AI Contract Review Agent

A new AI contract review agent, governed by the open-source AgentAz specification, reviews clauses against a user's playbook, flags risky terms and omissions with severity and citations, and proposes fallback language. The agent operates with read-only authority, cannot sign or alter contracts, and escalates high-risk deviations to human legal counsel.

Overview Clause-by-clause review against your playbook: flags risky terms, missing clauses, and deviations, each with a severity and a citation to the contract text. Proposes concrete fallback language from your standards instead of vague 'this is risky' comments. Catches omissions, not just bad clauses — a missing liability cap or DPA is often the real risk. Defensive: grounded in the document, never invents terms, never approves or signs, and escalates high-risk deviations to counsel. Review assistance, not legal advice. AgentAz™ specification A lightweight, design-time governance spec for security review. It documents what this agent is authorized to do — and why — and pairs with whatever policy engine you already run. It does not enforce anything at runtime. Machine-readable contract agentaz.json , validated against the open AgentAz™ JSON Schema — bundled for offline use and published at a permanent URL: { "$schema": "./agentaz.schema.json", "version": "2.0.0", "last reviewed": "2026-06-24", "agent id": "contract-clause-review-agent", "trust level": "A2", "dna pattern": "Evaluation", "worst case action": "Surfaces an incorrect clause risk assessment for human review. Cannot sign or alter contracts.", "authority boundary": "Reads and evaluates contract clauses; flags risks for review. No signing/sending tools present.", "tags": "legal", "contract-review", "read-only", "human-review" , "tool boundary": { "allowed tools": "read contract", "identify clauses", "assess risk", "suggest redline" , "execution tools absent": true }, "output boundary": { "format": "structured json", "never emits": "contract sign", "contract send", "approval" }, "cost boundary": { "max usd per trace loop": 0.3, "alert threshold usd": 0.2 }, "loop boundary": { "max reasoning turns": 10 }, "human handoff": { "triggers": "high risk clause", "non standard term", "low confidence" , "destination": "legal review queue" }, "audit": { "append only": true, "logs": "flags", "risk scores", "rationale" } } New to this? Read the AgentAz specification guide /agentaz-specifications — Trust Levels, DNA patterns, and how it complements your runtime. This is a flagship reference blueprint for AgentAz v1.0.0. AgentAz™ is open source under Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0 spec text under CC‑BY‑4.0 — schema and source on GitHub https://github.com/agent-kits/agentaz . Governance matrix A scannable summary of this blueprint's governance coverage, derived from its AgentAz™ specification. It documents the boundaries that already ship — not new functionality. | Agent goal | Bounded by the authority spec above | |---|---| | Trust Level | A2 — Recommend | | Tool access | Least privilege — execution tools absent read-only | | Context handling | Grounded in provided inputs; cites or flags rather than guessing | | Memory strategy | Task-scoped; no persistent cross-session memory | | Human approval | Required on high risk clause, non standard term, low confidence → legal review queue | | Audit trail | Append-only log flags, risk scores, rationale | | Cost & loop bounds | ≤ $0.3 per loop · ≤ 10 reasoning turns | | Recovery / escalation | Escalates to legal review queue | Agent component mapping A framework-neutral view of how this blueprint maps to standard agent-architecture components the vocabulary common to ADK-style frameworks . It describes structure for clarity — not an official integration or certified compatibility. | Agent | Primary reasoner — Recommend authority A2 | |---|---| | Tools | read contract, identify clauses, assess risk, suggest redline — execution tools absent read-only | | Memory | Task-scoped working context; no persistent cross-session memory | | Guardrails | Worst-case classified A2 ; no execution tools; ≤ $0.3/loop · ≤ 10 turns | | Evaluator | Confidence and authority-boundary checks; low-confidence or out-of-bounds results are flagged, not actioned | | Handoff | Escalates to legal review queue on high risk clause, non standard term, low confidence | Failure modes Specific ways this blueprint can fail, and how it is designed to detect, contain, and recover from each — the boundaries that make it safe to run, stated plainly. Misreads a clause or misses a deviation from the standard position. - Detection - Clauses are compared against documented standard positions; deviations and confidence are flagged. - Mitigation - A first pass only — a lawyer reviews every flagged item. - Recovery - Human review catches it and the standard library is updated. Hallucinates a clause that isn't in the contract. - Detection - Every finding cites its clause location; uncited findings are withheld. - Mitigation - Uncited terms are never asserted. - Recovery - The lawyer verifies against the source document. Reviews the wrong contract version. - Detection - A document hash or version is checked before review. - Mitigation - The review aborts on a version mismatch. - Recovery - The correct version is loaded and re-reviewed. Evaluation Deviation recall is primary — catching clauses that diverge from your standard positions — because a missed deviation is the expensive one. | Deviation recall | Of clauses that deviate from the standard position, the share it flags. | |---|---| | Precision | Of flags raised, the share that are real deviations — noise resistance. | | Citation accuracy | Whether each finding points to the actual clause, with no hallucinated clauses. | | Coverage | Share of the contract's clauses actually reviewed. | | Latency | Time to review per contract. | Recommended approach. Build a set of contracts annotated by lawyers against your standard positions; measure deviation recall and precision, and verify every finding cites a real clause. Include a few absent-clause traps to catch hallucination. When to use Use it when - Your legal/ops team reviews a high volume of similar third-party contracts NDAs, MSAs, DPAs, vendor agreements and wants a fast, consistent first pass. - You have a playbook or set of standard positions and fallbacks the agent can review against. - You want flagged risks with proposed redlines and a counsel-ready summary, not a black-box 'risk score.' - You want to triage which contracts are clean enough to fast-track and which need a lawyer's attention. Avoid it when - You expect it to give legal advice, make the final call, or sign — those are human and counsel responsibilities. - The agreement is bespoke, high-stakes, or litigation-related and needs a lawyer from the start. - You have no playbook or standards for it to review against, so 'deviation' has no meaning. - You can't keep counsel in the loop on high-risk findings. System prompt You are a Contract Review Agent assisting a legal team. You review ONE contract against the company's playbook and surface what a careful lawyer would want to see first. You are review assistance, NOT a lawyer, and you do not give legal advice or make final decisions. You are judged on catching real risks and omissions, precision, and never overstepping into advice or approval. == CORE PRINCIPLES == 1. Grounded in the document. Quote or cite the exact clause section/heading for every finding. Never invent a clause, obligation, or number that is not in the contract. If something is ambiguous, say so. 2. Risks AND gaps. Review what is present bad terms and what is missing absent protections the playbook requires . A missing liability cap or data-processing clause is often the biggest risk. 3. Playbook-relative. Judge terms against the company's standard positions and fallbacks, not your own opinion. 'Deviation from playbook' is the unit of analysis. == HARD RULES NON-NEGOTIABLE == - NOT LEGAL ADVICE: You provide review assistance. State this. You do not advise, opine on enforceability, or make the call to accept/reject. You surface issues and proposed language for a human. - DO NOT APPROVE OR SIGN: You never mark a contract approved, executed, or safe to sign. Your output is findings + recommendations for counsel. - NO FABRICATION: Every flagged term must be quoted/cited from the contract. Do not assume standard terms are present; if you can't find a required clause, flag it as MISSING, not present. - ESCALATE HIGH RISK: Any high-severity deviation e.g. uncapped liability, broad indemnity, IP assignment, problematic governing law, missing data-protection terms must be flagged for counsel review, not just noted. - CONFIDENTIALITY: Treat the contract as confidential. Do not leak terms outside the review output. == REVIEW METHOD priority areas == Liability & limitation; indemnification; termination & renewal incl. auto-renewal traps ; IP & ownership; confidentiality; data protection/privacy DPA, security, breach notice ; payment & pricing; warranties; governing law & dispute resolution; assignment & change of control; and any clause that deviates from the playbook. For each: quote it, compare to the standard position, rate severity, and propose fallback language. == SEVERITY == - HIGH: materially shifts risk/liability, gives away IP, removes a required protection, or a missing clause the playbook mandates. Counsel review required. - MEDIUM: a real deviation worth negotiating. - LOW: minor/stylistic or acceptable-with-note. == OUTPUT FORMAT return ONE JSON object == { "summary": "<2-4 sentences: contract type, overall risk posture, headline issues ", "disposition": "fast track|negotiate|counsel review", "not legal advice": true, "findings": { "clause": "<section/heading or 'MISSING: <required clause ' ", "quote": "<short quote from the contract, or empty if missing ", "issue": "<how it deviates from the playbook and why it matters ", "severity": "HIGH|MEDIUM|LOW", "fallback": "<proposed standard/fallback language " } , "missing clauses": "<required clauses not found " , "escalate to counsel": { "needed": <bool , "reason": "<which high-severity items " } } Set disposition to counsel review whenever any HIGH finding or required missing clause exists. Keep quotes short; do not reproduce large passages. Simulate run Try the agent with a sample task. This is a frontend-only preview that shows how the kit would plan and execute — no API calls, nothing leaves your browser. Frontend preview only — no data leaves your browser. Tip: press ⌘/Ctrl + Enter to run. Setup guide Install and load your playbook Install the agent and point it at your playbook of standard positions and fallbacks. pipx install contract-review-agent contract-review-agent playbook import ./playbook/ - 'Loaded 6 contract types, 84 standard positions, 84 fallbacks' Configure model and confidentiality Set the model and keep documents in your environment. The agent is review-only by config. cp .env.example .env ANTHROPIC API KEY=sk-ant-... REVIEW ONLY=true never marks approved/executed ESCALATE ON: "HIGH", "missing mandatory" COUNSEL QUEUE=legal-review Define required clauses per type Tell it which clauses are mandatory so omissions are caught, not assumed present. .contracts.yml msa: required: "limitation of liability", "indemnity", "termination", "confidentiality", "governing law" dpa: required: "processing scope", "security measures", "breach notification", "subprocessors" Review a contract from the CLI Run a review and inspect the findings, missing clauses, and disposition before wiring it into your CLM. contract-review-agent review ./vendor-msa.pdf --explain prints summary, findings quote+severity+fallback , missing clauses, disposition Integrate with your CLM/intake Route incoming third-party paper to the agent for a first pass; high-severity items go to counsel automatically. php intake webhook - POST https://your-host/contracts/review disposition=counsel review auto-assigns to the legal queue Architecture Tools required Workflow 1. Intake and identify Load the contract, parse it into clauses, and identify the contract type to select the right playbook. 2. Ground in the playbook Load the company's standard positions, required clauses, and fallbacks for that contract type. 3. Review clause by clause Compare each clause to the playbook, quoting the text, explaining any deviation, and rating severity. Don't opine on enforceability. 4. Check for omissions Separately verify that every playbook-required clause is present; flag any that are missing as findings in their own right. 5. Propose fallbacks For each material finding, generate concrete fallback/redline language from the playbook so counsel has a starting point. 6. Set disposition & escalate Any high-severity deviation or missing mandatory clause sets disposition to counsel review and routes to a named attorney. 7. Summarize & learn Produce the counsel-ready summary, then log accept/override outcomes to refine the playbook and prompt. Examples Overbroad non-compete in an NDA → flag with fallback A mutual NDA is mostly standard but slips in a broad non-compete. The agent flags it and proposes playbook fallback language. Input NDA §7: 'For 3 years after disclosure, Recipient shall not engage in any business that competes, directly or indirectly, with Discloser anywhere in the world.' Output { "summary": "Mutual NDA, largely standard, but §7 embeds a broad worldwide 3-year non-compete that exceeds an NDA's purpose and the playbook. One MEDIUM-HIGH issue; otherwise fast-trackable.", "disposition": "negotiate", "not legal advice": true, "findings": { "clause": "§7 Non-compete", "quote": "shall not engage in any business that competes... anywhere in the world", "issue": "An NDA should protect confidential information, not impose a non-compete. A worldwide, 3-year, 'directly or indirectly' restriction is far outside the playbook and likely unreasonable in scope.", "severity": "HIGH", "fallback": "Delete §7. If a restriction is required, limit to non-use/non-disclosure of Confidential Information the playbook's standard NDA position , with no separate non-compete." } , "missing clauses": , "escalate to counsel": { "needed": true, "reason": "HIGH-severity non-compete embedded in an NDA — counsel should confirm removal." } } Note: The agent doesn't just say 'this looks risky' — it quotes the exact clause, explains why a non-compete doesn't belong in an NDA, and proposes the playbook fallback delete it . High severity sets a counsel-review escalation while keeping the rest fast-trackable. MSA with uncapped liability + auto-renewal trap → two HIGH flags A vendor MSA looks tidy but caps the vendor's liability while leaving the customer exposed and buries an auto-renewal. Both are material. Input MSA §11: 'Vendor's total liability shall not exceed fees paid in the prior 3 months. Customer shall indemnify Vendor for all claims arising from use.' §3: 'This Agreement renews automatically for successive 1-year terms unless canceled 90 days before renewal.' Output { "summary": "Vendor MSA with an asymmetric, very low liability cap plus a broad one-way customer indemnity §11 and a 90-day auto-renewal trap §3 . Two HIGH issues — counsel review required.", "disposition": "counsel review", "not legal advice": true, "findings": { "clause": "§11 Liability & indemnity", "quote": "Vendor's total liability shall not exceed fees paid in the prior 3 months... Customer shall indemnify Vendor for all claims", "issue": "Caps Vendor's liability at ~3 months of fees while making Customer's indemnity unlimited and one-way — a significant, asymmetric risk shift versus the playbook mutual indemnity, 12-month cap, carve-outs for breach/IP/confidentiality .", "severity": "HIGH", "fallback": "Make liability mutual with a cap of 12 months' fees; add standard carve-outs confidentiality, IP infringement, gross negligence . Make indemnity mutual and scope it to third-party claims." }, { "clause": "§3 Term & renewal", "quote": "renews automatically... unless canceled 90 days before renewal", "issue": "Auto-renewal with a 90-day notice window is a lock-in trap and exceeds the playbook's 30-day standard.", "severity": "MEDIUM", "fallback": "Reduce the non-renewal notice period to 30 days, or require affirmative renewal." } , "missing clauses": , "escalate to counsel": { "needed": true, "reason": "Asymmetric uncapped customer indemnity and low vendor cap §11 ." } } Note: It catches two different problems in a 'clean-looking' MSA — an asymmetric liability/indemnity split and an auto-renewal trap — quotes each, explains the risk against the playbook, and proposes specific fallbacks. The HIGH finding forces counsel review. Looks fine, but a required DPA clause is MISSING → flag the gap A SaaS agreement that processes personal data reads cleanly, but it lacks a data-processing clause the playbook requires. The agent flags the omission a clause-reader would miss. Input SaaS agreement covering a product that ingests customer personal data. Clauses present: subscription, fees, support, IP, termination, governing law. No data-processing/DPA or breach-notification terms anywhere in the document. Output { "summary": "SaaS agreement for a product that processes personal data, but it contains NO data-processing/DPA or breach-notification terms — a required-clause omission under the playbook. Present clauses are otherwise standard.", "disposition": "counsel review", "not legal advice": true, "findings": { "clause": "MISSING: Data Processing Addendum / privacy terms", "quote": "", "issue": "The product ingests personal data, but the agreement has no DPA, no security obligations, no subprocessor terms, and no breach-notification clause. The playbook requires these whenever personal data is processed; their absence is a HIGH risk, not a neutral silence.", "severity": "HIGH", "fallback": "Attach the company standard DPA: processing scope/purpose limitation, security measures, subprocessor controls, breach notification within 72 hours, and audit rights." } , "missing clauses": "data processing addendum", "breach notification", "security measures", "subprocessors" , "escalate to counsel": { "needed": true, "reason": "Required data-protection clauses are entirely absent for a product that processes personal data." } } Note: The most valuable example: nothing in the contract is 'wrong,' so a naive clause-reader approves it. The agent instead notices what's absent — a mandatory DPA and breach-notification terms for a product handling personal data — and flags the omission as HIGH with the standard clauses to add. Catching gaps is where contract review really pays off. Implementation notes - Keep it review-only in config: it must never mark a contract approved, executed, or safe to sign, and every output should carry the 'not legal advice' framing. - Make missing-clause detection a first-class check driven by a per-contract-type required list — omissions are often the biggest risk and are exactly what clause-by-clause reading misses. - Require a quote/citation for every present-clause finding; if a required clause can't be found, flag MISSING rather than assuming it's there. - Route every HIGH finding or missing mandatory clause to counsel automatically; the agent triages, lawyers decide. - Ground fallbacks in your actual playbook so redlines are consistent with positions your team already approved. - Treat contracts as confidential, keep documents in your environment, and log human accept/override to refine the playbook. - Spend the strong model on the deviation analysis and fallback drafting — a cheaper model can parse and segment clauses. Variations Basic First-pass risk flagger Reviews a contract clause by clause against your playbook and returns flagged risks, missing clauses, and severities with citations for a human to action. Advanced Redlining reviewer Adds playbook-grounded fallback language for each finding, missing-clause detection, and automatic counsel-review routing for high-severity deviations. Enterprise Governed CLM reviewer Integrates with your CLM and intake, supports multiple contract types and jurisdictions, enforces confidentiality controls, and tunes the playbook from reviewer feedback at scale. Download the Agent Blueprint Download Blueprint .zip /downloads/contract-clause-reviewer.zip Export View the source on GitHub https://github.com/agent-kits/agentaz/tree/main/kits/contract-clause-reviewer This flagship blueprint and the AgentAz™ specification live in the central AgentKits registry — open source under Apache-2.0 code & schema and CC‑BY‑4.0 text . Frequently asked questions No. It provides review assistance — flagging deviations from your playbook, missing clauses, and proposed fallback language — and every output says so. It does not advise on enforceability or make the decision; a lawyer does. Never. It is review-only by configuration and never marks a contract approved, executed, or safe to sign. Its job is to surface issues and route high-risk ones to counsel. Every finding about a present clause must quote/cite the contract text. If a required clause isn't found, it flags it as MISSING rather than assuming standard terms are there — which is how it catches omissions. It compares each clause to your standard positions, explains why a deviation matters, rates severity, and proposes concrete fallback language — and it checks for required clauses that are absent, not just bad ones present. Any high-severity deviation uncapped liability, broad indemnity, IP assignment, missing data-protection terms, etc. is flagged for counsel and sets the contract's disposition to counsel review. Yes. It treats contracts as confidential, runs in your environment, keeps findings within the review output, and is intended to be used with documents that never leave your control.