Not a ChatPDF. Not a legal chatbot. A system that challenges its own answers at runtime and exposes the challenge to the user — so a junior associate in Dhaka has the same evidentiary footing as a senior partner in a global firm.
Statutes are published as degraded PDFs on government portals. Contracts are drafted from inherited templates nobody re-reads. Regulatory circulars — from Bangladesh Bank, the NBR, the RJSC — arrive weekly and are interpreted by the loudest voice in the room, not the most accurate reading of the text.
A small garment exporter in Gazipur negotiating an LC with a foreign buyer has no way to audit the indemnity clause against prevailing case law. A startup founder signing a seed term sheet has no way to flag that the liquidation preference is 3× market standard.
DocRAG-Legal ingests the statute, reads the clause, cites the source, and — critically — argues with itself in public before letting the answer reach the user.
"Not just citation-verified answers — cryptographically chained sessions. Every answer challenges itself. Every session is tamper-evident. Every risk assessment cites the exact statute it violates."
The processing machinery is identical across legal, clinical, cybersecurity, and financial contexts. Only the corpus changes. One engine, many data stores.
AGNOSTIC PROCESSING MACHINERY
────────────────────────────────────────
Vertex RAG → Discovery Engine Rerank
→ Gemini Pro Synthesis
↓
Gemini Flash Adversarial Judge
↓
SHA-256 Provenance → Modal Ledger
────────────────────────────────────────
↑ swappable corpus
MUTABLE DOMAIN CONTEXTS
────────────────────────────────────────
Statutes · IT Security · Clinical GCP
Tax Codes · Banking Circulars
Import/Export Tariffs · Sharia Law
RAG retrieval → Gemini Pro synthesis → Flash adversarial judge, inline on every single request. The judge result is visible to the user.
Clause heatmap — RED / YELLOW / GREEN — with statute citations for every flag. Not decorative. Legally grounded.
Clause diff + statute-backed rewrite + risk delta calculation. Before and after, with full citation chain.
PDF upload → Cloud Storage → Vertex AI RAG async import with job tracking. Any domain corpus in minutes.
Audit dashboard: faithfulness verdicts, adversarial challenges, session registry, provenance hash ledger.
The same engine served cybersecurity SLAs, clinical trial protocols, and constitutional law without a code change. Each domain is a corpus upload and a preamble adjustment.
30-business-day notification is commercially unacceptable for a security incident.
"Commercially reasonable efforts" weakens what should be an absolute obligation.
$5,000 aggregate cap is nominal against real breach exposure and recovery costs.
"How is the President of the Republic elected and what is the term of office?"
The system correctly refused to answer when the corpus didn't cover the question. A faithfulness score of 1.0 on a refusal is the safety behavior working as designed. In regulated domains, "I don't know" is the most valuable answer.
Any tampering with a single past answer breaks every subsequent hash in the chain. The session becomes an audit trail — exactly the property regulated industries need for discovery and compliance review.
Genesis hash is the literal string "genesis". Every session starts clean and builds a verifiable chain from the first interaction.
Corpus ingestion, managed vector stores, text-embedding-004, async GCS imports. Chunk sizing: 1024 tokens / 200 overlap for statutes, 512 / 100 for contracts.
Gemini 1.5 Pro (T=0.1) for synthesis — forbids speculation, requires [N] citation format. Flash (T=0.0, structured JSON) for the adversarial judge on every request.
semantic-ranker-512@latest re-scores top-20 candidates to top-5 before synthesis. The single biggest quality lever — faithfulness delta vs. unreranked synthesis is roughly +0.15.
Enterprise-tier Search API, unstructured PDF parsing, advanced OCR, extractive segments. Provisioned under $1,000 Gen AI App Builder credits.
Source-based FastAPI deploy, autoscaling 0–5 instances, OIDC auth, enterprise security headers (HSTS, X-Frame, XSS), 1Gi memory.
Five append-only NDJSON volumes (eval logs, risk logs, redline logs, doc registry, ingest jobs) and two dicts (session state + eval cache). Zero idle cost.
JWT verification via ADC. Custom role claims: admin (ingest, batch eval), analyst (risk, redline, query), viewer (query, eval read). Zero JSON key files in container.
6-hourly POST /eval/batch via OIDC-authenticated HTTP job. Continuous evaluation loop — not a test suite run once and forgotten.
All credentials. Zero secrets in source code, environment files, or container images.
The RAG Engine's default managed-Spanner path hit capacity limits we couldn't clear. Switching to serverless via a REST PATCH we wrote ourselves unlocked the whole pipeline. When Google ships two paths, the newer one is usually less congested.
Raw embeddings retrieve plausible chunks. The semantic reranker retrieves the right chunks. On regulatory text, the faithfulness delta between reranked and unreranked synthesis is roughly +0.15 — the difference between PASS and REVIEW verdicts.
A test-suite judge runs in CI and is forgotten. An inline judge the user sees — with severity icons and expandable challenge text — transforms the product from answer machine to evidentiary instrument. The UX is the architecture.
Ten lines of SHA-256 code turn a chat log into a tamper-evident audit trail. Regulated industries cannot deploy without this. It is the difference between a demo and a product.
Every time we used Application Default Credentials instead of a JSON key file, the deployment got simpler, safer, and more portable. Firebase Admin, Discovery Engine, gcloud — all unified under one identity model.
Modal's .remote() is synchronous. FastAPI is async. Calling one from the other on the event loop destroys latency for every other request. Wrapping in asyncio.run_in_executor is non-negotiable at production traffic.
The constitutional law demo answered "Insufficient context" with a perfect faithfulness score of 1.0. The system correctly refused to speculate. In regulated domains, a well-reasoned no is more valuable than a plausible-sounding wrong answer.
The same engine served cybersecurity SLAs, clinical trial protocols, and constitutional law without a code change. Each new vertical is a corpus upload and a preamble tweak. This is the business model — not a product per domain.