From 156 pages of supplier draft to two executed contracts. Every clause scored. Every redline explained.[cite: 5]
The Contract Agent receives the rfx.awarded event from PG 03, loads both supplier draft contracts from Ariba Contract Workspace, extracts and classifies every clause using a rule-based NLP pipeline, scores each clause for risk with an XGBoost model whose SHAP output is written to Firestore before any redline is generated, and routes all high-risk clauses to Legal for review[cite: 5]. No clause is autonomously accepted above the risk threshold[cite: 5]. No contract is autonomously executed — ever[cite: 5].
Clause ExtractionRisk ScoringRedline AgentCSRD Clause EnforcementDual-PipelineRule-Based NLPHITL Legal ReviewHITL Sign-offSAP Ariba Contract WorkspaceEU AI Act — High RiskGDPR Art. 22
Governed by ADR-004 · ADR-006 · ADR-007 · ADR-008[cite: 5]
Agent Architecture · State Machine[cite: 5]
Ten states. Two human checkpoints. HITL nodes wider by design.[cite: 5]
HITL_LEGAL and HITL_SIGN are rendered taller and wider than agent states — a visual statement that they carry proportionally more weight in the architecture[cite: 5]. The machine cannot advance past either without a named human decision written to Firestore[cite: 5]. Step through the simulation below to watch the active state update in real time[cite: 5].
Two contracts. One agent. Shared HITL checkpoints.[cite: 5]
The Contract Agent processes both supplier contracts in parallel[cite: 5]. Track A (Medpack SE, 62 pages, standard GTC) and Track B (Sterimäk AG, 94 pages, heavily modified terms) converge at both HITL nodes — Legal reviews clauses from both contracts in a single session, CPO signs both in a single decision[cite: 5]. Processing them separately would double HITL overhead and create negotiation timing asymmetry[cite: 5]. See ADR-007[cite: 5].
Trigger
rfx.awarded — from PG 03 Sourcing / RFx[cite: 5]
Medpack SE 62% · €2.1M · Sterimäk AG 38% · €1.3M · 3-year term · CSRD Annex I mandatory · sterile packaging film ISO 11607[cite: 5]
Parallel tracks
TRACK A[cite: 5]
Medpack SE — Munich, DE[cite: 5]
62 pages · Standard GTC · 8 deviating clauses · liability cap below ClaraVis floor · payment terms non-standard[cite: 5]
No autonomous execution under any circumstances · 72h SLA · unresolved clause summary + risk delta presented · both contracts signed in single CPO decision[cite: 5]
Outputs
SAP Ariba Contract Workspace[cite: 5]
Two executed contract records · full clause audit trail attached · renewal triggers set[cite: 5]
SAP S/4HANA + Pub/Sub[cite: 5]
Both vendor masters activated · contract.executed → PG 05 PO Agent[cite: 5]
Track A — Medpack SE · Track B — Sterimäk AG · Amber rows = HITL checkpoints — human decision required to advance[cite: 5]
Workflow Simulation · Contract Negotiation
Sterile packaging film — two supplier drafts. 156 pages. 218 clauses. Two HITL gates.[cite: 5]
The Contract Agent works through both supplier drafts simultaneously[cite: 5]. Step through each state to see clause extraction output, risk scoring with SHAP, the CSRD clause diff (full text), Legal HITL review with clause-by-clause interface, negotiation tracking, and CPO sign-off[cite: 5].
ML Model Specifications · Two Models[cite: 5]
Two models. Different jobs. Both auditable. Both explainable.[cite: 5]
Clause extraction and clause risk scoring are distinct problems requiring distinct architectures[cite: 5]. The extractor is deterministic and classification-only — no SHAP required[cite: 5]. The risk scorer is probabilistic and high-stakes — SHAP is mandatory before any HITL presentation[cite: 5].
Model A — Clause Risk Scorer[cite: 5]
Model Engine Architecture
XGBoost classifier (v1.4) — trained on 6 years of ClaraVis contract negotiation outcomes[cite: 5]. Retrained semi-annually via Vertex AI Pipelines[cite: 5]. Deterministic output for identical inputs — required for reproducible audit under EU AI Act Article 13[cite: 5].
Evaluated Input Features
Eight features per clause, all derivable from the extracted clause text and ClaraVis standard playbook:[cite: 5]
Risk score 0.0–1.0 per clause, plus 4-dimension breakdown: Financial · Operational · Compliance · IP[cite: 5]. SHAP values for all high-risk clauses ($\geq0.75$) written to Firestore before HITL_LEGAL is presented — EU AI Act Article 13 compliance[cite: 5].
Confidence Threshold Gates
≥ 0.75 — High Risk: HITL_LEGAL mandatory · agent cannot autonomously accept or redline[cite: 5]
0.45–0.74 — Medium: agent redlines autonomously using ClaraVis standard playbook v2.4[cite: 5]
< 0.45 — Low: agent accepts supplier clause or applies standard playbook substitution[cite: 5]
Explainability UX Contract
Top-2 risk dimensions per high-risk clause rendered as horizontal bars in the Legal HITL interface[cite: 5]. Legal Counsel sees why a clause is high-risk — not just the score[cite: 5]. This is the EU AI Act Article 13 transparency obligation expressed as a per-clause UX contract, not a post-hoc audit report[cite: 5].
Model B — Clause Extractor[cite: 5]
Segmentation Backbone
Rule-based NLP + ML classifier hybrid[cite: 5]. Stage 1 (deterministic): rule engine segments both contract documents into clause units using section header patterns, numbered-list markers, and defined-term anchors[cite: 5]. Stage 2 (learned): fine-tuned BERT classifier assigns each clause to one of 9 types[cite: 5]. See ADR-006[cite: 5].
Extracted Structural Types
LiabilityTerminationIP AssignmentPayment TermsConfidentialityForce MajeureCompliance / CSRDWarrantyGoverning Law
Explainability Posture
Classification only — no risk decision, no SHAP required[cite: 5]. BERT classifier confidence score written to audit log per clause[cite: 5]. Stage 1 rule output is fully deterministic and human-readable: a compliance auditor can re-run it and get identical clause boundaries[cite: 5]. This reproducibility is the reason the hybrid was selected over a pure LLM approach[cite: 5].
Model Registry
Both models stored in Vertex AI Model Registry with versioned Model Cards[cite: 5]. Every inference log entry references the model version hash — enabling point-in-time audit of any past clause classification or risk score[cite: 5].
HITL Specification · Two Checkpoints[cite: 5]
Legal review. Then sign-off. No contract executes without a human.[cite: 5]
GDPR Article 22 prohibits automated decisions that produce significant legal effects[cite: 5]. A contract execution is the definition of such a decision[cite: 5]. HITL-2 is therefore unconditional — no risk score, no spend threshold, no clause count can trigger or bypass it[cite: 5].
HITL-1 — Legal Clause Review Block
Entry State Criteria
Any clause risk score ≥ 0.75 (High Risk) OR any clause deviating from mandatory ClaraVis standard terms (CSRD Annex I disclosure, data protection minimum, liability cap floor)[cite: 5]
Policy Route Target
General Counsel / Legal (S-04) — named approver per legal governance policy[cite: 5]. Deputy Counsel if primary unavailable beyond 8 hours[cite: 5].
Presentation Contract
Original clause text · Agent redline · Risk dimension SHAP bars (top-2 dimensions) · Plain-English justification · ClaraVis playbook reference clause · Supplier track label (A — Medpack SE or B — Sterimäk AG)[cite: 5]
Decision Interface
Clause-by-clause: Approve redline / Modify redline inline / Accept supplier clause as-is (mandatory justification $\geq50$ characters)[cite: 5]. Each decision written to Firestore independently before advancing to the next clause[cite: 5].
Timeout SLA
48 hours from routing → escalate to CPO + engage outside counsel[cite: 5]. Agent remains paused[cite: 5]. No autonomous redline on any timed-out high-risk clause — ever[cite: 5].
Audit Payload Schema
{approver_id, clause_id, timestamp, decision, modified_text, justification, risk_score, shap_ref} → Firestore per clause (immutable append — IAM write-only, no update or delete permitted)[cite: 5]
HITL-2 — Contract Sign-off Gate
Entry State Criteria
Always — unconditional[cite: 5]. GDPR Article 22 prohibits automated execution of contracts that produce significant legal effects on ClaraVis or its suppliers[cite: 5]. No risk score, spend threshold, or clause count overrides this gate under any circumstances[cite: 5].
Policy Route Target
CPO (S-01) — single approver for both contracts in a single decision session[cite: 5]. CFO (S-02) notified (not co-signature required) when combined contract value exceeds €3M[cite: 5].
Presentation Contract
Final portfolio risk score delta (pre vs post negotiation) · Unresolved clause summary with Legal Counsel recommendation · CSRD Annex I status per supplier · Combined contract value · Supply continuity countdown (days to incumbent contract expiry)[cite: 5]
Decision Interface
Execute both contracts / Execute Track A only, return Track B to NEGOTIATE / Reject both — return to NEGOTIATE[cite: 5]. On Execute: agent writes both contracts to Ariba Contract Workspace, activates both S/4HANA vendor masters, and fires contract.executed to Pub/Sub — all in a single atomic sequence[cite: 5].
Timeout SLA
72 hours from routing → escalate to CPO + CFO with supply continuity risk flag (incumbent contract expiry countdown displayed)[cite: 5]. Agent remains paused[cite: 5]. No autonomous execution under timeout[cite: 5].
The Contract Agent reads supplier drafts and the ClaraVis standard playbook[cite: 5]. It writes only on human approval — no Ariba contract record is created, no S/4HANA vendor master is activated, until CPO sign-off is logged in Firestore[cite: 5].
Pattern
System Context
Transacted Payload Element
Protocol Profile
READPATTERN
SAP Ariba Contract Workspace
Contract document source[cite: 5]
Supplier draft contracts (PDF/DOCX) · existing contract templates · award metadata from PG 03[cite: 5]
All clause risk scores · SHAP values per high-risk clause · HITL-1 per-clause decisions · HITL-2 sign-off record · all state transitions with timestamps[cite: 5]
Firestore SDK (append-only IAM)[cite: 5]
WRITEPATTERN
GCP Pub/Sub
Asynchronous downstream messaging bus[cite: 5]
contract.executed — supplier IDs, Ariba contract IDs, effective date, payment terms, CSRD status per supplier[cite: 5]
Pub/Sub push topic[cite: 5]
WRITEPATTERN
Vertex AI Registry
Model operations inference tracer[cite: 5]
Inference log per clause: model version hash · clause_id · risk score · input feature hash · timestamp[cite: 5]
Vertex AI SDK[cite: 5]
Architecture Decision Records[cite: 5]
Every design choice has a record.
Four ADRs govern this module[cite: 5]. ADR-004 is carried from PG 03 — the same Firestore audit log pattern applies unchanged to every clause decision and HITL record in this module[cite: 5].
ADR-004 · Firestore for Audit Log[cite: 5]
Immutable append — carried from PG 03, applies unchanged[cite: 5]
GDPR Article 22 and EU AI Act Article 12 require a complete decision trail for every clause risk inference and every HITL decision[cite: 5]. Firestore append-only IAM enforces immutability at infrastructure level — no application code can delete or modify a logged clause decision[cite: 5]. Every HITL-1 per-clause decision and the HITL-2 sign-off record are written independently, ensuring a partial review can be audited even if the session is interrupted[cite: 5].
Rule-Based NLP + ML Classifier over Pure LLM Extraction[cite: 5]
A pure LLM extraction approach produces non-deterministic clause boundaries and classifications — the same document may segment differently across runs[cite: 5]. For legal contract analysis, reproducibility is a compliance requirement: a compliance auditor must be able to re-run extraction and get identical clause boundaries and type assignments[cite: 5]. The rule-based Stage 1 segmenter is deterministic by construction; Stage 2 BERT classification adds learned signal while maintaining auditability via confidence scores[cite: 5]. Alternative rejected: pure LLM extraction (stochastic boundaries, non-reproducible output, no confidence calibration, fails EU AI Act Article 13)[cite: 5].
Status: Accepted[cite: 5]
ADR-007 · Dual-Pipeline Strategy[cite: 5]
Dual-Pipeline with Shared HITL Checkpoints[cite: 5]
Processing Medpack SE and Sterimäk AG contracts sequentially would double HITL overhead and create negotiation timing asymmetry — Sterimäk AG would receive redlines 48+ hours after Medpack SE, creating leverage imbalance between the two suppliers[cite: 5]. Parallel processing with shared HITL sessions normalises the negotiation timeline and reduces total calendar time from 28 days to under 8[cite: 5]. Alternative rejected: sequential processing (doubles HITL wait time, creates supplier leverage asymmetry, extends total cycle time beyond incumbent contract expiry window)[cite: 5].
GDPR Art. 22 as Unconditional HITL-2 Trigger[cite: 5]
GDPR Article 22 prohibits automated decisions that produce legal effects or significantly affect natural persons or legal entities[cite: 5]. A contract execution creates binding legal obligations on ClaraVis and the supplier — it is categorically within Article 22's scope regardless of contract value or risk score[cite: 5]. HITL-2 is therefore unconditional by legal necessity, not architectural preference[cite: 5]. Implementing a score-gated bypass would constitute a GDPR violation regardless of the threshold chosen[cite: 5]. Alternative rejected: score-gated HITL-2 allowing autonomous execution of low-risk contracts — rejected as non-compliant with GDPR Article 22, no acceptable threshold exists[cite: 5].
Status: Accepted[cite: 5]
Cost & ROI Model[cite: 5]
What the Contract Agent costs. What it saves. What it returns.[cite: 5]
Infrastructure cost per contract pair processed on GCP europe-west3, annual savings from legal review time reduction and outside counsel avoidance at ClaraVis volumes, and combined year-1 ROI[cite: 5]. All figures sourced or referenced below[cite: 5].
€6.80
GCP infra cost per single contract pair
Cloud Run + Firestore + Vertex AI calculations · GCP Calculator ↗
Methodology Reference. Legal review savings assume a blended in-house Legal rate of €180,000/year fully loaded, 180 contract pairs/year, and cycle time reduction from 14 days to 2 days per pair — consistent with World Commerce & Contracting 2024 benchmarks on AI-assisted contract review[cite: 5]. Outside counsel avoidance modelled at €1,600/hour average rate, 3.5 hours average per high-risk clause currently escalated externally, approximately 50 externally-escalated clauses per year at ClaraVis current volumes[cite: 5]. CSRD enforcement savings represent estimated regulatory penalty avoidance based on current ClaraVis CSRD exposure and EU CSRD penalty provisions (Directive 2022/2464)[cite: 5]. Infrastructure on GCP europe-west3 on-demand pricing via GCP Pricing Calculator[cite: 5]. All figures are indicative estimates[cite: 5].