A powerful AI-powered tool that helps users analyze contracts by automatically summarizing clauses, obligations, and potential risks.
Manual contract review is time-consuming and error-prone. This app automates the process by extracting text from uploaded PDFs, identifying key clauses, and generating a comprehensive risk analysis reportβhelping users make informed decisions faster.
- π Upload PDF/Images β Drag-and-drop interface for uploading contract documents
- π AI-Powered Clause Detection β Automatically identifies sections like termination, payment, confidentiality, liability, governing law, intellectual property, and dispute resolution
- βοΈ Risk Scoring Dashboard β Visualizes overall risk score (0-100) and categorizes risks by severity:
- π΄ Critical Risks β Major exposure areas requiring immediate attention
- π‘ Moderate Risks β Clauses needing negotiation
- π’ Low Risks β Standard clauses with minor impact
- π Contract History β View all analyzed contracts in one place
- ποΈ Delete Contracts β Manage your contract library
- π Analytics Dashboard β View statistics across all analyzed contracts
- π Multiple Export Options β Export analysis reports as PDF or JSON
- π¬ Custom Questions β Ask specific questions about your contract
- β±οΈ Real-time Processing β Live updates during analysis
- Backend: Ruby on Rails 7+
- Frontend: React 19 with React Router
- Database: PostgreSQL
- AI Integration: Gemini 2.5 Flash (via RubyLLM)
- File Handling: Active Storage
- PDF Processing: pdf-reader gem
- PDF Generation: Prawn gem
- Styling: SCSS with custom theme
- Ruby 3.2+
- Rails 7+
- PostgreSQL
- Node.js 18+ (for frontend dependencies)
# Clone the repo
git clone https://github.com/yourusername/Smart-Contract-Analyzer
cd Smart-Contract-Analyzer
# Install Ruby dependencies
bundle install
# Install JavaScript dependencies
npm install
# Setup the database
rails db:create db:migrate db:seed
# Run the app (starts both Rails server and Vite dev server)
bin/devThen open http://localhost:3000 π
- Navigate to the home page
- Drag and drop a PDF or image file, or click to browse
- Optionally add a custom question about the contract
- Click "Analyze Contract" to start the analysis
- After upload, you'll be redirected to the analysis page
- View the overall risk score (0-100, lower = higher risk)
- Review categorized risks (Critical, Moderate, Low)
- Read the AI-generated summary
- Click "Export PDF" to download a formatted PDF report
- Click "Export JSON" to download raw data in JSON format
- Click "History" in the navigation to view all contracts
- Click on any contract to view its analysis
- Delete contracts you no longer need
- Click "Statistics" in the navigation
- View overall analytics including:
- Total contracts analyzed
- Average risk score
- Total risks by category
GET /api/v1/contracts- List all contractsPOST /api/v1/contracts- Upload and analyze a new contractGET /api/v1/contracts/:id- Get contract details and analysisDELETE /api/v1/contracts/:id- Delete a contractGET /api/v1/contracts/:id/export- Export PDF reportGET /api/v1/contracts/:id/export_json- Export JSON dataGET /api/v1/contracts/statistics- Get analytics statistics
.env files or API keys to version control!
Create a .env file in the root directory with the following variables:
# Required: Gemini API Key for contract analysis
# Get your API key from: https://makersuite.google.com/app/apikey
GEMINI_API_KEY=your_gemini_api_key_here
# Optional: Cloudinary URL for file storage (defaults to local storage in development)
# Format: cloudinary://api_key:api_secret@cloud_name
CLOUDINARY_URL=your_cloudinary_url_here
# Production: Database password
SMART_CONTRACT_ANALYZER_DATABASE_PASSWORD=your_database_password_here
# Production: Rails Master Key (or use config/master.key file)
RAILS_MASTER_KEY=your_master_key_hereThe application will automatically load these environment variables. The .env file is already included in .gitignore to prevent accidental commits.
For Production:
- Use environment variables or Rails encrypted credentials (
bin/rails credentials:edit) - Never hardcode secrets in your code
- Ensure
config/master.keyis never committed (already in.gitignore)
-
API Keys & Secrets
- β
Never commit
.envfiles or API keys to version control - β Use environment variables for all sensitive configuration
- β
Use Rails encrypted credentials for production secrets (
bin/rails credentials:edit) - β Rotate API keys immediately if exposed
- β
Never commit
-
Error Handling
- β Error messages don't expose sensitive information in production
- β Sensitive parameters are filtered from logs
-
File Uploads
- β File type validation (PDF, JPEG, PNG only)
- β File size limits (10MB maximum)
- β File validation at model level
-
Production Security
- β
SSL/TLS enforced (
force_ssl = true) - β Master key required for production
- β Error details hidden in production mode
- β Parameter filtering configured
- β
SSL/TLS enforced (
- Set all required environment variables
- Ensure
RAILS_MASTER_KEYis set orconfig/master.keyexists - Verify
.envis not tracked in git (git ls-files | grep .env) - Review and rotate any exposed API keys
- Enable HTTPS/SSL in production
- Configure database credentials securely
- Review file storage configuration (local vs cloud)
- Set up proper backup strategy for uploaded files
rails testThe project follows Ruby and JavaScript best practices. Use standard linting tools.
This project is open source and available under the MIT License.
Contributions are welcome! Please feel free to submit a Pull Request.
For issues and questions, please open an issue on GitHub.