Automated Contract Review & AI Risk Flagging

Google Drive monitoring — A trigger watches the firm's "Contracts for Review" folder for new PDF uploads. Paralegals drop contracts into this folder exactly as they did before, so the workflow required zero change to their intake process.

PDF text extraction — The uploaded PDF is sent to a text extraction API that handles scanned documents, multi-column layouts, and the inconsistent formatting typical of contracts received from dozens of different counterparties.

Contract metadata parsing — A JavaScript module extracts the parties involved, effective date, and estimated contract value using pattern matching against common legal document structures. It handles variations like "by and between," "entered into by," and "PARTIES:" headers.

Contract type detection — A keyword scoring engine classifies the document as an NDA, MSA, SOW, or Vendor Agreement. It scores against weighted keyword lists — for example, "Disclosing Party" and "Receiving Party" score heavily toward NDA, while "Service Level Agreement" and "Change Order" score toward MSA. The highest-scoring type wins, with Vendor Agreement as the default fallback.

Section splitting — The contract text is segmented into logical sections using regex-based detection of legal headers. The splitter recognizes patterns like "ARTICLE 5: INDEMNIFICATION," numbered sections with capitalized titles, and standalone all-caps headers. It handles the inconsistency of real-world contracts where some use Roman numerals, others use decimal numbering, and some use no numbering at all.

Contract type routing — A Switch node routes the contract to type-specific review criteria. Each branch loads different standards: - NDA review focuses on confidentiality scope, disclosure exceptions, and return of materials. - MSA review focuses on liability caps, SLA definitions, and data protection. - SOW review focuses on scope definition, acceptance criteria, and IP ownership. - Vendor Agreement review focuses on payment terms, auto-renewal, and non-compete provisions.

Batch section processing — A SplitInBatches node processes each contract section individually, sending one section at a time through the AI analysis pipeline. This prevents rate limiting, allows for per-section validation, and ensures that a parsing failure on one section does not derail the entire review.

AI prompt construction — For each section, a Code node builds a detailed prompt that includes the firm's specific standards, red-flag language patterns to watch for, and the contract-type-specific criteria loaded in step 6. The prompt instructs GPT-4 to respond in structured JSON with clause-level assessments, explanations, and suggested alternative language.

OpenAI analysis — Each section is sent to GPT-4 with temperature set to 0.1 for consistency, JSON response format enforced, and a 120-second timeout to handle longer sections.

Response validation — The AI response is validated for structural integrity. Required fields are checked, risk levels are normalized to the expected enum values, clause assessments are verified, and malformed JSON is caught with a fallback structure that flags the section for manual review rather than silently failing.

Risk aggregation — After all sections are processed, the results are aggregated into an overall risk profile. The system calculates a weighted risk score where critical sections count double, tallies flagged clauses by severity, compiles the unique red-flag patterns detected, and determines an approval recommendation based on thresholds.

Report generation — A comprehensive risk report is assembled with: - An executive summary tailored to the overall risk level - An overall risk scorecard with clause breakdown - A table of every flagged clause with section reference and explanation - Suggested alternative language for each problematic provision - A section-by-section breakdown with individual risk ratings - A clear approval recommendation (Approve / Approve with Modifications / Reject)

Google Doc creation — The report is saved as a Google Doc with the contract name and date in the title, giving the attorney a permanent, shareable record linked back to the original contract in Drive.

Attorney notification — An email is sent to the assigning attorney with a concise summary including the risk level, key findings, number of flagged clauses, and a direct link to the full report in Google Docs.

Review logging — Every review is logged to a Google Sheet with the contract name, type, parties, risk score, flagged clause count, recommendation, and links to both the report and the original contract. This creates an audit trail and enables the firm to track patterns over time.

Error handling — A dedicated error workflow captures failures at any node, classifies them by severity based on which stage failed, and posts formatted alerts to the firm's Slack channel so the team knows immediately if a contract review stalled.