DevRisk Guard: Serverless Legal Analysis

DevRisk Guard firstlook
legal Document testing
Analysing the Document
Summary output
DevRisk Guard full in action

Inspiration

As developers and product managers, we constantly sign up for new APIs, services, and platforms, often accepting lengthy Terms & Conditions (T&Cs) or EULAs without reading them. Missing a critical clause, like a low liability cap or one-sided indemnification, can expose a development team or company to significant financial risk. We were inspired to build a tool that removes this friction by providing instant, actionable risk intelligence.

What it does

DevRisk Guard is a web application that takes any legal text (T&Cs, EULAs, etc.) and uses Google's Gemini API to produce a structured, developer-focused risk summary. It provides:

An Overall Risk rating (Low, Medium, High).

A Developer's Abstract (a plain-language summary).

Specific High Risk Warnings for dangerous clauses.

A detailed breakdown of Key Developer Clauses (e.g., Liability, Indemnification).

How we built it

We built a highly reliable serverless architecture on Google Cloud:

Frontend: A static index.html page (which can be hosted on Cloud Storage or locally) using pure JavaScript for a clean UI.

Backend/AI Logic: A Python FastAPI application deployed on Cloud Run.

AI Engine: We used the Vertex AI Gemini API with gemini-2.5-flash. Crucially, we leveraged the Structured Output feature (using Pydantic models) and the system_instruction parameter to force the model to return a predictable, parseable JSON schema, enabling the clean rendering on the frontend.

CORS: We implemented FastAPI's CORS Middleware to allow the cross-origin communication between the local frontend and the Cloud Run API.

Challenges we ran into

Our primary challenges were entirely focused on integrating the specialized Vertex AI client into the Cloud Run environment:

API Authentication: Initially failed due to missing IAM permissions (403) on the Cloud Run service account, which we resolved by granting the Vertex AI User role.

Application Errors: We hit a TypeError due to incorrect argument passing to types.Part.from_text().

API Argument Error: The most critical AI issue was a 400 INVALID_ARGUMENT because we initially passed the system prompt using the deprecated "system" content role, which we fixed by moving it to the dedicated system_instruction config parameter.

Web Deployment: The final hurdle was a CORS policy block ("Failed to Fetch") when running the HTML locally, which was fixed by adding the CORSMiddleware to FastAPI.

Accomplishments that we're proud of

We are most proud of achieving a perfect, end-to-end serverless pipeline:

Building a robust, low-latency API on Cloud Run.

Successfully implementing the structured JSON output from Gemini, a core requirement for a reliable application.

Creating a solution that is instantly valuable by turning complex legal jargon into actionable risk metrics.

What we learned

We gained deep knowledge of the nuances of the Google GenAI SDK, specifically:

The proper way to handle Gemini system instructions (system_instruction parameter).

Best practices for configuring IAM permissions and CORS in a Cloud Run/FastAPI deployment.

How to build resilient frontend logic using exponential backoff to handle transient network errors.

What's next for DevRisk Guard: Serverless Legal Analysis

Next steps for the project include:

PDF/Document Upload: Integrate with Google Cloud Storage to allow users to upload PDF or DOCX files instead of copy-pasting text.

Frontend Hosting: Deploy the index.html file to a proper static hosting service like Cloud Storage or Firebase Hosting.

Advanced Logic: Refine the Gemini prompt to distinguish between US state laws (e.g., Delaware vs. California) for more nuanced risk analysis.

Built With

cloud-run-(serverless-hosting-for-the-api)
cloudrun
corsmiddleware
corsmiddleware-(for-fixing-the-'failed-to-fetch'-error).-apis:-gemini-api-(gemini-2.5-flash-model)
fastapi
gemini-2.5-flash
geminiapi
googlecloudplatform
html/css
html/css.-cloud-services-&-platforms:-google-cloud-platform-(gcp)
javascript
javascript-(frontend)
pydantic
pydantic-(for-defining-the-structured-json-output-schema)
python
vertex-ai-api-(to-access-gemini).-frameworks-&-libraries:-fastapi-(python-web-framework)
vertexaiapi

Submitted to

Cloud Run Hackathon

Created by

My primary contribution was the design, development, and deployment of the entire DevRisk Guard system, with a specific focus on building a reliable, scalable AI Agent using the Vertex AI Gemini API.

I led the efforts across the full stack, from the front-end user experience to the secure, serverless deployment.

1. Architectural & Backend Engineering
Serverless Agent Design: I architected the core application as a lightweight REST API using FastAPI and containerized it for deployment. This ensured the application is highly efficient, leveraging the serverless pay-per-use model of Google Cloud Run .

Authentication & Services: I configured the GCP service account with the necessary Vertex AI User role to allow the Cloud Run service to authenticate and securely call the Gemini API without API keys or environment variables.

Error Handling: I identified and resolved a critical cross-origin issue by implementing FastAPI's CORSMiddleware, ensuring the public-facing static frontend (index.html) could successfully communicate with the isolated Cloud Run backend.

2. AI Agent Logic & Structured Output Innovation
Pydantic Schema Development: This was the most crucial technical contribution. I designed the Python Pydantic schema to dictate the exact output format—including risk_level, high_risk_flags, and clause categories. This solved the core LLM reliability problem.

System Instruction Crafting: I wrote the specialized System Prompt that transformed the general Gemini model into a legal risk expert, forcing it to analyze text only from the perspective of a software developer.

Vertex AI Integration: I implemented the generate_content call using the Pydantic schema to leverage Gemini's native Structured Output feature, guaranteeing that the raw legal text is transformed into perfectly parseable JSON for the frontend.

3. Frontend & User Experience
User Interface (UI) Development: I built the simple, single-page HTML/CSS/JavaScript frontend (index.html) that handles the copy/paste input and makes the asynchronous request to the deployed Cloud Run service.

Risk Visualization: I wrote the JavaScript logic to interpret the structured JSON response, specifically adding conditional formatting: the risk badge color (Red/Yellow/Green) and the distinct display of "High Risk Warnings" to make the most critical information immediately visible to the user .

In summary, my work focused on transforming a powerful LLM (Gemini 2.5 Flash) into a reliable, real-world AI Agent by surrounding it with a robust, scalable, and secure serverless architecture on Google Cloud Platform.

Swati Gupta
Bharathi Raja R
A techno-business guy with a successful sales career in the technology consulting space, looking to make a larger social impact with tech!

Updates

Bharathi Raja R started this project — Nov 10, 2025 03:02 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.