AI-Native Legal Contract Risk Analyzer Built on AgentField
Output • How It Works • Quick Start • API • Comparison
Trigger it with the af CLI (requires af ≥ 0.1.87) — it streams live progress and prints the result:
af call contract-af.analyze --in '{"document_text": "MASTER SERVICES AGREEMENT\n\n1. Term. This Agreement commences on the Effective Date and auto-renews for successive 12-month terms unless either party gives 90 days written notice.\n2. Liability. Provider'"'"'s total liability shall not exceed fees paid in the prior 3 months.\n3. Termination. Customer may terminate for convenience with 60 days notice; Provider may terminate immediately for any breach.", "user_context": "I am the customer"}'Prefer raw HTTP? Hit the API directly with curl:
curl -X POST http://localhost:8080/api/v1/execute/async/contract-af.analyze \
-H "Content-Type: application/json" \
-d '{"input": {"document_text": "MASTER SERVICES AGREEMENT ... full contract text ...", "user_context": "I am the customer"}}'Other tools flag patterns. Contract-AF reads like a lawyer — navigates the full document, traces definitions across sections, discovers combination risks between clauses, and reviews from the opposing party's perspective. Every finding: exploitation scenario, risk score, negotiation playbook. One API call, ~$0.40-$1.30.
Upload a contract, get back four deliverables:
Every finding includes where (clause ref + text), why (reasoning + exploitation scenario), how bad (deterministic score), and what to do (remediation + negotiation with fallbacks). Not "this might be a problem" — traces definitions, proves clause interactions, tells you exactly what to negotiate.
7-phase adaptive pipeline, 20-50+ agent invocations per run (100+ on complex contracts):
Intake → Anatomy → Planning → Parallel Clause Analysis → Review Layer → Coverage Gate → Synthesis → Report
Intake classifies the deal. Anatomy navigates the full document and maps structure. Planning routes sections to specialized analysts. Clause Analysis deep-reads clusters with adaptive depth. The Review Layer runs cross-reference resolution, adversarial review, and gap verification — all streaming in parallel. The Coverage Gate loops back if gaps remain. Synthesis scores and ranks. Report outputs multiple formats.
What makes this different from "throw a contract at an LLM and ask for risks":
When a clause analyst finds something worth investigating — a broad definition, an unusual cross-reference, a dangerous clause interaction — it crafts a specific investigation prompt and spawns a new agent at runtime to pursue it.
Example: An IP analyst reads "All Work Product shall be the sole property of Company", checks Definitions, finds "Work Product" includes inventions "whether or not related to Company's business." It recognizes this is unusually broad, launches a Definition Impact Analyzer: "Analyze the impact of this definition on Sections 5, 8, and 12. Does it capture personal projects?" The child investigates, reports back. Parent integrates.
Not static dispatch. The investigation path emerges from what the system discovers in your specific contract.
Finding agents and disproving agents are structurally separated:
- Clause analysts are incentivized to find risks
- Adversary Reviewer is incentivized to challenge them — re-reads actual clause text, identifies standard practice, false positives, and what the other side would argue
- The adversary also hunts hidden traps the analysts missed — e.g., discovering three separate risk clauses all survive termination via the same Section 14, creating combined post-termination obligations far worse than any individual clause suggests
Downstream agents don't wait. The Cross-Reference Resolver and Adversary Reviewer consume findings from a streaming queue as clause analysts produce them. By the time the last analyst finishes, the review layer is already halfway done. When the Cross-Ref Resolver discovers a critical interaction between clauses from different analysts, it spawns a focused deep-dive immediately — while other analysts are still running.
Three nested control loops — each with hard caps:
- Per-analyst — follows out-of-scope references (max 3), self-escalates on critical signals, exits early on no risk
- Cross-agent — cross-ref resolver or adversary spawns focused sub-agents for combination risks (max 3 per phase)
- Coverage gate — after all agents complete, checks for missed/under-analyzed sections, spawns new analysts for gaps (max 2 iterations, 3 analysts each)
Explores deeply where signal exists, moves on where it doesn't, never spirals into unbounded cost.
Risk scores are computed by code, not LLMs. Severity weights, combination risk multipliers (1.5x), exploitability multipliers (1.3x), jurisdiction discounts (California non-competes → unenforceable) — all deterministic. LLMs handle what requires intelligence: negotiation language, fallback positions, counterparty arguments.
Every fast .ai() gate includes a confident flag. When input doesn't fit assumptions (unusual structure, exhibits before recitals, missing headers), the system automatically escalates to a deeper document-navigating agent (~$0.05-$0.10 extra). A wrong classification propagating through the entire pipeline costs far more.
Same pattern, code security: SEC-AF applies adversarial verification to codebases — hunters find vulnerabilities, provers disprove false positives. Every finding ships with a verdict.
| Contract Size | Budget Models | Mid-Tier Models | Premium Models |
|---|---|---|---|
| 20-page SaaS agreement | ~$0.20-$0.45 | ~$0.65-$1.30 | ~$2.00-$4.00 |
| 50-page enterprise license | ~$0.45-$0.90 | ~$1.20-$2.40 | ~$4.00-$7.00 |
| 100-page M&A agreement | ~$0.80-$1.50 | ~$2.00-$4.00 | ~$6.00-$12.00 |
Budget: Kimi K2.5, MiniMax. Mid-tier: GPT-4o-mini, Sonnet. Premium: Opus, GPT-4o. Any OpenRouter-compatible model works.
git clone https://github.com/Agent-Field/contract-af.git && cd contract-af
cp .env.example .env # Add OPENROUTER_API_KEY
docker compose up --buildStarts AgentField control plane (http://localhost:8080) + Contract-AF agent.
curl -X POST http://localhost:8080/api/v1/execute/async/contract-af.analyze \
-H "Content-Type: application/json" \
-d '{"input": {"file_path": "/path/to/contract.pdf", "user_context": "I am the customer"}}'Poll for results:
curl http://localhost:8080/api/v1/executions/<execution_id>| Contract-AF | Harvey AI | Klarity | Spellbook | |
|---|---|---|---|---|
| Approach | Multi-agent pipeline with adversarial verification | Single model, enterprise | ML extraction + rules | Single model, clause library |
| Verified findings | Adversarial review + exploitation scenarios | Not documented | Pattern-based extraction | Not documented |
| Negotiation playbook | Per-finding strategy with fallbacks | General guidance | Not included | Clause suggestions |
| Cross-clause analysis | Streaming cross-reference resolution with runtime deep-dives | Not documented | Not documented | Not documented |
| Adaptive depth | 3 nested control loops with budget caps | Fixed pass | Fixed pass | Fixed pass |
| Open source | Apache 2.0 | Proprietary | Proprietary | Proprietary |
| Cost | ~$0.40-$1.30/contract | ~$500-$2000/mo | ~$1000+/mo | ~$500+/mo |
Strongest at: Adversarial verification, cross-clause interaction analysis, adaptive depth, deterministic scoring, negotiation playbooks, cost.
Others are stronger at: Enterprise integrations, clause libraries, legal corpora training (Harvey, Spellbook), purpose-built ML extraction for specific types (Klarity).
SaaS, employment, NDAs, licensing, service, consulting, partnership — and any type you throw at it. Auto-classifies at intake, selects relevant clause categories, checks for expected clauses. No code changes for new types.
python -m venv .venv && source .venv/bin/activate
pip install -e .[dev]
pytest # 179 tests
ruff check src/ tests/SEC-AF — AI-native security auditor. 250 agents per audit, 94% noise reduction, every finding proven exploitable.
AF Deep Research — Autonomous research backend. 10,000+ agent invocations per query with self-correcting loops.
Contract-AF is built on AgentField, open infrastructure for production-grade autonomous agents. See what else we're building →
{ // 1. Risk-ranked findings with exploitation scenarios "findings": [ { "clause_ref": "8.3", "clause_text": "All Work Product shall be the sole property of Company.", "category": "ip_work_product", "severity": "critical", "risk_score": 0.92, "description": "Overbroad IP assignment — captures inventions unrelated to Company's business", "reasoning": "Definition of 'Work Product' (Section 1.15) includes 'whether or not related to Company's business'. Combined with Section 12.3's perpetual license, this eliminates all residual IP rights post-termination.", "exploitation_scenario": "Company could claim ownership of employee's personal side projects, open-source contributions, or prior inventions not listed in Exhibit B.", "remediation": "Limit to inventions conceived using Company's confidential information or resources", "negotiation_strategy": "Propose: 'Work Product related to Company's current or reasonably anticipated business'. Fallback: add a carve-out for personal projects outside working hours." } ], // 2. Executive summary "executive_summary": "High-risk employment agreement with 3 critical findings...", // 3. Full markdown risk report "risk_report_md": "# Contract Review Report\n\n## Critical Findings\n...", // 4. Negotiation playbook with priorities, fallbacks, deal-breakers "negotiation_playbook": "## Negotiation Playbook\n\n### Priority 1: IP Assignment..." }