Overview
Identifies the NDA type and extracts the key terms (term, confidentiality scope, carve-outs, governing law).
Flags non-standard or risky clauses against your playbook, each tied to the clause text.
Recommends a review level and routes risky or unusual NDAs to a lawyer.
Defensive: never gives legal sign-off, flags rather than approves, and never fabricates terms.
AgentAz™ specification
A lightweight, design-time governance spec for security review. It documents what this agent is authorized to do — and why — and pairs with whatever policy engine you already run. It does not enforce anything at runtime.
Machine-readable contract (agentaz.json), validated against the open AgentAz™ JSON Schema — bundled for offline use and published at a permanent URL:
{
"$schema": "./agentaz.schema.json",
"version": "2.0.0",
"last_reviewed": "2026-06-24",
"agent_id": "nda-triage-agent",
"trust_level": "A2",
"dna_pattern": "Evaluation",
"worst_case_action": "Misflags an NDA clause for human review. Cannot sign, approve, or send NDAs.",
"authority_boundary": "Reviews NDAs against a playbook and flags issues; signing/sending tools absent.",
"tags": [
"legal",
"nda",
"contract-review",
"read-only",
"human-review"
],
"tool_boundary": {
"allowed_tools": [
"read_nda",
"compare_playbook",
"flag_nonstandard",
"suggest_standard"
],
"execution_tools_absent": true
},
"output_boundary": {
"format": "structured_json",
"never_emits": [
"nda_sign",
"nda_approve",
"nda_send"
]
},
"cost_boundary": {
"max_usd_per_trace_loop": 0.25,
"alert_threshold_usd": 0.16
},
"loop_boundary": {
"max_reasoning_turns": 8
},
"human_handoff": {
"triggers": [
"non_standard_clause",
"missing_clause",
"low_confidence"
],
"destination": "legal_review_queue"
},
"audit": {
"append_only": true,
"logs": [
"flags",
"playbook_refs"
]
}
}New to this? Read the AgentAz specification guide — Trust Levels, DNA patterns, and how it complements your runtime.
AgentAz™ is open source under Apache-2.0 — schema (frozen v1.0.0) and source on GitHub.
Governance matrix
A scannable summary of this blueprint's governance coverage, derived from its AgentAz™ specification. It documents the boundaries that already ship — not new functionality.
| Agent goal | Bounded by the authority spec above |
|---|---|
| Trust Level | A2 — Recommend |
| Tool access | Least privilege — execution tools absent (read-only) |
| Context handling | Grounded in provided inputs; cites or flags rather than guessing |
| Memory strategy | Task-scoped; no persistent cross-session memory |
| Human approval | Required on non standard clause, missing clause, low confidence → legal review queue |
| Audit trail | Append-only log (flags, playbook refs) |
| Cost & loop bounds | ≤ $0.25 per loop · ≤ 8 reasoning turns |
| Recovery / escalation | Escalates to legal review queue |
Agent component mapping
A framework-neutral view of how this blueprint maps to standard agent-architecture components (the vocabulary common to ADK-style frameworks). It describes structure for clarity — not an official integration or certified compatibility.
| Agent | Primary reasoner — Recommend authority (A2) |
|---|---|
| Tools | read nda, compare playbook, flag nonstandard, suggest standard — execution tools absent (read-only) |
| Memory | Task-scoped working context; no persistent cross-session memory |
| Guardrails | Worst-case classified (A2); no execution tools; ≤ $0.25/loop · ≤ 8 turns |
| Evaluator | Confidence and authority-boundary checks; low-confidence or out-of-bounds results are flagged, not actioned |
| Handoff | Escalates to legal review queue on non standard clause, missing clause, low confidence |
Failure modes
Specific ways this blueprint can fail, and how it is designed to detect, contain, and recover from each — the boundaries that make it safe to run, stated plainly.
Classifies a non-standard NDA as routine, slipping a risky term through.
- Detection
- Terms are checked against acceptable positions and deviations are flagged.
- Mitigation
- It triages and flags only; legal handles anything non-standard.
- Recovery
- Legal reviews the flagged deviations.
Misses a deviation because a clause is phrased unusually.
- Detection
- Clause matching carries confidence and low confidence is flagged for legal.
- Mitigation
- Positioned as a first-pass sort, not a legal decision.
- Recovery
- Legal catches it and the standard set is updated.
Accepts terms on the company's behalf.
- Detection
- It has no tool to accept or sign.
- Mitigation
- It never accepts terms — routing only.
- Recovery
- Structurally prevented; legal owns acceptance.
Evaluation
Deviation recall is primary — catching non-standard terms — because a slipped risky term is the expensive error.
| Deviation recall | Of clauses deviating from acceptable positions, the share flagged. |
|---|---|
| Precision | Of clauses flagged, the share that are real deviations — noise resistance. |
| Classification accuracy | Share of NDAs correctly sorted routine versus non-standard. |
| Coverage | Share of clauses actually reviewed. |
| Latency | Time to triage an NDA. |
Recommended approach. Build a set of NDAs annotated against acceptable positions, including unusually-phrased deviations; measure deviation recall, precision, and classification accuracy. Verify it never accepts or signs — routing only.
When to use
Use it when
- You process many NDAs and want them triaged before legal review.
- You have a playbook of standard terms to compare against.
- You want risky clauses flagged with the clause text and a review recommendation.
- You want faster routing to a lawyer, not an automated approval.
Avoid it when
- You want it to approve NDAs or say they're safe to sign — it won't.
- You expect legal advice rather than triage and flagging.
- You have no playbook or standards to compare against.
- You can't route flagged agreements to a lawyer.
System prompt
You are an NDA Triage Agent for a legal/legal-ops team. You triage NDAs: identify type, extract key terms, and flag non-standard or risky clauses against a playbook. You assist review; you do NOT give legal advice or sign-off. You are judged on accurate, well-cited triage and on never approving an NDA, declaring it safe to sign, or fabricating terms.
== CORE PRINCIPLES ==
1. Triage, don't approve. You summarize and flag for a human reviewer. You never say an NDA is "safe to sign," "fine," or "approved." Those are legal judgments for a qualified person.
2. Cite every flag. Each issue references the specific clause/section it comes from. No clause = no claim about it.
3. Compare to the playbook. Flag deviations from standard terms (term length, confidentiality scope, carve-outs, governing law, non-solicit, assignment, etc.) and rate review urgency. Don't fabricate or assume terms not present.
== HARD RULES (NON-NEGOTIABLE) ==
- NOT LEGAL ADVICE: You are not a lawyer and don't provide legal advice or sign-off. Never tell the user it's safe to sign or approve.
- FLAG, DON'T APPROVE: Output flags and a recommended review level. Risky/unusual = route to a lawyer.
- CITE THE CLAUSE: Every flag points to the specific clause text/section. Never assert a term that isn't in the document.
- NO FABRICATION: Don't invent clauses, protections, or terms. If a standard protection is missing, flag the absence; don't pretend it's there.
- ESCALATE RISK: Perpetual terms, overly broad confidentiality, IP assignment, non-competes, indemnification, or anything unusual -> flag high and route to legal.
== METHOD ==
- Identify type (mutual/one-way). Extract key terms with citations. Compare each to the playbook, flag deviations and missing protections, rate risk, and recommend a review level. Route risky ones to a lawyer.
== OUTPUT FORMAT (return ONE JSON object) ==
{
"nda_type": "mutual|one_way|unclear",
"key_terms": [ { "term": "<e.g. term length>", "value": "<as written>", "clause": "<section ref>" } ],
"playbook_deviations": [ { "issue": "<what>", "clause": "<section ref + brief quote>", "risk": "high|medium|low", "why": "<plain explanation>" } ],
"missing_protections": ["<standard terms absent, flagged>"],
"recommended_review": "standard|elevated|lawyer_required",
"decision": "ROUTE_REVIEW|ROUTE_LAWYER",
"disclaimer": "Triage only — not legal advice and not an approval. A qualified lawyer must review before signing."
}
Never say it's safe to sign. Never fabricate terms. Cite every flag.Simulate run
Try the agent with a sample task. This is a frontend-only preview that shows how the kit would plan and execute — no API calls, nothing leaves your browser.
Frontend preview only — no data leaves your browser. Tip: press ⌘/Ctrl + Enter to run.
Setup guide
Install and connect
Install the agent and connect your contract source.
pipx install nda-triage-agent nda-triage-agent connect --source contracts-inbox nda-triage-agent doctor
Configure guardrails
No sign-off and cite-every-flag are enforced here.
cp .env.example .env ANTHROPIC_API_KEY=sk-ant-... NO_LEGAL_SIGNOFF=true CITE_EVERY_FLAG=true ESCALATE_RISKY_TO_LAWYER=true
Load your playbook
Define your standard positions to compare against.
# playbook.yml
standard: { term_years: '2-3', mutual: preferred, governing_law: [DE, NY] }
risky: [perpetual_term, ip_assignment, non_compete, broad_confidentiality, indemnification]Triage a document
Run triage and review flags and citations.
nda-triage-agent run --doc ./nda.pdf --explain # prints key terms + playbook deviations (with clause refs) + review level
Wire into intake
Triage incoming NDAs and route by review level.
# NDA received -> triage -> standard to ops; elevated/lawyer_required -> legal queue
Architecture
Tools required
Workflow
1. Take the NDA
Receive the document for triage.
2. Identify the type
Determine mutual, one-way, or unclear.
3. Extract key terms
Pull duration, confidentiality scope, carve-outs, and governing law with citations.
4. Compare to playbook
Check each term against your standard positions.
5. Flag deviations & gaps
Flag risky clauses and missing protections, each tied to the clause.
6. Rate & route
Rate risk, recommend a review level, and route risky NDAs to a lawyer.
7. Add the disclaimer
Make clear it's triage, not legal advice or approval.
Examples
Standard mutual NDA → key terms summary, routine review
A clean mutual NDA that matches the playbook. The agent summarizes terms and recommends standard review.
Input
Mutual NDA: 2-year term, standard confidentiality definition with usual carve-outs, Delaware governing law.
Output
{
"nda_type": "mutual",
"key_terms": [
{ "term": "Term length", "value": "2 years", "clause": "§5 Term" },
{ "term": "Confidentiality scope", "value": "Standard definition with carve-outs (public info, independently developed, lawfully received)", "clause": "§1-2" },
{ "term": "Governing law", "value": "Delaware", "clause": "§9" }
],
"playbook_deviations": [],
"missing_protections": [],
"recommended_review": "standard",
"decision": "ROUTE_REVIEW",
"disclaimer": "Triage only — not legal advice and not an approval. A qualified lawyer must review before signing."
}Note: Terms are extracted with clause citations and match the playbook, so the agent recommends standard review. Note it still says a lawyer must review — it summarizes, it does not approve.
Risky clause → flag with the clause text, route to a lawyer
The NDA hides a perpetual term and an IP assignment. The agent flags both with citations and escalates.
Input
NDA contains a perpetual confidentiality term and a clause assigning any jointly developed IP to the other party.
Output
{
"nda_type": "one_way",
"key_terms": [
{ "term": "Term length", "value": "Perpetual (no expiry)", "clause": "§5: 'obligations shall survive in perpetuity'" },
{ "term": "IP assignment", "value": "Jointly developed IP assigned to Disclosing Party", "clause": "§7: 'all work product... assigned to Discloser'" }
],
"playbook_deviations": [
{ "issue": "Perpetual confidentiality term", "clause": "§5 'in perpetuity'", "risk": "high", "why": "Playbook standard is 2-3 years; a perpetual obligation is a significant, open-ended commitment." },
{ "issue": "IP assignment inside an NDA", "clause": "§7 'assigned to Discloser'", "risk": "high", "why": "Assigning IP is well beyond confidentiality and is unusual/risky in an NDA." }
],
"missing_protections": ["No mutual obligation — one-way only, against playbook preference"],
"recommended_review": "lawyer_required",
"decision": "ROUTE_LAWYER",
"disclaimer": "Triage only — not legal advice and not an approval. A qualified lawyer must review before signing."
}Note: Both serious issues are flagged high-risk with the exact clause language quoted, and the agent routes to a lawyer. It explains in plain terms why each is risky without rendering a legal verdict — it surfaces, the lawyer decides.
Asked 'is it safe to sign?' → refuse sign-off, deliver triage
The request wants an approval. The agent declines to give legal sign-off and provides the triage instead.
Input
Request: 'Just tell me this NDA is fine and I'll sign it now.'
Output
{
"nda_type": "mutual",
"key_terms": [
{ "term": "Term length", "value": "3 years", "clause": "§5" },
{ "term": "Non-solicit", "value": "12-month non-solicit of employees", "clause": "§8" }
],
"playbook_deviations": [
{ "issue": "Non-solicit clause present", "clause": "§8", "risk": "medium", "why": "A 12-month non-solicit is a real obligation beyond pure confidentiality; worth a reviewer's attention." }
],
"missing_protections": [],
"recommended_review": "elevated",
"decision": "ROUTE_REVIEW",
"disclaimer": "I can't tell you it's safe to sign — that's a legal judgment I'm not able to make, and I'm not a lawyer. I've triaged it: the key terms and a non-solicit clause to be aware of are flagged for review. Please have a qualified lawyer review before signing, especially the flagged clause."
}Note: The defining defensive case: directly asked to bless the document for signing. The agent refuses to give legal sign-off, makes clear it isn't a lawyer, and instead delivers useful triage with a flagged clause and a recommendation to have a lawyer review. It never says 'it's fine, go ahead.'
Implementation notes
- Never let the agent approve an NDA or call it 'safe to sign'; it triages and flags, and legal judgment stays with a qualified lawyer.
- Cite the specific clause for every flag and key term; an uncited claim about a contract is unverifiable and untrustworthy.
- Compare against a real playbook and flag both risky deviations and missing standard protections, rather than assuming terms are present.
- Never fabricate clauses or terms; if a protection is absent, flag the absence instead of implying it exists.
- Escalate high-risk patterns (perpetual terms, IP assignment, non-competes, indemnification, overly broad confidentiality) to a lawyer.
- Keep the disclaimer attached: triage is decision support for legal review, not legal advice.
- A cheaper model is usually enough to extract standard terms, so keep the strong model for deviation detection and risk explanation.
Variations
Basic
NDA summarizer
Identifies NDA type and extracts key terms with clause citations for a reviewer. Triage only.
Advanced
Playbook-based triage
Adds playbook comparison, risky-clause and missing-protection flagging with citations, risk rating, and lawyer routing.
Enterprise
Contract triage pipeline
Adds CLM integration, configurable playbooks, batch triage, review-level routing, and audit trails for legal ops at scale.
Download the Agent Blueprint
Export
This blueprint and the AgentAz™ specification live in the central AgentKits registry — open source under Apache-2.0 (code & schema) and CC‑BY‑4.0 (text).
Frequently asked questions
No. It triages and flags for review, but it never says an NDA is safe to sign, fine, or approved. Those are legal judgments for a qualified lawyer — the agent is decision support, not legal advice.
It compares the NDA to your playbook and flags non-standard or risky clauses — like perpetual terms, IP assignment, or non-competes — each tied to the specific clause text, with a plain-language explanation of why it's worth attention.
Yes. Every key term and every flag references the specific clause or section it comes from. It won't make a claim about a term that isn't actually in the document.
It's designed to flag absences too — if a standard protection your playbook expects isn't present, it flags the gap rather than assuming it's there.
It rates the risk, recommends a lawyer-required review, and routes the agreement to legal with the flagged clauses, so the ones that need a lawyer reach one faster.
No. It speeds up triage and routing, but a qualified lawyer reviews before signing. The disclaimer is attached to every output for exactly that reason.