doc_analyzerrag_access_controlRAG enabled — ensure access control on retrieval
ATK-3risk_evaluatorsystem_prompt_protectionEnsure system prompts are not exposed in tool outputs
ATK-3risk_evaluatorrag_access_controlRAG enabled — ensure access control on retrieval
ATK-3guardiansystem_prompt_protectionEnsure system prompts are not exposed in tool outputs
ATK-4doc_analyzerinter_agent_authVerify agent-to-agent auth at framework level
ATK-4doc_analyzermessage_validationAdd input validation for inter-agent messages
ATK-4doc_analyzerprivilege_boundariesAdd input validation for inter-agent messages
ATK-4risk_evaluatorinter_agent_authVerify agent-to-agent auth at framework level
ATK-4risk_evaluatormessage_validationAdd input validation for inter-agent messages
ATK-4risk_evaluatorprivilege_boundariesAdd input validation for inter-agent messages
ATK-4guardianinter_agent_authVerify agent-to-agent auth at framework level
ATK-6orchestratorrecursion_depth_limitsRecursion limits should be configured at framework level
ATK-6doc_analyzerrecursion_depth_limitsRecursion limits should be configured at framework level
ATK-6risk_evaluatorrecursion_depth_limitsRecursion limits should be configured at framework level
ATK-6guardianrecursion_depth_limitsRecursion limits should be configured at framework level
ATK-7orchestratorpii_detectionAgent 'orchestrator' has no PII detection on input
ATK-7orchestratorcontext_isolationVerify context isolation between users at runtime
ATK-7doc_analyzerpii_detectionAgent 'doc_analyzer' has no PII detection on input
ATK-7doc_analyzercontext_isolationVerify context isolation between users at runtime
ATK-7risk_evaluatorpii_detectionAgent 'risk_evaluator' has no PII detection on input
ATK-7risk_evaluatorcontext_isolationVerify context isolation between users at runtime
ATK-7guardiancontext_isolationVerify context isolation between users at runtime

Cost per Agent (per request)

Monthly Projection (10K requests)

LLM Cost$1940.00
Infrastructure$200
Total$2140.00/mo

Optimization Tips

✓ No obvious optimizations needed

D1-Purpose: System type: pipeline

Based on 2 detected responsibilities and deterministic nature.

Alternatives: single-agent, multi-agent, complex-system

D2-Architecture: Pattern: pipeline

2-3 sequential responsibilities with clear data handoffs. Pipeline is simplest.

GDPR

RequirementComponentStatus
Art. 13-14 Transparencyguardrails.output → explainabilityReview
Art. 15 Right of accessaudit_trail → loggingConfigured
Art. 17 Right to erasurememory → deletion endpointReview
Art. 25 Data protection by designguardrails.input → pii_detectionConfigured
Art. 35 DPIAblueprint.decisionsReview
Generated by CLean-agents v1.0 · 4 agents · legal domain · 2 design decisions