Legal Contract Review System Architecture Guide

🎯This Week's Journey

From prompts to production contract review system.

Monday: 3 core prompts for clause extraction, risk scoring, and recommendations. Tuesday: automated multi-step pipeline. Wednesday: team workflows across legal, compliance, and business teams. Thursday: complete technical architecture with 4 specialized agents, ML evaluation, and scaling patterns for enterprise legal operations.

📋

Key Assumptions

Process 10-10,000 contracts per day (MSAs, NDAs, vendor agreements)

Average contract: 15-50 pages PDF, 5,000-20,000 words

SOC2 Type II compliance required (audit logs, encryption, access control)

Support for multi-tenant enterprise deployment with data isolation

Integration with DocuSign, Salesforce, and internal contract management systems

95%+ clause extraction accuracy target with <5% false positive rate on risk scoring

System Requirements

Functional

Extract 25+ clause types (termination, liability, indemnity, IP, confidentiality, payment, renewal)
Risk score each clause (0-100) with confidence intervals and reasoning
Generate redline recommendations with legal justification
Support batch processing (upload 100 contracts) and real-time API
Multi-language support (English, Spanish, French, German, Mandarin)
Version control: track contract revisions and clause changes over time
Human-in-the-loop review queue for low-confidence extractions (<80%)

Non-Functional (SLOs)

latency p95 ms45000

freshness min5

availability percent99.5

accuracy percent95

false positive rate percent5

💰 Cost Targets: {"per_contract_usd":0.85,"per_page_usd":0.06,"monthly_infra_usd":1200}

Agent Layer

planner

Decomposes contract review into tasks, selects tools, routes to specialized agents

🔧 contract_classifier (determines contract type), page_counter (estimates processing time), language_detector

⚡ Recovery: If OCR fails → retry with enhanced preprocessing, If classifier uncertain → route to human review queue, If timeout → split into chunks and process parallel

extractor

Extract 25+ clause types from contract PDF using OCR + LLM

🔧 aws_textract (OCR), gpt4_extraction (structured output), clause_deduplicator

⚡ Recovery: If OCR quality <70% → flag for manual review, If LLM extraction confidence <80% → route to Validator for double-check, If parsing error → retry with fallback prompt

validator

Validate extracted clauses against schema, check completeness, flag anomalies

🔧 schema_validator (JSON schema check), completeness_checker (25 required clause types), anomaly_detector (unusual clause language)

⚡ Recovery: If missing critical clauses → trigger re-extraction with focused prompt, If anomaly detected → flag for legal review, If validation fails → route to human queue with context

risk_scorer

Score each clause 0-100 for legal risk using RAG + historical precedent

🔧 rag_retriever (legal precedent database), risk_model (fine-tuned classifier), confidence_estimator

⚡ Recovery: If RAG retrieval empty → fall back to rule-based scoring, If model confidence <70% → flag for attorney review, If contradictory scores → ensemble vote across 3 models

recommender

Generate redline suggestions with legal justification for high-risk clauses

🔧 redline_generator (GPT-4 with legal prompt), policy_matcher (company-specific rules), precedent_finder (similar contracts)

⚡ Recovery: If recommendation unclear → provide multiple options, If policy conflict → escalate to legal team, If generation fails → fall back to template-based suggestions

guardrail

Final safety check: PII redaction, policy compliance, output validation

🔧 pii_detector (NER model), policy_checker (SOC2 compliance rules), output_validator (schema + safety)

⚡ Recovery: If PII detected → redact and log, If policy violation → block output and alert, If validation fails → route to manual review queue

ML Layer

Feature Store

Update: Daily batch + real-time for new contracts

• clause_length_chars
• clause_complexity_score (Flesch-Kincaid)
• entity_count (parties, dates, amounts)
• historical_risk_score_avg (per clause type)
• jurisdiction_risk_modifier
• industry_standard_deviation

Model Registry

Strategy: Semantic versioning (major.minor.patch), blue-green deployment

• clause_extractor
• risk_classifier
• embeddings
• reranker

Observability Stack

Real-time monitoring, tracing & alerting

0 active

SOURCES

Apps, Services, Infra

COLLECTION

9 Metrics

PROCESSING

Aggregate & Transform

DASHBOARDS

4 Views

ALERTS

Enabled

📊Metrics(9)

📝Logs(Structured)

🔗Traces(Distributed)

contract_processing_latency_p95_ms

✓

clause_extraction_accuracy_percent

✓

risk_scoring_latency_p95_ms

✓

llm_api_success_rate

✓

queue_depth

✓

worker_utilization_percent

✓

Deployment Variants

🚀

Startup Architecture

Fast to deploy, cost-efficient, scales to 100 competitors

Infrastructure

✓

AWS Lambda (serverless functions)

✓

API Gateway (managed API)

✓

RDS PostgreSQL (single-AZ)

✓

S3 (PDF storage)

✓

OpenAI API (GPT-4)

✓

AWS Textract (OCR)

✓

CloudWatch (logs + metrics)

→Single-tenant deployment

→Synchronous processing (no queue)

→Manual scaling (adjust Lambda concurrency)

→Cost: $300/mo for 10-100 contracts/day

→Deploy time: 1 week

→No multi-region, no SSO, basic auth (API keys)

Risks & Mitigations

⚠️ LLM hallucinations (fake clauses, incorrect risk scores)

Medium

✓ Mitigation: 4-layer hallucination detection: confidence scores, cross-reference database, logical consistency, human review queue. 98% catch rate.

⚠️ OCR quality issues (poor scans, handwritten notes)

Medium

✓ Mitigation: Pre-process PDFs (deskew, denoise). Flag low-quality scans (<70%) for manual review. Provide scan quality feedback to users.

⚠️ Model drift (accuracy degrades over time)

High

✓ Mitigation: Monthly drift detection. Automatic retraining if accuracy drops >3%. Rollback to previous model version. Weekly evaluation on 1K-contract test set.

⚠️ PII leakage (sensitive data sent to LLM)

Low

✓ Mitigation: Pre-redact PII via AWS Comprehend before LLM processing. Audit logs for all PII access. Encrypt PII at rest (KMS). Block processing if PII detection fails.

⚠️ Cost overruns (LLM API costs spike)

Medium

✓ Mitigation: Cost tracking per contract. Budget alerts (>$1,000/day). Rate limiting (10 req/sec per tenant). Optimize prompts to reduce tokens. Cache common extractions.

⚠️ Scalability bottleneck (queue overflow during peak)

Medium

✓ Mitigation: Auto-scaling workers (2-20 based on queue depth). Kafka for high-throughput event streaming. Throttle API (429 responses) if queue >10K. Priority queue for urgent contracts.

⚠️ Vendor lock-in (OpenAI API dependency)

High

✓ Mitigation: Multi-LLM architecture (GPT-4, Claude, Gemini). Abstract LLM calls via interface. Easy to swap providers. Test failover monthly.

🧬

Evolution Roadmap

Progressive transformation from MVP to scale

🌱

Phase 1Weeks 1-12

Phase 1: MVP (0-3 months)

Deploy startup architecture (Lambda + RDS + OpenAI)

Support 10-100 contracts/day

Basic clause extraction (10 clause types)

Simple risk scoring (rule-based)

Human review queue for low-confidence extractions

Complexity Level

▼

🌿

Phase 2Months 4-6

Phase 2: Scale (3-6 months)

Scale to 100-1,000 contracts/day

Add queue + workers (SQS + ECS)

Expand to 25 clause types

RAG-based risk scoring (legal precedent DB)

Multi-language support (English, Spanish)

Complexity Level

▼

🌳

Phase 3Months 7-12

Phase 3: Enterprise (6-12 months)

Scale to 1,000-10,000 contracts/day

Multi-region deployment (US, EU, APAC)

Multi-tenant with data isolation

SSO/SAML integration (Okta, Auth0)

SOC2 Type II certification

Complexity Level

🚀Production Ready

🏗️

Complete Systems Architecture

9-layer architecture from ingestion to compliance

🌐

Presentation

4 components

Web App (React)

API Dashboard

Review Queue UI

Analytics Portal

⚙️

API Gateway

4 components

Load Balancer (ALB)

Rate Limiter (Kong/Tyk)

Auth Proxy (OAuth 2.0)

Request Router

💾

Agent Layer

7 components

Planner Agent

Extractor Agent

Validator Agent

Risk Scorer Agent

Recommender Agent

Guardrail Agent

Orchestrator (LangGraph)

🔌

ML Layer

5 components

Feature Store (Feast)

Model Registry (MLflow)

Embedding Service (OpenAI/Cohere)

Reranker (Cohere Rerank)

Evaluation Pipeline

📊

Integration

4 components

DocuSign Adapter

Salesforce Connector

SFTP Ingestion

Webhook Handler

🌐

Data

4 components

PostgreSQL (contracts, clauses)

S3 (PDF storage)

Vector DB (Pinecone/Weaviate)

Redis (cache, queue)

⚙️

External

4 components

OpenAI API (GPT-4)

Anthropic API (Claude 3.5)

Cohere API (embeddings, rerank)

AWS Textract (OCR)

💾

Observability

4 components

CloudWatch Logs

Datadog Metrics

Sentry Errors

LangSmith Traces

🔌

Security

4 components

AWS KMS (encryption)

Vault (secrets)

Audit Logger

PII Redactor

🔄

Sequence Diagram - Contract Review Flow

Automated data flow every hour

Step 0 of 14

Data Flow

Contract upload → reviewed output in 45 seconds

User0s

Uploads contract PDF (15-50 pages) → PDF bytes

API Gateway0.2s

Auth check + rate limit + route to Planner → Authenticated request

Planner Agent0.7s

Classify contract type → Create task plan → Route to Extractor → Task plan JSON

Extractor Agent15.7s

OCR (Textract) → LLM extraction (GPT-4) → 25 clause types → Clauses JSON (25 objects)

Validator Agent18.2s

Schema validation → Completeness check → Anomaly detection → Validation report

Risk Scorer Agent30.2s

RAG retrieval (legal precedent) → Risk model → Score each clause → Risk scores (0-100 per clause)

Recommender Agent42.2s

Generate redlines for high-risk clauses → Legal reasoning → Redline recommendations (5-10 suggestions)

Guardrail Agent44.2s

PII detection → Redaction → Policy compliance check → Sanitized output

Database44.8s

Save contract + clauses + risks + recommendations + audit log → Persisted records

User45.0s

Receives review URL + notification → 200 OK + review_id

Volume

10-100 contracts/day

Pattern

Serverless Monolith

🏗️

Architecture

API Gateway (AWS API Gateway)

Lambda functions (Python + LangChain)

S3 (PDF storage)

RDS PostgreSQL (contracts, clauses)

OpenAI API (GPT-4)

AWS Textract (OCR)

Cost & Performance

$300/mo

per month

45-60 sec per contract

Volume

100-1,000 contracts/day

Pattern

Queue + Workers

🏗️

Architecture

API Gateway (rate limiting)

SQS (message queue)

ECS Fargate (worker containers)

RDS PostgreSQL (multi-AZ)

ElastiCache Redis (cache + session)

S3 (PDF + audit logs)

CloudWatch (logging + metrics)

Cost & Performance

$800/mo

per month

30-45 sec per contract

Volume

1,000-10,000 contracts/day

Pattern

Multi-Agent Orchestration

🏗️

Architecture

ALB (load balancer)

ECS Fargate (agent services)

LangGraph (orchestration)

Kafka (event streaming)

RDS Aurora (multi-region)

Pinecone (vector DB for RAG)

Cohere (embeddings + rerank)

DataDog (observability)

Cost & Performance

$2,500/mo

per month

20-30 sec per contract

Recommended

Volume

10,000+ contracts/day

Pattern

Enterprise Multi-Region

🏗️

Architecture

Global Accelerator (multi-region routing)

EKS (Kubernetes)

Kafka (multi-region)

Aurora Global Database

Pinecone (enterprise tier)

Multi-LLM (GPT-4, Claude, Gemini)

Private VPC + PrivateLink

KMS + HSM (encryption)

SSO/SAML (Okta/Auth0)

Cost & Performance

$8,000+/mo

per month

15-25 sec per contract

Key Integrations

DocuSign

Protocol: REST API + OAuth 2.0

Contract signed in DocuSign → Webhook triggers review

Fetch PDF via DocuSign API

Process through agent pipeline

Post review results back to DocuSign envelope

Salesforce

Protocol: REST API + OAuth 2.0

Opportunity closed → Trigger contract review

Fetch contract from Salesforce Files

Review + risk scoring

Update Opportunity with risk score + recommendations

Internal Contract Management System

Protocol: SFTP + REST API

Batch upload via SFTP (nightly)

Process queue (SQS)

Workers pull contracts → Review

Push results back via REST API

AWS Textract

Protocol: AWS SDK

Upload PDF to S3

Trigger Textract async job

Poll for completion (5-15 sec)

Extract text + bounding boxes

Security & Compliance

Failure Modes & Recovery

Failure	Fallback	Impact	SLA
LLM API down (OpenAI outage)	Failover to Claude 3.5 → Then Gemini → Then queue for retry	Degraded latency (+5-10 sec), not broken	99.5%
OCR quality low (<70%)	Flag for manual review → Human uploads higher-quality scan	Requires human intervention	99.0%
Extraction confidence low (<80%)	Route to Validator for double-check → If still low, human review queue	Quality maintained, slight latency increase	99.9%
Risk scoring model drift (accuracy drops >3%)	Trigger retraining pipeline → Roll back to previous model version	Temporary accuracy degradation	99.0%
Database unavailable	Read from replica → Queue writes → Retry on primary recovery	Read-only mode, writes delayed	99.9%
PII detection fails	Block processing → Alert security team → Manual review	Safety first, processing halted	100%
Queue overflow (>10K contracts pending)	Scale workers 2x → If still overwhelmed, throttle API (429 responses)	Increased latency, some requests rejected	99.0%

System Architecture

┌─────────────────┐
│  Orchestrator   │ ← LangGraph coordinator
│   (LangGraph)   │
└────────┬────────┘
         │
    ┌────┴────┬────────┬──────────┬───────────┬──────────┐
    │         │        │          │           │          │
┌───▼───┐ ┌──▼───┐ ┌──▼────┐ ┌───▼─────┐ ┌──▼──────┐ ┌▼────────┐
│Planner│ │Extract│ │Validate│ │RiskScore│ │Recommend│ │Guardrail│
│ Agent │ │ Agent │ │ Agent  │ │  Agent  │ │  Agent  │ │  Agent  │
└───┬───┘ └──┬───┘ └──┬────┘ └───┬─────┘ └──┬──────┘ └┬────────┘
    │        │        │          │           │          │
    └────────┴────────┴──────────┴───────────┴──────────┘
                      │
                  ┌───▼────────┐
                  │   RAG DB   │ ← Legal precedent
                  │  (Vector)  │
                  └────────────┘
                      │
                  ┌───▼────────┐
                  │ PostgreSQL │ ← Contracts, clauses
                  └────────────┘

🔄Agent Collaboration Flow

Planner Agent

Receives contract PDF → Classifies type (MSA/NDA/SOW) → Creates task plan → Routes to Extractor

Extractor Agent

OCR via Textract → LLM extraction (25 clause types) → Returns JSON to Validator

Validator Agent

Schema validation → Completeness check → Anomaly detection → Flags low-confidence extractions

Risk Scorer Agent

RAG retrieval (legal precedent) → Risk model inference → Scores each clause 0-100 → Flags high-risk (>80)

Recommender Agent

Generates redline suggestions for high-risk clauses → Provides legal reasoning → Prioritizes by risk

Guardrail Agent

PII detection & redaction → Policy compliance check → Final validation → Approve or flag for manual review

Orchestrator

Aggregates results → Saves to database → Sends notification → Updates audit log

🎭Agent Types

Reactive Agent

Low

Extractor Agent - Responds to PDF input, returns clauses

Stateless

Reflexive Agent

Medium

Validator Agent - Uses rules + context to validate

Reads contract context

Deliberative Agent

High

Risk Scorer Agent - Reasons over precedent, plans scoring strategy

Stateful (RAG context)

Orchestrator Agent

Highest

Planner + Guardrail - Makes routing decisions, handles failures, ensures safety

Full state management

📈Levels of Autonomy

Tool

Human calls, agent responds

→ Monday's prompts (manual copy-paste)

Chained Tools

Sequential execution, no decisions

→ Tuesday's automation (fixed pipeline)

Agent

Makes decisions, can loop, retries

→ Risk Scorer (RAG retrieval + reasoning)

Multi-Agent

Agents collaborate, self-correct, escalate

→ Full system (Planner → Extractor → Validator → Scorer → Recommender → Guardrail)

RAG vs Fine-Tuning

Legal precedent changes frequently (new cases, regulations). RAG allows daily updates without retraining. Fine-tuning would require quarterly retraining at $10K+ per cycle.

✅ RAG (Chosen)

Cost: $400/mo (Pinecone + Cohere)

Update: Daily

How: Add new legal docs to vector DB

❌ Fine-Tuning

Cost: $10K+ per retrain

Update: Quarterly

How: Retrain entire model on 50K+ contracts

Implementation: Vector DB (Pinecone) with 100K legal precedents (cases, regulations, company policies). Cohere Embed v3 for embeddings. Cohere Rerank for precision (70% → 92%).

Hallucination Detection

LLMs hallucinate clauses, risk scores, or legal reasoning

Confidence scores (<0.7 = flag for review)

Cross-reference with legal database (verify clause exists in precedent)

Logical consistency checks (e.g., termination clause can't be both 30-day and 90-day)

Human review queue (attorney validates flagged outputs)

0.8% hallucination rate, 98% caught before attorney review

Evaluation Framework

Clause Extraction Accuracy

96.2%target: 95%+

Risk Scoring Accuracy

93.5%target: 90%+

Recommendation Acceptance Rate

85.3%target: 80%+

False Positive Rate (Risk)

3.2%target: <5%

Latency p95

45 sectarget: <60 sec

Testing: Shadow mode: 500 contracts parallel with attorney review. Cohen's Kappa: 0.89 (strong agreement).

Dataset Curation

Collect: 50K contracts - De-identified from clients + public sources

Clean: 42K usable - Remove duplicates, low-quality scans

Label: 42K labeled - ($$210K)

Augment: +8K synthetic - GPT-4 generates edge cases (unusual clauses, ambiguous language)

→ 50K high-quality examples. Cohen's Kappa: 0.91 (near-perfect agreement).

Agentic RAG

Risk Scorer Agent iteratively retrieves based on reasoning

Contract mentions 'unlimited liability' → RAG retrieves precedent → Agent reasons 'need jurisdiction-specific cap laws' → RAG retrieves state-specific statutes → Risk score adjusted based on jurisdiction context

💡 Not one-shot retrieval. Agent decides what else it needs to know. Improves risk scoring accuracy by 12%.

Multi-LLM Ensemble

Tech Stack Summary

LLMs

GPT-4 (OpenAI), Claude 3.5 (Anthropic), Gemini (Google)

Orchestration

LangGraph (agent coordination), LangChain (chains)

Database

PostgreSQL (RDS/Aurora), Redis (ElastiCache)

Vector DB

Pinecone (enterprise tier) or Weaviate

Queue

SQS (startup) or Kafka (enterprise)

Compute

Lambda (startup) or ECS/EKS (enterprise)

OCR

AWS Textract

Embeddings

Cohere Embed v3

Reranker

Cohere Rerank

Monitoring

CloudWatch (startup), DataDog (enterprise)

Security

AWS KMS, Secrets Manager, Comprehend (PII detection)

Auth

OAuth 2.0 (OIDC), SAML 2.0 (SSO)

🏗️

Need Architecture Review?

We'll audit your contract review system design, identify bottlenecks, and show you how to scale 10x with SOC2 compliance.

No part of this content may be reproduced, distributed, or transmitted in any form without prior written permission.

Contract Review System Architecture 🏗️

From prompts to production contract review system.

Key Assumptions

System Requirements

Functional

Non-Functional (SLOs)

Agent Layer

planner

extractor

validator

risk_scorer

recommender

guardrail

ML Layer

Feature Store

Model Registry

Observability Stack

Deployment Variants

Startup Architecture

Infrastructure

Risks & Mitigations

⚠️ LLM hallucinations (fake clauses, incorrect risk scores)

⚠️ OCR quality issues (poor scans, handwritten notes)

⚠️ Model drift (accuracy degrades over time)

⚠️ PII leakage (sensitive data sent to LLM)

⚠️ Cost overruns (LLM API costs spike)

⚠️ Scalability bottleneck (queue overflow during peak)

⚠️ Vendor lock-in (OpenAI API dependency)

Evolution Roadmap

Phase 1: MVP (0-3 months)

Phase 2: Scale (3-6 months)

Phase 3: Enterprise (6-12 months)

Complete Systems Architecture

Presentation

API Gateway

Agent Layer

ML Layer

Integration

Data

External

Observability

Security

Sequence Diagram - Contract Review Flow

Data Flow

Scaling Patterns

Key Integrations

DocuSign

Salesforce

Internal Contract Management System

AWS Textract

Security & Compliance

Failure Modes & Recovery

Multi-Agent Architecture

🔄Agent Collaboration Flow

🎭Agent Types

Reactive Agent

Reflexive Agent

Deliberative Agent

Orchestrator Agent

📈Levels of Autonomy

Advanced ML/AI Patterns

RAG vs Fine-Tuning

Hallucination Detection

Evaluation Framework

Dataset Curation

Agentic RAG

Multi-LLM Ensemble

Tech Stack Summary

Need Architecture Review?