Active compliance build

Horizon Scanning

A banking compliance workflow for daily regulatory monitoring. It turns incoming regulatory and compliance items into source-grounded summaries, AI-proposed ratings, human review decisions, and an evidence trail that can be inspected later.

Read the project notes Back to work

What It Does

A regulatory-change queue with review built in.

The project is meant to reduce the grind of horizon scanning without pretending that a model has the final compliance judgment. It gives the user better inputs, clearer queues, and a record of what happened.

Regulatory signal intake

The system ingests regulatory and compliance updates from structured sources such as RSS feeds and agency APIs, plus agentic web-search briefs for items that ordinary feeds miss.

AI proposals, not final answers

Claude summarizes, classifies, extracts fields, and proposes Action, Impact, and Confidence ratings. The rating is a draft decision surface; the user confirms or overrides it.

Topic and deadline structure

Articles are deduplicated, embedded, clustered into Topics, and tied to deadlines where applicable so the work becomes a review queue instead of a pile of links.

Workflow

The workflow separates intake, model work, and human decisioning.

The repo is structured around the question a reviewer would ask: where did the item come from, what did the model propose, what did the person decide, and what record proves it?

Ingest from structured and agentic paths

Path A pulls from RSS, Federal Register, Regulations.gov, Congress.gov, and HTML scrape sources. Path B uses Claude web search through configured Search Briefs, then verifies returned source quotes before accepting candidates.

Keep and flag before review

A BSA/AML and sanctions relevance gate marks items as relevant or not relevant without silently deleting the corpus. That keeps future phase expansion possible and makes the filter version visible.

Embed, deduplicate, and cluster

OpenAI embeddings and pgvector support duplicate detection and topic matching. Topic clustering gives related articles a durable place to land instead of treating every item as a one-off.

Summarize, classify, extract, and rate

The review pipeline creates source-quoted bullets, document-type classification, type-specific structured fields, and an AI rating grounded in the Bank Profile.

Human confirmation creates the decision

AI proposals and user ratings live in separate tables. A user confirmation or override writes its own record and audit event, so the final decision is distinct from the model's suggestion.

Controls

The useful part is not only the AI output. It is the control surface around it.

A compliance-facing AI system has to be reviewable. The design keeps the source, model output, user action, and operational trail separate enough to inspect.

Source-grounded summaries

Summary bullets carry verbatim source quotes and offsets into the source text. That is the guardrail against impressive but uninspectable regulatory summaries.

Separation of proposal and decision

AI ratings are stored separately from user ratings. The model can recommend; the user confirms, overrides, or dismisses before the result carries weight.

Audit and operational records

The repo includes audit logs for state changes, prompt-version discipline, cron-run records, error logs, and structural tests that check security and review invariants.

Technology

The stack tells the product story.

These pages are not replacing the private repositories. They summarize what a reviewer would see there: the architecture choices, evidence surfaces, tests, and boundaries behind the build.

Application and data

Next.js 16 App Router, React 19, strict TypeScript, Tailwind CSS v4
Clerk authentication and protected app routes
Supabase Postgres with pgvector for embeddings and topic matching
RLS enabled across the database with service-role use reserved for server-side jobs

AI and automation

Claude CLI review pipeline using structured outputs
Claude web-search briefs for agentic ingestion
OpenAI text embeddings for similarity and clustering
Mock LLM mode for deterministic development and tests

Delivery and verification

Vercel app hosting and cron endpoints
Local launchd jobs for Claude-powered review and agentic search
Vitest, Playwright, meta-tests, lint, typecheck, and production build gates
GitHub Actions with a branch-protected promotion path

Review artifacts

README, SPEC, ARCHITECTURE, BUILD_PLAN, SECURITY, TESTING, and RUNBOOK docs
Security, accessibility, audit-trail, vector-search, and adversarial review notes
Gold-set and evaluation documents for rating quality
Tech-debt and remediation plans that name deferred work instead of hiding it

Repository Signals

What the repository contains.

For now, the repositories stay private while the public site explains the work. These notes summarize the files, routes, docs, checks, and review artifacts without exposing private configuration, credentials, or organization-specific data.

The repository shows an active build, not a static concept deck: migrations, source configs, review scripts, scheduled jobs, test suites, and live app routes are all present.

The strongest signal is the control pattern: source quotes, prompt versions, separate AI/user decisions, audit logs, RLS, cron authorization, and safe external-link handling.

The project is deliberately phased. Phase 1 focuses on BSA/AML and sanctions for US banks, while the schema and taxonomy are shaped so broader banking-regulatory coverage can be added later.

The repo also shows the apprenticeship pattern: reviews, findings, remediation notes, and follow-up checks are preserved as evidence of how the system is being improved.