Inspiration
India has 5.49 crore pending court cases as of December 2025. 88% are trapped in district and subordinate courts. At current human capacity, it would take 300+ years to clear the backlog. This isn't a legal problem — it's a mathematical impossibility.
But the real issue isn't just speed. Generic AI (ChatGPT-style) is fast, but it hallucinates citations, drifts from approved plans, and can be jailbroken. A generic LLM in a legal context isn't just wrong — it's disbarrable. We wanted to build something that's both fast and trustworthy at the architecture level — not via prompt engineering, but via cryptographic proof.
"We do not need more lawyers. We need faster legal physics."
What We Built
CLAW is a cryptographically governed legal AI agent. Every single action it takes flows through a 5-gate enforcement pipeline before execution. The agent literally cannot commit perjury, contact an opposing party directly, or fabricate evidence — not because we asked it nicely, but because the architecture makes it mathematically impossible.
The 5-Gate Pipeline
| Gate | Component | What It Does |
|---|---|---|
| 0 | Injection Detector | Blocks prompt injection, jailbreaks, harmful queries |
| 1 | Policy Engine | Enforces BNS 2023 + 300+ hardcoded legal rules |
| 2 | ArmorIQ SDK | Validates Ed25519 signature on every IntentToken |
| 3 | Executor (Drift Check) | Blocks any action not in the signed step_proofs |
| 4 | CSRG Merkle Audit | Tamper-evident append-only decision chain |
Core principle: Agents never call tools directly. Every action must flow through IntentObject → PolicyEngine → Executor. No shortcuts exist in the code.
Key Features
- Chat-first interface with real-time SSE agent decision feed
- 4 practice areas: Landlord/Tenant, Employment, Contract, Criminal
- BNS 2023 Knowledge Base — 21 embedded sections of Bharatiya Nyaya Sanhita
- Indian Constitution KB — 20+ Articles + 7 landmark Supreme Court cases
- General Q&A mode — no case registration needed
- Live Merkle chain visualization with tamper-test button
- Filterable audit table with JSON export
- Prompt Injection Shield — 4-layer defense against system overrides, action injection, privilege escalation
The Speed Advantage
| Task | Human Lawyer | AI Lawyer |
|---|---|---|
| Case Research | 3–5 Hours | 10 Seconds (1800x) |
| Drafting Notice | 2–3 Days | 30 Seconds (360x) |
| Urgency Scoring | Gut Feeling | 50M Case Analysis |
| Cost per Action | ₹5,000+ | ₹99 (100x cheaper) |
How We Built It
Stack: Python + FastAPI backend, vanilla HTML/JS frontend, Server-Sent Events for real-time streaming.
Architecture layers:
injection_detector.py— regex + pattern scanning for 4 injection categoriespolicy_engine.py— deterministic rule enforcement fromlegal_rules.json(no LLM involvement at this layer)csrg.py— CSRG Merkle tree:sha256(prev_node + decision_json)chained across every decisionexecutor.py— the only gateway to tool execution; checks action against signedtoken.step_proofsllm_brain.py— Gemini-powered reasoning, sandboxed behind the enforcement layeraudit_logger.py— tamper-evident JSONL decision trace
The policy file (legal_rules.json) is declarative and hot-reloadable. Adding or changing a rule requires zero code changes — making it jurisdiction-portable.
Challenges
1. The Intent Drift Problem. LLMs agree to Plan X and then execute Action Y. Solving this required building the Executor's drift check: every action at runtime is verified against the cryptographically signed step_proofs list. If it's not on the list, it's blocked — even if the LLM "decided" to add it.
2. Policy without LLM. We had to make the PolicyEngine fully deterministic — no LLM calls, no probabilistic outcomes. Legal rules must be binary: ALLOWED or BLOCKED. This forced us to structure legal_rules.json as a strict declarative rulebook, not a prompt.
3. Balancing usability and enforcement. A system that blocks everything is safe but useless. We spent significant time calibrating the injection detector's sensitivity — too aggressive and legitimate legal queries get blocked; too lenient and the safety guarantees collapse.
4. Making cryptographic audit logs actually useful. It's easy to log everything. It's hard to make the logs readable in real time, filterable, and visually meaningful. The live Merkle chain visualization took multiple iterations to get right.
What We Learned
- Deterministic enforcement beats probabilistic alignment for high-stakes domains. Guardrails built from code, not prompts, are the only true safety layer in legal/medical/financial AI.
- Policy-as-Code is underrated.
legal_rules.jsonbeing hot-reloadable means law updates don't require redeployment. That's a real product insight. - The 70-30 model is the real future of legal AI. AI handles 70% (research, drafting, NJDG alerts) at 1800x speed. Humans retain the 30% that matters (court appearances, complex negotiation, emotional intelligence). Same human cost. 100x output.
What's Next
- NJDG data integration for real judge pattern analysis and 90-day limitation alerts
- Field-level Aadhaar/PAN encryption for client data
- Expanding practice areas to property disputes (20% of all Indian cases)
- SaaS + API + Freemium revenue model targeting ₹50 Cr ARR at 36 months
One number that matters: Diverting just 1% of India's backlog (5.5 lakh cases) through AI triage wipes out 2–3 years of district court workload. That's the mission.
Built With
- armoriq-sdk
- bns-2023
- csrg
- ed25519
- fastapi
- google-gemini
- html
- javascript
- merkle-tree
- python
- server-sent-events
Log in or sign up for Devpost to join the conversation.