PolicyPilot-backend / README.md
vaibuzz
feat: production-ready deployment β€” Dockerfile, schema fixes, PCT_DIFF logic, abs() resolver
1294b5d
|
Raw
History Blame Contribute Delete
5.67 kB
---
title: PolicyPilot
emoji: πŸ›‘οΈ
colorFrom: indigo
colorTo: purple
sdk: docker
pinned: false
---
# PolicyPilot β€” Financial Compliance & Audit Engine
**PolicyPilot** is an autonomous, human-in-the-loop financial compliance system. It converts unstructured corporate policies (PDF/MD/TXT) into a deterministic, programmatic rule engine using AI, enabling real-time, automated auditing of Invoices, Purchase Orders, and GRNs.
This project was built to address the unreliability of purely LLM-based auditing by introducing a **hybrid architecture**: AI is used strictly for *extraction and translation*, while a purpose-built Python engine handles *mathematical evaluation and deterministic execution*.
---
## πŸ—οΈ System Architecture
Our solution is entirely decoupled, consisting of a React Vite frontend and a FastAPI Python backend.
### 1. Multi-Modal Document Ingestion
Before AI can process a policy or an invoice, the documents must be converted into clean text.
- **Rich Document Extraction:** We use **IBM Docling** to parse dense financial tables, nested lists, and multi-column PDFs. This ensures complex matrixes (like Approval Authorities) retain their structural integrity.
- **Fail-Safe Fallback:** If a document is scanned or incompatible with Docling, the system seamlessly falls back to **PyMuPDF**, ensuring 100% ingestion reliability across `PDF`, `MD`, and `TXT` files.
### 2. The AI Translation Pipeline (Groq + Llama 3)
Instead of asking an LLM to blindly read a policy and audit an invoice in one prompt, we use **Groq (Llama 3.3 70B)** to translate the unstructured corporate policies into strict, machine-readable rules.
- **Two-Pass Extraction:** The LLM first extracts rules into a strict Pydantic JSON schema (`Rule` objects). It then makes a second pass to identify edge cases, missing parameters, or logical overlap between rules.
- **Confidence Scoring:** The LLM attaches a `confidence_score` to every extracted rule. Any rule below 90% confidence or with detected conflicts is flagged in the UI for Human-In-The-Loop (HITL) resolution.
### 3. Why Python for Evaluation? (The Deterministic Rule Engine)
A common mistake in AI engineering is using LLMs to calculate math or execute logic against active data. LLMs hallucinate complex calculations and are fundamentally non-deterministic. To solve this, once rules are finalized by a human, they are compiled mathematically.
- We developed a completely custom `Rule Evaluator` in Python. It parses the JSON logic (e.g., `amount > 50000 AND (PO_number = missing OR GSTIN = mismatched)`) into a safe, secure Abstract Syntax Tree.
- **The Advantages over LLM Evaluation:** During live invoice processing, **zero LLM calls are made**. The evaluator checks the invoice payload against the rules identically every single time. This eliminates prompt-injection risks, removes token costs entirely, processes documents in milliseconds instead of seconds, and ensures 100% deterministic, audit-ready compliance.
### 4. Human-In-The-Loop UI & Audit Trail
- The React UI calculates real-time confidence metrics. If a human modifies or accepts a flagged rule, its confidence permanently elevates to 100%, updating the organization's system trust score dynamically.
- The system persists the active ruleset to disk and generates hard-copy `.log` files of every email dispatched by the native Python SMTP client, ensuring enterprise traceability.
---
## πŸ› οΈ How AI Tools Were Leveraged
*As per submission guidelines, here is a note on how AI tooling accelerated development:*
This project was built leveraging **Google Antigravity (Advanced Agentic Architecture)**. We effectively utilized AI agent pair-programming to tackle complex integration points:
1. **Mathematical Parsing:** Antigravity was used to rapidly prototype the complex recursive Regex logic required to transition from an English-language policy (e.g. "+/- 10% tolerance") into strict Python Boolean/Math operations without using `eval()`.
2. **Schema Enforcement:** We used the AI to write robust Pydantic schemas that forced the Groq Llama3 model to output perfect JSON.
3. **Iterative Debugging:** When hitting Groq 429 Rate Limit issues, the AI agent autonomously diagnosed the terminal error, dynamically swapped API keys in the `.env` file, and kept the server hot-reloading smoothly.
---
## πŸ’» Sample Input / Output
### System 1: Policy Extraction
**Input (Unstructured Policy Document):**
> "Invoices between INR 10,00,001 and INR 50,00,000 must be escalated to the Finance Controller for review."
**Output (Structured JSON Rule):**
```json
{
"rule_id": "AP-APR-003",
"description": "Escalate high value invoices to Finance Controller",
"conditions": [
"Invoice_table.amount BETWEEN 1000001 AND 5000000"
],
"action": "ESCALATE_TO_FINANCE_CONTROLLER",
"confidence_score": 0.96
}
```
### System 2: Deterministic Execution
**Input (Extracted Invoice Payload):**
```json
{ "invoice_number": "INV-2044", "amount": 2500000, "vendor_status": "APPROVED" }
```
**Output (Execution Report):**
```json
{
"status": "VIOLATION",
"rule_id": "AP-APR-003",
"action": "ESCALATE_TO_FINANCE_CONTROLLER",
"deviation_details": {
"reason": "Invoice amount (2500000) fell within high tier (1m-5m)"
}
}
```
---
## πŸš€ Running Locally
### Backend (Python)
```bash
cd backend
python -m venv venv
venv\Scripts\activate # Windows
# source venv/bin/activate # macOS/Linux
pip install -r requirements.txt
# Set GROQ_API_KEY and GMAIL_APP_PASSWORD in .env
python main.py
```
### Frontend (React/Vite)
```bash
cd frontend
npm install
npm run dev
# Opens at http://localhost:5173
```