RelayPlane Logo

Policy Compliance Checker

Automatically review documents, code, and content for compliance with company policies and regulations.

This workflow checks content against policy documents, legal requirements, and compliance frameworks.

Implementation

1import { relay } from "@relayplane/workflows";
2
3const result = await relay
4  .workflow("policy-checker")
5
6  // Step 1: Identify applicable policies
7  .step("identify-policies")
8  .with("openai:gpt-4o")
9  .prompt(`Determine which policies apply to this content:
10
11Content Type: {{contentType}}
12Document: {{documentSummary}}
13
14Available Policies:
15{{policyList}}
16
17Return list of applicable policies with rationale.`)
18
19  // Step 2: Check compliance for each policy
20  .step("check-compliance")
21  .with("anthropic:claude-3.5-sonnet")
22  .depends("identify-policies")
23  .prompt(`Review content for policy compliance:
24
25Content:
26{{contentToReview}}
27
28Applicable Policies:
29{{identify-policies.output}}
30
31Policy Documents:
32{{policyDocuments}}
33
34For each policy, check:
35- Compliant: yes/no
36- Violations found (specific quotes/sections)
37- Severity: critical/high/medium/low
38- Required remediation
39
40Be thorough and cite specific policy sections.`)
41
42  // Step 3: Check regulatory requirements
43  .step("regulatory-check")
44  .with("anthropic:claude-3.5-sonnet")
45  .depends("check-compliance")
46  .prompt(`Check regulatory compliance:
47
48Content: {{contentToReview}}
49Industry: {{industry}}
50Jurisdictions: {{jurisdictions}}
51
52Regulations to check:
53- GDPR (if EU data involved)
54- CCPA (if California users)
55- HIPAA (if healthcare data)
56- SOC 2 requirements
57- Industry-specific regulations
58
59Identify:
60- Regulatory risks
61- Required disclosures
62- Data handling violations
63- Missing compliance elements`)
64
65  // Step 4: Security and privacy review
66  .step("security-review")
67  .with("openai:gpt-4o")
68  .depends("check-compliance")
69  .prompt(`Review for security and privacy issues:
70
71Content: {{contentToReview}}
72
73Check for:
74- Exposed credentials, API keys, tokens
75- PII (personal identifiable information)
76- Sensitive internal information
77- Security vulnerabilities disclosed
78- Unredacted customer data
79
80Flag any security concerns.`)
81
82  // Step 5: Generate compliance report
83  .step("compliance-report")
84  .with("anthropic:claude-3.5-sonnet")
85  .depends("check-compliance", "regulatory-check", "security-review")
86  .prompt(`Generate compliance review report:
87
88Policy Compliance: {{check-compliance.output}}
89Regulatory Check: {{regulatory-check.output}}
90Security Review: {{security-review.output}}
91
92Format:
93# Compliance Review Report
94
95## ✅ Compliant Areas
96- Policies met
97
98## ⚠️ Violations Found
99
100### Critical
101- Blockers that must be fixed
102
103### High Priority
104- Important issues to address
105
106### Medium/Low
107- Suggestions for improvement
108
109## 📋 Regulatory Notes
110- GDPR/CCPA/HIPAA compliance status
111
112## 🔒 Security Concerns
113- Any sensitive data exposed
114
115## ✏️ Recommended Actions
116- Specific changes needed for compliance
117
118## 📝 Approval Status
119- APPROVED / NEEDS REVISION / REJECTED
120
121Clear, actionable, cite specific violations.`)
122
123  .run({
124    contentType: "Marketing Email",
125    documentSummary: "Promotional email for new product launch",
126    contentToReview: emailContent,
127    policyList: [
128      "Brand Guidelines",
129      "Anti-Spam Policy",
130      "Claims & Substantiation",
131      "Privacy Policy",
132    ],
133    policyDocuments: await loadPolicies(),
134    industry: "SaaS",
135    jurisdictions: ["US", "EU"],
136  });
137
138// Block or approve based on results
139const report = result.steps["compliance-report"].output;
140if (report.includes("REJECTED")) {
141  await blockPublication({
142    content: emailContent,
143    reason: report,
144    reviewer: "AI Policy Checker",
145  });
146} else if (report.includes("APPROVED")) {
147  await approvePublication(emailContent);
148}

Use Cases

1. Code Repository Compliance

1// Check code for license compliance
2const codeReview = await relay
3  .workflow("policy-checker")
4  .run({
5    contentType: "Source Code",
6    contentToReview: sourceCode,
7    policyList: ["Open Source License Policy", "Security Standards"],
8    policyDocuments: {
9      licenses: "Only MIT, Apache 2.0, BSD licenses allowed...",
10      security: "No hardcoded credentials, use environment variables...",
11    },
12  });

2. Marketing Content Review

1// Check blog posts for claims compliance
2const contentReview = await relay
3  .workflow("policy-checker")
4  .run({
5    contentType: "Blog Post",
6    contentToReview: blogPostMarkdown,
7    policyList: [
8      "Claims & Substantiation Policy",
9      "Brand Guidelines",
10      "Competitor Comparison Rules",
11    ],
12    industry: "FinTech",
13  });

3. Contract Review

1// Review vendor contracts
2const contractReview = await relay
3  .workflow("policy-checker")
4  .run({
5    contentType: "Vendor Contract",
6    contentToReview: contractPDF,
7    policyList: [
8      "Procurement Policy",
9      "Data Processing Agreement Requirements",
10      "Insurance Requirements",
11    ],
12    jurisdictions: ["California", "Delaware"],
13  });

GitHub Pre-commit Hook

1#!/bin/bash
2# .git/hooks/pre-commit
3
4# Check committed files for policy compliance
5FILES=$(git diff --cached --name-only --diff-filter=ACM)
6
7for FILE in $FILES; do
8  # Check for secrets
9  if grep -E "(api_key|password|secret)" "$FILE"; then
10    echo "❌ Possible secret detected in $FILE"
11    echo "Run policy checker before committing"
12
13    # Run AI policy check
14    npx tsx scripts/check-policy.ts "$FILE"
15    exit 1
16  fi
17done

Sample Output

# Compliance Review Report ## ⚠️ Violations Found ### Critical 1. **Unsubstantiated Claim (Claims Policy §3.2)** - Quote: "Increase revenue by 300% in 30 days" - Issue: No data or case studies to support this claim - Fix: Either provide evidence or change to "up to" with disclaimer 2. **Missing Unsubscribe Link (CAN-SPAM Act)** - Email lacks required unsubscribe mechanism - Fix: Add unsubscribe footer per template ### High Priority 1. **Competitor Disparagement (Marketing Guidelines §5.1)** - Quote: "Unlike competitors who use outdated technology..." - Issue: Generic negative comparison without specifics - Fix: Focus on our benefits, not competitor weaknesses ## 📋 Regulatory Notes - **GDPR**: Compliant (privacy policy linked, consent mechanism present) - **CAN-SPAM**: Non-compliant (missing unsubscribe) ## ✏️ Recommended Actions 1. Remove or substantiate "300% revenue" claim 2. Add required unsubscribe link to footer 3. Reframe competitor comparison positively 4. Legal team review before sending ## 📝 Approval Status **NEEDS REVISION** - Fix critical issues before publishing

Integration Points

  • CMS: Check blog posts before publishing
  • Email: Verify marketing emails comply with CAN-SPAM
  • Code: Pre-commit hooks for license/secret scanning
  • Contracts: Review vendor agreements before signature
  • HR: Job postings for discrimination/bias
Legal Disclaimer: AI policy checking is a first-pass tool. Always have qualified legal/compliance professionals review critical documents.