Melaya — Build AI agents for any job. Agentic platform for research, ops, outreach, reporting — and the only one where agents can actually trade.

// USE CASE · LEGAL

Legal agents that run on your hardware,and pause before they sign.

Most law firms have banned cloud AI on day one because client documents cannot end up in a third-party model's training pipeline. Melaya runs the legal crew on your own machine. ContractReviewer, AMLSpecialist, and KYCLead can read privileged matters on a local Ollama or LM Studio model so the privileged file never leaves your network. Bring Claude or GPT only where the matter is non-privileged. The lawyer signs. Every read is logged.

See the pipelines ↓
01
// What breaks today

The status quo costs more than the agent does.

Three pains every sales and BD team hits weekly. Each one is what your reps actually complain about, not what a feature page would call them.

  1. 01

    Counsel banned ChatGPT and every other cloud AI on day one because privileged client documents cannot end up in a vendor's training pipeline. The team is back to grinding redlines and SARs by hand while every other department ships AI.

  2. 02

    Counsel burns 12 hours a week redlining 4-year contracts, 1-year cliffs, and unlimited liability clauses by hand before a single deal closes.

  3. 03

    A MiCA or FCA rule change lands in a Friday consultation paper and nobody on the team sees the 90-day impact window until the regulator emails a question.

02
// Pipelines you can build

Compose. Approve. Replay.

Every pipeline below is a shape you wire on the canvas using the crew and tools further down. Not a feature we ship for you, a pattern you configure.

P01

Redline commercial contracts in 48h

ContractReviewer reads the incoming contract, retrieves precedent from your playbook through rag_retrieve, drafts the redline with clause-level rationale, and stages a Word doc for counsel. Runs end-to-end on a local Ollama or LM Studio model when the matter is privileged, with zero outbound traffic. HITL gate blocks any send to the counterparty.

P02

Track MiCA, FCA, and SEC changes weekly

RegulatoryAffairs scrapes EUR-Lex, FCA Handbook, MAS consultation papers, and SEC dockets on a Monday cron, scores each change for 90-day impact, and writes to the licence dashboard. Cross-run memory carries last week's open items into this week's brief.

P03

Screen AML alerts and draft SARs

AMLSpecialist ingests the transaction stream, scores against the AML typology library held in Static context, flags structuring and Travel Rule gaps, and drafts a SAR with supporting evidence. Routes to a local model on sensitive runs so KYC PII and transaction hashes never leave your network. HITL gate blocks the file with the FIU until counsel signs.

P04

Run KYC onboarding across three tiers

KYCLead ingests the CDD pack, screens against OFAC, UN, EU, and HMT lists at the 85 percent fuzzy threshold, and routes Tier 2 and 3 clients to EDD with senior sign-off. The scoped retrieval tool pulls UBO chains from your data room, never the open web.

P05

Prepare DPIAs and respond to DSRs

PrivacyOfficer drafts the DPIA for any new high-risk processing, runs the 72-hour breach decision tree, and answers DSRs inside the 30-day GDPR window. Cross-run memory tracks every open DSR so deadlines do not reset on Monday.

P06

Assemble matter packs for regulator inquiries

RegulatoryLitigator opens a litigation hold on the matter, runs Howey or Reves analysis where the inquiry touches a token, and assembles the privileged response pack. Replay on every read gives the firm a defensible privilege log if the regulator pushes back.

03
// The crew

Legal & Compliance crew

Real personas from the legal_compliance crew. Each ships with a tuned system prompt and a default tool allowlist. Swap models per persona on the canvas.

Contract Reviewer

ContractReviewer

Reviews and redlines commercial contracts, SAFTs, TPAs, and term sheets, flagging red and yellow clauses against the firm's pre-approved playbook.

Regulatory Affairs

RegulatoryAffairs

Tracks MiCA, MiFID II, FCA, MAS, SEC, and CFTC changes 90 days ahead and runs licensing applications and renewals across operating jurisdictions.

AML Specialist

AMLSpecialist

Screens on-chain and off-chain transactions against AML typologies, flags structuring and Travel Rule gaps, and drafts SARs with supporting evidence.

KYC Lead

KYCLead

Runs KYC and KYB onboarding across three risk tiers, handles UBO chains, sanctions hits on OFAC, UN, EU, HMT lists, and EDD on PEPs.

Privacy Officer

PrivacyOfficer

Maintains the RoPA, runs DPIAs before high-risk processing, executes DSRs inside GDPR and CCPA deadlines, and owns the 72-hour breach protocol.

Compliance Monitor

ComplianceMonitor

Tests every compliance control on a quarterly cadence, maintains the control register, and assembles audit-ready evidence packs for examinations.

Regulatory Litigator

RegulatoryLitigator

Drafts responses to SEC, CFTC, and FCA inquiries, runs Howey and Reves analyses on token activity, and issues litigation holds when matters open.

Chief Legal Officer

ChiefLegalOfficer

Owns the top-10 legal risk register, briefs the board on enforcement exposure, and balances in-house versus external counsel spend against revenue.

Legal Synth

LegalSynth

Synthesises AML, KYC, regulatory, privacy, and contract signals into a single decision-grade brief for the CEO and board with action owners and deadlines.

04
// Scoped tools

Only the actions you grant.

Every tool below is a real shared tool from the Melaya bundle. Allowlist per agent; HITL-gate the writes; revoke any of them in one click.

shared/tools/knowledge/

Load contract playbooks, MiCA and FCA rulebooks, prior SARs, DPAs, and regulator correspondence into the per-workflow vector store. Powers rag_retrieve for ContractReviewer, RegulatoryAffairs, and PrivacyOfficer. Writes are scoped to the workflow store, no cross-tenant leak.

build_knowledge_from_textbuild_knowledge_from_filebuild_knowledge
shared/tools/core/

General research, regulator-page fetches, and grep across policy repos. file_write is HITL-gated for any output that lands in your DMS or shared drive.

web_searchweb_fetchhttp_requestfile_readfile_writegrep_searchgit_log
shared/tools/scraping/

Pull EUR-Lex pages, FCA Handbook updates, SEC enforcement dockets, and MAS consultation papers into the regulatory radar. Reads only, no writes.

scrape_pagescrape_structuredscrape_linksscrape_table
shared/tools/email/

Read inbound regulator correspondence and client KYC documents, draft replies, and stage every send. gmail_send is HITL by default for this crew so no regulator email leaves without counsel sign-off.

gmail_readgmail_sendgmail_my_address
shared/tools/tavily_tools/

Search regulatory news, enforcement actions, and case law with citations the agent can ground its analysis in. Read-only, no HITL needed.

tavily_searchtavily_search_newstavily_extract
shared/tools/msoffice/

Read incoming contracts and KYC files in Word, build redline drafts and control registers in Excel. Writes land in a staging folder that requires HITL before promoting to the matter folder.

word_readword_createword_add_paragraphsexcel_read_sheetexcel_write_data
shared/tools/database/

Read the matter, control, and CDD tables for ComplianceMonitor and KYCLead. sql_execute is omitted on purpose, this bundle is read-only so the agent cannot mutate the compliance database.

sql_querysql_schemasql_export_csv
05
// Three knowledge layers

The crew reads what you give it.

Every pipeline ships with three layers of knowledge access. Mix and match per agent on the canvas. No shared vector space with another tenant, no surprise reads, no opaque retrieval.

L1

Static context

includeContext

Per-pipeline documents appended to specific agents' input on every run. The ICP brief, playbook, pricing sheet, or won-deal email corpus. Whatever needs to be there before the agent thinks. You pick which personas get which docs.

L2

RAG retrieval tool

rag_retrieve

A scoped tool granted per-agent. When the agent decides it needs more depth, it queries the workflow's vector store on demand. Same knowledge base as Static context, accessed only when the model asks for it.

L3

Cross-run memory

pipeline_memory

Pipeline-level state that carries from one run to the next. Yesterday's research is in scope for today's follow-up. The crew remembers what it already prospected, what got approved, what was sent. The audit log is the second-order knowledge base.

07
// FAQ

Questions we get every week.

Can we run the entire crew on a local model so client data never leaves the firewall?

Yes, this is the default for privileged work. Point each persona at a local Ollama or LM Studio instance running on your own hardware. ContractReviewer, AMLSpecialist, KYCLead, and PrivacyOfficer can run end-to-end with zero outbound traffic. Cloud models (Claude, GPT, Gemini) stay an option per persona for non-privileged matter work. The per-agent model picker is the privacy lever.

Where does our data physically sit when the crew runs?

On your hardware when you run a local model. Every prompt, every retrieved document, every draft, and every audit log stays on the machine running the runner. The per-workflow vector store is yours to host. Cloud models only see the prompts the agent sends them, and you decide which personas can call them. EU teams can deploy entirely on EU-hosted Mistral or a local model to meet MiCA, GDPR, and DORA residency obligations.

How does this handle attorney-client privilege and litigation hold?

Privileged matters route to a separate workspace with scoped tools and an explicit hold flag. On hold, the agent cannot call external search, web_fetch, third-party tools, or cloud models, full stop. The local-model lane is the default for hold work. Every read is logged with timestamp, persona, model id, and matter anchor so privilege is defensible line by line.

Will the agents file SARs or send regulator responses on their own?

No. Every SAR draft, regulator reply, redline, and licence renewal email is staged for a human signer. The AML, KYC, and litigation personas ship with HITL on every write so the lawyer who signs is the human, not the agent.

Can the agents reason over our policies, contracts, and regulator letters?

Three layers, all per-workflow and tenant-isolated. Static context attaches your AML policy, contract playbook, and licence conditions to specific personas on every run. The rag_retrieve tool lets ContractReviewer and RegulatoryAffairs pull from prior matters, regulator correspondence, and your DPA library on demand. Cross-run memory carries yesterday's litigation hold and DSR queue into today's run. None of those layers leave your tenant or the local runner you point them at.

Does this replace Ironclad, Harvey, Robin AI, or Spellbook?

No, it sits next to them. Melaya is the orchestration and audit layer across nine legal personas, with the option to run every one on a private model. If you already pay for Ironclad as your CLM or Harvey for litigation research, ContractReviewer hands drafts to them through tool calls and keeps the replay log on your side.

How do we keep the output from sounding like AI?

Every redline, SAR, and DPIA cites the specific clause, transaction hash, or regulator paragraph it relies on, pulled from your own corpus loaded into the knowledge store. Compliance officers can require a citation on every paragraph as a HITL pre-check before signing.

How fast can a legal team get the first pipeline running?

With your DMS or shared drive connected, a contract playbook loaded into the knowledge store, and Ollama running locally, the redline workflow is a 4-node canvas: ingest, retrieve precedent, draft redline, route for approval. Most teams ship the first version in a working session and never send a single token to a cloud vendor.

Can I audit exactly what each agent did and why?

Yes. Every run logs every tool call, every model invocation (with model id), every retrieved document, and every approval decision. Replay any matter at any time. Examiners get the full evidence pack in under five business days, which is the ComplianceMonitor target.

Build legal & compliance teams pipelines on Melaya.

Sandbox tier is free with no card. Join the waitlist and we will email you the moment a slot opens.

← Back to every use case
Join the community