Inspiration
The inspiration for RegOps AI came from a simple, yet frustrating, reality: navigating the world of regulatory compliance is incredibly complex, expensive, and opaque. We saw businesses, especially small to mid-sized ones, drowning in a sea of dense legal documents, struggling to understand their obligations for frameworks like SOC 2, ISO 27001, or even local construction permits. The cost of hiring consultants is prohibitive for many, while the cost of non-compliance can be catastrophic. We were inspired to build an AI co-pilot to democratize this knowledge. The goal was to create a tool that could act as a compliance expert-on-demand, making the process more accessible, affordable, and less intimidating for everyone.
What it does
RegOps AI is an intelligent suite of tools designed to automate and simplify complex compliance tasks. It currently features three core capabilities:
Audit Genie: This is our automated compliance auditing tool. A user can upload their internal documentation—security policies, procedures, system logs, etc.—and select a compliance framework they need to be audited against. Using the power of the Google AI Development Kit (ADK), the AI then meticulously analyzes these documents, comparing them against the specific controls of the chosen framework. It produces a detailed report that highlights compliance gaps, identifies potential issues, and even suggests concrete steps for remediation. It turns weeks of manual work into a matter of minutes.
Permit Assistant: We realized compliance isn't just about cybersecurity; it's about physical world regulations, too. The Permit Assistant helps users navigate the bureaucratic maze of obtaining permits for projects. It's a conversational AI that uses the Tavus to access real-time, location-specific regulatory information from the web. The assistant asks clarifying questions to understand the project's scope and location, and can even interact with the user via voice using ElevenLabs if the user prefers audio. Based on this interaction, it identifies all the necessary local, state, and federal permits required, providing guidance on how to apply for them.
Explain API: At its heart, compliance is about understanding. The Explain API is designed to tackle this directly. You can feed it a dense piece of regulatory text or a complex compliance question, and the AI will break it down into simple, easy-to-understand language. It can summarize regulations, clarify specific clauses, and put them into the context of your specific business, answering questions like, "What does this data residency clause mean for my SaaS company?"
How we built it
This project was a deep dive into building a robust, AI-native system. Our architecture and technology choices were critical.
Architecture: We quickly realized that a single, monolithic AI model wouldn't be able to handle the complex, multi-step reasoning required for these tasks. So, we designed and built a multi-agent system.
At the top level, we have Orchestrator Agents (AuditOrchestrator, PermitOrchestrator) that manage the overall workflow for a given task.
These orchestrators coordinate a team of highly specialized Sub-Agents, each with a distinct role. For example, in our audit flow, the ComplianceScanner agent reads the user's documents, the RemediationSuggestor provides advice, and the ReportGenerator assembles the final output. This makes the system incredibly modular, easier to debug, and scalable.
To handle large documents without running out of memory, we implemented Streaming I/O using MongoDB's GridFS, allowing us to process files in chunks.
Challenges we ran into
Prompt Engineering is an Art and a Science: Our biggest challenge was getting the AI agents to behave predictably. Initially, they would respond conversationally instead of executing their tasks. We learned that effective prompts are not just simple instructions; they are detailed "micro-constitutions" that define an agent's role, its tools, its constraints, and, most importantly, the exact schema (e.g., JSON) of its expected output. This took a lot of iteration to get right.
Data Modeling is Crucial: As our AI's outputs became more structured and complex, our initial Pydantic models started failing. This forced us to develop a much more sophisticated, nested model structure to accurately represent the data. This rigor in data modeling was what ultimately enabled our agents to reliably communicate with each other.
The Perils of the Frontend-Backend Divide: We spent a significant amount of time debugging an issue with our file upload endpoint. It was a perfect storm of an incorrect Content-Type, a quirky Swagger UI that didn't handle optional fields as expected, and a mismatch in how form data was being named and sent. It was a classic lesson in the importance of end-to-end testing and clear API contracts.
Accomplishments that we're proud of
Looking back, there are a few things that stand out.
First and foremost, the multi-agent architecture itself. We moved beyond a simple "prompt-in, response-out" model to build a collaborative system of intelligent agents. It's a sophisticated design that gives us a powerful foundation for building even more complex features.
We're proud of the end-to-end functionality of all three core features. We didn't just build demos; we built fully-realized tools that solve tangible, difficult problems by integrating best-in-class APIs like Google ADK, Tavily, and ElevenLabs.
The persistence our team showed in debugging the initial audit endpoint was a defining moment. We systematically worked through every layer of the stack, from HTTP protocols to Python dependencies to AI logic, to find the root causes and fix them. It built a lot of character and technical debt repayment.
What we learned
This project has been a massive learning experience. The most important lesson was that building with LLMs is system design. You can't just "add AI." You have to think about data flow, state management, error handling, and the contracts between components, just like in any other complex software system.
We learned to let the data drive development. Our use of Pydantic wasn't just for validation; it was our primary design tool. By defining the data structures first, we could build our logic and prompts around a stable, predictable core.
Finally, we learned the power of iteration. Our first ideas and implementations were often flawed, but by embracing a cycle of building, testing, and refactoring, we arrived at a much more robust and elegant solution.
What's next for RegOps AI Suite
Expanding the Agent Library: We plan to develop new sub-agents for specific regulatory domains, such as healthcare (HIPAA), finance (FINRA), and data privacy (GDPR, CCPA).
Deeper Frontend Integration: We will be bringing the full power of the Permit and Explain flows into the Next.js UI to create a truly seamless and interactive user experience.
Implementing a Feedback Loop: We want to add a mechanism for users to rate the quality of the AI's output. This feedback will be piped into a dedicated agent responsible for refining and improving our prompts over time, creating a system that learns.
Proactive Compliance Monitoring: The ultimate goal is to move from reactive audits to proactive monitoring. We envision connecting RegOps to a company's live systems to provide real-time alerts about potential compliance issues before they become problems.
Built With
- bolt.new
- elevenlabs
- googleadk
- python
- tavus
- typescript

Log in or sign up for Devpost to join the conversation.