TraceRule AI Compliance Compiler

AI compliance tools today use RAG to check database records against company policy. The LLM reads a record, reads a policy, and decides if there's a violation. It works until it doesn't: the LLM hallucinates a violation that isn't there, or misses one that is. Good luck explaining either in a regulatory audit.
TraceRule takes a different approach. Claude Sonnet 4.6 (via PydanticAI) reads your regulatory PDFs and compiles each enforceable clause into a deontic logic AST, a formal structure that captures obligations, permissions, prohibitions, and exceptions. A deterministic Python compiler then generates PostgreSQL queries from these ASTs. Claude never writes SQL directly, and every generated query is validated against Postgres via EXPLAIN before it's saved. If Postgres rejects the SQL, the full error goes back to Claude, which self-corrects. Up to four retries. Queries that make it through are guaranteed executable.
For objective rules, the LLM is done after compilation. Pre-compiled SQL runs on a schedule. No model inference at scan time.
Subjective clauses ("employees must not accept lavish gifts") used to be skipped entirely. Now the compiler marks vague conditions with an IS_VAGUE operator and compiles them to a deliberate SQL superset. Each candidate from that superset goes through an adversarial courtroom: a Prosecutor argues for violation, a Defender finds reasonable doubt, and a Chief Justice renders a verdict with a confidence score. Three agents debating a case beats any single-model judgment call.
What this gets you:
1. Deterministic scans can't hallucinate. They run SQL, not LLM prompts. Subjective scans produce calibrated confidence scores from structured debate, not one model's guess.
2. Every violation traces to the source document. A flagged record links to the exact clause, the logic tree, the compiled SQL, and for subjective cases, the prosecution and defense arguments. Auditors follow the chain themselves.
3. Humans approve rules before they run. Extracted rules land in a review queue in the dashboard. A compliance officer sees the source quote, the logic structure, and the generated SQL. Nothing runs without sign-off.
4. Scans run in milliseconds for deterministic rules. Pre-compiled SQL executes natively in PostgreSQL. Subjective evaluations take longer, but SQL pre-filtering narrows the candidate set first.
Regulatory PDFs go in. Formal logic trees and executable SQL come out. A human approves each rule. Your database gets monitored, whether the clause is quantitative or subjective.