Inspiration In India, anyone can file a Right to Information request, and a police station's Public Information Officer (PIO) is legally bound to answer within 30 days — deciding what the law allows them to disclose, redacting personal data, and citing the exact section of the RTI Act 2005. Get it wrong and the cost is real: a leaked informant's identity, or a personal ₹25,000 penalty on the officer.

We were also warned by a failure. In 2025, Axon's police report-writing AI was found to not retain its drafts and to let officers bypass mandatory review — so you couldn't tell AI text from human text, and California's SB 524 now bans that by law. We wanted to build the opposite: an AI that does the heavy reasoning but keeps a human in command and leaves a permanent paper trail.

What it does RTI Sahayak is an audit-first agent that helps a police PIO answer an RTI request — and never sends anything without human approval. For each request it:

Classifies the requested items (FIR copy, charge sheet, witness statement, personnel record…) and computes the 30-day deadline. Retrieves the relevant case records. Reasons over Section 8 of the RTI Act to decide what's exempt — and must quote the exempting clause word-for-word (no invented law). Redacts every name, phone, Aadhaar, and PAN — including hidden coreferent PII (e.g. the request says "informant," the record names her). Drafts the legal reply. Pauses at an un-bypassable human gate in UiPath Action Center, where the officer reviews the draft, the quote-verified citations, and the redactions, then approves. Every step — each decision, citation, and redaction — is written to an append-only audit log.

How we built it A coded LangGraph agent deployed on UiPath Automation Cloud, with the human sign-off as an Action Center task and the audit trail in Data Service. An 8-stage pipeline with two deterministic critic nodes: a citation critic that quote-verifies every legal citation against the real Act, and a redaction critic that re-scans the output for leaks until none remain. A 3-tier redaction engine: structured-PII regex → optional NER → an LLM pass for contextual/coreferent identifiers. Model-agnostic by design: one environment variable flips every reasoning step between Claude Opus 4.8 (via the UiPath LLM Gateway, no personal key) and DeepSeek — and we run them as a cross-check. A keyless test gate (pytest) that enforces four safety invariants, plus seeded-fault cases that prove each guard catches its bug. The entire codebase — graph, RAG, redaction, audit, and eval harness — was built with Claude Code as the coding agent. Because there is no public CCTNS API for police records, we use synthetic, CCTNS-style records for the demo and frame live integration as authorized future work. Challenges we ran into No data access. Police records (CCTNS/ICJS) are closed government systems with no public API, so we had to design realistic synthetic records that still exercise every legal edge case. Stopping hallucinated law. An LLM will happily cite a plausible-sounding clause that doesn't exist. We solved this with a deterministic citation critic that rejects any citation whose quote doesn't appear verbatim in the Act, with bounded self-repair before escalating to a human. Catching hidden PII. The hardest leaks aren't phone numbers — they're coreferences ("her brother, the constable"). This drove the LLM tier plus a fixpoint re-scan that loops until zero PII survives. Serverless deployment. Our cloud jobs kept failing at environment prep. The real cause turned out to be subtle: a version bump shipped a uv.lock that no longer matched pyproject.toml, and the serverless runtime installs with uv sync --locked, which refuses to proceed on a stale lock. Re-locking before packaging fixed it. Accomplishments that we're proud of A human gate that genuinely cannot be bypassed — and a confidence learner that still can never skip it. Four enforced, tested safety invariants — provenance, citation quote-verify, mandatory human pause, and zero PII leak — verified by a deterministic, keyless test gate that runs 100% green. It catches a fabricated citation in our tests and grounds the real clause instead. A cross-model disagreement check: if Claude and DeepSeek disagree on an exemption, the agent forces human review. It's open-source and reproducible, and it learns directly from how often the officer edits its drafts. What we learned For high-stakes government AI, trust comes from constraints, not model size — deterministic guards, quote-verification, and an audit trail matter more than a bigger prompt. Human-in-the-loop has to be structural, not optional — the Axon failure shows what happens when review can be skipped. Real reliability lives in the boring layer: dependency locking, reproducible packaging, and test gates decide whether your agent runs in the cloud at all. Designing honestly around missing data (synthetic records + a clear path to authorized integration) is stronger than pretending access exists. What's next for RTI Sahayak Authorized live integration with state RTI portals and police record systems (police are a State subject in India). The Section 8(2) public-interest override as an explicit reasoning step, and 48-hour handling for life-and-liberty requests. A deadline + penalty risk dashboard so a PIO sees, at a glance, which requests are about to breach the 30-day limit. Multilingual intake (RTIs arrive in many Indian languages), and memory of past resolved cases to make exemption reasoning more consistent over time.

Built With

  • api
  • automation
  • claudecode
  • deepseek
  • langgraph
  • opus
  • rl
  • uipath
Share this project:

Updates