CompliMesh

One screening check for SMB exporters: is the buyer banned, is the item allowed, who really owns them? AI classification, deterministic verdicts, and a tamper-proof audit trail.

Comment

Inspiration

Selling a product across a border quietly makes you responsible for three legal questions on every single sale: is the buyer allowed, is the item allowed to go there, and can you prove you checked? Get it wrong and the penalties are brutal — sanctions settlements routinely run from hundreds of thousands into the millions of dollars. Large firms have whole compliance departments and expensive software. Small and mid-sized exporters are left stitching the same check together across a sanctions-list website, a separate export-classification tool, and a spreadsheet — and hoping nobody skipped a step.

Two failure modes haunted us:

  • "Clean on Monday, sanctioned by Thursday." Governments add new restricted parties almost weekly. A customer you cleared last month can be banned today.
  • Hidden ownership. A buyer whose name is spotless can be majority-owned by a sanctioned entity — and under OFAC's 50% Rule that makes the buyer sanctioned too. Name-only screening sails right past it.

We wanted one check that does all of this and produces evidence a regulator can't argue with.

What it does

CompliMesh is a single screening engine. You give it three things — what you're shipping, who to, and where — and it runs every check at once and returns one clear answer:

  • 🟢 GO — safe to ship · 🟡 REVIEW — a human must look · 🔴 NO-GO — would break the law.

Behind that one click it:

  1. Classifies the product into its HS customs code (AI-assisted — see below).
  2. Screens the buyer against the consolidated restricted-party list — fuzzy-matched, so misspellings and aliases still hit.
  3. Checks who really owns the buyer — walks the ownership graph and applies the 50% Rule.
  4. Checks the destination for embargoes and license requirements.

And around the engine it's a real product, not a toy:

  • Multi-tenant — organizations → client accounts → customers.
  • Roles + segregation of duties — the person who initiates a deal cannot be the one who approves it, and a NO-GO can't be overridden by anyone.
  • False-positive management — clear a genuine name-collision once, with a written reason, and it stops nagging.
  • Re-screening on list change — one click re-checks your entire customer base against the latest list and flags whoever just became a problem.
  • Integrations — batch CSV import (export from QuickBooks / SAP) and a live webhook that screens new orders automatically, no human in the loop.
  • A tamper-proof audit trail — every screening, approval, and clearance is appended to a SHA-256 hash-chained, append-only ledger. A built-in verifier proves the chain is intact, and a Simulate Tampering button shows it instantly catching an altered record and pointing to the exact row.

The product is deliberately cautious: GO has to be earned — a "maybe" never becomes a "yes" on its own.

How we built it

  • Next.js (App Router) on Vercel — Server Components + Server Actions; the UI is a thin client over a framework-agnostic core engine.
  • Amazon Aurora PostgreSQL (Serverless v2), connected through Vercel's native AWS integration using OIDC federation + RDS IAM authentication — the app authenticates to the database with short-lived IAM tokens minted per request. No static database password exists anywhere.
  • Drizzle ORM with hand-written SQL migrations and an idempotent migration runner.
  • pg_trgm trigram matching (GIN index + name normalization) for fuzzy buyer screening.
  • Claude claude-haiku-4-5 for the CLASSIFY step, using a propose-then-validate pattern: Claude proposes an HS code + confidence + reasoning via structured output, then deterministic code validates it against a curated reference (a hallucinated code is forced to low confidence → REVIEW). If the API key is absent or the call fails, it falls back to a deterministic keyword classifier — an AI outage never fails a compliance check.
  • The audit ledger is append-only at the database level — INSERT-only grants, a trigger that blocks UPDATE/DELETE, advisory-lock-serialized appends, and a canonical-serialization SHA-256 chain, so any later tampering breaks every downstream hash.

Challenges we ran into

  • Passwordless database auth. Wiring OIDC → RDS IAM so both local dev and production mint short-lived tokens (and refresh the dev token cleanly) took real plumbing — but the payoff is zero long-lived DB credentials.
  • Making "tamper-proof" actually true. Hashing a chain is easy; stopping the app itself from editing history is harder. We pushed the append-only guarantee down into Postgres (REVOKE + trigger) so even the application can't rewrite a past line.
  • Keeping AI honest. LLMs will happily invent a plausible HS code. Propose-then-validate plus a confidence floor turns the model into assisted research, never the authority.
  • A sneaky production-only bug. A type re-export from a 'use server' file compiled fine locally but threw ReferenceError only in Vercel's production build — every Server Action 500'd while the page and webhook still worked. We traced it through runtime logs and learned the hard way that 'use server' files may export only async functions.

Accomplishments that we're proud of

  • A genuinely end-to-end working product in production: real Aurora, real IAM auth, real LLM classification, real tamper-proof ledger.
  • The 50% ownership rule — the exact trap that fines real companies — caught automatically.
  • An audit trail you can break on camera and watch the verifier catch.

What we learned

  • Scope AI to where it helps and fence it everywhere trust matters. Classification is fuzzy and a great fit for an LLM; the go/no-go verdict and the audit record must be deterministic and verifiable.
  • Short-lived, federated credentials are very achievable on serverless — and worth it.
  • Production build pipelines (Server Actions, 'use server' constraints) behave differently from local — exercise the real path before you demo it.

What's next for CompliMesh

  • Live consolidated-list auto-refresh on a schedule (versioned snapshots already model it).
  • EU / UN / UK lists and richer ownership data.
  • An agentic investigation copilot that drafts the reviewer's disposition note from the ownership graph + adverse media, and a VSD drafter that writes a voluntary self-disclosure straight from the audit trail.
  • Deeper ERP hooks (SAP).

Built With

Share this project:

Updates