Northstar

AI-powered compliance auditor that analyzes financial PDFs against live 2026 regulations via a Next.js dashboard and Discord bot, delivering executive reports in under 90 seconds.

Comment

Inspiration

Compliance auditing for SEC filings is slow, expensive, and gatekept by specialized firms. Small and mid-size companies spend thousands of dollars and weeks waiting for manual reviews of documents like 10-Ks, 8-Ks, and SOX 404 reports. We wanted to see if a multi-agent AI system could do the same job in under two minutes, allowing regulatory compliance accessible to any team, right from their Slack server or a web browser.

What it does

Northstar is an AI-powered financial compliance auditor. Users upload a PDF (SEC filings, SOX 404 reports, invoices) and get back a full compliance audit: a 0-100 score with letter grade, an executive summary written for executives, a table of severity-rated compliance gaps with specific regulation references, five prioritized remediation steps, and a downloadable PDF report. It works through both a web dashboard and Discord slash commands (/audit, /history, /audit-detail).

How we built it

Northstar runs a 4-stage AI agent pipeline powered by the Dedalus SDK:

  1. Document Gatekeeper: validates the upload is a real financial document before spending compute
  2. Compliance Researcher: uses Brave Search via MCP to look up current 2025/2026 SEC, PCAOB, FINRA, and GAAP regulations specific to the document type.
  3. PDF Analyzer: uses a custom MCP server (6 tools built with PyMuPDF) to structurally analyze the PDF. It finds regulatory sections, extracts financial statements, validates math, checks signatures, and detects red flags. Then it identifies compliance gaps against the researched rules.
  4. Report Generator: scores the findings, generates an executive summary and remediation plan via LLM, and produces a professional PDF report with ReportLab.

The backend is FastAPI (Python) with Supabase (Postgres) for persistence. The frontend is Next.js 14 with shadcn/ui. The Discord bot uses discord.py with embeds and PDF attachment delivery. All three clients share the same backend API.

Challenges we ran into

  • MCP tool integration: getting the PDF analyzer agent to correctly pass base64-encoded PDFs to MCP tools required careful prompt engineering and debugging across the Dedalus runner.
  • Scoring calibration: our initial penalty weights were too harsh. Real SEC-accepted filings were getting F grades. We had to recalibrate both the scoring formula and the analyzer prompt to distinguish "would trigger enforcement action" from "could be improved."
  • Discord interaction timeouts: audits with MCP tools take several minutes, and the Discord bot would timeout within the actual channel, but would still complete the review. We had to catch this separately and modify the token timeout time within the code.

Accomplishments that we're proud of

  • We designed a real multi-agent pipeline where each agent is actually specialized. The researcher searches the live web for current regulations, the analyzer uses purpose-built PDF tools via MCP, and the reporter synthesizes everything into an executive-ready report.
  • We have two fully functional clients (web + Discord) sharing one backend — you can upload from Discord and view results on the web, and vice versa.
  • The custom MCP server with 6 PDF analysis tools that do structural financial document analysis (section detection, financial math validation, signature checking) rather than just sending raw text to an LLM.

What we learned

  • MCP is really powerful for giving LLMs structured capabilities: Instead of asking the model to "find financial tables in this text," our MCP tools can extract everything precisely with PyMuPDF, and the model reasons over the structured results.
  • Scoring AI-generated assessments is hard: Calibrating the gap between "helpful feedback" and "accurate severity" required multiple iterations. The model tended to over-flag when told to find gaps in the documents.
  • Agent pipelines are very powerful and can give better results: The sequential pipeline from research to analyze to report produces much better results than a single prompt, because each agent works with the output of the previous one.

What's next for Northstar

  • Batch auditing to allow users upload multiple filings at once and get a portfolio-level compliance dashboard.
  • Regulatory change alerts: Agent 1 already searches live regulations; we could run it on a schedule and notify users when rules change that affect their past filings instead of checking the rules for each upload.
  • Audit difference/comparison to compare two versions of a filing to show what improved or regressed in the audit.
  • User authentication so teams can share audit history and collaborate on remediation with secure systems.

Built With

Share this project:

Updates