nyxcore-systems
6 min read

Building Trust with AI: A Deep Dive into nyxCore's New Compliance Analysis Engine

Explore how we built a comprehensive AI-powered compliance analysis system for nyxCore, tackling everything from workflow orchestration to hallucination detection and cross-step consistency.

AIComplianceWorkflowAutomationLLMTypeScriptQualityGatesHallucinationDetectionSoftwareDevelopment

In the rapidly evolving landscape of software development, ensuring compliance isn't just a regulatory checkbox—it's a cornerstone of trust, security, and operational integrity. But what happens when you introduce the powerful, yet sometimes unpredictable, capabilities of Large Language Models (LLMs) into the mix? That's precisely the challenge we've been tackling at nyxCore.

Our latest mission: engineer a comprehensive, AI-driven compliance analysis system. This isn't about simple keyword searches; it's about building a sophisticated framework capable of understanding, verifying, and reporting on complex compliance requirements. Think automated audits, intelligent risk assessment, and bulletproof quality gates, all powered by our workflow engine and cutting-edge AI.

I recently wrapped up an intense development session, and I'm thrilled to share a deep dive into what we've accomplished. We've built the foundational elements for a system that can intelligently navigate compliance documents, detect subtle deviations, and ensure the veracity of its own findings.

Orchestrating Compliance: The Workflow Template

At the heart of any automated process is a well-defined workflow. For compliance, this means a series of structured steps that guide the AI through an audit. We've introduced a new "Compliance Analysis" template into nyxCore, complete with 7 specialized steps:

  • complianceRecon: Initial reconnaissance to understand the scope.
  • complianceExtract: A fan-out step to pull out relevant information from various sources.
  • complianceDeviation: Generates multiple potential deviations or non-conformances.
  • complianceReview: A human-in-the-loop review step for critical findings.
  • complianceReport: Compiles all findings into a structured report.
  • compliancePrompt: Another fan-out step, this time focusing on specific COMP-XXX findings to generate further insights or remediation suggestions.

These templates provide the blueprint, ensuring every compliance analysis follows a rigorous, repeatable process.

Assembling the Expert Team: PhD-Level Personas

To make our AI truly intelligent, it needs to think like an expert. We've expanded our persona library with highly specialized, PhD-level roles designed to bring deep domain expertise to the compliance process:

  • Dr. Elara Voss (Compliance Auditor): The lead, tasked with overseeing the entire audit process and ensuring adherence to standards.
  • Dr. Kai Tanaka (Risk Analyst): Focuses on identifying and assessing potential risks associated with compliance deviations.
  • Dr. Priya Sharma (Code Compliance Reviewer): Specializes in analyzing codebases against compliance standards (e.g., security, data privacy).

These personas are now part of a dedicated "Compliance Audit Team" within nyxCore, ensuring that our AI agents approach tasks with the right mindset and expertise.

Battling the Blight: Hallucination Detection

One of the most critical challenges when leveraging LLMs is their propensity to "hallucinate"—generating plausible but factually incorrect information. For compliance, this is a non-starter. Our solution is a brand-new Hallucination Detector service (src/server/services/hallucination-detector.ts).

Here's how it works:

  1. decomposeIntoClaims(output, tenantId): Using a powerful LLM (like Haiku), we break down any AI-generated output into atomic, verifiable claims (factual, evaluative, or prescriptive).
  2. verifyClaimsAgainstAxiom(claims, projectId, tenantId): Each individual claim is then cross-referenced against a trusted knowledge base—our Axiom RAG (Retrieval Augmented Generation) documents. This is where the truth is checked.
  3. HallucinationReport: The service returns a detailed report including a groundedRatio (percentage of claims verified), an overallRisk (low, medium, high), and per-claim verdicts with supporting evidence or flags for ungrounded statements.

We score claims: grounded (> 0.7), uncertain (0.5-0.7), and ungrounded (< 0.5). This crucial component ensures that any compliance findings generated by our system are firmly rooted in verifiable truth.

Maintaining Logical Flow: The Consistency Checker

Compliance analysis isn't a one-shot deal; it's a multi-step process. Ensuring that findings and conclusions remain consistent across different steps is vital. Enter the Consistency Checker (src/server/services/consistency-checker.ts).

This service aims to prevent internal contradictions and ensure a coherent narrative:

  1. extractClaims(stepOutput, stepId, stepLabel, tenantId): Similar to hallucination detection, we extract claims from each step's output, attaching metadata like subject slugs for better correlation.
  2. checkContradictions(newClaims, priorClaims, tenantId): This is where the magic happens. We perform pairwise Natural Language Inference (NLI) using an LLM (again, Haiku) to compare new claims against all previously generated claims. We filter by subject overlap and use a confidence threshold of 0.75 to identify potential contradictions.
  3. computeConsistencyScore(...): A weighted score that considers both cross-step contradictions and alignment with the source Axiom documents.

This system can process up to 15 candidate pairs per batch and 20 claims per step, intelligently flagging any logical inconsistencies as the workflow progresses.

The Final Line of Defense: Compliance Quality Gates

Even with advanced detection, a final quality gate is essential. We've extended our existing QualityGate system to include a new "compliance" type.

The runComplianceGate(output, tenantId, axiomContent?) function now actively checks the AI's output against mandatory Axiom rules or compliance standards. If a violation is detected, it's flagged with specific rule references and its grounding ratio, ensuring that only compliant outputs pass through.

Seamless Integration into the Workflow Engine

All these powerful new services wouldn't be effective without deep integration into nyxCore's core workflow engine. We've enhanced the ChainContext with accumulatedClaims and projectId, allowing context to persist and evolve across steps.

Critically, after each step completes (in a fire-and-forget manner to maintain performance):

  • Consistency Analysis: The engine extracts claims from the current step, checks them against all prior accumulated claims, and persists a consistencyScore to the step's checkpoint.
  • Hallucination Detection: It performs the claim decomposition and verification against Axiom RAG, persisting a hallucinationReport to the step checkpoint (this only runs if a project is linked and Axiom content is available).

This real-time analysis ensures that we're constantly monitoring the quality and veracity of our AI's output, providing a robust foundation for trust.

Polishing the Experience: UI & TypeScript Fixes

No major feature is complete without ensuring a smooth developer and user experience. We made a quick but crucial TypeScript Fix by adding "compliance" to the z.enum definition in our src/server/trpc/routers/workflows.ts file. This resolved an error when trying to select the new compliance gate type in the UI. Correspondingly, we updated the Workflow Builder UI (src/app/(dashboard)/dashboard/workflows/new/page.tsx) to include "compliance" in the quality gate type selector.

Challenges & Lessons Learned

During this intense session, I hit a familiar wall: extending an enum type in the UI without updating its corresponding schema on the backend. Specifically, I added "compliance" to the gate type selector in page.tsx, but forgot to update the z.enum(["security", "docs", "letter"]) definition in workflows.ts. This led to a clear TypeScript error, reminding me of a crucial lesson:

Lesson Learned: When introducing new enum values or extending schema types, always remember to update both the frontend UI definitions and the backend tRPC router schemas to maintain type safety and prevent runtime issues. A quick fix, but a valuable reinforcement of good development practices!

What's Next?

With the core implementation complete and npm run typecheck passing cleanly, the next immediate steps are:

  1. Commit All Changes: A sizable commit encompassing all the new workflow templates, personas, services, engine wiring, and UI updates.
  2. Dream Isolation UI: Build out the user interface to surface the hallucinationReport and consistencyScore directly within the workflow run view, giving users immediate insight into the AI's performance.
  3. Consistency Score Display: Visually represent cross-step contradictions and the overall grounding ratio in the workflow results.
  4. Test with Real Data: Load up some actual ISO 27001 Axiom documentation and run a full compliance workflow to see our new system in action!

Building an AI-powered compliance system is a complex undertaking, but by focusing on critical aspects like hallucination detection, consistency, and expert-driven workflows, we're paving the way for a new era of trustworthy, automated compliance. Stay tuned for more updates as we bring these powerful features to life in the nyxCore platform!