NovaValidator

AI-powered legal document compliance, running entirely on your machine. NovaValidator catches contract risks in seconds using Amazon Nova 2 Lite.

Comment

NovaValidator — Project Story

Inspiration

The inspiration for this project comes from a problem I was facing every week in my role. Some of our clients mandate the use of a certain SaaS product (which will remain unnamed) for all of their Statements of Work (SOWs). The product is typically configured with a standard set of clauses for all companies providing technical professional services, and for every new SOW it is necessary for me to manually update the clauses in line with our company standards. This manual process is prone to human error - at least one occurs for every SOW. Furthermore, the SaaS website has been built in such a way that it is extremely difficult to get it working well with agentic browser manipulation. The solution - use AI to validate all of the wording in a new SOW (exported as a PDF) against a set of well-defined rules using Amazon Nova 2 Lite.

What it does

NovaValidator is a local-first, AI-powered legal document compliance platform. Users can drag and drop any type of legal document into the app and a multi-step agentic pipeline powered by Amazon Nova 2 Lite takes over:

  1. Auto-Detection — Nova classifies the document type (e.g., SOW, NDA, SDD, Proposal, etc.) and matches it to the appropriate compliance template from the library.
  2. Clause-by-Clause Validation — Each clause is compared against the template rules and flagged if it deviates.
  3. Legal Ramification Analysis — For every non-compliant finding, Nova reasons about the real-world legal and financial consequences and assigns a severity (Critical, High, Medium, Low).
  4. PDF Report Generation — A fully formatted compliance report is generated with a single click, ready to share if needed.
  5. Configuration Agent — A conversational AI agent lets legal admins generate, upload, and manage compliance templates in natural language, storing them in a local template library.

All document data is intentionally stored locally in the browser's native IndexedDB.

How we built it

NovaValidator is a Tauri v2 desktop application wrapping a React + TypeScript frontend, with a Rust backend handling OS-level security.

The AI pipeline is built on Amazon Bedrock using the Converse and ConverseStream APIs against the global.amazon.nova-2-lite-v1:0 inference profile. Each agent stage (classification, validation, risk analysis) uses a carefully crafted prompt with structured JSON output, with multiple fallback parsing strategies to handle edge cases in model output. The prompt may be customised by the user within the application without having to make changes to the code.

Credential security was a first-class concern. We built a unified credentialStore abstraction that automatically selects the most secure storage available: in the native app, credentials are stored in the OS keychain via the Rust keyring crate (macOS Keychain, Windows Credential Manager, Linux Secret Service); in the browser, they are AES-GCM 256-bit encrypted using the Web Crypto API with a session key held only in memory — meaning the ciphertext in localStorage is useless without the in-memory key.

The UI was built with Tailwind CSS and lucide-react, with a live Markdown editor in the Config Agent for real-time template authoring. Document parsing supports .txt, .md, .pdf, and .docx via client-side libraries, so files never leave the machine even during extraction.

Challenges we ran into

Document parsing fidelity — DOCX files that rely heavily on tables, text boxes, or embedded objects extract poorly with client-side libraries. We added detection for low-character-count extractions and surface clear warnings to users so they know to try PDF export instead.

Streaming + JSON parsing — Because the Config Agent uses streaming responses but returns structured JSON, we had to accumulate the full stream before parsing rather than showing raw JSON mid-stream. This meant keeping the UI in a "thinking" state while the stream completed, then atomically updating the chat bubble and editor.

Accomplishments that we're proud of

  • Multi-model agentic pipeline — The classification → validation → risk analysis chain feels seamless to the user despite being three separate Nova invocations with structured handoffs.
  • Legal Ramification Analysis — Nova doesn't just flag deviations — it reasons about what they mean, and that output is genuinely useful to a non-lawyer.
  • Full template lifecycle — The Config Agent can generate, refine, save, load, and delete templates entirely through conversation, making compliance rule management accessible to non-technical legal admins.
  • Zero data egress — No document content leaves the user's machine except the direct, encrypted call to Bedrock.

What we learned

  • Amazon Nova 2 Lite's reasoning quality is well-suited to structured extraction tasks when the prompt clearly defines the output schema and provides sufficient context.
  • Streaming responses and structured JSON are an awkward combination — deferring UI updates until the stream completes is the right pattern for JSON-output agents.
  • Local-first architecture is not a limitation — it's a feature, especially in regulated industries. IndexedDB is a capable and underutilised persistence layer for web and desktop apps.
  • The Tauri + Vite + React stack is an excellent choice for desktop apps that need both native OS integration and a rich, modern UI. The Rust IPC layer adds negligible overhead while unlocking keychain access and future filesystem capabilities.

What's next for NovaValidator

This application was built to solve a specific problem that I was facing in my role, and it's already rescuing me from potentially costly mistakes, but I'm keen to share with my colleagues to see whether it can help in their roles as well. If this application turns out to be genuinely useful to more of my colleagues, I'm considering the following new features.

  • Bedrock Agents integration — Migrate the pipeline to native Bedrock Agents with memory and enable multi-turn document review conversations.
  • Expanded document type support — Master Service Agreements, Service Level Agreements, Employment Contracts, and more — each with purpose-built rule templates.
  • Template versioning — Track changes to compliance templates over time so legal users can audit what rules were active when a document was reviewed.
  • Batch validation — Upload a folder of contracts and get a compliance dashboard across all of them in one run.
  • Collaborative review mode — Allow multiple reviewers to annotate findings and sign off on exceptions, with a full audit trail stored locally.

Built With

Share this project:

Updates