compl.ai

Automating Compliance, Amplifying Confidence.

Comment 4

Inspiration

We understand the difficulty behind navigating dense regulations and compliance documents. At TikTok TechJam, we wanted to create a tool that makes compliance information accessible, structured, and easy to act on.

What it does

ComplAI parses unstructured laws into structured, searchable components. It can split regulations into meaningful parts, store them in a database, and allow developers to check whether PRDs are compliant using a RAG system.

How we built it

Frontend

  • Next.js (App Router) UI with SSE-based progress updates.
  • Supports document management, compliance checks, and results/history pages.
  • Professional interface with 5 main pages:
    1. Requirements Check
    2. Legal Documents
    3. Document Library
    4. Knowledge Base
    5. Results History

Backend

  • FastAPI service orchestrates workflows and proxies requests to MCPs.
  • Provides REST APIs for health checks, uploads, results, workflows, and knowledge base interactions.

MCPs: Two dedicated services

  • Legal MCP (port 8010): Legal corpus search and similarity analysis.
  • Requirements MCP (port 8011): PRD corpus search, metadata management, and bulk retrieval.

Data Storage

  • PostgreSQL 17 for metadata and relational storage.
  • ChromaDB for vector search and semantic embeddings.

LLM Router

  • Gemini (primary) with Claude/GPT fallbacks for synthesis and analysis.

Core Functionality

  • Upload and manage requirements (PDF/text/URL) and legal documents.
  • Chunk, embed, and perform semantic search across the legal corpus.
  • Cross-map requirements ↔ regulations and highlight gaps, risks, and compliance status.

Challenges we ran into

  • Complex orchestration: Coordinating the FastAPI backend with multiple MCPs (Legal + Requirements) and ensuring consistent workflows was tricky.
  • Streaming UX: Implementing SSE progress updates in the Next.js frontend without breaking hydration or causing race conditions took effort.
  • Data consistency: Keeping PostgreSQL (for metadata) and ChromaDB (for embeddings) in sync was non-trivial, especially during bulk ingestion and updates.
  • Document chunking: Finding the right balance between chunk size and embedding accuracy required experimentation.
  • LLM routing: Handling fallbacks between Gemini, Claude, and GPT while maintaining consistent output formatting was a challenge.
  • Cross-mapping logic: Aligning requirements to regulations and surfacing clear compliance gaps pushed us to refine our semantic search and scoring methods.

Accomplishments that we're proud of

  • Built a full-stack compliance assistant that handles ingestion, embedding, semantic search, and compliance mapping end-to-end.
  • Designed a professional, multi-page UI in Next.js with real-time SSE progress updates.
  • Created two dedicated MCP services (Legal + Requirements) that modularize and scale compliance workflows.
  • Integrated PostgreSQL + ChromaDB seamlessly for structured + semantic storage.
  • Developed a robust LLM router with Gemini as the primary model and Claude/GPT as fallbacks.
  • Successfully demonstrated requirements-to-regulation cross-mapping, identifying compliance gaps and risks automatically.

What we learned

  • The importance of clear separation of concerns (frontend, backend, MCPs, storage, LLM routing) to keep complexity manageable.
  • How to balance deterministic search (Postgres queries) with semantic retrieval (ChromaDB + embeddings) for best results.
  • That real-time feedback (SSE) massively improves the user experience for long-running compliance checks.
  • How different LLMs (Gemini, Claude, GPT) behave in synthesis/analysis tasks — and why routing + validation layers are essential.
  • That compliance mapping benefits most from smaller, interpretable chunks rather than monolithic document analysis.

What’s next for ComplAI

  • Deeper analytics: Add visualization dashboards to highlight compliance gaps, risks, and requirement-regulation coverage.
  • Collaboration features: Let teams comment, assign owners, and track progress on compliance findings.
  • Multilingual support: Extend coverage to regulations in multiple languages.
  • Expanded integrations: Ingest from Slack, Confluence, Jira, and SharePoint to capture more compliance-relevant knowledge.
  • Automated remediation: Suggest concrete next steps or draft compliance responses to identified gaps.
+ 20 more
Share this project:

Updates