Initial deploy

.dockerignore

@@ -0,0 +1,7 @@
+__pycache__/
+*.pyc
+.env
+.git/
+.ipynb_checkpoints/
+venv/
+.vscode/

.gitattributes

@@ -0,0 +1,2 @@
+*.sqlite3 filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1,57 @@
+# --- Security (CRITICAL) ---
+.env
+.env.local
+secrets.json
+
+# --- Python ---
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# --- Virtual Environments ---
+venv/
+env/
+ENV/
+.venv/
+
+# --- Database & RAG (Generated at runtime) ---
+database/*.db
+rag/vectorstore/
+rag/indexes/
+
+# --- IDE Settings (VS Code, PyCharm, etc.) ---
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# --- OS Generated Files ---
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# --- Logs ---
+*.log

Dockerfile

@@ -0,0 +1,37 @@
+# 1. Base image
+FROM python:3.11-slim
+
+# 2. Env vars
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    HOME=/home/user \
+    PATH=/home/user/.local/bin:$PATH
+
+# 3. Create user
+RUN useradd -m -u 1000 user
+
+# 4. Workdir
+WORKDIR $HOME/app
+
+# 5. Dependencies
+COPY --chown=user requirements.txt .
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
+
+# 6. Copy files
+COPY --chown=user . .
+
+# 7. PRE-BUILD LOCAL DATABASES ONLY
+# 🛑 CHANGED: We removed 'rag/ingest_policies.py' from here.
+# It will run automatically when app.py starts.
+RUN python database/create_internal_db.py && \
+    python database/create_government_db.py
+
+# 8. Switch user
+USER user
+
+# 9. Port
+EXPOSE 7860
+
+# 10. Start
+CMD ["python", "app.py"]

GenAI_Loan_Advisor

@@ -0,0 +1 @@
+Subproject commit 86dfcc9e285ba5de2fe485cc370312555836630b

README.md

@@ -0,0 +1,77 @@
+# 🏦 GenAI Loan Advisor
+
+A robust Multi-Agent System built with **CrewAI** and **Mistral** that automates the bank loan underwriting process. This system executes a strict sequential pipeline to retrieve customer data, consult internal policy documents (RAG), and determine risk levels with zero human intervention.
+
+## 🏗️ Architecture: The "Plan & Execute" Model
+
+To prevent "infinite thinking loops" common in pure hierarchical systems, this project splits the workflow into two distinct phases:
+
+
+USER QUERY: "Can Andy get a loan?"
+                │
+                ▼
+┌───────────────────────────────────────┐
+│  PHASE 1: THE BRAIN (Strategy)        │
+│  Agent: Senior Context Analyst        │
+│  "I see a loan request. I will        │
+│   activate the Application Pipeline." │
+└───────────────┬───────────────────────┘
+                │ Pass JSON Plan
+                ▼
+┌───────────────────────────────────────┐
+│  PHASE 2: THE MUSCLE (Execution)      │
+│  (Strict Sequential Assembly Line)    │
+│                                       │
+│  1. DATA AGENT ──▶ Fetches PII & Score│
+│     (Output: Score 780, Good Status)  │
+│                                       │
+│  2. RAG AGENT ──▶ Checks Policy       │
+│     (Output: "750+ is Low Risk")      │
+│                                       │
+│  3. JUDGE AGENT ──▶ Makes Decision    │
+│     (Output: "Approved @ 3.175%")     │
+│                                       │
+│  4. RESOLUTION AGENT ──▶ Final Report │
+└───────────────────────────────────────┘
+
+
+Key Features
+Smart Orchestration: The "Strategy Agent" acts as a Manager effectively by deciding the intent before the crew starts, eliminating the risk of the AI getting confused during execution.
+
+Whole-Sheet RAG: Implements a specialized 1500-character chunking strategy to preserve entire "Risk Matrix" tables from PDF policies, preventing the AI from seeing fragmented data.
+
+Hallucination Guardrails: The Data Agent is strictly bound to real customer lookups, preventing the invention of fake customers (like "John Doe").
+
+Professional Reporting: The Resolution Agent ensures the final output is a clean, client-facing communication.
+
+
+Project Structure
+
+
+Quick Start
+1. Environment Setup
+Create a .env file in the root:
+
+MISTRAL_API_KEY=your_api_key_here
+CODE=Access_code
+
+3. Ingest Policy Documents
+
+Crucial Step: Run this once to build the Vector Database.
+python rag/ingest_policies.py
+
+4. Installation
+pip install -r requirements.txt
+python app.py
+
+
+Sample Interaction
+User: "Can Andy get a loan?"
+
+System Logs:
+
+Context Analyst: Intent detected: Loan Application. Data Agent: Successfully retrieved Customer ID 9982 (Andy). Score: 780. RAG Agent: Found rule: "Credit Score 750-850 = Low Risk". Underwriter: Mapping "Low Risk" to Interest Rate Table -> 3.175%.
+
+Final Output:
+
+"We are pleased to inform you that Andy's loan application has been APPROVED. Based on a credit score of 780, he qualifies for our Low Risk tier with an interest rate of 3.175%."

app.py

@@ -0,0 +1,74 @@
+# app.py
+
+import os
+import subprocess
+import logging
+import traceback
+from flask import Flask, render_template, request, jsonify
+from dotenv import load_dotenv  # <--- Make sure python-dotenv is in requirements.txt
+
+# Load environment variables
+load_dotenv()
+
+from crew.agents.loan_officer_agent import LoanOfficerSupervisor
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+app = Flask(__name__)
+
+# --- CONFIGURATION ---
+REQUIRED_CODE = os.getenv("CODE") 
+
+@app.route('/')
+def home():
+    return render_template('index.html')
+
+@app.route('/ask', methods=['POST'])
+def ask():
+    try:
+        data = request.json
+        user_query = data.get('query')
+        user_code = data.get('code') # <--- Get the password from the frontend
+
+        # --- SECURITY CHECK ---
+        if user_code != REQUIRED_CODE:
+            logger.warning(f"⛔ Access Denied. Wrong code: {user_code}")
+            return jsonify({
+                "status": "error",
+                "message": "⛔ Access Denied: Incorrect Access Code."
+            }), 401
+        # ----------------------
+
+        if not user_query:
+            return jsonify({"error": "Query cannot be empty"}), 400
+
+        # Initialize and run the supervisor
+        supervisor = LoanOfficerSupervisor()
+        result = supervisor.run(user_query)
+
+        # Return the result directly because it already contains {"status": "success", "data": {...}}
+        return jsonify(result)
+
+    except Exception as e:
+        logger.error(f"Server Error: {str(e)}")
+        traceback.print_exc()
+        return jsonify({
+            "status": "error", 
+            "message": str(e)
+        }), 500
+
+if __name__ == '__main__':
+    # Auto-ingestion logic for Docker
+    if not os.path.exists("rag/vectorstore"):
+        logger.info("⚠️ Vectorstore not found. Attempting to ingest policies...")
+        if os.getenv("MISTRAL_API_KEY"):
+            try:
+                subprocess.run(["python", "rag/ingest_policies.py"], check=True)
+                logger.info("✅ Ingestion complete.")
+            except Exception as e:
+                logger.error(f"❌ Ingestion failed: {e}")
+        else:
+            logger.error("❌ Error: MISTRAL_API_KEY is missing.")
+
+    app.run(debug=True, host='0.0.0.0', port=7860)

crew/agents/context_agent.py

@@ -0,0 +1,47 @@
+from crewai import Agent
+from crew.tasks.context_tasks import create_context_analysis_task 
+
+
+"""
+The Context Analyst
+Take in raw user text and classifies it into a structuctred JSON intent.
+There are 4 differeant intent (General Questions, Policy Question, Customer Info, Loan Reuqest).
+He help loan officer agent (Manager) understand the context of the query
+To prevent hallucination, we have set up the prompt in the way that this agent does not have access to DB and Rag vector DB
+"""
+
+
+class ContextAnalystAgent:
+    def __init__(self, llm):
+        self.agent = Agent(
+            role="Senior Context Analyst",
+            goal="Classify user queries into exactly one of 4 intent categories.",
+            
+            backstory=(
+                "You are the **Executive Assitant** for the Chief Loan Officer (Orchestrator).\n"
+                "**YOUR JOB**: You sit in the front office. You read the incoming message, understand the context, "
+                "and type up a clean, structured 'One-Page Briefing' (JSON) for the Chief Loan Officer (Orchestrator).\n\n"
+                
+                "### HARDWARE LIMITATIONS (CRITICAL):\n"
+                "1. **NO DATABASE ACCESS**: You physically cannot see the customer database.\n"
+                "2. **NO POLICY ACCESS**: You do not have the policy manual PDF.\n"
+                "3. **TEXT ONLY**: You operate in a sealed room. You only see the text slip passed under the door.\n\n"
+       
+                
+                "### YOUR CLASSIFICATION PROTOCOL:\n"
+                "You must map every query to one of these 4 intents based on the text *alone*:\n"
+                "1. **General Chat** (No Action)\n"
+                "2. **Policy Question** (Needs Rules, No Name)\n"
+                "3. **Customer Info** (Needs Name, No Rules)\n"
+                "4. **Loan Request** (Needs Name + Rules)\n\n"
+                
+                "**OUTPUT**: Return strict JSON. Do not write memos."
+            ),
+            llm=llm,
+            verbose=True,
+            allow_delegation=False,  
+            max_iter=2 
+        )
+
+    def get_task(self, query):
+        return create_context_analysis_task(self.agent, query)

crew/agents/data_access_agent.py

@@ -0,0 +1,123 @@
+from dotenv import load_dotenv
+from crewai import Agent
+from crewai.tools import BaseTool
+
+from crew.tasks.data_access_tasks import create_data_collection_task
+
+from crew.tools.internal_db_tools import (
+    get_customer_details, get_credit_score,
+    get_account_status, get_customer_id_by_name,
+)
+from crew.tools.government_db_tools import get_pr_status
+
+load_dotenv()
+
+"""
+Tool wrapper
+These classes wrap logic in try-except so that if tool fails,
+it return a string error message instead of crashing the entire agent loop
+"""
+
+class GetCustomerIdByNameTool(BaseTool):
+    name: str = "get_customer_id_by_name"
+    description: str = (
+        "Search for a customer's unique ID using their full name. "
+        "Useful for converting a name into an ID. "
+        "Returns the ID string if found, or 'None' if not found."
+    )
+    def _run(self, name: str):
+        try:
+            # strip away whitespaces
+            clean_name = name.strip() 
+            result = get_customer_id_by_name(name=clean_name)
+            return result if result else "None"
+        except Exception as e:
+            return f"Error querying ID: {str(e)}"
+
+class GetCustomerDetailsTool(BaseTool):
+    name: str = "get_customer_details"
+    description: str = "Fetch a customer's profile (email, nationality) using their customer_id."
+    def _run(self, customer_id: str):
+        try:
+            return get_customer_details(customer_id=customer_id)
+        except Exception as e:
+            return f"Error fetching details: {str(e)}"
+
+class GetCreditScoreTool(BaseTool):
+    name: str = "get_credit_score"
+    description: str = "Retrieve the numeric credit score (300-850) using a customer_id."
+    def _run(self, customer_id: str):
+        try:
+            return get_credit_score(customer_id=customer_id)
+        except Exception as e:
+            return f"Error fetching score: {str(e)}"
+
+class GetAccountStatusTool(BaseTool):
+    name: str = "get_account_status"
+    description: str = "Check if the account is Active, Closed, or Delinquent using a customer_id."
+    def _run(self, customer_id: str):
+        try:
+            return get_account_status(customer_id=customer_id)
+        except Exception as e:
+            return f"Error fetching status: {str(e)}"
+
+class GetPRStatusTool(BaseTool):
+    name: str = "get_pr_status"
+    description: str = "Check government PR/Residency status using a customer_id."
+    def _run(self, customer_id: str):
+        try:
+            return get_pr_status(customer_id=customer_id)
+        except Exception as e:
+            return f"Error fetching PR status: {str(e)}"
+
+
+"""
+Database Agent
+Simulate a 'microservice' environment where data have to be fetch from different API endpoint
+Identity service (Look up customer ID using name as user will hardly provide customer id in their query)
+Profile service (Look for customer detail)
+Credit service (Credit score)
+Gov Service (PR status)
+
+Force the database agent to return in JSON format in a form of report
+
+There are a chain of thought portion to ensure that database agent only query from the internal and government database
+"""
+
+class DataAccessAgent:
+    def __init__(self, llm):
+        self.agent = Agent(
+            role="Senior Data Investigator",
+            goal="Orchestrate multiple API calls to build a complete customer profile.",
+            
+            backstory=(
+                "You are the **Senior Data Investigator**.\n"
+                "You operate in a **Microservices Environment**. Data is fragmented across different systems.\n"
+                "**YOUR JOB**: You are the 'Aggregator'. You must chain API calls together to build a full picture.\n\n"
+                "**Policy search is NOT YOUR JOB**: Do not try to access database if it is a policy related question\n\n"
+                
+                "### YOUR API PROTOCOL (CHAIN OF THOUGHT):\n"
+                "1. **Step 1 (The Key)**: Always start by calling `get_customer_id_by_name`. You cannot do anything without the ID.\n"
+                "   - If ID is 'None', STOP immediately. Do not call other tools.\n"
+                "2. **Step 2 (The loop)**: Once you have the `customer_id`, you must call the other 4 endpoints individually:\n"
+                "   - `get_customer_details` (Email, Nationality)\n"
+                "   - `get_credit_score` (Financial Health)\n"
+                "   - `get_account_status` (Bank Standing)\n"
+                "   - `get_pr_status` (Government Verification)\n"
+                "3. **Step 3 (The Report)**: Consolidate all 5 results into one JSON."
+            ),
+            llm=llm,
+            verbose=True,
+            max_iter=10, 
+            tools=[
+                GetCustomerIdByNameTool(), 
+                GetCustomerDetailsTool(), 
+                GetCreditScoreTool(), 
+                GetAccountStatusTool(), 
+                GetPRStatusTool()
+            ],
+            allow_delegation=False
+        )
+
+    def get_task(self, query):
+        return create_data_collection_task(self.agent, query)

crew/agents/loan_officer_agent.py

@@ -0,0 +1,219 @@
+import os
+import json
+import logging
+import re
+from dotenv import load_dotenv
+from crewai import Agent, Crew, Process, LLM
+
+# Import Specialized Agents
+from crew.agents.context_agent import ContextAnalystAgent
+from crew.agents.data_access_agent import DataAccessAgent
+from crew.agents.rag_agent import RAGAgent, sanitize_query
+from crew.agents.resolution_agent import ResolutionAgent
+from crew.agents.underwriter_agent import UnderwriterAgent
+
+
+logger = logging.getLogger(__name__)
+load_dotenv()
+
+
+"""
+JSON Extraction.
+LLM often wrap JSON in markdown or add conversational filler.
+THis function uses Regex to find the curly braces {} and parse that portion
+"""
+def clean_and_extract_json(text):
+    if not text: return None
+    try:
+        # Remove markdown fences and whitespace
+        text_str = str(text)
+        text_str = re.sub(r'```json\s*', '', text_str, flags=re.IGNORECASE)
+        text_str = re.sub(r'```', '', text_str)
+        text_str = text_str.strip()
+        
+        # Try finding the first '{' and last '}' to isolate JSON
+        match = re.search(r'\{.*\}', text_str, re.DOTALL)
+        if match:
+            return json.loads(match.group())
+        else:
+            # Fallback: maybe the whole string is JSON?
+            return json.loads(text_str)
+    except Exception as e:
+        logger.warning(f"JSON Clean/Parse failed: {e}")
+        return None
+
+
+
+"""
+The 'Conductor' of the AI Orchestra.
+    
+RESPONSIBILITY:
+1. Instantiates all agents (Workers).
+2. Defines the 'Manager Agent' (The Hierarchical Boss).
+3. Wraps them into a CrewAI 'Crew'.
+4. Handles the input/output plumbing (sanitizing queries, formatting final JSON).
+"""
+class LoanOfficerSupervisor:
+    def __init__(self):
+        logger.info("Initializing Autonomous Loan Crew")
+
+        # Mistral LLM instance for all agents
+        self.llm = LLM(
+            model="mistral/mistral-small-latest",
+            api_key=os.getenv("MISTRAL_API_KEY"),
+            temperature=0
+        )
+        
+
+
+    def get_rag_task(self, query: str, rag_agent):
+        clean_query = sanitize_query(query)
+        return rag_agent.get_task(clean_query)
+
+
+    def run(self, query: str):
+        logger.info(f"Starting Run for query: {query}")
+
+        # Return Formatted Data
+        def safe_output(task):
+            return str(task.output.raw) if task and task.output else "Step Skipped by Manager"
+
+        # INSTANTIATE AGENTS 
+        analyst_worker = ContextAnalystAgent(llm=self.llm) 
+        data_worker = DataAccessAgent(llm=self.llm)
+        rag_worker = RAGAgent(llm=self.llm)
+        judge_worker = UnderwriterAgent(llm=self.llm)
+        res_worker = ResolutionAgent(llm=self.llm)
+
+        # DEFINE MANAGER
+        manager_agent = Agent(
+            role="Chief Loan Officer (Orchestrator)",
+            goal=f"Coordinate the team to resolve: {query}",
+            backstory=(
+                "You are the Chief Loan Officer. You run the department.\n"
+                "**Your superpower is DELEGATION based on INTELLIGENCE.**\n\n"
+
+                "### 🛑 CRITICAL TOOL RULES (PREVENT CRASHES):\n"
+                "1. When delegating, the 'task' and 'context' arguments must be SIMPLE STRINGS.\n"
+                "2. ❌ WRONG: {'task': {'description': 'Get the credit score'}}\n"
+                "3. ✅ CORRECT: {'task': 'Get the credit score'}\n"
+                "4. NEVER wrap text in a dictionary labeled 'description'.\n\n"
+
+                "### TEAM ROSTER (Exact Names for Delegation):\n"
+                "1. **Senior Context Analyst**: First call. Reads the query and outputs a JSON briefing.\n"
+                "2. **Senior Data Investigator**: Only if `requires_database = true`. Fetches Credit Score, Nationality, PR Status, Account Status.\n"
+                "3. **Bank Policy Researcher**: Only if `requires_policy = true`. Fetches generic rules like Interest Rates, Loan Limits. "
+                "⚠️ NEVER give customer names, IDs, or emails to this agent. Only sanitized attributes (e.g., 'Credit Score: 720, Status: Active').\n"
+                "4. **Senior Credit Underwriter**: After Data/Policy evidence, evaluates Risk Classification & Interest Rate.\n"
+                "5. **Internal Operations Communicator**: Last step. Writes final report.\n\n"
+
+                "### DELEGATION LOGIC:\n"
+                "STEP 1: Ask Senior Context Analyst for the 'Intelligence Briefing'.\n"
+                "  - If intent is General Chat: delegate only to Internal Operations Communicator.\n"
+                "STEP 2: If strictly `requires_database = true`, delegate to Senior Data Investigator with only customer identifiers needed (IDs allowed here, not names in policy queries).\n"
+                "STEP 3: If strictly `requires_policy = true`, delegate to Bank Policy Researcher. Do not find a subsitute co worker\n"
+                "  - ⚠️ ALWAYS sanitize customer-specific info: replace names/emails/IDs/Nationality with generic attributes before delegating.\n"
+                "  - Example: 'What is the interest rate for Credit Score 720 and Active Status?'\n"
+                "STEP 4: Delegate to Senior Credit Underwriter if intent is loan recommendation. If not, please skip and go directly to next step.\n"
+                "STEP 5: Internal Operations Communicator writes final report. No delegation needed.\n\n"
+
+                "### FAIL-SAFES:\n"
+                "- If an agent tries to provide info outside their scope, STOP and redirect back to you.\n"
+                "- Do NOT allow hallucination. Never invent policy data or personal data.\n"
+                "- Validate JSON output from each agent before using in next step.\n"
+
+                "### FINAL ANSWER PROTOCOL:\n"
+                "1. If an agent returns a complete answer resolving the query, do not delegate again.\n"
+                "2. Take that information and provide it as Final Answer immediately.\n"
+                "3. Never ask Policy Researcher to verify or communicate—they only fetch facts."
+            ),
+            llm=self.llm,
+            allow_delegation=True,
+            verbose=True
+        )
+
+        # 3. Define Tasks using the fresh instances
+        t1_strategy = analyst_worker.get_task(query)
+        t2_data = data_worker.get_task(query)
+
+        t3_rag = rag_worker.get_policy_search_task(query)
+        # Pass Policy and customer data to judge/underwriter
+        t4_judge = judge_worker.get_task([t2_data, t3_rag])
+
+        #Pass in query and underwriter reponse to resolution agent
+        t5_resolution = res_worker.get_task(query, [t4_judge])
+
+        # Define name for all agents
+        analyst_worker.agent.role = "Senior Context Analyst"
+        data_worker.agent.role = "Senior Data Investigator"
+        rag_worker.agent.role = "Bank Policy Researcher"
+        judge_worker.agent.role = "Senior Credit Underwriter"
+        res_worker.agent.role = "Internal Operations Communicator"
+
+        # CREATE THE CREW
+        loan_crew = Crew(
+            agents=[
+                analyst_worker.agent, 
+                data_worker.agent,
+                rag_worker.agent, 
+                judge_worker.agent,      
+                res_worker.agent
+            ],
+            tasks=[t1_strategy, t2_data, t3_rag, t4_judge, t5_resolution],
+            process=Process.hierarchical,
+            manager_agent=manager_agent,
+            # removed step_callback
+            verbose=True
+        )
+
+        # Execution
+        loan_crew.kickoff()
+        
+        
+
+        plan_data = clean_and_extract_json(t1_strategy.output.raw)
+
+        is_policy_question = plan_data.get("intent") == "Policy Question" and plan_data.get("requires_policy", False)
+
+        # # Rule base decision making to decide if its policy question or not
+        # if is_policy_question:
+        #     # Only get descriptive policy, no decision
+        #     t3_rag = rag_worker.get_summary_search_task(query)  
+        # else:
+        #     # Decision-oriented workflow
+        #     t3_rag = rag_worker.get_policy_search_task(query)
+
+        
+        if not plan_data:
+            # Fallback if Context agent fails
+            plan_data = {
+                "requires_database": False, 
+                "requires_policy": False, 
+                "topic": "Unknown"
+            }
+
+        policy_data = clean_and_extract_json(t3_rag.output.raw)
+        if not policy_data: 
+            policy_data = safe_output(t3_rag) # Fallback to raw text
+
+        # Customer Data
+        cust_data = clean_and_extract_json(t2_data.output.raw)
+        if not cust_data: 
+            cust_data = safe_output(t2_data) # Fallback to raw text
+
+        # Final Report would be response from resolution agent after it sanitize the underwriter report
+        final_report_task = t5_resolution
+        if final_report_task and final_report_task.output:
+            final_report = str(final_report_task.output.raw)
+        else:
+            final_report = "Final report not generated."
+
+        return {
+            "status": "success",
+            "data": {
+                "plan":                 plan_data,
+                "customer_data":        cust_data,
+                "policy_data":          policy_data,
+                "final_recommendation": final_report 
+            }
+        }

crew/agents/rag_agent.py

@@ -0,0 +1,217 @@
+import os
+import logging
+import re
+from typing import Any, Type
+from dotenv import load_dotenv
+
+# Vector DB
+from langchain_community.vectorstores.faiss import FAISS
+from langchain_mistralai import MistralAIEmbeddings
+
+from crewai import Agent
+from crewai.tools import BaseTool
+from pydantic import BaseModel, Field, ConfigDict
+
+
+from crew.tasks.rag_tasks import create_policy_search_task, create_policy_summary_task
+
+logger = logging.getLogger(__name__)
+load_dotenv()
+
+
+VECTORSTORE_DIR = "rag/vectorstore"
+
+def sanitize_query(query: str) -> str:
+    """
+    Sanitizes query to remove PII and specific Nationalities/Demographics 
+    that are not present in the RAG Database.
+    """
+    if not query: return ""
+
+    # 1. REMOVE NATIONALITIES (Specific -> Generic)
+    # Since your RAG DB doesn't know about 'Filipino' or 'Indian' policies,
+    # we strip them out so the Agent searches for generic "Loan Rates".
+    
+    # Add common nationalities relevant to your market
+    nationalities = [
+        # Common Status Terms
+        "Foreigner", "Expat", "Expatriate", "Alien", "Non-Resident", "Resident", 
+        "Permanent Resident", "Citizen", "PR", 
+        
+        "Afghan", "Albanian", "Algerian", "American", "Andorran", "Angolan", "Antiguan", 
+        "Argentine", "Armenian", "Australian", "Austrian", "Azerbaijani",
+        "Bahamian", "Bahraini", "Bangladeshi", "Barbadian", "Belarusian", "Belgian", 
+        "Belizean", "Beninese", "Bhutanese", "Bolivian", "Bosnian", "Botswanan", 
+        "Brazilian", "British", "Bruneian", "Bulgarian", "Burkinabe", "Burmese", "Burundian",
+        "Cambodian", "Cameroonian", "Canadian", "Cape Verdean", "Central African", "Chadian", 
+        "Chilean", "Chinese", "Colombian", "Comoran", "Congolese", "Costa Rican", "Croatian", 
+        "Cuban", "Cypriot", "Czech",
+        "Danish", "Djiboutian", "Dominican", "Dutch", "East Timorese", "Ecuadorean", 
+        "Egyptian", "Emirati", "Equatorial Guinean", "Eritrean", "Estonian", "Ethiopian",
+        "Fijian", "Filipino", "Finnish", "French", "Gabonese", "Gambian", "Georgian", 
+        "German", "Ghanaian", "Greek", "Grenadian", "Guatemalan", "Guinea-Bissauan", 
+        "Guinean", "Guyanese",
+        "Haitian", "Herzegovinian", "Honduran", "Hungarian", "Icelander", "Indian", 
+        "Indonesian", "Iranian", "Iraqi", "Irish", "Israeli", "Italian", "Ivorian",
+        "Jamaican", "Japanese", "Jordanian", "Kazakhstani", "Kenyan", "Kittian and Nevisian", 
+        "Kuwaiti", "Kyrgyz",
+        "Laotian", "Latvian", "Lebanese", "Liberian", "Libyan", "Liechtensteiner", 
+        "Lithuanian", "Luxembourger",
+        "Macedonian", "Malagasy", "Malawian", "Malay", "Malaysian", "Maldivian", "Malian", 
+        "Maltese", "Marshallese", "Mauritanian", "Mauritian", "Mexican", "Micronesian", 
+        "Moldovan", "Monacan", "Mongolian", "Moroccan", "Mosotho", "Motswana", "Mozambican",
+        "Namibian", "Nauruan", "Nepalese", "New Zealander", "Nicaraguan", "Nigerian", 
+        "Nigerien", "North Korean", "Northern Irish", "Norwegian",
+        "Omani", "Pakistani", "Palauan", "Panamanian", "Papua New Guinean", "Paraguayan", 
+        "Peruvian", "Polish", "Portuguese",
+        "Qatari", "Romanian", "Russian", "Rwandan",
+        "Saint Lucian", "Salvadoran", "Samoan", "San Marinese", "Sao Tomean", "Saudi", 
+        "Scottish", "Senegalese", "Serbian", "Seychellois", "Sierra Leonean", "Singaporean", 
+        "Slovakian", "Slovenian", "Solomon Islander", "Somali", "South African", 
+        "South Korean", "Spanish", "Sri Lankan", "Sudanese", "Surinamer", "Swazi", 
+        "Swedish", "Swiss", "Syrian",
+        "Taiwanese", "Tajik", "Tanzanian", "Thai", "Togolese", "Tongan", "Trinidadian", 
+        "Tunisian", "Turkish", "Tuvaluan",
+        "Ugandan", "Ukrainian", "Uruguayan", "Uzbekistani", "Venezuelan", "Vietnamese",
+        "Welsh", "Yemenite", "Zambian", "Zimbabwean"
+    ]
+    
+    # Create a regex pattern: \b(Filipino|Indian|...)\b
+    # flags=re.IGNORECASE makes it catch 'filipino' and 'Filipino'
+    nat_pattern = r'\b(' + '|'.join(nationalities) + r')\b'
+    
+    # OPTION A: Replace with nothing (Search becomes "What are rates?")
+    query = re.sub(nat_pattern, "", query, flags=re.IGNORECASE)
+    
+    # OPTION B: If your DB has a "Foreigner" section, use this instead:
+    # query = re.sub(nat_pattern, "Foreigner", query, flags=re.IGNORECASE)
+
+    # 2. REMOVE IDs
+    query = re.sub(r'\bID\s*\d+\b', '', query, flags=re.IGNORECASE)
+
+    # 3. REMOVE EMAILS
+    query = re.sub(r'\S+@\S+', '', query)
+
+    # 4. REMOVE NAMES (The aggressive check)
+    # WARNING: This regex '\b[A-Z][a-z]+\b' is very aggressive. 
+    # It removes ANY capitalized word (like "Bank", "Loan", "Rate").
+    # I recommend commenting this out unless you really need it, 
+    # or replacing it with a Named Entity Recognition (NER) library later.
+    # query = re.sub(r'\b[A-Z][a-z]+\b', '', query) 
+
+    # Clean up double spaces created by removals
+    query = re.sub(r'\s+', ' ', query).strip()
+    
+    return query
+
+
+# Ensure only simple string
+class RAGToolSchema(BaseModel):
+    query: str = Field(
+        ..., 
+        description="The search query string. Example: 'interest rates for high risk'"
+    )
+
+class RAGSearchTool(BaseTool):
+    name: str = "rag_search_tool"
+    description: str = "Search the bank policy manual. Useful for finding rates, rules, and limits."
+    
+    args_schema: Type[BaseModel] = RAGToolSchema
+    vectorstore: Any = Field(description="FAISS vectorstore instance")
+    model_config = ConfigDict(arbitrary_types_allowed=True)
+
+
+    
+    def _run(self, query: Any) -> str:
+        if isinstance(query, dict):
+            query_str = query.get('query', "")
+        else:
+            query_str = str(query)
+        
+        # Sanitize by removing weird character
+        clean_query = sanitize_query(query_str)
+        logger.info(f"RAG Tool Searching for: '{clean_query}'")
+        
+        try:
+            # Search 4 text chunk
+            results = self.vectorstore.similarity_search(clean_query, k=4)
+        except Exception as e:
+            return f"SYSTEM_ERROR: Vector search failed. {str(e)}"
+        
+        if not results:
+            return "RESULT: Policy Database Silent. No documents found matching this query."
+        
+        # Return with the Source keyword
+        formatted_results = "\n\n".join([
+            f"[SOURCE: Page/Section {i+1}]: {doc.page_content}" 
+            for i, doc in enumerate(results)
+        ])
+        return formatted_results
+
+class RAGAgent:
+    def __init__(self, llm):
+        logger.info("Initializing RAG Agent...")
+        
+        # Mistral embedding act as translator that convert English text to "vectors" to match the format stored in vector DB
+        embeddings = MistralAIEmbeddings(
+            model="mistral-embed", 
+            api_key=os.getenv("MISTRAL_API_KEY")
+        )
+        
+        # Load Vector DB
+        self.search_tool = None
+        try:
+            if os.path.exists(VECTORSTORE_DIR):
+                vectorstore = FAISS.load_local(
+                    VECTORSTORE_DIR, 
+                    embeddings, 
+                    allow_dangerous_deserialization=True
+                )
+                # Instantiate the tool with the vectorstore
+                self.search_tool = RAGSearchTool(vectorstore=vectorstore)
+            else:
+                logger.warning(f"Vector Store not found at {VECTORSTORE_DIR}.")
+        except Exception as e:
+            logger.error(f"Failed to load Vector DB: {e}")
+
+        # Safety check: Ensure tool exists
+        tools_list = [self.search_tool] if self.search_tool else []
+
+        """
+        ADAPTIVE EXTRACTION: We instruct the agent to change its output format based on the topic
+        Crucial instruction to strip PII (Personal Identifiable Information). To prevent agent from search customer specific policy which cause endless loop
+        """
+       
+        self.agent = Agent(
+            role="Bank Policy Researcher",
+            goal="Retrieve and structure precise policy rules for any banking query.",
+            backstory=(
+                "You are the **Bank Policy Researcher**.\n"
+                "You have access to the bank's entire Policy Manual (via Vector Search).\n"
+                "**YOUR JOB**: When the Manager asks a question, you find the relevant page and extract the facts.\n"
+                "**YOUR STYLE**: You are adaptive. \n"
+                "- If asked about Rates -> Extract the rate table.\n"
+                "- If asked about Eligibility -> Extract the qualification criteria.\n"
+                "- If asked about Penalties -> Extract the fee structure.\n"
+                "You do NOT invent data. You only format what is in the document.\n"
+                "You do NOT take in customer name and find specific policy for that customer.\n"
+                "⚠️ IMPORTANT: NEVER include or search for any personal identifiers such as customer names, IDs, or emails. "
+                "Always convert any customer-specific query into generic attributes like credit score, account status, or loan type before searching.\n"
+            ),
+            tools=tools_list,
+            verbose=True,
+            allow_delegation=False,
+            llm=llm
+        )
+
+    def get_policy_search_task(self, query: str):
+        clean_query = sanitize_query(query)
+        return create_policy_search_task(self.agent, clean_query)
+    
+
+    def get_summary_search_task(self, query: str):
+        clean_query = sanitize_query(query)
+        return create_policy_summary_task(self.agent, clean_query)
+    
+
+    

crew/agents/resolution_agent.py

@@ -0,0 +1,43 @@
+from crewai import Agent
+from crew.tasks.resolution_tasks import create_resolution_task
+
+
+"""
+The Resolution Agent (The Reporter).
+
+ROLE:
+This agent acts as the 'Presentation Layer' of the Crew. 
+While the previous agents operate in data and strict logic (JSON), this agent focuses on Communication.
+
+RESPONSIBILITY:
+1. AGGREGATION: It gathers the isolated outputs from the Data, Policy, and Underwriting agents.
+2. TRANSLATION: It converts raw technical findings into a professional "Internal Verification Report".
+3. UX LAYER: It ensures the user sees a clean, readable English summary instead of 3 separate JSON blocks.
+"""
+
+class ResolutionAgent:
+    def __init__(self, llm):
+
+        # --- PROMPT STRATEGY ---
+        # We explicitly define this agent as a "Reporter" (Passive) rather than a "Decision Maker" (Active).
+        # This prevents it from overriding the Underwriter's decision. 
+        # It blindly trusts the inputs and focuses only on formatting them beautifully.
+        self.agent = Agent(
+            role="Internal Operations Communicator",
+            goal="Consolidate technical agent findings into a readable, professional report for Bank Staff.",
+            backstory=(
+                "You are the **Internal Communications Specialist** for the Operations Department.\n"
+                "You are NOT a decision maker. You are a **Reporter**.\n"
+                "**YOUR CONTEXT**: The 'Data Investigator' found the facts, the 'Policy Researcher' found the rules, "
+                "and the 'Underwriter' made the decision.\n"
+                "**YOUR JOB**: The human Bank Staff needs to see all this information in one place, formatted in perfect English.\n"
+                "You act as the bridge between the AI agents and the Human Officer. "
+                "Make the report clear, professional, and comprehensive."
+            ),
+            llm=llm,
+            verbose=True,
+            allow_delegation=False
+        )
+
+    def get_task(self, query, context_tasks):
+        return create_resolution_task(self.agent, query, context_tasks)

crew/agents/underwriter_agent.py

@@ -0,0 +1,49 @@
+from crewai import Agent
+from crew.tasks.underwriting_tasks import create_underwriting_task
+
+
+"""
+The loan Underwriter (The Decision Engine).
+
+ROLE:
+It takes the raw data from rag agent and data access agent
+and applies strict logic to decide on the loan recommendation.
+Custom policy like Froeigner and PR rule was also added here
+
+Strict protocol like no rule or data creation to prevent underwriter from creating data like income
+"""
+
+class UnderwriterAgent:
+    def __init__(self, llm):
+        self.agent = Agent(
+            role="Senior Credit Underwriter",
+            goal="Evaluate loan applications using ONLY provided data and rules.",
+            backstory=(
+                "You are the **Risk Control Engine**.\n"
+                "**YOUR JOB**: You receive 'Customer Facts' and 'Policy Rules'. You output a Decision.\n\n"
+                
+                "### 🛑 STRICT CLOSED-SYSTEM PROTOCOL (DO NOT IGNORE):\n"
+                "1. **NO EXTERNAL KNOWLEDGE**: Do not use general banking knowledge. If the provided policy text doesn't say it, it doesn't exist.\n"
+                "2. **NO DATA INVENTION**: You only have `credit_score`, `account_status`, `nationality`, and `is_pr`.\n"
+                "   - If a piece of data is missing (e.g., Income), **DO NOT GUESS IT**. Treat it as 'Unknown'.\n"
+                "3. **NO RULE CREATION**: Do not make up rules like 'Manager Discretion' or 'Loyalty Bonus'. Stick strictly to the matrix.\n\n"
+
+                "### YOUR DATA INPUTS:\n"
+                "1. **Customer Data**: Provided by the Data Investigator.\n"
+                "2. **Policy Rules**: Provided by the Policy Researcher (plus the specific PR rule below).\n\n"
+                
+                "### CRITICAL VALIDATION RULES:\n"
+                "1. **Foreigner + PR Rule**: If `nationality` != 'Singaporean' AND `is_pr` is True -> **IMMEDIATE REJECT**.\n"
+                "2. **Risk Matrix**: Classification based purely on score + status.\n\n"
+                
+                "### OUTPUT PROTOCOL:\n"
+                "Be robotic. Be literal. No emotions. No 'I assumed...'."
+            ),
+            llm=llm,
+            verbose=True,
+            allow_delegation=False,
+            tools=[] 
+        )
+
+    def get_task(self, context_tasks):
+        return create_underwriting_task(self.agent, context_tasks)

crew/tasks/context_tasks.py

@@ -0,0 +1,47 @@
+from crewai import Task
+
+
+"""
+Create context analysis task will return output in JSON format
+it helps to extract customer name, context, requires database, requires policy and summary briefing note
+These data will help the manager decide which co-worker to delegate to
+"""
+
+def create_context_analysis_task(agent, query):
+    return Task(
+        description=(
+            f"**INCOMING MEMO**: '{query}'\n\n"
+            "**ROLE**: You are a JSON Classification Engine. You do not speak English. You output data.\n"
+            "**OBJECTIVE**: Map the user's request to exactly ONE of the 4 intent categories below.\n\n"
+            
+            "**CLASSIFICATION TRUTH TABLE (STRICT)**:\n"
+            "1. **General Chat**: Greetings, jokes, or vague comments (e.g., 'Hello', 'What can you do?').\n"
+            "   -> requires_database: False | requires_policy: False\n"
+            "2. **Policy Question**: Asking for rules, rates, limits, or eligibility WITHOUT naming a person.\n"
+            "   -> requires_database: False | requires_policy: True\n"
+            "3. **Customer Info**: Asking for static data about a person (ID, Address, Status) WITHOUT asking for rules/rates.\n"
+            "   -> requires_database: True | requires_policy: False\n"
+            "4. **Loan Request**: Asking if a specific person qualifies, or checking rates for a specific person.\n"
+            "   -> requires_database: True | requires_policy: True\n\n"
+            
+            "**EXTRACTION RULES**:\n"
+            "- **customer_name**: Extract the exact substring (e.g., 'Andy'). If no name, set to null.\n"
+            "- **Context**: Look ONLY at the provided string. Do not infer previous conversations.\n\n"
+            
+            "**NEGATIVE CONSTRAINTS**:\n"
+            "- DO NOT include 'Here is the JSON'.\n"
+            "- DO NOT output markdown ticks (```json). Just the raw curly braces.\n\n"
+            
+            "**REQUIRED OUTPUT SCHEMA**:\n"
+            "{\n"
+            '  "thought_process": "A clear, 1-sentence summary of the strategy. (e.g. \'User asked for a loan, so I will trigger the Data and Policy agents.\')",\n'
+            '  "intent": "General Chat" | "Policy Question" | "Customer Info" | "Loan Request",\n'
+            '  "customer_name": "string or null",\n'
+            '  "requires_database": boolean,\n'
+            '  "requires_policy": boolean,\n'
+            '  "briefing_note": "string"\n'
+            "}"
+        ),
+        expected_output="A single valid JSON object containing the classification flags and intent.",
+        agent=agent
+    )

crew/tasks/data_access_tasks.py

@@ -0,0 +1,43 @@
+from crewai import Task
+
+"""
+KEY OBJECTIVES:
+1. Input Validation: Stop the agent early if no name is provided.
+2. Anti-Hallucination: Explicitly forbid generating fake IDs/Names.
+3. Dependency Management: Enforce the order of operations (Name -> ID -> Data).
+4. Standardization: Force the output into a strict JSON format for the next agent.
+"""
+
+
+def create_data_collection_task(agent, inputs):
+    return Task(
+        description=(
+            f"**INVESTIGATION REQUIRED**: The Manager needs a full data profile for query: '{inputs}'\n\n"
+            
+            "### 🛑 PRE-FLIGHT CHECK:\n"
+            "1. If the query does not contain a specific person's name (e.g., 'Andy', 'Hilda'), DO NOT ATTEMPT TO SEARCH \n"
+            "2. Do Not create your own customer data like Customer name or Customer ID to search\n"
+            "3. Respond immediately with: {'found': false, 'error': 'No customer name provided in query.'} and exit\n\n"
+
+            "**EXECUTION PLAN (STRICT ORDER)**:\n"
+            "1. **RESOLVE ID**: Use `get_customer_id_by_name` to find the unique ID for the name provided.\n"
+            "   - *CRITICAL*: If this returns 'None', STOP and return {{'found': false}}.\n"
+            "2. **FETCH DETAILS**: Use the retrieved ID to call `get_customer_details`.\n"
+            "3. **FETCH FINANCIALS**: Use the retrieved ID to call `get_credit_score` and `get_account_status`.\n"
+            "4. **FETCH LEGAL**: Use the retrieved ID to call `get_pr_status`.\n\n"
+            
+            "**REQUIRED OUTPUT SCHEMA**:\n"
+            "You must consolidate all API responses into this single JSON structure:\n"
+            "{\n"
+            '  "found": boolean,\n'
+            '  "customer_name": "string",\n'
+            '  "customer_id": "string",\n'
+            '  "credit_score": number,\n'
+            '  "nationality": "string",\n'
+            '  "is_pr": boolean,\n'
+            '  "account_status": "string"\n'
+            "}"
+        ),
+        expected_output="A single valid JSON object containing the consolidated data from database.",
+        agent=agent
+    )

crew/tasks/rag_tasks.py

@@ -0,0 +1,61 @@
+from crewai import Task
+
+
+
+
+"""
+Instructs the agent to perform a Vector Search and format the results.
+
+KEY OBJECTIVE:
+To convert unstructured PDF text into a structured JSON object. 
+It explicitly separates "Rules" (logic like if/else) from "Data Points" (hard numbers/rates),
+making it easier for the Underwriter agent to apply these policies programmatically later.
+"""
+
+def create_policy_search_task(agent, query: str):
+
+    return Task(
+        description=(
+            f"**SEARCH REQUEST**: '{query}'\n\n"
+            
+            "**YOUR JOB**: Fetch the policy rules. Do NOT analyze them. Do NOT format them into tables.\n"
+            "Just find the text and convert it into **Plain English Bullet Points** for the Supervisor.\n\n"
+            
+            "**EXECUTION STEPS**:\n"
+            "1. Search for 'Overall Risk' and 'Interest Rates'.\n"
+            "2. **STOP** immediately after the first search.\n"
+            "3. **OUTPUT**: List the rules simply.\n\n"
+            
+            "**REQUIRED OUTPUT FORMAT**:\n"
+            "Return a list like this:\n"
+            "- If Credit Score is [Range] and Account is [Status], then Risk is [Level].\n"
+            "- If Risk is [Level], then Interest Rate is [Value].\n"
+            "\n"
+            "(Include the specific numbers found in the search results)."
+        ),
+        expected_output="A simple list of policy rules in plain text.",
+        agent=agent,
+        
+        # 🛑 HARD STOP: Prevent the loop.
+        # The agent gets 1 try. If it finds anything, we take it.
+        max_iter=1
+    )
+def create_policy_summary_task(agent, query: str):
+    """
+    Returns a Task for explaining policy without making a decision.
+    This is for policy specific question like what is consider high risk
+    """
+    
+    return Task(
+        description=(
+            f"**QUERY**: '{query}'\n\n"
+            "**YOUR GOAL**: Explain the high-risk criteria or policy rules relevant to the query in plain text.\n"
+            "Do NOT make a decision or assign any verdict. Output only a descriptive summary.\n"
+            "Format:\n"
+            "- Topic / Section\n"
+            "- Rules Summary\n"
+            "- Data Points if available"
+        ),
+        expected_output="Plain text summary of relevant policy rules.",
+        agent=agent
+    )

crew/tasks/resolution_tasks.py

@@ -0,0 +1,50 @@
+from crewai import Task
+
+
+
+"""
+ Final Resolution 
+This task aggregates the findings from all previous agents (Data, Policy, Underwriting).
+
+KEY OBJECTIVE:
+To synthesize technical data into a human-readable format.
+It reads the JSON outputs from the previous steps via the 'context' parameter.
+It strips away code syntax (removing curly braces/JSON).
+It generates a professional Markdown report suitable for a Bank Officer to read.
+It also help to format the final report
+"""
+def create_resolution_task(agent, query, context_tasks):
+    return Task(
+        description=(
+            f"**INTERNAL REPORT REQUEST**: '{query}'\n"
+            "**INPUTS**: Review the outputs from ALL previous agents (Data, Policy, Underwriting) in the context.\n\n"
+            
+            "**OBJECTIVE**: Compile the 'Internal Verification Report' for the Bank Staff.\n\n"
+            
+            "**REPORT STRUCTURE (Strictly Follow This)**:\n"
+            "1. **Executive Decision**: State the Underwriter's final verdict (Approve/Reject), the Risk Level, and the assigned Rate.\n"
+            "2. **Customer Profile**: Summarize the customer details (Name, Nationality, verified Score/Status) in bullet points.\n"
+            "3. **Policy Context**: Mention the specific Policy Rule that was triggered (e.g. 'Policy dictates that Closed accounts are Medium Risk').\n"
+            "4. **Logic Trace**: Explain *why* the decision was made in plain English.\n\n"
+
+            "**POLICY only STRUCTURE (Strictly Follow This)**:\n"
+            "1. **Policy Context**: Mention the specific from context Policy Rule (e.g. 'Based on the BANK's Policy'). Do not create your own policy\n"
+
+            "**Chit Chat only STRUCTURE (Strictly Follow This)**:\n"
+            "1. **Chit Chat**: Just chit chat and response postively.\n"
+            
+            
+            "**NEGATIVE CONSTRAINTS (CRITICAL)**:\n"
+            "- ❌ **NO RAW JSON**: Do not output code blocks like ```json ... ```. The user must never see curly braces.\n"
+            "- ❌ **NO LAZY COPYING**: Do not just dump the input data. Summarize it into sentences.\n"
+            "- ✅ **FORMATTING**: Do not use hashes (##). Use **BOLD UPPERCASE** for section headers (e.g. **EXECUTIVE DECISION**)."
+        ),
+        expected_output=(
+            "A comprehensive Markdown report titled 'INTERNAL VERIFICATION REPORT'. "
+            "It must include the Decision, Data Evidence, Policy Rules, and Final Logic, written in professional prose without raw JSON."
+            "If its a Policy Question, only include Policy Context."
+            "If its a Chit Chat, Just communicate like how Human have small talks."
+        ),
+        agent=agent,
+        context=context_tasks
+    )

crew/tasks/underwriting_tasks.py

@@ -0,0 +1,58 @@
+from crewai import Task
+
+
+"""
+
+This task instructs the agent to act as the final decision maker.
+
+KEY MECHANISM:
+1. CONTEXT CONSUMPTION: It takes the inputs from the Data Agent (Facts) and Policy Agent (Rules).
+2. LOGIC GATING: It applies a strict "If X then Y" logic chain.
+3. ZERO-TRUST: It enforces a "Silent Policy = Reject" rule. If the policy manual doesn't explicitly allow it, the agent must reject it.
+"""
+
+def create_underwriting_task(agent, context_tasks):
+    return Task(
+        description=(
+            "**INTERNAL RISK REVIEW**\n\n"
+            "**INPUTS**: Review findings from Data Investigator and Policy Researcher.\n\n"
+            
+            "**STRICT EXECUTION RULES**:\n"
+            "1. **Evidence Only**: Every decision must point to a specific data point or policy line provided in the context.\n"
+            "2. **Silent Policy = Reject**: If the policy does not explicitly say 'Approve' for a scenario, the default answer is REJECT.\n"
+            "3. **Missing Data**: If you do not see a credit score, do not estimate one. Fail the application as 'Incomplete Data'.\n\n"
+            
+            "**LOGICAL REASONING STEPS**:\n"
+            "1. **Residency & Eligibility Check**: \n"
+            "   - Check `nationality` and `is_pr` (Permanent Resident status).\n"
+            "   - **DEFINITION**: A 'Foreigner' is anyone whose nationality is NOT 'Singaporean'.\n"
+            "   - **THE STRICT RULE**: \n"
+            "       - If Customer is Singaporean -> **PASS** (Eligible).\n"
+            "       - If Customer is Foreigner AND is PR (Permanent Resident) -> **PASS** (Eligible).\n"
+            "       - **If Customer is Foreigner AND is NOT PR -> REJECT IMMEDIATELY**.\n"
+            "   - (Reasoning: We do not lend to non-residents. Foreigners must hold PR status).\n\n"
+
+            "2. **Risk Mapping**: \n"
+            "   - Locate `credit_score` and `account_status` in the input.\n"
+            "   - Map EXACTLY to the Risk Matrix provided.\n"
+            "   - DETERMINE: Is the Overall Risk 'Low', 'Medium', or 'High'?\n\n"
+
+            "3. **Final Verdict**: \n"
+            "   - If its High Risk OR Foreigner+PR, please REJECT.\n"
+            "   - Low/Medium Risk is APPROVE.\n\n"
+            
+            "**REQUIRED OUTPUT**:\n"
+            "Return a Markdown Memo. You MUST NOT add 'Notes', 'Suggestions', or 'Flexible terms'.\n"
+            "End with this strict JSON block:\n"
+            "```json\n"
+            "{\n"
+            '  "decision": "APPROVED" | "REJECTED",\n'
+            '  "risk_level": "Low" | "Medium" | "High",\n'
+            '  "reason_code": "The specific rule from policy that triggered this decision"\n'
+            "}\n"
+            "```"
+        ),
+        expected_output="A Decision Memo derived 100% from provided text with no outside hallucination.",
+        agent=agent,
+        context=context_tasks
+    )

crew/tools/db_utils.py

@@ -0,0 +1,32 @@
+import sqlite3
+from typing import Any, List, Tuple
+
+
+def run_query(db_path: str, query: str, params: Tuple = ()) -> List[Tuple[Any, ...]]:
+    """
+    Runs a safe SQL query against a SQLite database and returns the result.
+
+    Args:
+        db_path (str): Full path to the SQLite db file.
+        query (str): SQL query string to execute.
+        params (tuple): Parameters for use in a parameterized SQL statement.
+
+    Returns:
+        List[Tuple]: Query results as rows (tuples). Empty list if no results or error.
+    """
+
+    try:
+        conn = sqlite3.connect(db_path)
+        cursor = conn.cursor()
+
+        cursor.execute(query, params)
+        rows = cursor.fetchall()
+
+        conn.commit()
+        conn.close()
+
+        return rows
+
+    except sqlite3.Error as e:
+        print(f"[DB ERROR] {e}")
+        return []

crew/tools/government_db_tools.py

@@ -0,0 +1,58 @@
+# tools/government_db_tools.py
+
+from crew.tools.db_utils import run_query
+
+GOVERNMENT_DB_PATH = "database/government.db"
+
+def get_pr_status(customer_id: str):
+    """
+    Fetch PR (Permanent Resident) status from government DB.
+    Returns:
+    - True/False (if record exists)
+    - "NOT_FOUND" string (if ID is invalid)
+    """
+    query = """
+        SELECT pr_status
+        FROM pr_details
+        WHERE id=?
+    """
+    try:
+        result = run_query(GOVERNMENT_DB_PATH, query, (customer_id,))
+        
+        if result and len(result) > 0:
+            # Return the actual status (True/False)
+            return bool(result[0][0])
+        else:
+            # Return text signal so the agent knows the ID is wrong/missing
+            return f"NOT_FOUND: No government record found for ID '{customer_id}'."
+
+    except Exception as e:
+        return f"ERROR: Government DB failure for ID '{customer_id}': {str(e)}"
+
+
+def get_government_record(customer_id: str):
+    """
+    Fetch the full record: name, email, PR status.
+    Useful for debugging or extended compliance checks.
+    """
+    query = """
+        SELECT name, email, pr_status
+        FROM pr_details
+        WHERE id=?
+    """
+    try:
+        result = run_query(GOVERNMENT_DB_PATH, query, (customer_id,))
+        
+        if result and len(result) > 0:
+            name, email, pr_status = result[0]
+            return {
+                "customer_id": customer_id,
+                "name": name,
+                "email": email,
+                "pr_status": bool(pr_status),
+            }
+        else:
+            return f"NOT_FOUND: Government record unavailable for ID '{customer_id}'."
+
+    except Exception as e:
+        return f"ERROR: Failed to fetch government record for ID '{customer_id}': {str(e)}"

crew/tools/internal_db_tools.py

@@ -0,0 +1,85 @@
+from crew.tools.db_utils import run_query
+
+INTERNAL_DB_PATH = "database/internal.db"
+
+def get_customer_id_by_name(name: str):
+    # Use LIKE and wildcard to be more flexible with names
+    query = "SELECT customer_id FROM customer_details WHERE name LIKE ? COLLATE NOCASE"
+    try:
+        # This will match "Andy", "Andy Lau", or "Andy "
+        result = run_query(INTERNAL_DB_PATH, query, (f"{name.strip()}%",))
+        
+        if result and len(result) > 0:
+            return result[0][0]
+        return f"NOT_FOUND: Customer '{name}' does not exist."
+    except Exception as e:
+        return f"ERROR: {str(e)}"
+
+
+def get_customer_details(customer_id: str):
+    """
+    Fetch basic customer details (name, email, nationality).
+    """
+    query = """
+        SELECT name, email, nationality
+        FROM customer_details
+        WHERE customer_id = ?
+    """
+    try:
+        result = run_query(INTERNAL_DB_PATH, query, (customer_id,))
+        
+        if result and len(result) > 0:
+            name, email, nationality = result[0]
+            return {
+                "customer_id": customer_id,
+                "name": name,
+                "email": email,
+                "nationality": nationality
+            }
+        else:
+            return f"NOT_FOUND: No details found for customer_id '{customer_id}'."
+            
+    except Exception as e:
+        return f"ERROR: Failed to fetch details for id '{customer_id}': {str(e)}"
+
+
+def get_credit_score(customer_id: str):
+    """
+    Fetch customer credit score.
+    """
+    query = """
+        SELECT credit_score
+        FROM customer_credit_score
+        WHERE customer_id = ?
+    """
+    try:
+        result = run_query(INTERNAL_DB_PATH, query, (customer_id,))
+        
+        if result and len(result) > 0:
+            return result[0][0]
+        else:
+            return f"NOT_FOUND: Credit score unavailable for customer_id '{customer_id}'."
+
+    except Exception as e:
+        return f"ERROR: Failed to fetch credit score for id '{customer_id}': {str(e)}"
+
+
+def get_account_status(customer_id: str):
+    """
+    Fetch account status (Active, Closed, Delinquent).
+    """
+    query = """
+        SELECT account_status
+        FROM customer_account_status
+        WHERE customer_id = ?
+    """
+    try:
+        result = run_query(INTERNAL_DB_PATH, query, (customer_id,))
+        
+        if result and len(result) > 0:
+            return result[0][0]
+        else:
+            return f"NOT_FOUND: Account status unavailable for customer_id '{customer_id}'."
+
+    except Exception as e:
+        return f"ERROR: Failed to fetch account status for id '{customer_id}': {str(e)}"

database/create_government_db.py

@@ -0,0 +1,36 @@
+import sqlite3
+import os
+
+# Ensure the database folder exists
+os.makedirs("database", exist_ok=True)
+
+# Full path for government.db
+db_path = "database/government.db"
+conn = sqlite3.connect(db_path)
+cursor = conn.cursor()
+
+# Create table for customer PR status
+cursor.execute('''
+CREATE TABLE IF NOT EXISTS pr_details (
+    id TEXT PRIMARY KEY,
+    name TEXT,
+    email TEXT,
+    pr_status BOOLEAN
+)
+''')
+
+# Insert sample data
+pr = [
+    ('1', 'Loren', 'loren@example.com', False),   # Singaporean → not PR
+    ('2', 'Matt', 'matt@example.com', True),      # Malaysian → PR
+    ('3', 'Hilda', 'hilda@example.com', False),   # Singaporean → not PR
+    ('4', 'Andy', 'andy@example.com', False),  # Filipino → PR
+    ('5', 'Kit', 'kit@example.com', False)     # Vietnamese → PR
+]
+
+cursor.executemany('INSERT OR IGNORE INTO pr_details VALUES (?, ?, ?, ?)', pr)
+
+# Commit changes and close
+conn.commit()
+conn.close()
+print("government.db populated with sample customer data.")

database/create_internal_db.py

@@ -0,0 +1,82 @@
+import sqlite3
+import os
+
+# Ensure database folder exists
+os.makedirs("database", exist_ok=True)
+
+# Full path for internal.db
+db_path = "database/internal.db"
+conn = sqlite3.connect(db_path)
+cursor = conn.cursor()
+
+# Create tables
+
+cursor.execute('''
+CREATE TABLE IF NOT EXISTS customer_details (
+    customer_id TEXT PRIMARY KEY,
+    name TEXT,
+    email TEXT,
+    nationality TEXT
+)
+''')
+
+cursor.execute('''
+CREATE TABLE IF NOT EXISTS customer_credit_score (
+    customer_id TEXT PRIMARY KEY,
+    credit_score INTEGER
+)
+''')
+
+cursor.execute('''
+CREATE TABLE IF NOT EXISTS customer_account_status (
+    customer_id TEXT PRIMARY KEY,
+    account_id TEXT,
+    account_status TEXT
+)
+''')
+
+# Insert sample customer details
+customers = [
+    ('1', 'Loren', 'loren@example.com', 'Singaporean'),
+    ('2', 'Matt', 'matt@example.com', 'Malaysian'),
+    ('3', 'Hilda', 'hilda@example.com', 'Singaporean'),
+    ('4', 'Andy', 'andy@example.com', 'Filipino'),
+    ('5', 'Kit', 'kit@example.com', 'Vietnamese')
+]
+
+cursor.executemany('''
+INSERT OR IGNORE INTO customer_details (customer_id, name, email, nationality)
+VALUES (?, ?, ?, ?)
+''', customers)
+
+# Insert sample credit scores
+credit_scores = [
+    ('1', 455),
+    ('2', 685),
+    ('3', 825),
+    ('4', 840),
+    ('5', 350)
+]
+
+cursor.executemany('''
+INSERT OR IGNORE INTO customer_credit_score (customer_id, credit_score)
+VALUES (?, ?)
+''', credit_scores)
+
+# Insert sample account status
+account_statuses = [
+    ('1', 'AC001', 'Good-standing'),
+    ('2', 'AC002', 'Good-standing'),
+    ('3', 'AC003', 'Delinquent'),
+    ('4', 'AC004', 'Good-standing'),
+    ('5', 'AC005', 'Closed')
+]
+
+cursor.executemany('''
+INSERT OR IGNORE INTO customer_account_status (customer_id, account_id, account_status)
+VALUES (?, ?, ?)
+''', account_statuses)
+
+conn.commit()
+conn.close()
+print("internal.db populated with sample customer data.")

rag/ingest_policies.py

@@ -0,0 +1,100 @@
+# rag/ingestion/ingest_policies.py
+
+import os
+import sys
+import platform
+from dotenv import load_dotenv
+
+from langchain_community.document_loaders import PyPDFLoader
+from langchain_text_splitters import RecursiveCharacterTextSplitter
+from langchain_community.vectorstores.faiss import FAISS
+from langchain_mistralai import MistralAIEmbeddings  # or Mistral embeddings later
+
+
+# ---- Dynamic FAISS import ----
+def import_faiss():
+    try:
+        import faiss
+        return faiss
+    except ImportError:
+        import subprocess
+
+        system = platform.system()
+        try:
+            import torch
+            gpu_available = torch.cuda.is_available()
+        except ImportError:
+            gpu_available = False
+
+        if system == "Darwin" or not gpu_available:
+            pkg_name = "faiss-cpu"
+        else:
+            pkg_name = "faiss-gpu"
+
+        print(f"FAISS not found. Installing {pkg_name}...")
+        subprocess.check_call([sys.executable, "-m", "pip", "install", pkg_name])
+        import faiss
+        return faiss
+
+faiss = import_faiss()
+from langchain_community.vectorstores.faiss import FAISS
+
+
+# Load env
+load_dotenv()
+MISTRAL_API_KEY = os.getenv("MISTRAL_API_KEY")
+if not MISTRAL_API_KEY:
+    raise Exception("Missing MISTRAL_API_KEY in .env")
+
+
+
+DOCUMENTS_DIR = "rag/policies"
+VECTORSTORE_DIR = "rag/vectorstore"
+
+def load_documents():
+    docs = []
+    for file in os.listdir(DOCUMENTS_DIR):
+        if file.endswith(".pdf"):
+            print(f"Loading document: {file}")  # <-- Print the filename
+            loader = PyPDFLoader(os.path.join(DOCUMENTS_DIR, file))
+            docs.extend(loader.load())
+    return docs
+
+def build_vectorstore():
+    docs = load_documents()
+
+    # Split into chunks
+    splitter = RecursiveCharacterTextSplitter(
+        chunk_size=1500,
+        chunk_overlap=300
+    )
+    chunks = splitter.split_documents(docs)
+
+    # Embeddings (OpenAI or Mistral later)
+    embeddings = MistralAIEmbeddings(model="mistral-embed")
+
+    # Create FAISS vectorstore
+    vectorstore = FAISS.from_documents(chunks, embeddings)
+
+    # Save DB
+    vectorstore.save_local(VECTORSTORE_DIR)
+
+    print(f"Vectorstore created at: {VECTORSTORE_DIR}")
+
+
+def verify_vectorstore(vectorstore_dir=VECTORSTORE_DIR, test_query="Interest rate for high-risk customer"):
+    from langchain_community.vectorstores.faiss import FAISS
+    from langchain_mistralai import MistralAIEmbeddings
+
+    embeddings = MistralAIEmbeddings(model="mistral-embed", api_key=MISTRAL_API_KEY)
+    vectorstore = FAISS.load_local(vectorstore_dir, embeddings, allow_dangerous_deserialization=True)
+
+    results = vectorstore.similarity_search(test_query, k=3)
+    print("\n=== Verification Results ===")
+    for i, doc in enumerate(results):
+        print(f"\n--- Result {i+1} ---\n{doc.page_content}")
+
+if __name__ == "__main__":
+    build_vectorstore()
+    verify_vectorstore(test_query="Overall risk for credit score 700 with delinquent account")
+    verify_vectorstore(test_query="Interest rate for medium-risk customer")

requirements.txt

@@ -0,0 +1,17 @@
+
+# --- Core Framework ---
+crewai==0.193.2
+crewai-tools==0.76.0
+
+# --- The Brain ---
+langchain-mistralai==0.2.12
+langchain-core==1.1.3
+langchain-community==0.4.1
+
+# --- Utilities ---
+Flask==3.0.3
+python-dotenv==1.0.1
+faiss-cpu==1.13.1
+pypdf==6.4.1
+numpy==2.3.5
+

templates/index.html

@@ -0,0 +1,197 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>GenAI Loan Advisor</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <style>
+        .loader {
+            border: 4px solid #f3f3f3;
+            border-top: 4px solid #3b82f6;
+            border-radius: 50%;
+            width: 30px;
+            height: 30px;
+            animation: spin 1s linear infinite;
+            display: inline-block; 
+        }
+        @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+        pre { white-space: pre-wrap; word-wrap: break-word; font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace; }
+        .data-box { max-height: 300px; overflow-y: auto; }
+        #finalOutput { white-space: pre-wrap; line-height: 1.6; }
+    </style>
+</head>
+<body class="bg-gray-100 min-h-screen flex flex-col items-center py-10">
+
+    <div class="w-full max-w-5xl bg-white shadow-xl rounded-xl p-8 border border-gray-200">
+        <div class="border-b pb-4 mb-6 text-center">
+            <h1 class="text-3xl font-extrabold text-gray-800 tracking-tight">GenAI Loan Advisor</h1>
+            <p class="text-gray-500 mt-2 text-sm">Autonomous Multi-Agent System (CrewAI + Mistral)</p>
+        </div>
+
+        <div class="flex flex-col gap-4 mb-6">
+            <div>
+                <label class="block text-xs font-bold text-gray-500 uppercase mb-1">Access Code</label>
+                <input type="password" id="accessCode" 
+                    class="w-full p-3 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-red-500 shadow-sm text-gray-700 placeholder-gray-400"
+                    placeholder="🔑 Enter the class code (Required)">
+            </div>
+
+            <div>
+                <label class="block text-xs font-bold text-gray-500 uppercase mb-1">Your Question</label>
+                <div class="flex gap-2">
+                    <input type="text" id="userQuery" 
+                        class="w-full p-4 border border-gray-300 rounded-lg focus:outline-none focus:ring-2 focus:ring-blue-500 shadow-sm text-gray-700"
+                        placeholder="e.g., What is the rate for Andy?">
+                    <button onclick="sendQuery()" id="submitBtn"
+                        class="bg-blue-600 hover:bg-blue-700 text-white font-bold py-2 px-8 rounded-lg transition duration-200 shadow-md whitespace-nowrap disabled:bg-gray-400 disabled:cursor-not-allowed">
+                        Analyze
+                    </button>
+                </div>
+            </div>
+        </div>
+        
+        <p class="text-xs text-gray-400 text-center mb-6">Try Asking What is the recommended rate for Hilda?  What is consider high risk? Or just say Hello</p>
+
+        <div id="loadingState" class="hidden mt-8 text-center">
+            <div class="loader mb-3"></div>
+            <p class="text-gray-500 text-sm font-medium animate-pulse">
+                🚀 Agents are coordinating... this may take up to 45 seconds.
+            </p>
+            <p class="text-xs text-gray-400 mt-1">(Gathering data, checking policies, and underwriting)</p>
+        </div>
+
+        <div id="resultsArea" class="hidden mt-8 space-y-6 animate-fade-in">
+            <div class="bg-gradient-to-r from-green-50 to-white border-l-4 border-green-500 p-6 rounded shadow-sm">
+                <h3 class="text-lg font-bold text-green-800 flex items-center gap-2">✅ Final Decision</h3>
+                <div id="finalOutput" class="text-gray-800 mt-3 text-base leading-relaxed"></div>
+            </div>
+
+            <div class="bg-blue-50 border-l-4 border-blue-500 p-5 rounded shadow-sm">
+                <h3 class="text-sm font-bold text-blue-800 uppercase tracking-wide mb-3 flex items-center gap-2">🧠 Supervisor Strategy</h3>
+                <div id="planOutput" class="text-sm text-gray-700"></div>
+            </div>
+
+            <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
+                <div class="bg-gray-50 border border-gray-200 p-5 rounded shadow-sm h-full">
+                    <h3 class="text-xs font-bold text-gray-500 uppercase mb-3 flex items-center gap-2">👤 Customer Profile</h3>
+                    <div id="customerOutput" class="data-box text-sm text-gray-700"></div>
+                </div>
+                <div class="bg-gray-50 border border-gray-200 p-5 rounded shadow-sm h-full">
+                    <h3 class="text-xs font-bold text-gray-500 uppercase mb-3 flex items-center gap-2">📜 Policy Context (RAG)</h3>
+                    <div id="policyOutput" class="data-box text-xs text-gray-600 bg-white p-3 rounded border border-gray-100 italic"></div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+<script>
+    async function sendQuery() {
+        const queryInput = document.getElementById('userQuery');
+        const codeInput = document.getElementById('accessCode');
+        const resultsArea = document.getElementById('resultsArea');
+        const loadingState = document.getElementById('loadingState'); // Target the new container
+        const submitBtn = document.getElementById('submitBtn'); // Target button to disable it
+        
+        const query = queryInput.value.trim();
+        const code = codeInput.value.trim();
+
+        if (!code || !query) return alert("Please fill in both fields.");
+
+        // UI Updates: Hide results, Show Loader, Disable Button
+        resultsArea.classList.add('hidden');
+        loadingState.classList.remove('hidden');
+        submitBtn.disabled = true;
+        submitBtn.innerText = "Processing...";
+
+        try {
+            const response = await fetch('/ask', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ query, code })
+            });
+
+            const result = await response.json();
+            
+            if (result.status === 'success') {
+                const data = result.data;
+
+                // 1. FINAL RESOLUTION
+                let recText = data.final_recommendation || "System could not provide a resolution.";
+                recText = recText.replace(/\*\*(.*?)\*\*/g, '<strong>$1</strong>');
+                document.getElementById('finalOutput').innerHTML = recText;
+
+                // 2. STRATEGY
+                const planObj = data.plan || {};
+                const planHtml = `
+                    <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
+                        <div class="col-span-1 md:col-span-2"><span class="font-semibold text-blue-900">Thought:</span> <span class="italic text-gray-600">${planObj.thought_process || "Processing query..."}</span></div>
+                        <div><span class="font-semibold text-gray-700">Intent:</span> ${planObj.intent || "Unknown"}</div>
+                        <div><span class="font-semibold text-gray-700">Detected Name:</span> ${planObj.customer_name || "None"}</div>
+                        <div><span class="font-semibold text-gray-700">DB Check:</span> <span class="${planObj.requires_database ? 'text-green-600 font-bold' : 'text-gray-400'}">${planObj.requires_database ? "YES" : "NO"}</span></div>
+                        <div><span class="font-semibold text-gray-700">Policy Check:</span> <span class="${planObj.requires_policy ? 'text-green-600 font-bold' : 'text-gray-400'}">${planObj.requires_policy ? "YES" : "NO"}</span></div>
+                    </div>`;
+                document.getElementById('planOutput').innerHTML = planHtml;
+
+                // 3. CUSTOMER DATA
+                let customerHtml = "";
+                try {
+                    let custData = data.customer_data;
+                    
+                    if (typeof custData === 'string') {
+                        if (custData.includes("NOT_FOUND") || custData.includes("N/A")) {
+                             customerHtml = `<div class="bg-red-50 text-red-700 p-3 rounded font-bold text-center">❌ No Record Found</div>`;
+                        } else {
+                            customerHtml = `<div class="text-gray-600 text-xs italic">${custData}</div>`;
+                        }
+                    } 
+                    else if (typeof custData === 'object' && custData !== null) {
+                        customerHtml = `<div class="grid grid-cols-2 gap-y-2 gap-x-4">`;
+                        for (const [key, value] of Object.entries(custData)) {
+                            let label = key.replace(/_/g, ' ').replace(/\b\w/g, l => l.toUpperCase());
+                            
+                            let valDisplay = value;
+                            if (value === false) valDisplay = '<span class="text-red-500 font-bold">False</span>';
+                            if (value === true) valDisplay = '<span class="text-green-600 font-bold">True</span>';
+                            if (key === 'credit_score' && typeof value === 'number') {
+                                valDisplay = value >= 700 
+                                    ? `<span class="text-green-600 font-bold">${value}</span>` 
+                                    : `<span class="text-amber-600 font-bold">${value}</span>`;
+                            }
+                            
+                            customerHtml += `<div class="text-gray-400 text-[10px] uppercase pt-1">${label}</div><div class="font-medium text-gray-800 break-words">${valDisplay}</div>`;
+                        }
+                        customerHtml += `</div>`;
+                    }
+                } catch (e) {
+                    console.error("Rendering Error:", e);
+                    customerHtml = `<div class="text-gray-600 text-xs italic">Error loading data.</div>`;
+                }
+                document.getElementById('customerOutput').innerHTML = customerHtml;
+
+                // 4. POLICY CONTEXT
+                document.getElementById('policyOutput').textContent = data.policy_data || "No relevant policy snippets retrieved.";
+                
+                resultsArea.classList.remove('hidden');
+
+            } else {
+                alert(result.message || "Access Denied.");
+            }
+
+        } catch (error) {
+            console.error(error);
+            alert("Server connection failed.");
+        } finally {
+            // Restore UI state
+            loadingState.classList.add('hidden');
+            submitBtn.disabled = false;
+            submitBtn.innerText = "Analyze";
+        }
+    }
+
+    document.getElementById("userQuery").addEventListener("keypress", function(event) {
+        if (event.key === "Enter") sendQuery();
+    });
+</script>
+</body>
+</html>