Pre-screening contracts, before they leave.

The flow is linear and consists of four steps that run in a few seconds. The diagram block below shows the path of a document from interception to final decision.

The four controls are part of Polyant's ten built-in controls. The other six (prompt-injection, system-prompt-leakage, tool-rate-limit, message-length-limit, internet-access, tool-param-validator) operate on the agent in general, not on the per-document pre-screening logic.

The native channels on which the agent receives triggers are Telegram, Slack, WhatsApp, and OpenAI-compatible HTTP. Interception of corporate email, electronic signature flows, and document management systems happens via dedicated integration, built by the Exelab team during delivery on the customer's real systems.

Compliance Scan has value for four business areas. Compliance gains proactive control over the contract flow, no longer reactive to complaints or audits. The DPO has an ally that identifies personal data in cleartext before it leaves the company, reducing accidental data breaches. Legal sees only the cases that require human judgement, because the first filter is automatic. Sales does not chase legal on every contract: the cases in order pass straight through, the others go back to the commercial team with the concrete correction to apply.

The agent is horizontal: any industry with regulatory constraints on contracts and customer communications finds a use case. Banking, insurance, healthcare, utility, public administration: the configured rules change, not the agent.

Compliance Scan works well on its own, but the most frequent use case is inside a squad of specialist agents: together with an intake agent, a document pre-screening agent, and a reconstructable-audit agent. Typical squads by industry (Claims insurance, Banking onboarding, Healthcare triage, Multi-channel compliance) live on the /industries and /agents pages.

A commercial proposal for a regulated financial service is generated by the internal system and ready to be sent to the customer. The system intercepts the message before it leaves the company, extracts the text of the three attachments, classifies the document as "corporate offer to be submitted for legal review". The rules configured for that type apply; in parallel, the built-in controls do their job.

Two signals trigger. The pii-detector finds a third-party beneficiary fiscal code left in cleartext in the detailed quotation; the topic-guardrail flags a paragraph describing an automated scoring system without reference to the required disclosure. Outcome: block with structured reason, two textual alternatives ready to use, an option to anonymise the fiscal code.

The send stays on hold. The commercial person receives the notification, picks the alternative, applies the correction, re-reads, sends. The case, the rules triggered, the decisions of the controls, the handling time, and the final outcome land in the registry. The compliance lead will see the trace the next day, in the dashboard, without having to open a ticket.

The rules are declarative, written in a readable format, versioned in the customer's repository, and validated at agent startup. The compliance team writes a rule, tests it in a development environment, promotes it to production. Without writing code.

The built-in controls have thresholds configurable per instance: pii-detector can run zero-tolerance for external communications and medium-tolerance for internal channels; topic-guardrail loads different topic lists for each line of business.