Legal Analysis Rework — Design

Status: Draft for review Date: 2026-05-20 Related: 2026-04-15-unified-processors-design.md, 2026-04-13-document-diagnostics-design.md

1. Scope & goals

Rework how Orcha performs legal analysis of contracts so that it produces a materially better, jurisdiction-aware assessment that scales beyond Germany.

Goals:

Separate extraction from assessment. Extraction captures what is in the contract (including the clauses themselves). A new post-processor judges those clauses — good for the company, bad for the company, or missing.
Jurisdiction-aware, layered. A jurisdiction-agnostic baseline applies to every contract; an EU layer and a deep DE layer stack on top when applicable; every other country falls back to the generic baseline. Build priority: DE deep → EU → world generic.
Contract-type-aware. Assessment differs by contract type (NDA, SaaS, supply/service, lease, loan, insurance, framework, …).
LLM-driven, low maintenance. The legal logic lives in composable prompt modules, not hardcoded rules. No per-rule code to maintain.
Testable & auditable. Output shape is schema-validated; findings carry a statute citation and link back to the source clause.

Non-goals (this iteration)

UI / data-panel changes to display the new output (separate, later effort).
Assessing key-obligations (stays an extracted fact for now).
A deterministic per-rule engine / rules registry (explicitly rejected — see §3).
Per-country EU packs beyond DE (added on demand once the layering exists).

2. Background — current state

Contract legal analysis is fused into the extraction prompt (workers/ap/ingestion/extraction.clj, :extraction-contract): a single LLM call extracts fields and runs a hardcoded EU compliance block (GDPR / NIS2 / DORA) plus key-obligations.
The schema (schema/contract/structured_data.clj) defines compliance-checks and risk-flags; locale is only inferred for date parsing. There is no jurisdiction abstraction.
The AP pipeline already has the right shape to copy: a unified IProcessor protocol (§3 of the unified-processors spec) where post-processors declare reads/writes/diagnostic/modes, run -compute (often an LLM call via ai.prompts/tenant-prompt), and write to a diagnostic slice. Notably tax-compliance already varies its prompt by tenant country — so a jurisdiction-varying LLM post-processor is an established pattern, not new.

3. Decision: prompts, not skills

The German legal-skills repo (Klotzkette/claude-fuer-deutsches-recht) ships Claude Code skills (SKILL.md files). We are not running those skills at runtime. We use prompts — specifically composable prompt modules in Orcha's own repo — and treat the skills as source material we mine to author those modules (their license is MIT/Apache, so this is permitted with attribution).

Rationale:

Orcha's contract pipeline is a non-interactive backend that makes structured JSON LLM calls and validates the result against a schema. "Skills" are a packaging/runtime mechanism for interactive agents (Claude Code / Agent SDK) with progressive disclosure and tool scripts — there is no skill runtime inside the pipeline, and introducing one would add latency, non-determinism, and cost for no benefit.
Prompts give us what the product needs: versioning in-repo, per-tenant customization through the existing tenant_prompt_customization path, schema-validated structured output, and unit/eval testing.
We still borrow the skills' good ideas — modularity, jurisdiction layering, norm citations, the "assess from the receiving side" framing — but express them as prompt resources, not as a runtime dependency.

If Orcha later builds an interactive contract assistant (chat/Q&A over a contract), skills may be the right tool there. That is out of scope here.

4. Architecture overview

Two stages, mirroring AP extraction → post-processors:

Contract ingestion
  │
  ├─ Stage 1. Extraction  (:extraction-contract, slimmed)
  │      → UNIVERSAL FACTS + a first-class CLAUSE INVENTORY
  │        (no good/bad/missing judgment; EU compliance block REMOVED)
  │
  └─ Stage 2. Legal Analysis  (NEW :contract-legal-analysis IProcessor)
         → resolve jurisdiction (code)
         → compose BASE + jurisdiction layers + contract-type module (+ tenant additions)
         → one LLM call → schema-validated findings
         → write :legal diagnostic slice

5. Stage 1 — Extraction captures clauses (no judgment)

Extraction stays jurisdiction-agnostic and makes no assessment. Its job is "what's in this contract," now including a first-class clause inventory using one canonical clause taxonomy (shared vocabulary for both stages):

:clauses
[{:type     :liability-cap        ; canonical taxonomy: :termination :auto-renewal
  :text     "<verbatim clause text>"        ; :confidentiality :indemnification
  :summary  "<one-line plain summary>"      ; :data-protection :price-escalation
  :location "<section / page anchor>"}       ; :sla :governing-law :payment-terms …
 …]

…alongside the scalar facts it already extracts (parties incl. which side is the company/principal, dates, value/currency, renewal type, notice periods, payment terms, etc.). The previously-inline EU compliance analysis is removed from this prompt.

6. Stage 2 — Legal analysis post-processor assesses clauses

From the company's (principal/tenant) perspective, the analysis produces:

Per-clause verdict — favorable / unfavorable / neutral, with rationale.
Missing-clause detection — clauses expected for this jurisdiction × type but absent.
Jurisdiction findings — compliance/risk items defined by the active layers.

6.1 Composable prompt modules

analysis_prompt =
    BASE                  (how to assess, output contract, RDG-safe framing)
  + JURISDICTION layers   (additive — see 6.2)
  + CONTRACT-TYPE module
  + tenant additions      (existing tenant_prompt_customization)

Module texts are versioned resources in the repo, editable without code:

resources/com/getorcha/legal/
  base.md
  layers/{generic,eu,de}.md
  types/{nda,saas,service-supply,lease-rental,loan,insurance,framework,other}.md

prompt-version is recorded in the output :meta for regression tracking.

6.2 Jurisdiction layers are additive ("DE deep → EU → world generic")

every contract → generic
EU contract → + eu (GDPR/AVV Art. 28, DORA Art. 30, NIS2)
German contract → + de (BGB §§305–310 AGB control, §309 Nr. 9 auto-renewal validity)

So a German SaaS contract receives generic + eu + de + saas; a US SaaS contract receives generic + saas. Adding a country later = add a layer file; nothing else changes.

6.3 Jurisdiction resolution (pure function, in code)

resolve-jurisdiction(structured-data, tenant) → {:resolved :layers :basis :confidence} with precedence:

explicit governing-law / jurisdiction clause → country/region
else principal + counterparty countries (DE present → DE; both EU → EU)
else tenant default (tenant.company-country)
else generic

Deterministic and unit-tested in isolation.

7. Output model — the `:legal` diagnostic slice

All three finding kinds share one shape so UI and tests handle them uniformly:

:legal
{:jurisdiction {:resolved :de
                :layers   [:generic :eu :de]
                :basis    "governing-law clause: 'Recht der Bundesrepublik Deutschland'"
                :confidence :high}

 :clause-assessments
 [{:clause-type :auto-renewal
   :verdict     :unfavorable          ; :favorable | :unfavorable | :neutral
   :severity    :warning              ; :critical | :warning | :info
   :rationale   "12-month auto-renewal, 3-month notice — long lock-in for the company."
   :citations   [{:label "§ 309 Nr. 9 BGB" :note "term/auto-renewal limits in AGB"}]
   :suggestion  "Negotiate shorter renewal term or notice window."
   :clause-ref  "<id/anchor of the extracted clause>"}]

 :missing-clauses
 [{:clause-type :data-protection
   :severity    :critical
   :rationale   "SaaS processing personal data without an Art. 28 GDPR DPA/AVV."
   :citations   [{:label "Art. 28 DSGVO"}]
   :suggestion  "Add a data-processing agreement (AVV)."}]

 :compliance                          ; replaces the hardcoded GDPR/NIS2/DORA block
 [{:regime :gdpr :status :warning :findings [...]}
  {:regime :dora :status :not-applicable}]

 :summary {:overall :needs-attention  ; :ok | :needs-attention | :high-risk
           :counts  {:unfavorable 2 :missing 1 :critical 1}
           :headline "2 unfavorable clauses, 1 missing DPA."}

 :meta {:prompt-version "legal-v1" :model "..." :analyzed-at "..."}}

A Malli LegalAnalysis schema enforces the shape; the LLM fills the judgment. Invalid output → handled as an analysis error (tested).
Every finding carries a :citations reference and (for assessments) a :clause-ref back to the Stage-1 clause.
Severity vocabulary maps onto existing diagnostic conventions so display can reuse current components later.
This replaces the inline compliance-checks and the unused risk-flags.

Worked example — German SaaS contract

Extraction: finds auto-renewal ("verlängert sich um 12 Monate, Kündigungsfrist 3 Monate"), liability-cap, no data-protection clause.
Analysis (generic + eu + de + saas): auto-renewal → unfavorable + §309 Nr. 9 BGB validity risk; liability-cap present → favorable; missing AVV/DPA (Art. 28 GDPR) → critical.

8. IProcessor wiring

New processor :contract-legal-analysis, registered next to validations/fraud/tax-compliance:

Method	Behavior
`-id`	`:contract-legal-analysis`
`-reads`	contract clauses, parties (+countries), governing-law, jurisdiction, contract-type, dates, value, renewal/notice (dispatches on state → contracts only)
`-writes`	`[]` (diagnostic-only)
`-diagnostic`	`{:slice :legal}`
`-modes`	`#{:ingestion :edit}`
`-always?`	`false`
`-compute`	resolve-jurisdiction → compose-prompt → LLM (`tenant-prompt`) → parse → validate vs `LegalAnalysis` → `{:result … :stats …}`
`-apply-ops`	`[]`

compose-legal-prompt(layers, contract-type) is registered as defmethod ai.prompts/-prompt :contract-legal-analysis, so it picks up per-tenant additions automatically through tenant-prompt.
Edit-mode win: correcting a clause re-runs only legal analysis (its read path changed); extraction does not re-fire.

9. RDG-safe framing

A German "Prüfung" that applies statutes to a customer's specific contract can edge toward a regulated Rechtsdienstleistung (RDG). The BASE module therefore instructs the model to produce informational risk signals with references for the user's own review, in hedged language — not legal conclusions or advice. A standing disclaimer is stored with the output. The exact wording should get a counsel sign-off before launch.

10. Sourcing modules from the legal-skills repo

The prompt modules are authored by mining (not running) these skills:

Module	Mined from
`layers/de`	`vertragsrecht/{vertragspruefung, agb-pruefung, vertragsverlaengerungs-monitor, saas-msa-pruefung, nda-pruefung}`
`layers/eu`	`datenschutzrecht/avv-pruefung` (Art. 28), `regulatorisches-recht/dora-ikt-vertragspruefung` (Art. 30), NIS2
`layers/generic`	universal contract-review heuristics (parties, value, renewal/notice, liability, risk)
`types/*`	`nda-pruefung`, `saas-msa-pruefung`, `lieferantenvertrag-pruefung`, plus `fachanwalt-*` norm appendices (it/versicherung/bank/transport) per type

11. Test strategy

Jurisdiction resolution: pure unit tests over fixtures (governing-law clause / party countries / tenant default / fallback). Deterministic.
Schema gate: every model output validated against LegalAnalysis; malformed output → analysis error, with a test for the rejection path.
Golden corpus: representative contracts per jurisdiction × type (DE SaaS, DE supply, non-DE EU service, US generic, NDA, …), each with a curated expected-findings snapshot. Evals assert on structured fields (must-catch clause-type + verdict/kind + severity + citation present), tolerant to wording — e.g. "DE SaaS without DPA → missing data-protection, critical." Track corpus pass-rate as the quality metric. Reuse the dev/snapshots harness.
Prompt-version regression: changing a module bumps prompt-version; re-run the golden evals and diff findings before shipping.
Edit recompute: editing a clause re-runs analysis (not extraction) and updates the :legal slice.

12. Rollout / migration

Introduce the :clauses inventory in extraction; keep existing fields.
Add the :contract-legal-analysis processor + modules + LegalAnalysis schema, writing the :legal slice (shadow — not yet displayed).
Remove the EU compliance block from :extraction-contract.
Migrate/replace compliance-checks consumers to read from :legal; retire the dead risk-flags.
UI/data-panel wiring to surface :legal — separate later effort.

13. Risks & mitigations

LLM non-determinism → schema gate + structured-field evals + low temperature; measure pass-rate, don't assert prose.
Wrong jurisdiction → wrong rules → resolution is explicit, carries :basis/:confidence; low confidence can downgrade severities or surface a "confirm jurisdiction" hint.
RDG exposure → informational framing + disclaimer + counsel review (§9).
Module sprawl → additive layers + canonical clause taxonomy keep the matrix small; new countries are single files.

14. Deferred decisions

Whether key-obligations becomes an assessed finding later.
Per-country EU packs beyond DE (AT, FR, …) — add layer files on demand.
Surfacing :legal in the UI (list badge from :summary.overall, detail panel).
Optional interactive contract Q&A (where skills might apply).