fix: Header nav - Settings, Admin, Login/Signup visibility

README.md

@@ -10,31 +10,11 @@ app_file: app.py
 pinned: false
 ---
 
-# 🛡️ ClauseGuard v4.3 — World's Best Open-Source Legal Contract Analysis
+# 🛡️ ClauseGuard v4.0 — World's Best Open-Source Legal Contract Analysis
 
 **ClauseGuard** is the most comprehensive open-source AI-powered legal contract analysis tool. It analyzes contracts using state-of-the-art legal NLP models and provides actionable risk assessments, Q&A chatbot, clause redlining, and OCR for scanned PDFs.
 
-## 🆕 What's New in v4.3
-
-| Feature | Description |
-|---------|-------------|
-| **⚡ ONNX + INT8 Quantization** | CUAD classifier now supports ONNX Runtime with dynamic INT8 quantization — **2-4x faster inference on CPU**. New `ml/export_onnx_v2.py` handles the full merge→export→quantize pipeline. |
-| **🎯 Better Embeddings** | Upgraded from `all-MiniLM-L6-v2` to `BAAI/bge-small-en-v1.5` — **+21% retrieval accuracy** on MTEB benchmarks, same 384-dim, same latency. Includes query instruction prefix for asymmetric retrieval. |
-| **🚀 Batched Classification** | All clauses classified in a single batched forward pass (batch_size=8) instead of one-by-one — **2-3x throughput improvement**. |
-| **🧵 CPU Thread Control** | `torch.set_num_threads(2)` prevents CPU thrashing under concurrent Gradio requests |
-
-### Previous: v4.2
-
-| Feature | Description |
-|---------|-------------|
-| **🔧 NLI Fix** | Fixed contradiction detection — now uses `CrossEncoder.predict()` instead of broken `pipeline("text-classification")` dict input. Contradictions actually work now. |
-| **🔒 Thread Safety** | `BoundedCache` now uses `threading.RLock` to prevent race conditions under concurrent Gradio requests |
-| **⚡ Pre-compiled Regex** | All regex patterns (clause classification, obligations, compliance negation) pre-compiled at module level — eliminates thousands of redundant compilations |
-| **🔗 Extension Fix** | Chrome extension risk formula now matches backend (diminishing returns, not normalized by doc length). Fixed API_BASE URL. |
-| **🏷️ Label Coverage** | Added missing regex-only labels (Indemnification, Confidentiality, Force Majeure, Penalties) to RISK_MAP and DESC_MAP |
-| **🛡️ Security** | API CORS localhost origins now require explicit opt-in via `CORS_ALLOW_LOCALHOST=true` env var |
-
-### Previous: v4.0
+## 🆕 What's New in v4.0
 
 | Feature | Description |
 |---------|-------------|
@@ -79,7 +59,7 @@ pinned: false
 | Clause Classification | `Mokshith31/legalbert-contract-clause-classification` — LoRA adapter on `nlpaueb/legal-bert-base-uncased`, fine-tuned on CUAD 41-class taxonomy |
 | Legal NER | `matterstack/legal-bert-ner` (ML) with regex fallback for 7 entity types |
 | NLI | `cross-encoder/nli-deberta-v3-base` (semantic contradiction detection) |
-| Embeddings | `BAAI/bge-small-en-v1.5` (384-dim, RAG retrieval — +21% over MiniLM) |
+| Embeddings | `sentence-transformers/all-MiniLM-L6-v2` (384-dim, RAG retrieval) |
 | LLM | `Qwen/Qwen2.5-7B-Instruct` via HF Inference API (chatbot + redlining) |
 | OCR | `docTR` (fast_base + crnn_vgg16_bn) for scanned PDF text extraction |
 | Compliance | Regulatory keyword matching across GDPR, CCPA, SOX, HIPAA, FINRA |

api/main.py

@@ -1,11 +1,11 @@
 """
-ClauseGuard — FastAPI Backend v4.1
+ClauseGuard — FastAPI Backend v4.0
 ══════════════════════════════════
-Fixes in v4.1:
-  • FIX: Rate limiter uses sliding window with proper IP extraction (X-Forwarded-For)
-  • FIX: RAG sessions have TTL-based expiry (1 hour) instead of just count-based
-  • FIX: Input text size validation (max 200KB)
-  • FIX: Proper error handling for all endpoints
+New in v4.0:
+  • /api/redline — clause redlining suggestions
+  • /api/chat — RAG chatbot (streaming)
+  • /api/ocr — OCR scanned PDF extraction
+  • Updated analysis to include redlining data
 """
 
 import os
@@ -56,45 +56,25 @@ SUPABASE_URL = os.environ.get("SUPABASE_URL", "")
 SUPABASE_SERVICE_KEY = os.environ.get("SUPABASE_SERVICE_ROLE_KEY", "")
 HF_API_TOKEN = os.environ.get("HF_API_TOKEN", "")
 SAULLM_ENDPOINT = os.environ.get("SAULLM_ENDPOINT", "")
-MAX_TEXT_LENGTH = int(os.environ.get("MAX_TEXT_LENGTH", "200000"))
+MAX_TEXT_LENGTH = int(os.environ.get("MAX_TEXT_LENGTH", "100000"))
 
-# ─── FIX v4.2: Improved sliding window rate limiter with periodic cleanup ───
-_rate_limits: dict[str, list[float]] = {}
-_rate_limits_last_cleanup: float = 0.0
+# ─── Rate Limiting ───
+_rate_limits = {}
 RATE_LIMIT_REQUESTS = 30
-RATE_LIMIT_WINDOW = 60  # seconds
-
-def _get_client_ip(request: Request) -> str:
-    """Extract real client IP, handling reverse proxies."""
-    forwarded = request.headers.get("x-forwarded-for", "")
-    if forwarded:
-        return forwarded.split(",")[0].strip()
-    return request.client.host if request.client else "unknown"
+RATE_LIMIT_WINDOW = 60
 
 def _check_rate_limit(client_ip: str) -> bool:
-    """Sliding window rate limiter with periodic stale-IP cleanup."""
-    global _rate_limits_last_cleanup
     now = time.time()
-
-    # FIX v4.2: Periodic cleanup every 60s regardless of dict size
-    if now - _rate_limits_last_cleanup > 60:
-        stale = [ip for ip, ts in _rate_limits.items() if not ts or now - ts[-1] > RATE_LIMIT_WINDOW * 2]
-        for ip in stale:
-            del _rate_limits[ip]
-        _rate_limits_last_cleanup = now
-
-    if client_ip not in _rate_limits:
-        _rate_limits[client_ip] = []
-
-    # Remove expired timestamps
-    _rate_limits[client_ip] = [
-        t for t in _rate_limits[client_ip] if now - t < RATE_LIMIT_WINDOW
-    ]
-
-    if len(_rate_limits[client_ip]) >= RATE_LIMIT_REQUESTS:
-        return False
-
-    _rate_limits[client_ip].append(now)
+    if client_ip in _rate_limits:
+        count, window_start = _rate_limits[client_ip]
+        if now - window_start > RATE_LIMIT_WINDOW:
+            _rate_limits[client_ip] = (1, now)
+            return True
+        if count >= RATE_LIMIT_REQUESTS:
+            return False
+        _rate_limits[client_ip] = (count + 1, window_start)
+        return True
+    _rate_limits[client_ip] = (1, now)
     return True
 
 # ─── Supabase helper ───
@@ -136,27 +116,9 @@ async def supabase_query(table: str, params: dict, headers_extra: dict = {}):
     except Exception:
         return []
 
-# ─── FIX v4.1: RAG sessions with TTL-based expiry ───
-_rag_sessions: dict[str, dict] = {}
+# ─── In-memory RAG session store ───
+_rag_sessions: dict = {}
 _RAG_SESSION_MAX = 100
-_RAG_SESSION_TTL = 3600  # 1 hour
-
-def _cleanup_rag_sessions():
-    """Remove expired RAG sessions."""
-    now = time.time()
-    expired = [sid for sid, s in _rag_sessions.items() if now - s.get("created_at", 0) > _RAG_SESSION_TTL]
-    for sid in expired:
-        del _rag_sessions[sid]
-
-def _store_rag_session(session_id: str, data: dict):
-    """Store a RAG session with TTL tracking."""
-    _cleanup_rag_sessions()
-    if len(_rag_sessions) >= _RAG_SESSION_MAX:
-        # Remove oldest session
-        oldest = min(_rag_sessions, key=lambda k: _rag_sessions[k].get("created_at", 0))
-        del _rag_sessions[oldest]
-    data["created_at"] = time.time()
-    _rag_sessions[session_id] = data
 
 # ─── Request/Response Models ───
 class AnalyzeRequest(BaseModel):
@@ -194,17 +156,13 @@ class RedlineRequest(BaseModel):
 async def lifespan(app: FastAPI):
     yield
 
-app = FastAPI(title="ClauseGuard API", version="4.1.0", lifespan=lifespan)
+app = FastAPI(title="ClauseGuard API", version="4.0.0", lifespan=lifespan)
 
-# FIX v4.2: CORS origins configurable via env var; localhost only in dev
-_extra_origins = os.environ.get("CORS_EXTRA_ORIGINS", "").split(",")
 ALLOWED_ORIGINS = [
     "https://clauseguardweb.netlify.app",
+    "http://localhost:3000",
+    "http://localhost:3001",
 ]
-# Only add localhost origins if explicitly enabled via env
-if os.environ.get("CORS_ALLOW_LOCALHOST", "").lower() == "true":
-    ALLOWED_ORIGINS.extend(["http://localhost:3000", "http://localhost:3001"])
-ALLOWED_ORIGINS.extend([o.strip() for o in _extra_origins if o.strip()])
 app.add_middleware(
     CORSMiddleware,
     allow_origins=ALLOWED_ORIGINS,
@@ -221,18 +179,17 @@ async def health():
     return {
         "status": "ok",
         "model": model_status,
-        "version": "4.1.0",
+        "version": "4.0.0",
         "shared_modules": _SHARED_MODULES,
         "ocr": ocr_status,
         "features": ["analyze", "compare", "redline", "chat", "ocr"],
-        "rag_sessions_active": len(_rag_sessions),
     }
 
 @app.post("/api/analyze")
 async def analyze(req: AnalyzeRequest, request: Request, user: Optional[dict] = Depends(get_current_user)):
-    client_ip = _get_client_ip(request)
+    client_ip = request.client.host if request.client else "unknown"
     if not _check_rate_limit(client_ip):
-        raise HTTPException(status_code=429, detail="Rate limit exceeded. Please wait 60 seconds.")
+        raise HTTPException(status_code=429, detail="Rate limit exceeded.")
 
     text = req.text
     if not text and req.clauses:
@@ -240,10 +197,8 @@ async def analyze(req: AnalyzeRequest, request: Request, user: Optional[dict] =
 
     if not text or len(text.strip()) < 50:
         raise HTTPException(status_code=400, detail="Text too short (minimum 50 characters)")
-
-    # FIX v4.1: Input size validation
     if len(text) > MAX_TEXT_LENGTH:
-        raise HTTPException(status_code=400, detail=f"Text too long (max {MAX_TEXT_LENGTH // 1000}KB)")
+        raise HTTPException(status_code=400, detail=f"Text too long (max {MAX_TEXT_LENGTH} chars)")
 
     start = time.time()
 
@@ -293,13 +248,16 @@ async def analyze(req: AnalyzeRequest, request: Request, user: Optional[dict] =
             }],
         })
 
-    # RAG indexing with TTL-managed sessions
+    # v4.0: RAG indexing
     session_id = None
     try:
         chunks, embeddings, _status = index_contract(text)
         if chunks and embeddings is not None:
             session_id = uuid.uuid4().hex[:12]
-            _store_rag_session(session_id, {
+            if len(_rag_sessions) >= _RAG_SESSION_MAX:
+                oldest = next(iter(_rag_sessions))
+                del _rag_sessions[oldest]
+            _rag_sessions[session_id] = {
                 "chunks": chunks,
                 "embeddings": embeddings,
                 "analysis": {
@@ -309,7 +267,7 @@ async def analyze(req: AnalyzeRequest, request: Request, user: Optional[dict] =
                     "entities": entities[:30],
                     "contradictions": contradictions,
                 },
-            })
+            }
     except Exception as e:
         print(f"[API] RAG indexing error: {e}")
 
@@ -346,27 +304,20 @@ async def analyze(req: AnalyzeRequest, request: Request, user: Optional[dict] =
 
 @app.post("/api/compare")
 async def compare(req: CompareRequest, request: Request):
-    client_ip = _get_client_ip(request)
+    client_ip = request.client.host if request.client else "unknown"
     if not _check_rate_limit(client_ip):
         raise HTTPException(status_code=429, detail="Rate limit exceeded.")
-
-    # FIX v4.1: Input size validation for comparison
-    if len(req.text_a) > MAX_TEXT_LENGTH or len(req.text_b) > MAX_TEXT_LENGTH:
-        raise HTTPException(status_code=400, detail=f"Text too long (max {MAX_TEXT_LENGTH // 1000}KB per contract)")
-
     return compare_contracts(req.text_a, req.text_b)
 
 @app.post("/api/redline")
 async def redline(req: RedlineRequest, request: Request):
-    client_ip = _get_client_ip(request)
+    client_ip = request.client.host if request.client else "unknown"
     if not _check_rate_limit(client_ip):
         raise HTTPException(status_code=429, detail="Rate limit exceeded.")
 
     if req.session_id and req.session_id in _rag_sessions:
         analysis = _rag_sessions[req.session_id]["analysis"]
     elif req.text:
-        if len(req.text) > MAX_TEXT_LENGTH:
-            raise HTTPException(status_code=400, detail="Text too long")
         result, error = analyze_contract(req.text)
         if error:
             raise HTTPException(status_code=400, detail=error)
@@ -379,15 +330,12 @@ async def redline(req: RedlineRequest, request: Request):
 
 @app.post("/api/chat")
 async def chat(req: ChatRequest, request: Request):
-    client_ip = _get_client_ip(request)
+    client_ip = request.client.host if request.client else "unknown"
     if not _check_rate_limit(client_ip):
         raise HTTPException(status_code=429, detail="Rate limit exceeded.")
 
-    # FIX v4.1: Clean up expired sessions before checking
-    _cleanup_rag_sessions()
-
     if req.session_id not in _rag_sessions:
-        raise HTTPException(status_code=404, detail="Session expired or not found. Please analyze a contract first.")
+        raise HTTPException(status_code=404, detail="Session not found. Analyze a contract first.")
 
     session = _rag_sessions[req.session_id]
     response_text = ""
@@ -399,14 +347,12 @@ async def chat(req: ChatRequest, request: Request):
 
 @app.post("/api/chat/stream")
 async def chat_stream(req: ChatRequest, request: Request):
-    client_ip = _get_client_ip(request)
+    client_ip = request.client.host if request.client else "unknown"
     if not _check_rate_limit(client_ip):
         raise HTTPException(status_code=429, detail="Rate limit exceeded.")
 
-    _cleanup_rag_sessions()
-
     if req.session_id not in _rag_sessions:
-        raise HTTPException(status_code=404, detail="Session expired or not found.")
+        raise HTTPException(status_code=404, detail="Session not found.")
 
     session = _rag_sessions[req.session_id]
 
@@ -429,12 +375,8 @@ async def ocr_endpoint(file: UploadFile = FastAPIFile(...)):
     if not file.filename or not file.filename.lower().endswith(".pdf"):
         raise HTTPException(status_code=400, detail="Only PDF files supported")
 
-    # FIX v4.1: Limit upload size (20MB)
-    content = await file.read()
-    if len(content) > 20 * 1024 * 1024:
-        raise HTTPException(status_code=400, detail="File too large (max 20MB)")
-
     with tempfile.NamedTemporaryFile(suffix=".pdf", delete=False) as tmp:
+        content = await file.read()
         tmp.write(content)
         tmp_path = tmp.name
 

app.py

@@ -1,46 +1,25 @@
 """
-ClauseGuard — World's Best Legal Contract Analysis Tool (v4.3)
+ClauseGuard — World's Best Legal Contract Analysis Tool (v4.0)
 ═══════════════════════════════════════════════════════════════
-PERF v4.3:
-  • PERF: Upgraded embedder to BAAI/bge-small-en-v1.5 (+21% retrieval accuracy)
-  • PERF: Batched clause classification (single forward pass, batch_size=8)
-  • PERF: ONNX INT8 quantized model support (2-4x faster on CPU)
-  • PERF: torch.set_num_threads(2) to prevent CPU thrashing
-  • NEW: ml/export_onnx_v2.py — full merge→ONNX→quantize pipeline
-
-Fixes in v4.2:
-  • FIX: NLI now uses CrossEncoder.predict() — contradictions actually work
-  • FIX: BoundedCache uses threading.RLock — no more race conditions
-  • FIX: Pre-compiled ALL regex patterns at module level (perf)
-  • FIX: Added missing regex labels to RISK_MAP/DESC_MAP
-  • FIX: Extension risk formula matches backend
-  • FIX: Extension API_BASE URL corrected
-  • FIX: API CORS localhost requires explicit opt-in
-
-Fixes in v4.1:
-  • FIX: Bounded LRU caches (chunk_cache, prediction_cache) — no more memory leaks
-  • FIX: NLI input format — pass (text_a, text_b) tuple, not [SEP]-concatenated string
-  • FIX: Classifier max_length raised to 512 (was 256 — truncating legal clauses)
-  • FIX: Risk score formula — absolute risk, not normalized by total_clauses
-  • FIX: Train/inference alignment — use softmax+argmax for single-label model
-  • FIX: Added missing regex fallback patterns for more CUAD categories
-  • FIX: Entity extraction batching — single pipeline call instead of sequential
-  • PERF: Shared model singleton via models.py module
-  • PERF: LRU-bounded caches everywhere
-
-Carried from v4.0:
+New in v4.0:
   • OCR support for scanned PDFs (docTR engine with smart native/scanned routing)
   • Contract Q&A Chatbot (RAG: embedding retrieval + HF Inference API streaming)
   • Clause Redlining (3-tier: template lookup + RAG + LLM refinement)
-  • Fixed CUAD label mapping (added missing index 6)
-  • Structure-aware clause splitting
+
+Carried from v3.0:
+  • Fixed CUAD label mapping (added missing index 6: "Notice Period to Terminate Renewal")
+  • Switched from softmax → sigmoid for proper multi-label classification
+  • Per-class optimized thresholds instead of flat 0.15
+  • Structure-aware clause splitting (respects section numbering)
   • Real NLI contradiction detection via cross-encoder model
-  • ML-based Legal NER with regex fallback
+  • ML-based Legal NER (matterstack/legal-bert-ner) with regex fallback
   • Semantic compliance checking with negation handling
   • Improved obligation extraction with false-positive filtering
-  • LLM-powered clause explanations
+  • LLM-powered clause explanations (via HF Inference API)
+  • Prediction caching (LRU) for performance
   • Per-session temp files (no collision)
-  • Model health reporting
+  • Model health reporting to user
+  • Document structure parsing
 
 Models:
   • Clause classifier: Mokshith31/legalbert-contract-clause-classification
@@ -60,8 +39,7 @@ import io
 import uuid
 import tempfile
 import hashlib
-import threading
-from collections import defaultdict, OrderedDict
+from collections import defaultdict
 from datetime import datetime
 from functools import lru_cache
 
@@ -94,29 +72,9 @@ try:
     )
     from peft import PeftModel
     _HAS_TORCH = True
-    # PERF v4.3: Limit PyTorch threads to avoid CPU thrashing under concurrent requests.
-    # HF Spaces CPU-basic has 2 vCPUs. Reserve 1 thread for Gradio server.
-    torch.set_num_threads(2)
-    torch.set_num_interop_threads(1)
 except Exception:
     pass
 
-# ── ONNX Runtime (soft-fail, for quantized model) ─────────────────────
-_HAS_ORT = False
-try:
-    from optimum.onnxruntime import ORTModelForSequenceClassification as _ORTModel
-    _HAS_ORT = True
-except ImportError:
-    pass
-
-# ── CrossEncoder for NLI (soft-fail) ──────────────────────────────────
-_HAS_CROSS_ENCODER = False
-try:
-    from sentence_transformers import CrossEncoder as _CrossEncoder
-    _HAS_CROSS_ENCODER = True
-except ImportError:
-    pass
-
 # ── Import submodules ───────────────────────────────────────────────
 from compare import compare_contracts, render_comparison_html
 from obligations import extract_obligations, render_obligations_html
@@ -179,12 +137,7 @@ _UNFAIR_LABELS = [
     "Jurisdiction", "Arbitration"
 ]
 
-# FIX v4.2: Include regex-only labels that aren't in CUAD or Unfair lists
-_EXTRA_REGEX_LABELS = [
-    "Indemnification", "Confidentiality", "Force Majeure", "Penalties"
-]
-
-_ALL_LABELS = CUAD_LABELS + _UNFAIR_LABELS + _EXTRA_REGEX_LABELS
+_ALL_LABELS = CUAD_LABELS + _UNFAIR_LABELS
 
 RISK_MAP = {
     # Critical
@@ -240,11 +193,6 @@ RISK_MAP = {
     "Other": "LOW",
     "ROFR/ROFO/ROFN": "LOW",
     "Contract by using": "LOW",
-    # FIX v4.2: Added regex-only labels that were missing from RISK_MAP
-    "Indemnification": "HIGH",
-    "Confidentiality": "MEDIUM",
-    "Force Majeure": "LOW",
-    "Penalties": "HIGH",
 }
 
 DESC_MAP = {label: label.replace("_", " ") for label in _ALL_LABELS}
@@ -285,65 +233,10 @@ DESC_MAP.update({
     "Irrevocable or Perpetual License": "License that cannot be revoked or lasts indefinitely.",
     "Unlimited/All-You-Can-Eat License": "License with no usage limits.",
     "Notice Period to Terminate Renewal": "Required notice period before automatic renewal.",
-    # FIX v4.2: Added descriptions for regex-only labels
-    "Indemnification": "Obligation to compensate the other party for losses or damages.",
-    "Confidentiality": "Restrictions on sharing proprietary or sensitive information.",
-    "Force Majeure": "Excuses performance due to extraordinary events beyond control.",
-    "Penalties": "Financial penalties for breach or late performance.",
 })
 
 RISK_WEIGHTS = {"CRITICAL": 40, "HIGH": 20, "MEDIUM": 10, "LOW": 3}
 
-# FIX v4.3.1: Content-based severity refinement
-# Default RISK_MAP assigns severity by label alone. This function downgrades severity
-# when the clause text contains mitigating language (caps, carve-outs, time limits).
-_SEVERITY_MITIGATORS = {
-    "IP Ownership Assignment": {
-        # Downgrade from CRITICAL to HIGH if pre-existing IP is carved out
-        "HIGH": re.compile(r'pre[\-\s]existing|background\s+ip|prior\s+(?:ip|intellectual)', re.IGNORECASE),
-        # Downgrade to MEDIUM if both carve-out AND license-back exist
-        "MEDIUM": re.compile(r'(?:pre[\-\s]existing|background\s+ip).*(?:license|retain)', re.IGNORECASE | re.DOTALL),
-    },
-    "Limitation of liability": {
-        # Downgrade from CRITICAL to HIGH if there's any cap
-        "HIGH": re.compile(r'shall\s+not\s+exceed|aggregate.{0,20}(?:not\s+exceed|limited\s+to)|cap(?:ped)?\s+at', re.IGNORECASE),
-        # Downgrade to MEDIUM if there's a reasonable cap AND exceptions for gross negligence
-        "MEDIUM": re.compile(r'(?:shall\s+not\s+exceed|limited\s+to).{0,80}(?:gross\s+negligence|willful|fraud)', re.IGNORECASE | re.DOTALL),
-    },
-    "Termination for Convenience": {
-        # Downgrade from CRITICAL to HIGH if there's a notice period
-        "HIGH": re.compile(r'(?:\d+)\s+(?:day|month|week)s?.{0,20}(?:prior|advance|written)\s+notice', re.IGNORECASE),
-        # Downgrade to MEDIUM if mutual termination right
-        "MEDIUM": re.compile(r'either\s+party\s+may\s+terminat', re.IGNORECASE),
-    },
-    "Non-Compete": {
-        # Downgrade from HIGH to MEDIUM if time-limited
-        "MEDIUM": re.compile(r'(?:period\s+of|for)\s+(?:\d+|one|two|three|six|twelve)\s+(?:\(\d+\)\s+)?(?:month|year)', re.IGNORECASE),
-    },
-    "Arbitration": {
-        # Downgrade from CRITICAL to HIGH if opt-out is available
-        "HIGH": re.compile(r'opt[\-\s]?out|may\s+elect|small\s+claims', re.IGNORECASE),
-    },
-}
-
-
-def _refine_severity(label, text, default_risk):
-    """FIX v4.3.1: Refine severity based on clause content, not just label."""
-    mitigators = _SEVERITY_MITIGATORS.get(label)
-    if not mitigators:
-        return default_risk
-
-    # Check from lowest severity up — return the lowest matching level
-    for level in ["MEDIUM", "HIGH"]:
-        pattern = mitigators.get(level)
-        if pattern and pattern.search(text):
-            # Only downgrade, never upgrade
-            level_order = {"CRITICAL": 4, "HIGH": 3, "MEDIUM": 2, "LOW": 1}
-            if level_order.get(level, 0) < level_order.get(default_risk, 0):
-                return level
-
-    return default_risk
-
 RISK_STYLES = {
     "CRITICAL": ("#dc2626", "#fef2f2", "⚠️"),
     "HIGH":     ("#ea580c", "#fff7ed", "⚡"),
@@ -351,58 +244,15 @@ RISK_STYLES = {
     "LOW":      ("#16a34a", "#f0fdf4", "✓"),
 }
 
-# ═══════════════════════════════════════════════════════════════════════
-# FIX v4.1: Per-class thresholds aligned with single-label softmax
-# The model was trained with cross-entropy (single-label), so inference
-# now uses softmax+argmax, not sigmoid. Thresholds apply to softmax probs.
-# ═══════════════════════════════════════════════════════════════════════
+# Per-class optimized thresholds (tuned on validation set; classes with F1=0 get high threshold)
+# Classes 0,1,2,7,9,21,22,27,37,38 scored F1=0.00 in the model card → raise thresholds
 _CUAD_THRESHOLDS = {}
 _WEAK_CLASSES = {0, 1, 2, 7, 9, 21, 22, 27, 37, 38}
 for _i in range(41):
     if _i in _WEAK_CLASSES:
         _CUAD_THRESHOLDS[_i] = 0.85  # Only flag if very confident (these classes are unreliable)
     else:
-        _CUAD_THRESHOLDS[_i] = 0.40  # Reasonable threshold for softmax outputs
-
-# ═══════════════════════════════════════════════════════════════════════
-# FIX v4.1: Bounded LRU Cache utility (replaces unbounded dicts)
-# ═══════════════════════════════════════════════════════════════════════
-
-class BoundedCache:
-    """Thread-safe bounded LRU cache using OrderedDict + RLock.
-    FIX v4.2: Added threading.RLock to prevent race conditions under
-    Gradio's concurrent request handling. OrderedDict compound operations
-    (contains + setitem + move_to_end + popitem) are NOT atomic even with GIL."""
-    def __init__(self, maxsize=1000):
-        self._cache = OrderedDict()
-        self._maxsize = maxsize
-        self._lock = threading.RLock()
-
-    def get(self, key, default=None):
-        with self._lock:
-            if key in self._cache:
-                self._cache.move_to_end(key)
-                return self._cache[key]
-            return default
-
-    def put(self, key, value):
-        with self._lock:
-            if key in self._cache:
-                self._cache.move_to_end(key)
-                self._cache[key] = value
-            else:
-                if len(self._cache) >= self._maxsize:
-                    self._cache.popitem(last=False)
-                self._cache[key] = value
-
-    def __contains__(self, key):
-        with self._lock:
-            return key in self._cache
-
-    def __len__(self):
-        with self._lock:
-            return len(self._cache)
-
+        _CUAD_THRESHOLDS[_i] = 0.40  # Reasonable threshold for sigmoid outputs
 
 # ═══════════════════════════════════════════════════════════════════════
 # 2. MODEL LOADING
@@ -411,30 +261,11 @@ class BoundedCache:
 cuad_tokenizer = None
 cuad_model = None
 ner_pipeline = None
-nli_model = None  # FIX v4.2: CrossEncoder instead of pipeline
+nli_pipeline = None
 _model_status = {"cuad": "not_loaded", "ner": "not_loaded", "nli": "not_loaded"}
 
 def _load_cuad_model():
     global cuad_tokenizer, cuad_model, _model_status
-    # PERF v4.3: Try ONNX quantized model first (2-4x faster on CPU)
-    onnx_model_path = os.environ.get("ONNX_MODEL_PATH", "")
-    onnx_hub_id = os.environ.get("ONNX_HUB_MODEL_ID", "gaurv007/clauseguard-onnx-int8")
-
-    if _HAS_ORT:
-        for source in [onnx_model_path, onnx_hub_id]:
-            if not source:
-                continue
-            try:
-                print(f"[ClauseGuard] Trying ONNX model: {source}")
-                cuad_model = _ORTModel.from_pretrained(source, file_name="model_quantized.onnx")
-                cuad_tokenizer = AutoTokenizer.from_pretrained(source)
-                _model_status["cuad"] = "loaded (ONNX INT8)"
-                print(f"[ClauseGuard] ONNX INT8 model loaded from {source}")
-                return
-            except Exception as e:
-                print(f"[ClauseGuard] ONNX load failed from {source}: {e}")
-
-    # Fallback to PyTorch PEFT model
     if not _HAS_TORCH:
         print("[ClauseGuard] PyTorch not available — using regex fallback")
         _model_status["cuad"] = "unavailable"
@@ -442,15 +273,15 @@ def _load_cuad_model():
     try:
         base = "nlpaueb/legal-bert-base-uncased"
         adapter = "Mokshith31/legalbert-contract-clause-classification"
-        print(f"[ClauseGuard] Loading CUAD classifier (PyTorch): {adapter}")
+        print(f"[ClauseGuard] Loading CUAD classifier: {adapter}")
         cuad_tokenizer = AutoTokenizer.from_pretrained(base)
         base_model = AutoModelForSequenceClassification.from_pretrained(
             base, num_labels=41, ignore_mismatched_sizes=True
         )
         cuad_model = PeftModel.from_pretrained(base_model, adapter)
         cuad_model.eval()
-        _model_status["cuad"] = "loaded (PyTorch)"
-        print("[ClauseGuard] CUAD model loaded successfully (PyTorch)")
+        _model_status["cuad"] = "loaded"
+        print("[ClauseGuard] CUAD model loaded successfully")
     except Exception as e:
         print(f"[ClauseGuard] CUAD model load failed: {e}")
         cuad_tokenizer = None
@@ -478,16 +309,20 @@ def _load_ner_model():
         _model_status["ner"] = f"failed: {e}"
 
 def _load_nli_model():
-    global nli_model, _model_status, _HAS_NLI_MODEL
-    if not _HAS_CROSS_ENCODER:
-        _model_status["nli"] = "unavailable (sentence-transformers not installed)"
+    global nli_pipeline, _model_status, _HAS_NLI_MODEL
+    if not _HAS_TORCH:
+        _model_status["nli"] = "unavailable"
         return
     try:
-        print("[ClauseGuard] Loading NLI model: cross-encoder/nli-deberta-v3-base (CrossEncoder)")
-        nli_model = _CrossEncoder("cross-encoder/nli-deberta-v3-base")
+        print("[ClauseGuard] Loading NLI model: cross-encoder/nli-deberta-v3-base")
+        nli_pipeline = pipeline(
+            "text-classification",
+            model="cross-encoder/nli-deberta-v3-base",
+            device=-1,
+        )
         _HAS_NLI_MODEL = True
         _model_status["nli"] = "loaded"
-        print("[ClauseGuard] NLI CrossEncoder loaded successfully")
+        print("[ClauseGuard] NLI model loaded successfully")
     except Exception as e:
         print(f"[ClauseGuard] NLI model load failed (using heuristic fallback): {e}")
         _model_status["nli"] = f"failed: {e}"
@@ -549,45 +384,46 @@ def parse_document(file_path):
         return None, f"Unsupported file type: {ext}"
 
 # ═══════════════════════════════════════════════════════════════════════
-# 4. DETERMINISTIC CLAUSE SPLITTING
-#    FIX v4.1: Bounded cache (max 500 documents) instead of unbounded dict
+# 4. DETERMINISTIC CLAUSE SPLITTING (Fix 1 from bug report)
 # ═══════════════════════════════════════════════════════════════════════
 
-_chunk_cache = BoundedCache(maxsize=500)
-
-# FIX v4.2: Pre-compile section pattern at module level (was recompiling per call)
-_SECTION_PATTERN = re.compile(
-    r'(?:^|\n\n)'
-    r'(?='
-    r'\d+(?:\.\d+)*[.)]\s'   # 1. 2. 3.1. 3.1)
-    r'|[A-Z]{2,}[A-Z\s]*\n'  # ALL CAPS HEADERS
-    r'|\([a-z]\)\s'           # (a) (b) (c)
-    r'|(?:Section|Article|Clause)\s+\d+'  # Section 1, Article 2
-    r')',
-    re.MULTILINE
-)
+# Document-level chunk cache: same text always produces same chunks
+_chunk_cache = {}
 
 def split_clauses(text):
     """Deterministic, structure-aware clause splitting.
-    Same input ALWAYS produces same output. Normalized text is hashed
+    Fix 1: Same input ALWAYS produces same output. Normalized text is hashed
     and cached so repeated runs on identical documents are identical."""
+    # Normalize whitespace before hashing for determinism
     normalized = re.sub(r'\s+', ' ', text.strip())
     text_hash = hashlib.sha256(normalized.encode()).hexdigest()
-    cached = _chunk_cache.get(text_hash)
-    if cached is not None:
-        return cached
+    if text_hash in _chunk_cache:
+        return _chunk_cache[text_hash]
 
     text = re.sub(r'\n{3,}', '\n\n', text.strip())
 
     # First try to detect numbered sections (1., 2., 3.1, (a), etc.)
-    positions = [m.start() for m in _SECTION_PATTERN.finditer(text)]
+    section_pattern = re.compile(
+        r'(?:^|\n\n)'
+        r'(?='
+        r'\d+(?:\.\d+)*[.)]\s'   # 1. 2. 3.1. 3.1)
+        r'|[A-Z]{2,}[A-Z\s]*\n'  # ALL CAPS HEADERS
+        r'|\([a-z]\)\s'           # (a) (b) (c)
+        r'|(?:Section|Article|Clause)\s+\d+'  # Section 1, Article 2
+        r')',
+        re.MULTILINE
+    )
+
+    positions = [m.start() for m in section_pattern.finditer(text)]
 
     if len(positions) >= 3:
+        # Document has clear section structure — split on sections
         clauses = []
         for i, pos in enumerate(positions):
             end = positions[i + 1] if i + 1 < len(positions) else len(text)
             chunk = text[pos:end].strip()
             if len(chunk) > 30:
+                # If a section is very long, split on paragraph breaks within it
                 if len(chunk) > 1500:
                     sub_parts = chunk.split('\n\n')
                     current = ""
@@ -602,20 +438,22 @@ def split_clauses(text):
                         clauses.append(current.strip())
                 else:
                     clauses.append(chunk)
+        # Also capture anything before the first section
         if positions and positions[0] > 50:
             preamble = text[:positions[0]].strip()
             if len(preamble) > 30:
                 clauses.insert(0, preamble)
         result = clauses if clauses else _fallback_split(text)
-        _chunk_cache.put(text_hash, result)
+        _chunk_cache[text_hash] = result
         return result
     else:
         result = _fallback_split(text)
-        _chunk_cache.put(text_hash, result)
+        _chunk_cache[text_hash] = result
         return result
 
 def _fallback_split(text):
     """Fallback: split on paragraph breaks and sentence boundaries."""
+    # Try paragraph-based splitting first
     paragraphs = text.split('\n\n')
     if len(paragraphs) >= 3:
         clauses = []
@@ -623,6 +461,7 @@ def _fallback_split(text):
             p = p.strip()
             if len(p) > 30:
                 if len(p) > 1500:
+                    # Split long paragraphs on sentences
                     sents = re.split(r'(?<=[.!?])\s+(?=[A-Z])', p)
                     current = ""
                     for s in sents:
@@ -638,16 +477,17 @@ def _fallback_split(text):
                     clauses.append(p)
         return clauses
 
+    # Last resort: sentence splitting
     parts = re.split(r'(?<=[.!?])\s+(?=[A-Z0-9(])', text)
     return [p.strip() for p in parts if len(p.strip()) > 30]
 
 # ═══════════════════════════════════════════════════════════════════════
-# 5. CLAUSE DETECTION
-#    FIX v4.1: Use softmax (matching training) instead of sigmoid
-#    FIX v4.1: max_length raised to 512 (was 256)
-#    FIX v4.1: Bounded prediction cache
+# 5. CLAUSE DETECTION — FIXED: sigmoid + per-class thresholds + caching
+#    Fix 3: Strip section headings before classification
+#    Fix 6: Label guardrails for high-confidence false positives
 # ═══════════════════════════════════════════════════════════════════════
 
+# Fix 3: Section heading pattern — strip before classifying
 _HEADING_RE = re.compile(r'^\d+(?:\.\d+)*\s+[A-Z][A-Z\s&,/]+$', re.MULTILINE)
 
 def _strip_heading(text):
@@ -658,6 +498,7 @@ def _strip_heading(text):
         return stripped if len(stripped) > 20 else text
     return text
 
+# Fix 6: Label guardrails — keyword validation for high-confidence labels
 _LABEL_GUARDRAILS = {
     "Liquidated Damages": re.compile(
         r'liquidated|pre-?determined.{0,10}damage|agreed.{0,10}sum|penalty clause|stipulated.{0,10}damage',
@@ -667,127 +508,58 @@ _LABEL_GUARDRAILS = {
         r'uncapped|unlimited.{0,10}liabilit|no.{0,10}(limit|cap).{0,10}liabilit',
         re.IGNORECASE
     ),
-    "ROFR/ROFO/ROFN": re.compile(
-        r'right\s+of\s+first\s+(?:refusal|offer|negotiation)|ROFR|ROFO|ROFN',
-        re.IGNORECASE
-    ),
-    "Renewal Term": re.compile(
-        r'renew(?:al)?|successive\s+term|auto(?:matic(?:ally)?)?\s*[\-\s]?renew|non[\-\s]?renewal',
-        re.IGNORECASE
-    ),
-    # FIX v4.3.1: Revenue/Profit Sharing fires on IP assignment "rights for value" language
-    "Revenue/Profit Sharing": re.compile(
-        r'revenue\s+shar|profit\s+shar|revenue\s+split|percentage\s+of\s+revenue|royalt(?:y|ies)|gross\s+profit',
-        re.IGNORECASE
-    ),
-    # FIX v4.3.1: Minimum Commitment fires on fee schedules — require explicit minimum language
-    "Minimum Commitment": re.compile(
-        r'minimum\s+(?:purchase|order|spend|volume|commitment)|take[\-\s]or[\-\s]pay|minimum\s+annual',
-        re.IGNORECASE
-    ),
-    # FIX v4.3.1: Non-Disparagement fires on arbitration/class-waiver language
-    "Non-Disparagement": re.compile(
-        r'disparag|defam|false\s+statement|negative\s+statement|social\s+media|reputat',
-        re.IGNORECASE
-    ),
-}
-
-# FIX v4.3: Exclusion patterns — even if guardrail passes, exclude if contra-indicators present
-_LABEL_EXCLUSIONS = {
-    "ROFR/ROFO/ROFN": re.compile(
-        r'assigns?\s+to|irrevocab(?:ly|le)\s+assign|all\s+right,?\s+title,?\s+and\s+interest|work[\-\s]for[\-\s]hire',
-        re.IGNORECASE
-    ),
-    "Renewal Term": re.compile(
-        r'limitation\s+of\s+liabilit|shall\s+not\s+be\s+liable|indemnif|hold\s+harmless|defend\s+and',
-        re.IGNORECASE
-    ),
-    # FIX v4.3.1: Revenue/Profit Sharing must NOT fire on IP assignment or license grant clauses
-    "Revenue/Profit Sharing": re.compile(
-        r'assigns?\s+to|irrevocab(?:ly|le)\s+assign|work[\-\s](?:made\s+)?for[\-\s]hire|license\s+to\s+access|license\s+grant|non[\-\s]exclusive\s+license',
-        re.IGNORECASE
-    ),
-    # FIX v4.3.1: Non-Disparagement must NOT fire on arbitration/dispute sections
-    "Non-Disparagement": re.compile(
-        r'arbitrat|(?<!\w)aaa(?!\w)|(?<!\w)jams(?!\w)|class\s+action|collective\s+(?:proceeding|action)|waives?\s+any\s+right\s+to\s+participate|binding\s+arbitration',
-        re.IGNORECASE
-    ),
-}
-
-# FIX v4.3: Minimum confidence thresholds per label
-_LABEL_MIN_CONFIDENCE = {
-    "ROFR/ROFO/ROFN": 0.65,
-    "Renewal Term": 0.70,
-    "Revenue/Profit Sharing": 0.65,  # FIX v4.3.1
-    "Minimum Commitment": 0.65,      # FIX v4.3.1
 }
 
 def _apply_guardrails(label, text, confidence):
-    # Check minimum confidence for specific labels
-    min_conf = _LABEL_MIN_CONFIDENCE.get(label)
-    if min_conf and confidence < min_conf:
-        return "Other", confidence * 0.2
-
-    # Check required keywords (must be present)
+    """Fix 6: If label has a guardrail and text lacks required keywords, demote."""
     guard = _LABEL_GUARDRAILS.get(label)
     if guard and not guard.search(text):
-        return "Other", confidence * 0.3
-
-    # Check exclusion patterns (must NOT be present)
-    exclusion = _LABEL_EXCLUSIONS.get(label)
-    if exclusion and exclusion.search(text):
-        return "Other", confidence * 0.2
+        return "Other", confidence * 0.3  # demote to Other with reduced confidence
     return label, confidence
 
 def _text_hash(text):
     return hashlib.md5(text.encode()).hexdigest()
 
-# FIX v4.1: Bounded prediction cache
-_prediction_cache = BoundedCache(maxsize=2000)
+_prediction_cache = {}
+_CACHE_MAX = 2000
 
 def classify_cuad(clause_text):
     if cuad_model is None or cuad_tokenizer is None:
         return _classify_regex(clause_text)
 
+    # Fix 3: Strip section headings before classification
     clean_text = _strip_heading(clause_text)
 
+    # Check cache
     h = _text_hash(clean_text[:512])
-    cached = _prediction_cache.get(h)
-    if cached is not None:
-        return cached
+    if h in _prediction_cache:
+        return _prediction_cache[h]
 
     try:
-        # FIX v4.1: max_length=512 (was 256 — truncating long legal clauses)
         inputs = cuad_tokenizer(
             clean_text,
             return_tensors="pt",
             truncation=True,
-            max_length=512,
+            max_length=256,
             padding=True
         )
         with torch.no_grad():
             logits = cuad_model(**inputs).logits
 
-        # FIX v4.1: Use softmax (matching single-label cross-entropy training)
-        # The model was trained with F.cross_entropy, so softmax is correct.
-        probs = torch.softmax(logits, dim=-1)[0]
-
-        # Get the top prediction
-        top_prob, top_idx = torch.max(probs, dim=0)
-        top_idx = int(top_idx)
-        top_conf = float(top_prob)
+        # FIXED: Use sigmoid for multi-label (not softmax)
+        probs = torch.sigmoid(logits)[0]
 
         results = []
-
-        # Primary prediction
-        threshold = _CUAD_THRESHOLDS.get(top_idx, 0.40)
-        if top_conf > threshold and top_idx < len(CUAD_LABELS):
-            label = CUAD_LABELS[top_idx]
-            conf = top_conf
-            label, conf = _apply_guardrails(label, clause_text, conf)
-            if not (label == "Other" and conf < 0.3):
+        for i, prob in enumerate(probs):
+            threshold = _CUAD_THRESHOLDS.get(i, 0.40)
+            if float(prob) > threshold and i < len(CUAD_LABELS):
+                label = CUAD_LABELS[i]
+                conf = float(prob)
+                # Fix 6: Apply guardrails — reject high-confidence false positives
+                label, conf = _apply_guardrails(label, clause_text, conf)
+                if label == "Other" and conf < 0.3:
+                    continue  # Skip demoted labels
                 risk = RISK_MAP.get(label, "LOW")
-                risk = _refine_severity(label, clause_text, risk)
                 results.append({
                     "label": label,
                     "confidence": round(conf, 3),
@@ -795,170 +567,21 @@ def classify_cuad(clause_text):
                     "description": DESC_MAP.get(label, label),
                     "source": "ml",
                 })
-
-        # Also check 2nd-best prediction if confident enough
-        if len(probs) > 1:
-            sorted_probs, sorted_indices = torch.sort(probs, descending=True)
-            if len(sorted_probs) > 1:
-                second_idx = int(sorted_indices[1])
-                second_conf = float(sorted_probs[1])
-                second_threshold = _CUAD_THRESHOLDS.get(second_idx, 0.40)
-                if second_conf > second_threshold and second_idx < len(CUAD_LABELS):
-                    label2 = CUAD_LABELS[second_idx]
-                    conf2 = second_conf
-                    label2, conf2 = _apply_guardrails(label2, clause_text, conf2)
-                    if not (label2 == "Other" and conf2 < 0.3):
-                        # Only add if different from primary
-                        if not results or results[0]["label"] != label2:
-                            risk2 = RISK_MAP.get(label2, "LOW")
-                            risk2 = _refine_severity(label2, clause_text, risk2)
-                            results.append({
-                                "label": label2,
-                                "confidence": round(conf2, 3),
-                                "risk": risk2,
-                                "description": DESC_MAP.get(label2, label2),
-                                "source": "ml",
-                            })
-
         results.sort(key=lambda x: x["confidence"], reverse=True)
 
         # If no ML results, also try regex to catch what model misses
         if not results:
             results = _classify_regex(clause_text)
 
-        _prediction_cache.put(h, results)
+        # Cache result
+        if len(_prediction_cache) < _CACHE_MAX:
+            _prediction_cache[h] = results
+
         return results
     except Exception as e:
         print(f"[ClauseGuard] CUAD inference error: {e}")
         return _classify_regex(clause_text)
 
-# ═══════════════════════════════════════════════════════════════════════
-# 5b. BATCHED CLAUSE CLASSIFICATION
-#     PERF v4.3: Single forward pass for all clauses instead of one-by-one
-# ══════════════════════════════════════════════════════════════════════���
-
-def classify_cuad_batch(clauses, batch_size=8):
-    """Classify a batch of clauses in a single forward pass.
-    PERF v4.3: Replaces sequential classify_cuad() loop.
-    On CPU, batch_size=8 balances memory vs throughput."""
-    if cuad_model is None or cuad_tokenizer is None:
-        # Fallback to regex for all clauses
-        return [_classify_regex(c) for c in clauses]
-
-    all_results = []
-    # Check cache first, collect uncached clauses
-    uncached_indices = []
-    uncached_texts = []
-    for i, clause in enumerate(clauses):
-        clean = _strip_heading(clause)
-        h = _text_hash(clean[:512])
-        cached = _prediction_cache.get(h)
-        if cached is not None:
-            all_results.append((i, cached))
-        else:
-            uncached_indices.append(i)
-            uncached_texts.append(clean)
-            all_results.append((i, None))  # placeholder
-
-    if not uncached_texts:
-        return [r for _, r in sorted(all_results)]
-
-    # Process uncached in batches
-    for batch_start in range(0, len(uncached_texts), batch_size):
-        batch_texts = uncached_texts[batch_start:batch_start + batch_size]
-        batch_original = [clauses[uncached_indices[batch_start + j]] for j in range(len(batch_texts))]
-
-        try:
-            inputs = cuad_tokenizer(
-                batch_texts,
-                return_tensors="pt",
-                truncation=True,
-                max_length=512,
-                padding=True,
-            )
-            with torch.no_grad():
-                logits = cuad_model(**inputs).logits
-
-            probs = torch.softmax(logits, dim=-1)
-
-            for j in range(len(batch_texts)):
-                clause_probs = probs[j]
-                original_text = batch_original[j]
-                results = []
-
-                # Primary prediction
-                top_prob, top_idx = torch.max(clause_probs, dim=0)
-                top_idx_int = int(top_idx)
-                top_conf = float(top_prob)
-
-                threshold = _CUAD_THRESHOLDS.get(top_idx_int, 0.40)
-                if top_conf > threshold and top_idx_int < len(CUAD_LABELS):
-                    label = CUAD_LABELS[top_idx_int]
-                    conf = top_conf
-                    label, conf = _apply_guardrails(label, original_text, conf)
-                    if not (label == "Other" and conf < 0.3):
-                        risk = RISK_MAP.get(label, "LOW")
-                        risk = _refine_severity(label, original_text, risk)
-                        results.append({
-                            "label": label,
-                            "confidence": round(conf, 3),
-                            "risk": risk,
-                            "description": DESC_MAP.get(label, label),
-                            "source": "ml",
-                        })
-
-                # 2nd-best prediction
-                sorted_probs, sorted_indices = torch.sort(clause_probs, descending=True)
-                if len(sorted_probs) > 1:
-                    second_idx = int(sorted_indices[1])
-                    second_conf = float(sorted_probs[1])
-                    second_threshold = _CUAD_THRESHOLDS.get(second_idx, 0.40)
-                    if second_conf > second_threshold and second_idx < len(CUAD_LABELS):
-                        label2 = CUAD_LABELS[second_idx]
-                        conf2 = second_conf
-                        label2, conf2 = _apply_guardrails(label2, original_text, conf2)
-                        if not (label2 == "Other" and conf2 < 0.3):
-                            if not results or results[0]["label"] != label2:
-                                risk2 = RISK_MAP.get(label2, "LOW")
-                                risk2 = _refine_severity(label2, original_text, risk2)
-                                results.append({
-                                    "label": label2,
-                                    "confidence": round(conf2, 3),
-                                    "risk": risk2,
-                                    "description": DESC_MAP.get(label2, label2),
-                                    "source": "ml",
-                                })
-
-                results.sort(key=lambda x: x["confidence"], reverse=True)
-
-                if not results:
-                    results = _classify_regex(original_text)
-
-                # Cache the result
-                h = _text_hash(batch_texts[j][:512])
-                _prediction_cache.put(h, results)
-
-                # Update placeholder in all_results
-                global_idx = uncached_indices[batch_start + j]
-                for k, (idx, _) in enumerate(all_results):
-                    if idx == global_idx:
-                        all_results[k] = (idx, results)
-                        break
-
-        except Exception as e:
-            print(f"[ClauseGuard] Batch CUAD inference error: {e}")
-            # Fallback to regex for this batch
-            for j in range(len(batch_texts)):
-                global_idx = uncached_indices[batch_start + j]
-                results = _classify_regex(batch_original[j])
-                for k, (idx, _) in enumerate(all_results):
-                    if idx == global_idx:
-                        all_results[k] = (idx, results)
-                        break
-
-    return [r for _, r in sorted(all_results)]
-
-# FIX v4.1: Extended regex patterns to cover more CUAD categories
 _REGEX_PATTERNS = {
     "Limitation of liability": [r"not liable", r"shall not be (liable|responsible)", r"in no event.*liable", r"limitation of liability", r"without warranty", r"disclaim"],
     "Unilateral termination": [r"terminat.*at any time", r"suspend.*account.*without", r"we may (terminat|suspend|discontinu)", r"right to (terminat|suspend)"],
@@ -970,60 +593,30 @@ _REGEX_PATTERNS = {
     "Arbitration": [r"arbitrat", r"binding arbitration", r"waive.*right.*court", r"class action waiver"],
     "Governing Law": [r"governed by", r"laws of", r"jurisdiction of"],
     "Termination for Convenience": [r"terminat.*for convenience", r"terminat.*without cause", r"terminat.*at any time"],
-    "Non-Compete": [r"non-compete", r"shall not compete", r"competition restriction"],
+    "Non-Compete": [r"non-compete", r"shall not compete", r"competition"],
     "Exclusivity": [r"exclusive(?:ly)?(?:\s+(?:deal|relationship|partner|right))", r"exclusivity"],
-    "IP Ownership Assignment": [r"assign.*intellectual property", r"ownership of.*ip", r"all rights.*assign", r"work.?for.?hire"],
+    "IP Ownership Assignment": [r"assign.*intellectual property", r"ownership of.*ip", r"all rights.*assign"],
     "Uncapped Liability": [r"unlimited liability", r"uncapped", r"no.*limit.*liability"],
     "Cap on Liability": [r"cap on liability", r"maximum liability", r"liability.*shall not exceed", r"aggregate liability.*not exceed"],
     "Indemnification": [r"indemnif", r"hold harmless", r"defend.*against.*claim"],
     "Confidentiality": [r"confidential(?:ity)?", r"non-disclosure", r"\bnda\b"],
     "Force Majeure": [r"force majeure", r"act of god", r"beyond.*(?:reasonable\s+)?control"],
     "Penalties": [r"penalt(?:y|ies)", r"late fee", r"default charge", r"interest on overdue"],
-    # FIX v4.1: Added missing regex patterns for more CUAD categories
-    "Audit Rights": [r"audit rights?", r"right to audit", r"inspect.*records?", r"examination of.*records?", r"access to.*books"],
-    "Warranty Duration": [r"warrant(?:y|ies).*(?:period|duration|term|months?|years?)", r"warranty.*shall.*(?:remain|last|continue)", r"limited warranty"],
-    "Insurance": [r"(?:shall|must).*maintain.*insurance", r"insurance.*coverage", r"policy of insurance", r"certificate of insurance"],
-    "Source Code Escrow": [r"source code escrow", r"escrow.*source code", r"escrow agent"],
-    "Post-Termination Services": [r"post.?termination.*(?:service|obligation|support)", r"(?:after|following|upon).*termination.*(?:shall|must|will).*(?:provide|continue)"],
-    "Renewal Term": [r"renew(?:al)?.*term", r"auto(?:matic(?:ally)?)?.*renew", r"successive.*(?:term|period)"],
-    "Notice Period to Terminate Renewal": [r"notice.*(?:to\s+)?terminat.*renew", r"(?:days?|months?).*(?:prior|advance).*(?:notice|written).*(?:terminat|renew)", r"notice of non.?renewal"],
-    "Change of Control": [r"change of control", r"change in.*(?:ownership|control)", r"merger.*acquisition", r"sale of.*(?:all|substantially).*assets"],
-    "Anti-Assignment": [r"(?:shall|may)\s+not\s+assign", r"anti.?assignment", r"no.*assignment.*without.*consent"],
-    "Revenue/Profit Sharing": [r"revenue.*shar", r"profit.*shar", r"royalt(?:y|ies)"],
-    "Liquidated Damages": [r"liquidated.*damages?", r"pre.?determined.*damage", r"stipulated.*damage"],
-    "Covenant Not to Sue": [r"covenant not to sue", r"(?:shall|agree).*not.*(?:bring|file|commence).*(?:action|claim|suit)"],
-    "Joint IP Ownership": [r"joint(?:ly)?.*own(?:ed|ership)?.*(?:ip|intellectual property)", r"co.?own(?:ed|ership)?"],
-    "License Grant": [r"(?:grant|license).*(?:non.?exclusive|exclusive|perpetual|irrevocable).*(?:license|right)", r"hereby grants?.*license"],
-    "Non-Transferable License": [r"non.?transferable.*license", r"license.*(?:shall|may)\s+not.*(?:transfer|assign|sublicense)"],
-    "ROFR/ROFO/ROFN": [r"right of first.*(?:refusal|offer|negotiation)", r"ROFR", r"ROFO", r"ROFN"],
-    "No-Solicit of Customers": [r"(?:shall|must|agree).*not.*solicit.*customer", r"no.?solicit.*customer", r"non.?solicitation.*customer"],
-    "No-Solicit of Employees": [r"(?:shall|must|agree).*not.*solicit.*employee", r"no.?solicit.*employee", r"non.?solicitation.*employee", r"no.?hire"],
-    "Non-Disparagement": [r"non.?disparagement", r"(?:shall|must|agree).*not.*(?:disparag|defam|make.*negative)", r"not.*make.*derogatory"],
-    "Most Favored Nation": [r"most favou?red.*nation", r"MFN", r"most favou?red.*(?:customer|pricing|terms)"],
-    "Third Party Beneficiary": [r"third.?party.*beneficiar", r"no.*third.?party.*beneficiar"],
-    "Minimum Commitment": [r"minimum.*(?:commitment|purchase|order|volume|spend)", r"(?:shall|must).*(?:purchase|order).*(?:at least|minimum|no less than)"],
-    "Volume Restriction": [r"volume.*(?:restriction|limitation|cap|ceiling)", r"(?:shall|may).*not.*exceed.*(?:volume|quantity)"],
-    "Price Restriction": [r"price.*(?:restriction|limitation|ceiling|cap|floor)", r"(?:shall|may).*not.*(?:increase|raise|exceed).*price"],
 }
 
-# FIX v4.2: Pre-compile regex patterns at module level (was recompiling per call)
-_REGEX_PATTERNS_COMPILED = {}
-for _label, _pats in _REGEX_PATTERNS.items():
-    _REGEX_PATTERNS_COMPILED[_label] = [re.compile(p, re.IGNORECASE) for p in _pats]
-
 def _classify_regex(text):
     """Regex fallback — returns pattern match, NOT fake confidence."""
     text_lower = text.lower()
     results = []
     seen = set()
-    for label, patterns in _REGEX_PATTERNS_COMPILED.items():
+    for label, patterns in _REGEX_PATTERNS.items():
         for pat in patterns:
-            if pat.search(text_lower):
+            if re.search(pat, text_lower):
                 if label not in seen:
                     risk = RISK_MAP.get(label, "MEDIUM")
                     results.append({
                         "label": label,
-                        "confidence": None,
+                        "confidence": None,  # FIXED: no fake confidence for regex
                         "risk": risk,
                         "description": DESC_MAP.get(label, label),
                         "source": "pattern",
@@ -1034,25 +627,20 @@ def _classify_regex(text):
 
 # ═══════════════════════════════════════════════════════════════════════
 # 6. LEGAL NER — ML model with regex fallback
-#    FIX v4.1: Batch all chunks in single pipeline call
 # ═══════════════════════════════════════════════════════════════════════
 
 def extract_entities(text):
     """Extract entities using ML model (matterstack/legal-bert-ner) with regex fallback."""
     entities = []
 
+    # Try ML NER first
     if _HAS_NER_MODEL and ner_pipeline is not None:
         try:
-            # FIX v4.1: Create overlapping chunks but batch them in a SINGLE pipeline call
-            max_text = min(len(text), 10000)
-            chunks = [text[i:i+512] for i in range(0, max_text, 450)]
-            offsets = list(range(0, max_text, 450))
-
-            # Single batched pipeline call instead of sequential
-            all_ner_results = ner_pipeline(chunks, batch_size=8)
-
-            for chunk_idx, ner_results in enumerate(all_ner_results):
-                offset = offsets[chunk_idx]
+            # Process in chunks (model has max length limits)
+            chunks = [text[i:i+512] for i in range(0, min(len(text), 10000), 450)]
+            offset = 0
+            for chunk in chunks:
+                ner_results = ner_pipeline(chunk)
                 for ent in ner_results:
                     if ent.get("score", 0) > 0.5:
                         entities.append({
@@ -1063,55 +651,16 @@ def extract_entities(text):
                             "score": round(ent["score"], 3),
                             "source": "ml",
                         })
+                offset += 450
         except Exception as e:
             print(f"[ClauseGuard] ML NER error, falling back to regex: {e}")
             entities = _extract_entities_regex(text)
     else:
         entities = _extract_entities_regex(text)
 
-    # FIX v4.3: Post-process ML entities to clean up WordPiece artefacts
-    cleaned_entities = []
-    for e in entities:
-        text_val = e.get("text", "")
-        # Strip WordPiece subword tokens (## prefix)
-        if "##" in text_val:
-            text_val = re.sub(r'##\w*', '', text_val).strip()
-            text_val = re.sub(r'\s+', ' ', text_val).strip()
-        # Discard entities that are too short, start/end with hyphens, or are garbled
-        if len(text_val) < 2:
-            continue
-        if text_val.startswith("-") or text_val.endswith("-"):
-            continue
-        # Discard low-confidence MISC entities (almost always tokenisation artefacts)
-        if e.get("type") == "MISC" and e.get("score", 1.0) < 0.6:
-            continue
-        # Discard entities that are mostly punctuation/symbols
-        alpha_ratio = sum(1 for c in text_val if c.isalnum()) / max(len(text_val), 1)
-        if alpha_ratio < 0.4:
-            continue
-        e["text"] = text_val
-        cleaned_entities.append(e)
-    entities = cleaned_entities
-
-    # FIX v4.3: Split concatenated MONEY/QUANTITY entities
-    # e.g., "usd $ 485, 000,usd $ 72, 000" → separate entities
-    _CURRENCY_SPLIT = re.compile(r'(?<=[\d,])\s*(?=(?:USD|usd|EUR|GBP|\$|£|€))', re.IGNORECASE)
-    split_entities = []
-    for e in entities:
-        if e.get("type") in ("MONEY", "QUANTITY") and _CURRENCY_SPLIT.search(e["text"]):
-            parts = _CURRENCY_SPLIT.split(e["text"])
-            for part in parts:
-                part = part.strip().strip(",").strip()
-                if len(part) >= 2:
-                    new_ent = dict(e)
-                    new_ent["text"] = re.sub(r'\s+', '', part) if "$" in part or "USD" in part.upper() else part
-                    split_entities.append(new_ent)
-        else:
-            split_entities.append(e)
-    entities = split_entities
-
     # Always supplement with regex patterns for things NER often misses
     regex_ents = _extract_entities_regex(text)
+    # Merge: add regex entities that don't overlap with ML entities
     ml_spans = set()
     for e in entities:
         for pos in range(e["start"], e["end"]):
@@ -1131,13 +680,20 @@ def extract_entities(text):
     return filtered
 
 def _map_ner_label(label):
+    """Map NER model labels to our entity types."""
     label = label.upper()
     mapping = {
-        "PER": "PERSON", "PERSON": "PERSON",
-        "ORG": "PARTY", "ORGANIZATION": "PARTY",
-        "LOC": "JURISDICTION", "LOCATION": "JURISDICTION",
-        "GPE": "JURISDICTION", "DATE": "DATE",
-        "MONEY": "MONEY", "MISC": "MISC", "LAW": "LEGAL_REF",
+        "PER": "PERSON",
+        "PERSON": "PERSON",
+        "ORG": "PARTY",
+        "ORGANIZATION": "PARTY",
+        "LOC": "JURISDICTION",
+        "LOCATION": "JURISDICTION",
+        "GPE": "JURISDICTION",
+        "DATE": "DATE",
+        "MONEY": "MONEY",
+        "MISC": "MISC",
+        "LAW": "LEGAL_REF",
     }
     return mapping.get(label, label)
 
@@ -1145,19 +701,26 @@ def _extract_entities_regex(text):
     """Regex-based NER fallback."""
     entities = []
     patterns = [
+        # Dates
         (r'\b(?:January|February|March|April|May|June|July|August|September|October|November|December)\s+\d{1,2},?\s+\d{4}\b', "DATE"),
         (r'\b\d{1,2}/\d{1,2}/\d{2,4}\b', "DATE"),
         (r'\b\d{1,2}-(?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)-\d{2,4}\b', "DATE"),
         (r'\b(?:Effective|Commencement|Expiration|Termination)\s+Date\b', "DATE_REF"),
+        # Money
         (r'\$\s?\d{1,3}(?:,\d{3})*(?:\.\d{2})?(?:\s*(?:million|billion|thousand|M|B|K))?', "MONEY"),
         (r'\b\d{1,3}(?:,\d{3})*(?:\.\d{2})?\s*(?:USD|EUR|GBP|dollars|euros|pounds)', "MONEY"),
         (r'\b(?:USD|EUR|GBP)\s*\d{1,3}(?:,\d{3})*(?:\.\d{2})?', "MONEY"),
+        # Percentages
         (r'\b\d+(?:\.\d+)?%', "PERCENTAGE"),
+        # Durations
         (r'\b\d+\s*(?:year|month|week|day|business day)s?\b', "DURATION"),
+        # Parties (require suffix to reduce false positives)
         (r'\b[A-Z][A-Za-z0-9\s&,]+?(?:Inc\.?|LLC|Ltd\.?|Limited|Corp\.?|Corporation|PLC|GmbH|AG|S\.A\.?|B\.V\.?|L\.P\.?|LLP)\b', "PARTY"),
         (r'\b(?:Party A|Party B|Disclosing Party|Receiving Party|Licensor|Licensee|Buyer|Seller|Tenant|Landlord|Employer|Employee|Customer|Vendor|Client)\b', "PARTY_ROLE"),
+        # Jurisdictions
         (r'\b(?:State|Commonwealth)\s+of\s+[A-Z][a-zA-Z\s]+', "JURISDICTION"),
         (r'\b(?:California|Delaware|New York|Texas|Florida|England|Ireland|Germany|France|Singapore|Hong Kong|Ontario|British Columbia)\b', "JURISDICTION"),
+        # Defined Terms (quoted or parenthesized)
         (r'"([A-Z][A-Za-z\s]{1,40})"', "DEFINED_TERM"),
         (r'\((?:the\s+)?"([A-Z][A-Za-z\s]{1,40})"\)', "DEFINED_TERM"),
     ]
@@ -1174,29 +737,9 @@ def _extract_entities_regex(text):
     return entities
 
 # ═══════════════════════════════════════════════════════════════════════
-# 7. NLI / CONTRADICTION DETECTION
-#    FIX v4.1: Pass (text_a, text_b) as dict with proper keys for
-#    cross-encoder pipeline, not [SEP]-concatenated string
+# 7. NLI / CONTRADICTION DETECTION — Real semantic analysis
 # ═══════════════════════════════════════════════════════════════════════
 
-def _run_nli(text_a, text_b):
-    """Run NLI using CrossEncoder with correct input format.
-    FIX v4.2: Use sentence_transformers.CrossEncoder.predict() which accepts
-    a list of (text_a, text_b) tuples. Returns scores for [contradiction, entailment, neutral].
-    The old code used pipeline("text-classification") with dict input, which was broken."""
-    try:
-        # CrossEncoder.predict returns numpy array of shape (n_pairs, 3)
-        # Columns: [contradiction, entailment, neutral]
-        scores = nli_model.predict([(text_a[:256], text_b[:256])])
-        label_mapping = ["contradiction", "entailment", "neutral"]
-        top_idx = int(scores[0].argmax())
-        top_score = float(scores[0][top_idx])
-        return [{"label": label_mapping[top_idx], "score": top_score}]
-    except Exception as e:
-        print(f"[ClauseGuard] NLI inference error: {e}")
-        return None
-
-
 def detect_contradictions(clause_results, raw_text=""):
     """
     Detect contradictions using:
@@ -1213,7 +756,8 @@ def detect_contradictions(clause_results, raw_text=""):
         clause_texts_by_label[cr["label"]].append(cr.get("text", ""))
 
     # ── 1. Semantic NLI (if model available) ──
-    if _HAS_NLI_MODEL and nli_model is not None:
+    if _HAS_NLI_MODEL and nli_pipeline is not None:
+        # Check clauses that belong to potentially conflicting categories
         conflict_pairs = [
             ("Uncapped Liability", "Cap on Liability",
              "Liability cannot be both uncapped and capped simultaneously."),
@@ -1228,20 +772,24 @@ def detect_contradictions(clause_results, raw_text=""):
                 texts_b = clause_texts_by_label[label_b]
                 for ta in texts_a[:2]:
                     for tb in texts_b[:2]:
-                        # FIX v4.1: Use proper NLI input format
-                        nli_result = _run_nli(ta, tb)
-                        if nli_result is None:
-                            continue
-                        for r in (nli_result if isinstance(nli_result, list) else [nli_result]):
-                            if r.get("label", "").lower() == "contradiction" and r.get("score", 0) > 0.6:
-                                contradictions.append({
-                                    "type": "CONTRADICTION",
-                                    "explanation": explanation,
-                                    "severity": "HIGH",
-                                    "clauses": [label_a, label_b],
-                                    "confidence": round(r["score"], 3),
-                                    "source": "nli_model",
-                                })
+                        try:
+                            nli_result = nli_pipeline(
+                                f"{ta[:256]} [SEP] {tb[:256]}",
+                                truncation=True
+                            )
+                            # Check if model predicts contradiction
+                            for r in (nli_result if isinstance(nli_result, list) else [nli_result]):
+                                if r.get("label", "").lower() == "contradiction" and r.get("score", 0) > 0.6:
+                                    contradictions.append({
+                                        "type": "CONTRADICTION",
+                                        "explanation": explanation,
+                                        "severity": "HIGH",
+                                        "clauses": [label_a, label_b],
+                                        "confidence": round(r["score"], 3),
+                                        "source": "nli_model",
+                                    })
+                        except Exception:
+                            pass
 
         # Also check for internal contradictions within governing law / termination
         for label in ["Governing Law", "Termination for Convenience"]:
@@ -1249,19 +797,23 @@ def detect_contradictions(clause_results, raw_text=""):
             if len(texts) >= 2:
                 for i in range(len(texts)):
                     for j in range(i + 1, min(len(texts), i + 3)):
-                        nli_result = _run_nli(texts[i], texts[j])
-                        if nli_result is None:
-                            continue
-                        for r in (nli_result if isinstance(nli_result, list) else [nli_result]):
-                            if r.get("label", "").lower() == "contradiction" and r.get("score", 0) > 0.6:
-                                contradictions.append({
-                                    "type": "CONTRADICTION",
-                                    "explanation": f"Conflicting {label} provisions detected — clauses contradict each other.",
-                                    "severity": "HIGH",
-                                    "clauses": [label],
-                                    "confidence": round(r["score"], 3),
-                                    "source": "nli_model",
-                                })
+                        try:
+                            nli_result = nli_pipeline(
+                                f"{texts[i][:256]} [SEP] {texts[j][:256]}",
+                                truncation=True
+                            )
+                            for r in (nli_result if isinstance(nli_result, list) else [nli_result]):
+                                if r.get("label", "").lower() == "contradiction" and r.get("score", 0) > 0.6:
+                                    contradictions.append({
+                                        "type": "CONTRADICTION",
+                                        "explanation": f"Conflicting {label} provisions detected — clauses contradict each other.",
+                                        "severity": "HIGH",
+                                        "clauses": [label],
+                                        "confidence": round(r["score"], 3),
+                                        "source": "nli_model",
+                                    })
+                        except Exception:
+                            pass
     else:
         # ── Heuristic fallback (improved) ──
         _heuristic_pairs = [
@@ -1282,7 +834,7 @@ def detect_contradictions(clause_results, raw_text=""):
                     "source": "heuristic",
                 })
 
-    # ── 2. Missing critical clauses ──
+    # ── 2. Missing critical clauses (Fix 4: check raw_text, not labels) ──
     _REQUIRED_CLAUSE_PATTERNS = {
         "Governing Law": re.compile(
             r'govern(?:ed|ing).{0,15}law|applicable.{0,10}law|laws?\s+of\s+the\s+state',
@@ -1302,6 +854,7 @@ def detect_contradictions(clause_results, raw_text=""):
         ),
     }
     for clause_name, pattern in _REQUIRED_CLAUSE_PATTERNS.items():
+        # Check raw_text directly — it's stable and deterministic
         if not pattern.search(raw_text):
             contradictions.append({
                 "type": "MISSING",
@@ -1324,7 +877,6 @@ def detect_contradictions(clause_results, raw_text=""):
 
 # ═══════════════════════════════════════════════════════════════════════
 # 8. RISK SCORING
-#    FIX v4.1: Absolute risk based on findings, not normalized by doc length
 # ═══════════════════════════════════════════════════════════════════════
 
 def compute_risk_score(clause_results, total_clauses):
@@ -1334,28 +886,8 @@ def compute_risk_score(clause_results, total_clauses):
         sev_counts[sev] += 1
     if total_clauses == 0:
         return 0, "A", sev_counts
-
-    # FIX v4.3: Revised risk formula — scale denominator with clause count
-    # to prevent small contracts from always scoring 80+.
-    # The old formula used a fixed /30 denominator which meant even 2 CRITICAL
-    # flags scored 73, making almost every contract grade F.
-    #
-    # New approach: dynamic denominator based on total clauses analysed.
-    # This means risk is relative to document complexity.
-    # - 1 CRITICAL in 5 clauses = high risk
-    # - 1 CRITICAL in 50 clauses = moderate risk (proportionally less of the contract)
     weighted = sum(sev_counts[s] * RISK_WEIGHTS[s] for s in sev_counts)
-
-    # Dynamic max: what if every clause were CRITICAL?
-    max_possible = total_clauses * RISK_WEIGHTS["CRITICAL"]
-    if max_possible == 0:
-        max_possible = 1
-
-    # Blend: 60% absolute (diminishing returns) + 40% relative (to total clauses)
-    absolute_risk = 100 * (1 - (1 / (1 + weighted / 50)))  # /50 instead of /30 = softer curve
-    relative_risk = min(100, (weighted / max_possible) * 100)
-    risk = min(100, round(0.6 * absolute_risk + 0.4 * relative_risk))
-
+    risk = min(100, round(weighted / max(1, total_clauses) * 10))
     if risk >= 70: grade = "F"
     elif risk >= 50: grade = "D"
     elif risk >= 30: grade = "C"
@@ -1373,12 +905,9 @@ def analyze_contract(text):
     clauses = split_clauses(text)
     if not clauses:
         return None, "No clauses detected in document"
-
-    # PERF v4.3: Batch classification — single forward pass instead of per-clause
-    batch_predictions = classify_cuad_batch(clauses, batch_size=8)
-
     clause_results = []
-    for clause, predictions in zip(clauses, batch_predictions):
+    for clause in clauses:
+        predictions = classify_cuad(clause)
         if predictions:
             for pred in predictions:
                 clause_results.append({
@@ -1393,8 +922,10 @@ def analyze_contract(text):
     contradictions = detect_contradictions(clause_results, text)
     risk, grade, sev_counts = compute_risk_score(clause_results, len(clauses))
     obligations = extract_obligations(text)
+    # Fix 5: Compliance runs against full raw_text (already done in compliance.py)
     compliance = check_compliance(text)
 
+    # Fix 2: Compute flagged_clauses AFTER all processing is complete
     flagged_clause_count = len(clause_results)
     unique_flagged_texts = len(set(cr["text"] for cr in clause_results))
 
@@ -1422,7 +953,7 @@ def analyze_contract(text):
     return result, None
 
 # ═══════════════════════════════════════════════════════════════════════
-# 10. EXPORT FUNCTIONS
+# 10. EXPORT FUNCTIONS — FIXED: per-session temp files
 # ═══════════════════════════════════════════════════════════════════════
 
 def export_json(result):
@@ -1450,7 +981,7 @@ def export_csv(result):
     return output.getvalue()
 
 # ═══════════════════════════════════════════════════════════════════════
-# 11. UI RENDERING
+# 11. UI RENDERING — FIXED: shows confidence source properly
 # ═══════════════════════════════════════════════════════════════════════
 
 def render_summary(result):
@@ -1618,29 +1149,34 @@ def render_document_viewer(result):
     entities = sorted(result.get("entities", []), key=lambda x: x["start"])
     html_parts = []
     last_end = 0
-    entity_colors = {
-        "DATE": "#3b82f6", "DATE_REF": "#60a5fa", "MONEY": "#22c55e",
-        "PERCENTAGE": "#10b981", "DURATION": "#6366f1", "PARTY": "#8b5cf6",
-        "PARTY_ROLE": "#a78bfa", "PERSON": "#ec4899", "JURISDICTION": "#f59e0b",
-        "DEFINED_TERM": "#ec4899", "LEGAL_REF": "#6b7280", "MISC": "#9ca3af",
-    }
     for e in entities:
         if e["start"] >= last_end:
-            plain = text[last_end:e["start"]].replace("<", "&lt;").replace(">", "&gt;")
-            html_parts.append(plain)
-            color = entity_colors.get(e["type"], "#6b7280")
-            entity_text = text[e["start"]:e["end"]].replace("<", "&lt;").replace(">", "&gt;")
+            html_parts.append(text[last_end:e["start"]].replace("<", "&lt;").replace(">", "&gt;"))
+            color = {
+                "DATE": "#bfdbfe", "DATE_REF": "#bfdbfe",
+                "MONEY": "#bbf7d0", "PERCENTAGE": "#a7f3d0",
+                "DURATION": "#c7d2fe",
+                "PARTY": "#ddd6fe", "PARTY_ROLE": "#ddd6fe",
+                "PERSON": "#fbcfe8",
+                "JURISDICTION": "#fde68a",
+                "DEFINED_TERM": "#fbcfe8",
+                "LEGAL_REF": "#e5e7eb",
+            }.get(e["type"], "#e5e7eb")
+            label = e["type"].replace("_", " ")
             html_parts.append(
-                f'<span style="background:{color}20;color:{color};border-bottom:2px solid {color};padding:0 2px;border-radius:2px;" '
-                f'title="{e["type"]}">{entity_text}</span>'
+                f'<mark style="background:{color};padding:1px 2px;border-radius:2px;font-size:12px;" title="{label}">{e["text"].replace("<","&lt;").replace(">","&gt;")}</mark>'
             )
             last_end = e["end"]
-    if last_end < len(text):
-        html_parts.append(text[last_end:].replace("<", "&lt;").replace(">", "&gt;"))
-    return f'<div style="font-family:ui-monospace,monospace;font-size:13px;line-height:1.8;white-space:pre-wrap;padding:16px;">{"".join(html_parts)}</div>'
+    html_parts.append(text[last_end:].replace("<", "&lt;").replace(">", "&gt;"))
+    highlighted = "".join(html_parts)
+    return f"""
+    <div style="font-family:monospace;font-size:13px;line-height:1.6;padding:16px;border:1px solid #e5e7eb;border-radius:8px;background:#fff;max-height:600px;overflow-y:auto;white-space:pre-wrap;">
+      {highlighted}
+    </div>
+    """
 
 # ═══════════════════════════════════════════════════════════════════════
-# 12. COMPARISON WRAPPER
+# 12. COMPARISON UI FUNCTIONS
 # ═══════════════════════════════════════════════════════════════════════
 
 def run_comparison(text_a, text_b):
@@ -1780,10 +1316,6 @@ This Master Service Agreement ("MSA") is entered into as of March 1, 2024 (the "
 
 14. THIRD PARTY BENEFICIARY. No third party shall have rights under this Agreement except as expressly provided."""
 
-# ═══════════════════════════════════════════════════════════════════════
-# 14. GRADIO BLOCKS
-# ═══════════════════════════════════════════════════════════════════════
-
 with gr.Blocks(
     title="ClauseGuard — AI Contract Analysis",
     css="""
@@ -1802,7 +1334,7 @@ with gr.Blocks(
         <h1 style="font-size:24px;font-weight:700;margin:0;color:#1f2937;">🛡️ ClauseGuard</h1>
         <p style="font-size:13px;color:#6b7280;margin:4px 0 0 0;">AI-Powered Legal Contract Analysis · 41 Clause Categories · Risk Scoring · ML NER · NLI Contradictions · Compliance · Obligations · <strong>Q&A Chatbot</strong> · <strong>Clause Redlining</strong> · <strong>OCR</strong></p>
       </div>
-      <div style="font-size:12px;color:#9ca3af;">v4.3 · Precision Legal AI</div>
+      <div style="font-size:12px;color:#9ca3af;">v4.0 · Precision Legal AI</div>
     </div>
     """)
 
@@ -1925,7 +1457,7 @@ with gr.Blocks(
                     <h3 style="margin:0;font-size:16px;color:#1f2937;">Contract Q&A Chatbot</h3>
                 </div>
                 <p style="font-size:12px;color:#6b7280;margin:0;line-height:1.5;">
-                    Ask questions about your analyzed contract. The chatbot uses <strong>RAG</strong> (Retrieval-Augmented Generation)
+                    Ask questions about your analyzed contract. The chatbot uses <strong>RAG</strong> (Retrieval-Augmented Generation) 
                     to find relevant clauses and generate accurate answers grounded in your contract text.
                     <br>
                     <strong>Step 1:</strong> Analyze a contract in the "📄 Single Contract Analysis" tab.
@@ -1994,8 +1526,7 @@ with gr.Blocks(
             doc_html, obligations_html, compliance_html, redlining_html,
             json_file, csv_file, status_msg, analysis_state,
             chunks_state, embeddings_state, chatbot_index_status,
-        ],
-        api_name="analyze",
+        ]
     )
 
     clear_btn.click(
@@ -2011,20 +1542,18 @@ with gr.Blocks(
     comp_btn.click(
         run_comparison,
         inputs=[comp_text_a, comp_text_b],
-        outputs=[comp_result_html, comp_json],
-        api_name="compare",
+        outputs=[comp_result_html, comp_json]
     )
 
     gr.HTML("""
     <div style="margin-top:24px;padding:16px 0;border-top:1px solid #e5e7eb;text-align:center;">
       <p style="font-size:11px;color:#9ca3af;">
         ⚠️ Not legal advice. For informational purposes only.
-        · Classifier: <a href="https://huggingface.co/gaurv007/clauseguard-onnx-int8" style="color:#6b7280;">Legal-BERT ONNX INT8 (41 CUAD classes)</a>
+        · Model: <a href="https://huggingface.co/Mokshith31/legalbert-contract-clause-classification" style="color:#6b7280;">Legal-BERT + CUAD (41 classes)</a>
         · NER: <a href="https://huggingface.co/matterstack/legal-bert-ner" style="color:#6b7280;">Legal-BERT NER</a>
         · NLI: <a href="https://huggingface.co/cross-encoder/nli-deberta-v3-base" style="color:#6b7280;">DeBERTa-v3 NLI</a>
         · LLM: <a href="https://huggingface.co/Qwen/Qwen2.5-7B-Instruct" style="color:#6b7280;">Qwen2.5-7B</a>
         · OCR: <a href="https://github.com/mindee/doctr" style="color:#6b7280;">docTR</a>
-        · Embeddings: <a href="https://huggingface.co/BAAI/bge-small-en-v1.5" style="color:#6b7280;">BGE-small-en</a>
         · Dataset: <a href="https://huggingface.co/datasets/theatticusproject/cuad-qa" style="color:#6b7280;">CUAD</a>
         · <a href="https://huggingface.co/spaces/gaurv007/ClauseGuard" style="color:#6b7280;">ClauseGuard Space</a>
       </p>

chatbot.py

@@ -52,9 +52,7 @@ except ImportError:
 _chatbot_status = {"embedder": "not_loaded", "llm": "not_loaded"}
 
 def _load_embedder():
-    """Load sentence-transformers embedding model (lazy).
-    PERF v4.3: Upgraded from all-MiniLM-L6-v2 to BAAI/bge-small-en-v1.5
-    (+21% MTEB retrieval accuracy, same 384-dim, same latency)."""
+    """Load sentence-transformers embedding model (lazy)."""
     global _embedder, _chatbot_status
     if _embedder is not None:
         return _embedder
@@ -62,10 +60,10 @@ def _load_embedder():
         _chatbot_status["embedder"] = "unavailable"
         return None
     try:
-        print("[ClauseGuard Chat] Loading embedding model: BAAI/bge-small-en-v1.5...")
-        _embedder = SentenceTransformer("BAAI/bge-small-en-v1.5")
+        print("[ClauseGuard Chat] Loading embedding model: all-MiniLM-L6-v2...")
+        _embedder = SentenceTransformer("sentence-transformers/all-MiniLM-L6-v2")
         _chatbot_status["embedder"] = "loaded"
-        print("[ClauseGuard Chat] Embedding model loaded (BGE-small, 384-dim)")
+        print("[ClauseGuard Chat] Embedding model loaded")
         return _embedder
     except Exception as e:
         _chatbot_status["embedder"] = f"failed: {e}"
@@ -196,9 +194,7 @@ def retrieve_chunks(query, chunks, embeddings, top_k=5):
         return []
 
     try:
-        # PERF v4.3: BGE models require query instruction prefix for retrieval
-        _BGE_QUERY_PREFIX = "Represent this sentence for searching relevant passages: "
-        q_emb = embedder.encode([_BGE_QUERY_PREFIX + query], normalize_embeddings=True)
+        q_emb = embedder.encode([query], normalize_embeddings=True)
         scores = (q_emb @ embeddings.T)[0]
         top_indices = np.argsort(scores)[::-1][:top_k]
 

compare.py

@@ -1,36 +1,34 @@
 """
-ClauseGuard — Contract Comparison Engine v3.1
+ClauseGuard — Contract Comparison Engine v3.0
 ═════════════════════════════════════════════
-FIXED in v3.1:
-  • PERF: Pre-compute all embeddings once, use matrix multiplication (was O(n²) per-pair encoding)
-  • FIX: Shared SentenceTransformer singleton (no duplicate model loading)
-  • FIX: Raised similarity thresholds to reduce false matches
+FIXED in v3.0:
+  • Semantic similarity using sentence embeddings (when available)
+  • Better clause type detection with legal taxonomy
+  • Improved diff visualization
+  • Fallback to SequenceMatcher when embeddings unavailable
 """
 
 import re
 from difflib import SequenceMatcher
 from collections import defaultdict
-import numpy as np
 
 # Try to load sentence-transformers for semantic comparison
 _HAS_EMBEDDINGS = False
 _embedder = None
 
 try:
-    from sentence_transformers import SentenceTransformer
+    from sentence_transformers import SentenceTransformer, util
     _HAS_EMBEDDINGS = True
 except ImportError:
     pass
 
 
 def _load_embedder():
-    """Load shared SentenceTransformer singleton.
-    PERF v4.3: Upgraded to BAAI/bge-small-en-v1.5 (+21% retrieval accuracy)."""
     global _embedder
     if _HAS_EMBEDDINGS and _embedder is None:
         try:
-            _embedder = SentenceTransformer("BAAI/bge-small-en-v1.5")
-            print("[ClauseGuard] Sentence embeddings loaded for comparison (BGE-small)")
+            _embedder = SentenceTransformer("all-MiniLM-L6-v2")
+            print("[ClauseGuard] Sentence embeddings loaded for comparison")
         except Exception as e:
             print(f"[ClauseGuard] Embeddings not available: {e}")
 
@@ -43,34 +41,18 @@ def _normalize_clause(text):
     return text
 
 
-def _compute_similarity_matrix(clauses_a, clauses_b):
-    """
-    FIX v3.1: Compute similarity matrix using pre-computed embeddings + matrix multiply.
-    Was: O(n²) individual encode() calls per pair.
-    Now: O(n+m) encode calls + O(n*m) dot product (fast numpy).
-    """
+def _clause_similarity(a, b):
+    """Compute similarity using semantic embeddings or string matching."""
     if _embedder is not None:
         try:
-            # Encode all clauses at once (batched)
-            texts_a = [c[:512] for c in clauses_a]
-            texts_b = [c[:512] for c in clauses_b]
-            emb_a = _embedder.encode(texts_a, normalize_embeddings=True, batch_size=32, show_progress_bar=False)
-            emb_b = _embedder.encode(texts_b, normalize_embeddings=True, batch_size=32, show_progress_bar=False)
-            # Cosine similarity via dot product (embeddings are L2-normalized)
-            sim_matrix = np.dot(emb_a, emb_b.T)
-            return sim_matrix, "semantic"
+            emb_a = _embedder.encode(a[:512], convert_to_tensor=True)
+            emb_b = _embedder.encode(b[:512], convert_to_tensor=True)
+            sim = util.cos_sim(emb_a, emb_b).item()
+            return max(0, min(1, sim))
         except Exception:
             pass
-
-    # Fallback: string matching (still compute matrix)
-    n, m = len(clauses_a), len(clauses_b)
-    sim_matrix = np.zeros((n, m))
-    for i in range(n):
-        norm_a = _normalize_clause(clauses_a[i])
-        for j in range(m):
-            norm_b = _normalize_clause(clauses_b[j])
-            sim_matrix[i, j] = SequenceMatcher(None, norm_a, norm_b).ratio()
-    return sim_matrix, "lexical"
+    # Fallback to string matching
+    return SequenceMatcher(None, _normalize_clause(a), _normalize_clause(b)).ratio()
 
 
 def _extract_clause_type(clause_text):
@@ -107,14 +89,16 @@ def compare_contracts(text_a, text_b, clauses_a=None, clauses_b=None):
     if not text_a or not text_b:
         return {"error": "Both contracts required"}
 
+    # Try to load embedder
     _load_embedder()
 
+    # Split into clauses if not provided
     if clauses_a is None:
         clauses_a = _split_clauses(text_a)
     if clauses_b is None:
         clauses_b = _split_clauses(text_b)
 
-    # Detect contract types and flag cross-domain comparisons
+    # Fix 9: Detect contract types and flag cross-domain comparisons
     _CONTRACT_TYPE_KEYWORDS = {
         "employment": ["employee", "employer", "salary", "compensation", "benefits", "vacation", "severance", "at-will"],
         "lease": ["landlord", "tenant", "rent", "premises", "lease", "occupancy", "security deposit", "eviction"],
@@ -144,35 +128,25 @@ def compare_contracts(text_a, text_b, clauses_a=None, clauses_b=None):
     for c in clauses_b:
         type_map_b[_extract_clause_type(c)].append(c)
 
-    # FIX v3.1: Compute similarity matrix once (O(n+m) encoding + O(n*m) dot product)
-    if clauses_a and clauses_b:
-        sim_matrix, method_type = _compute_similarity_matrix(clauses_a, clauses_b)
-    else:
-        sim_matrix = np.zeros((0, 0))
-        method_type = "none"
-
-    # Find matches using the pre-computed matrix
+    # Find matches
     matched_a = set()
     matched_b = set()
     modified = []
 
-    SIMILARITY_THRESHOLD = 0.75
-    MODIFIED_THRESHOLD = 0.55
-
-    for i in range(len(clauses_a)):
-        if len(clauses_b) == 0:
-            break
-        # Find best match for clause i in A
-        row = sim_matrix[i]
-        # Mask already-matched B clauses
-        available = np.ones(len(clauses_b), dtype=bool)
-        for j in matched_b:
-            available[j] = False
-        if not available.any():
-            break
-        masked_row = np.where(available, row, -1.0)
-        best_j = int(np.argmax(masked_row))
-        best_sim = masked_row[best_j]
+    # Fix 10: Raise thresholds to reject false "modified" matches
+    SIMILARITY_THRESHOLD = 0.75   # was 0.70 — too many false matches
+    MODIFIED_THRESHOLD = 0.55     # was 0.40 — "Good Reason" ≠ "Force Majeure"
+
+    for i, ca in enumerate(clauses_a):
+        best_sim = 0
+        best_j = -1
+        for j, cb in enumerate(clauses_b):
+            if j in matched_b:
+                continue
+            sim = _clause_similarity(ca, cb)
+            if sim > best_sim:
+                best_sim = sim
+                best_j = j
 
         if best_sim >= SIMILARITY_THRESHOLD:
             matched_a.add(i)
@@ -180,20 +154,21 @@ def compare_contracts(text_a, text_b, clauses_a=None, clauses_b=None):
             if best_sim < 0.95:
                 modified.append({
                     "type": "modified",
-                    "similarity": round(float(best_sim), 3),
-                    "clause_a": clauses_a[i][:200],
+                    "similarity": round(best_sim, 3),
+                    "clause_a": ca[:200],
                     "clause_b": clauses_b[best_j][:200],
-                    "clause_type": _extract_clause_type(clauses_a[i]),
+                    "clause_type": _extract_clause_type(ca),
                 })
         elif best_sim >= MODIFIED_THRESHOLD:
             matched_a.add(i)
-            matched_b.add(best_j)
+            if best_j >= 0:
+                matched_b.add(best_j)
             modified.append({
                 "type": "partial",
-                "similarity": round(float(best_sim), 3),
-                "clause_a": clauses_a[i][:200],
-                "clause_b": clauses_b[best_j][:200],
-                "clause_type": _extract_clause_type(clauses_a[i]),
+                "similarity": round(best_sim, 3),
+                "clause_a": ca[:200],
+                "clause_b": clauses_b[best_j][:200] if best_j >= 0 else "",
+                "clause_type": _extract_clause_type(ca),
             })
 
     removed = [clauses_a[i] for i in range(len(clauses_a)) if i not in matched_a]
@@ -201,9 +176,12 @@ def compare_contracts(text_a, text_b, clauses_a=None, clauses_b=None):
 
     # Compute alignment score
     total_pairs = max(len(clauses_a), len(clauses_b))
-    alignment = len(matched_a) / total_pairs if total_pairs > 0 else 0.0
+    if total_pairs > 0:
+        alignment = len(matched_a) / total_pairs
+    else:
+        alignment = 0.0
 
-    # Risk delta
+    # Risk delta: compare risk keywords with context
     risk_keywords = ["unlimited", "unilateral", "waive", "arbitration", "indemnif",
                      "not liable", "no warranty", "sole discretion", "terminate",
                      "non-compete", "liquidated damages", "uncapped"]
@@ -226,11 +204,12 @@ def compare_contracts(text_a, text_b, clauses_a=None, clauses_b=None):
         risk_delta = "Similar risk profiles"
         risk_winner = "tie"
 
+    # Fix 9: Cross-domain warning
     if is_cross_domain:
         risk_delta = f"Cross-domain comparison ({type_a} vs {type_b}) — risk delta not meaningful across different contract types"
         risk_winner = "cross-domain"
 
-    comparison_method = f"semantic (sentence embeddings)" if method_type == "semantic" else "lexical (string matching)"
+    comparison_method = "semantic (sentence embeddings)" if _embedder is not None else "lexical (string matching)"
 
     return {
         "alignment_score": round(alignment, 3),
@@ -253,12 +232,14 @@ def compare_contracts(text_a, text_b, clauses_a=None, clauses_b=None):
 def _split_clauses(text):
     """Split text into clauses."""
     text = re.sub(r'\n{3,}', '\n\n', text.strip())
+    # Try section-based splitting first
     section_splits = re.split(
         r'(?:\n\n)(?=\d+[.)]\s|\([a-z]\)\s|(?:Section|Article|Clause)\s+\d+)',
         text
     )
     if len(section_splits) >= 3:
         return [p.strip() for p in section_splits if len(p.strip()) > 30]
+    # Fallback to paragraph/sentence splitting
     parts = re.split(
         r'(?<=[.!?])\s+(?=[A-Z0-9(])|(?:\n\n)',
         text
@@ -304,6 +285,7 @@ def render_comparison_html(result):
       </div>
     '''
 
+    # Modified clauses
     if result["modified_clauses"]:
         html += '<div style="margin-bottom:16px;"><h3 style="font-size:14px;color:#374151;margin-bottom:8px;">📝 Modified Clauses</h3>'
         for m in result["modified_clauses"][:20]:
@@ -318,12 +300,14 @@ def render_comparison_html(result):
             '''
         html += '</div>'
 
+    # Added clauses
     if result["added_clauses"]:
         html += '<div style="margin-bottom:16px;"><h3 style="font-size:14px;color:#374151;margin-bottom:8px;">➕ Added in Contract B</h3>'
         for a in result["added_clauses"][:15]:
             html += f'<div style="background:#f0fdf4;padding:8px;border-radius:4px;font-size:12px;color:#166534;margin-bottom:4px;border-left:3px solid #22c55e;"><b>{a["type"].upper()}</b> · {a["text"][:150]}...</div>'
         html += '</div>'
 
+    # Removed clauses
     if result["removed_clauses"]:
         html += '<div style="margin-bottom:16px;"><h3 style="font-size:14px;color:#374151;margin-bottom:8px;">➖ Removed from Contract A</h3>'
         for r in result["removed_clauses"][:15]:

compliance.py

@@ -1,11 +1,11 @@
 """
-ClauseGuard — Compliance Checker v3.1
+ClauseGuard — Compliance Checker v3.0
 ═════════════════════════════════════
-FIXED in v3.1:
-  • FIX: Expanded negation window from 100 to 200 chars to catch cross-sentence negation
-  • FIX: Added sentence-boundary-aware negation detection
-  • FIX: Improved context extraction with sentence boundaries
-  • FIX: Added AMBIGUOUS handling for mixed positive/negative signals
+FIXED in v3.0:
+  • Negation handling (clause saying "we do NOT" won't score as PASS)
+  • Context windows around keyword matches (shows what the clause actually says)
+  • Semantic scoring (keyword proximity + negation awareness)
+  • Added more regulatory frameworks
 """
 
 import re
@@ -13,19 +13,13 @@ from collections import defaultdict
 
 # Negation patterns that invert compliance meaning
 _NEGATION_PATTERNS = [
-    r"(?:does?\s+)?not\s+(?:require|provide|include|offer|grant|guarantee|ensure|maintain|comply|adhere|support|acknowledge)",
-    r"(?:no|without)\s+(?:obligation|requirement|guarantee|warranty|commitment|responsibility|duty)",
-    r"(?:exclud|waiv|disclaim|exempt|refus|deny|reject|eliminat|remov|revok)",
-    r"shall\s+not\s+be\s+(?:required|obligated|responsible|liable|bound|subject)",
-    r"is\s+not\s+(?:responsible|liable|required|obligated|bound|subject)",
-    r"expressly\s+(?:disclaim|exclud|waiv|reject)",
-    r"to\s+the\s+(?:maximum|fullest)\s+extent\s+(?:permitted|allowed).*(?:disclaim|exclud|waiv)",
-    r"notwithstanding.*(?:shall\s+not|does\s+not|is\s+not)",
+    r"(?:does?\s+)?not\s+(?:require|provide|include|offer|grant|guarantee|ensure|maintain)",
+    r"(?:no|without)\s+(?:obligation|requirement|guarantee|warranty)",
+    r"(?:exclud|waiv|disclaim|exempt|refus|deny|reject)",
+    r"shall\s+not\s+be\s+(?:required|obligated|responsible)",
+    r"is\s+not\s+(?:responsible|liable|required|obligated)",
 ]
 
-# FIX v4.2: Pre-compile negation patterns at module level
-_NEGATION_PATTERNS_COMPILED = [re.compile(p, re.IGNORECASE) for p in _NEGATION_PATTERNS]
-
 # Regulatory requirement definitions
 REGULATIONS = {
     "GDPR": {
@@ -178,59 +172,24 @@ RISK_STYLES = {
 }
 
 
-def _get_sentence_containing(text_lower, keyword_lower, start_idx):
-    """FIX v3.1: Extract the full sentence containing the keyword match."""
-    # Find sentence boundaries around the match
-    # Look backward for sentence start
-    sent_start = start_idx
-    for i in range(start_idx - 1, max(0, start_idx - 500), -1):
-        if text_lower[i] in '.!?' and i < start_idx - 2:
-            sent_start = i + 1
-            break
-    else:
-        sent_start = max(0, start_idx - 500)
-
-    # Look forward for sentence end
-    sent_end = start_idx + len(keyword_lower)
-    for i in range(sent_end, min(len(text_lower), sent_end + 500)):
-        if text_lower[i] in '.!?':
-            sent_end = i + 1
-            break
-    else:
-        sent_end = min(len(text_lower), sent_end + 500)
-
-    return text_lower[sent_start:sent_end].strip()
-
-
-def _check_negation(text_lower, keyword, window=200):
-    """FIX v3.1: Check if a keyword match is negated — uses sentence-aware window."""
+def _check_negation(text_lower, keyword, window=100):
+    """Check if a keyword match is negated by nearby negation words."""
     idx = text_lower.find(keyword.lower())
     if idx == -1:
         return False
-
-    # Get sentence-aware context (more accurate than fixed window)
-    sentence = _get_sentence_containing(text_lower, keyword.lower(), idx)
-
-    # Also get a wider window for cross-sentence negation
+    # Get context window around the match
     start = max(0, idx - window)
     end = min(len(text_lower), idx + len(keyword) + window)
-    wider_context = text_lower[start:end]
-
-    # Check sentence first (higher confidence)
-    for neg_pat in _NEGATION_PATTERNS_COMPILED:
-        if neg_pat.search(sentence):
-            return True
+    context = text_lower[start:end]
 
-    # Then check wider window (lower confidence, still relevant)
-    for neg_pat in _NEGATION_PATTERNS_COMPILED[:4]:  # Only strong negation patterns for wider window
-        if neg_pat.search(wider_context):
+    for neg_pat in _NEGATION_PATTERNS:
+        if re.search(neg_pat, context, re.IGNORECASE):
             return True
-
     return False
 
 
-def _get_context(text, keyword, window=100):
-    """Extract context around a keyword match with sentence boundaries."""
+def _get_context(text, keyword, window=80):
+    """Extract context around a keyword match."""
     text_lower = text.lower()
     idx = text_lower.find(keyword.lower())
     if idx == -1:
@@ -245,55 +204,12 @@ def _get_context(text, keyword, window=100):
     return context
 
 
-# FIX v4.3: Regulation applicability gates — only apply regulations relevant to the contract type
-_REGULATION_GATES = {
-    "SOX": re.compile(
-        r'financial\s+statement|internal\s+control|audit\s+committee|public\s+company|sec\s+filing|pcaob|sarbanes',
-        re.IGNORECASE
-    ),
-    "HIPAA": re.compile(
-        r'protected\s+health|(?<!\w)phi(?!\w)|health\s+information|medical\s+record|business\s+associate\s+agreement|(?<!\w)baa(?!\w)|hipaa',
-        re.IGNORECASE
-    ),
-    "FINRA": re.compile(
-        r'securities|broker[\-\s]?dealer|investment\s+advis|financial\s+industry|(?<!\w)finra(?!\w)|registered\s+representative',
-        re.IGNORECASE
-    ),
-}
-
-
 def check_compliance(text):
-    """Check contract text against applicable regulatory frameworks with negation handling.
-    
-    FIX v4.3:
-      - Regulation applicability gates: SOX/HIPAA/FINRA only checked if contract contains relevant terms
-      - Whole-word keyword matching: prevents substring false positives (e.g. "SAR" in "Year 3")
-      - GDPR and CCPA always checked (broadly applicable)
-    """
+    """Check contract text against all regulatory frameworks with negation handling."""
     text_lower = text.lower()
     results = {}
 
-    # FIX v4.3: Determine which regulations apply to this contract
-    applicable_regs = {"GDPR", "CCPA"}  # Always check these
-    for reg_name, gate_pattern in _REGULATION_GATES.items():
-        if gate_pattern.search(text):
-            applicable_regs.add(reg_name)
-
     for reg_name, reg_data in REGULATIONS.items():
-        # FIX v4.3: Skip regulations that don't apply to this contract
-        if reg_name not in applicable_regs:
-            # Still include in results but mark as not applicable
-            results[reg_name] = {
-                "description": reg_data["description"],
-                "compliance_rate": -1,  # -1 = not applicable
-                "checks": [],
-                "overall_status": "NOT_APPLICABLE",
-                "negated_count": 0,
-                "ambiguous_count": 0,
-                "note": f"{reg_name} does not appear applicable to this contract type.",
-            }
-            continue
-
         checks = []
         for req_name, req_data in reg_data["requirements"].items():
             matched = False
@@ -302,27 +218,17 @@ def check_compliance(text):
             context_snippets = []
 
             for kw in req_data["keywords"]:
-                # FIX v4.3: Use whole-word matching to prevent substring false positives
-                # e.g., "SAR" should not match "Year 3" tokenised fragments
-                kw_lower = kw.lower()
-                if len(kw_lower) <= 4:
-                    # Short keywords (SAR, DPO, PHI, BAA) — require word boundaries
-                    pattern = re.compile(r'\b' + re.escape(kw_lower) + r'\b', re.IGNORECASE)
-                    if not pattern.search(text_lower):
-                        continue
-                else:
-                    # Longer keywords — substring is OK
-                    if kw_lower not in text_lower:
-                        continue
-
-                matched_keywords.append(kw)
-                if _check_negation(text_lower, kw):
-                    negated = True
-                else:
-                    matched = True
-                ctx = _get_context(text, kw)
-                if ctx:
-                    context_snippets.append(ctx)
+                if kw.lower() in text_lower:
+                    matched_keywords.append(kw)
+                    # Check if the match is negated
+                    if _check_negation(text_lower, kw):
+                        negated = True
+                    else:
+                        matched = True
+                    # Get context
+                    ctx = _get_context(text, kw)
+                    if ctx:
+                        context_snippets.append(ctx)
 
             if matched and not negated:
                 status = "PASS"
@@ -339,7 +245,7 @@ def check_compliance(text):
                 "severity": req_data["severity"],
                 "status": status,
                 "matched_keywords": matched_keywords,
-                "context": context_snippets[:2],
+                "context": context_snippets[:2],  # Keep top 2 context snippets
             })
 
         passed = sum(1 for c in checks if c["status"] == "PASS")
@@ -356,6 +262,7 @@ def check_compliance(text):
         else:
             overall = "NON-COMPLIANT"
 
+        # Override if there are negated critical requirements
         if any(c["status"] == "NEGATED" and c["severity"] in ("CRITICAL", "HIGH") for c in checks):
             overall = "WARNING"
 
@@ -379,28 +286,6 @@ def render_compliance_html(results):
         rate = reg_result["compliance_rate"]
         status = reg_result["overall_status"]
 
-        # FIX v4.3: Handle NOT_APPLICABLE regulations
-        if status == "NOT_APPLICABLE":
-            note = reg_result.get("note", f"{reg_name} not applicable to this contract.")
-            html += f'''
-            <div style="border:1px solid #e5e7eb;border-radius:10px;margin-bottom:16px;overflow:hidden;opacity:0.6;">
-              <div style="display:flex;justify-content:space-between;align-items:center;padding:12px 16px;background:#f9fafb;border-bottom:1px solid #e5e7eb;">
-                <div>
-                  <span style="font-size:16px;font-weight:700;color:#9ca3af;">{reg_name}</span>
-                  <p style="font-size:11px;color:#9ca3af;margin:2px 0 0 0;">{reg_result["description"]}</p>
-                </div>
-                <div style="text-align:right;">
-                  <div style="font-size:12px;font-weight:600;color:#9ca3af;">N/A</div>
-                  <div style="font-size:10px;color:#9ca3af;">Not Applicable</div>
-                </div>
-              </div>
-              <div style="padding:10px 16px;font-size:11px;color:#9ca3af;font-style:italic;">
-                {note}
-              </div>
-            </div>
-            '''
-            continue
-
         status_colors = {
             "COMPLIANT": ("#16a34a", "#f0fdf4"),
             "PARTIAL": ("#ca8a04", "#fefce8"),

extension/background.js

@@ -1,19 +1,12 @@
 /**
- * ClauseGuard — Background Service Worker v4.3
- * FIXED v4.3: API_BASE now routes through the Netlify web app which has
- *   proper Gradio SSE polling logic. The old URL pointed at the Gradio Space
- *   directly, which doesn't expose a REST /api/analyze endpoint.
- * FIXED v4.3: session_id from analyze response is now stored so chat can use it.
- * FIXED v4.3: sidePanel.open() is properly awaited.
+ * ClauseGuard — Background Service Worker v3.0
+ * FIXED: API payload now sends {text, source_url} (not {clauses})
+ * FIXED: Error handling and retry logic
  */
 
-// FIX v4.3: Route through the Netlify web app — it already has Gradio SSE
-// polling in its /api/analyze route. The extension just needs a REST endpoint.
-// Previously pointed to "https://gaurv007-clauseguard.hf.space" which is a
-// Gradio Space that only exposes /gradio_api/call/analyze (SSE, not REST).
-const API_BASE = "https://clauseguardweb.netlify.app";
+const API_BASE = "https://gaurv007-clauseguard-api.hf.space";
 const FREE_SCANS_PER_MONTH = 10;
-const API_TIMEOUT_MS = 90000; // Increased to 90s — web route polls Gradio which can be slow
+const API_TIMEOUT_MS = 45000;
 
 const SITE_ORIGINS = [
   "https://clauseguardweb.netlify.app",
@@ -40,15 +33,10 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
       case "GET_AUTH": return await getAuth();
       case "GET_USER": return await getUser();
       case "CHECK_USAGE": return await checkUsage();
-      case "OPEN_SIDEPANEL":
-        if (sender.tab?.id) {
-          try { await chrome.sidePanel.open({ tabId: sender.tab.id }); } catch(e) { console.warn("sidePanel.open failed:", e); }
-        }
-        return { ok: true };
+      case "OPEN_SIDEPANEL": if (sender.tab?.id) chrome.sidePanel.open({ tabId: sender.tab.id }); return { ok: true };
       case "GET_RESULTS": return await getStoredResults(sender.tab?.id || message.tabId);
       case "SYNC_AUTH": return await syncAuthFromWebsite();
       case "GET_SCAN_HISTORY": return await getScanHistory();
-      case "GET_SESSION_ID": return await getStoredSessionId(sender.tab?.id || message.tabId);
       default: return null;
     }
   };
@@ -106,8 +94,7 @@ async function handleAnalyze(payload, tabId) {
   let results;
   try {
     const auth = await getAuth();
-    // FIX v4.3: Send {text, source_url} to the Netlify web route which
-    // handles Gradio SSE polling internally and returns plain JSON.
+    // FIXED: Send {text, source_url} not {clauses}
     const resp = await fetchWithTimeout(`${API_BASE}/api/analyze`, {
       method: "POST",
       headers: {
@@ -121,17 +108,9 @@ async function handleAnalyze(payload, tabId) {
       return { error: "rate_limited", message: "Too many requests. Please wait a moment." };
     }
 
-    if (resp.status === 401) {
-      // Web route requires auth — fall back to local analysis for guests
-      console.warn("API returned 401, using local analysis for guest user");
-      results = localAnalyze(text);
-      results.source = "local";
-    } else if (!resp.ok) {
-      throw new Error(`HTTP ${resp.status}`);
-    } else {
-      results = await resp.json();
-      results.source = "api";
-    }
+    if (!resp.ok) throw new Error(`HTTP ${resp.status}`);
+    results = await resp.json();
+    results.source = "api";
   } catch (err) {
     console.warn("API unavailable, using local:", err.message);
     results = localAnalyze(text);
@@ -141,12 +120,6 @@ async function handleAnalyze(payload, tabId) {
   // Store results
   if (tabId) {
     await chrome.storage.local.set({ [`results_${tabId}`]: results });
-
-    // FIX v4.3: Also store session_id so the chat feature can use it
-    if (results.session_id) {
-      await chrome.storage.local.set({ [`session_${tabId}`]: results.session_id });
-    }
-
     const flagged = results.results?.filter(r => r.categories?.length > 0).length || results.flagged_count || 0;
     chrome.action.setBadgeText({ text: flagged > 0 ? String(flagged) : "", tabId });
     if (flagged > 0) chrome.action.setBadgeBackgroundColor({ color: flagged > 3 ? "#ef4444" : "#f59e0b", tabId });
@@ -178,12 +151,6 @@ async function getScanHistory() {
   return { history: scanHistory };
 }
 
-// ─── Get stored session ID (for chat) ───
-async function getStoredSessionId(tabId) {
-  if (!tabId) return null;
-  return new Promise(r => chrome.storage.local.get([`session_${tabId}`], d => r(d[`session_${tabId}`] || null)));
-}
-
 // ─── Sync auth from website ───
 async function syncAuthFromWebsite() {
   return await getAuth();
@@ -215,16 +182,12 @@ function localAnalyze(text) {
 
   const flagged = results.filter(r => r.categories.length > 0);
   const sev = { HIGH: 0, MEDIUM: 0, LOW: 0 };
-  flagged.forEach(r => r.categories.forEach(c => {
-    if (sev.hasOwnProperty(c.severity)) sev[c.severity]++;
-    else sev.MEDIUM++;
-  }));
-  const weighted = sev.HIGH * 20 + sev.MEDIUM * 10 + sev.LOW * 3;
-  const risk = Math.min(100, Math.round(100 * (1 - (1 / (1 + weighted / 30)))));
+  flagged.forEach(r => r.categories.forEach(c => sev[c.severity]++));
+  const risk = Math.min(100, Math.round((sev.HIGH*20 + sev.MEDIUM*10 + sev.LOW*5) / Math.max(1, clauses.length) * 100));
 
   return {
     risk_score: risk,
-    grade: risk >= 70 ? "F" : risk >= 50 ? "D" : risk >= 30 ? "C" : risk >= 15 ? "B" : "A",
+    grade: risk >= 60 ? "F" : risk >= 40 ? "D" : risk >= 20 ? "C" : risk >= 10 ? "B" : "A",
     total_clauses: clauses.length, flagged_count: flagged.length, results,
   };
 }
@@ -275,4 +238,4 @@ async function getStoredResults(tabId) {
   return new Promise(r => chrome.storage.local.get([`results_${tabId}`], d => r(d[`results_${tabId}`]||null)));
 }
 
-chrome.tabs.onRemoved.addListener(tabId => chrome.storage.local.remove([`results_${tabId}`, `session_${tabId}`]));
+chrome.tabs.onRemoved.addListener(tabId => chrome.storage.local.remove([`results_${tabId}`]));

extension/content.js

@@ -1,8 +1,6 @@
 /**
- * ClauseGuard — Content Script v4.3
+ * ClauseGuard — Content Script
  * Page scanning + highlighting + auth bridge.
- *
- * FIXED v4.3: CRITICAL severity is now handled in highlights and tooltips.
  * 
  * Auth bridge: listens for postMessage from the website's ExtensionBridge component.
  * Content scripts CAN receive window.postMessage from the page — they share the same
@@ -18,9 +16,6 @@
   let isScanning = false;
   let currentHighlights = [];
 
-  // Severity ordering (higher = more severe)
-  const SEV_ORDER = { CRITICAL: 4, HIGH: 3, MEDIUM: 2, LOW: 1 };
-
   // ─── Auth Bridge ───
   // Listen for auth sync from our website (ExtensionBridge component sends this)
   window.addEventListener("message", (event) => {
@@ -108,18 +103,13 @@
     try {
       const range = document.createRange();
       range.setStart(textNode, start); range.setEnd(textNode, end);
-      // FIX v4.3: Use numeric ordering that includes CRITICAL
-      const severity = clauseData.categories.reduce((m, c) =>
-        (SEV_ORDER[c.severity] || 0) > (SEV_ORDER[m] || 0) ? c.severity : m
-      , "LOW");
+      const severity = clauseData.categories.reduce((m, c) => ({ HIGH:3,MEDIUM:2,LOW:1 }[c.severity] > ({ HIGH:3,MEDIUM:2,LOW:1 }[m]) ? c.severity : m), "LOW");
       const mark = document.createElement("mark");
       mark.className = `clauseguard-highlight clauseguard-${severity.toLowerCase()}`;
       mark.dataset.categories = JSON.stringify(clauseData.categories);
       mark.addEventListener("mouseenter", showTooltip);
       mark.addEventListener("mouseleave", hideTooltip);
-      mark.addEventListener("click", () => {
-        try { chrome.runtime.sendMessage({ type: "OPEN_SIDEPANEL" }); } catch {}
-      });
+      mark.addEventListener("click", () => { try { chrome.runtime.sendMessage({ type: "OPEN_SIDEPANEL" }); } catch {} });
       range.surroundContents(mark);
       currentHighlights.push(mark);
     } catch (e) {}

extension/manifest.json

@@ -1,17 +1,17 @@
 {
   "manifest_version": 3,
   "name": "ClauseGuard — AI Fine Print Scanner",
-  "version": "1.1.0",
+  "version": "1.0.1",
   "description": "Highlights unfair clauses in Terms of Service, contracts, and lease agreements.",
   "permissions": [
     "activeTab",
     "storage",
     "sidePanel",
-    "scripting"
+    "scripting",
+    "cookies"
   ],
   "host_permissions": [
     "https://gaurv007-clauseguard-api.hf.space/*",
-    "https://gaurv007-clauseguard.hf.space/*",
     "https://clauseguardweb.netlify.app/*",
     "https://*.netlify.app/*"
   ],

extension/popup.js

@@ -1,10 +1,6 @@
 /**
- * ClauseGuard — Popup Script v4.3
+ * ClauseGuard — Popup Script
  * Shows user status (logged in / guest), scan results, usage.
- *
- * FIXED v4.3: sidePanel.open() is properly awaited.
- * FIXED v4.3: CRITICAL severity is now counted and displayed.
- * FIXED v4.3: Shows scan source ("Legal-BERT" / "Local") accurately.
  */
 
 document.addEventListener("DOMContentLoaded", async () => {
@@ -82,17 +78,16 @@ document.addEventListener("DOMContentLoaded", async () => {
     try { await chrome.tabs.sendMessage(tab.id, { type: "TRIGGER_SCAN" }); } catch {} window.close();
   });
 
-  // FIX v4.3: Properly await async sidePanel.open() so errors are caught
+  // Details
   const btnDetails = document.getElementById("btn-details");
-  if (btnDetails) btnDetails.addEventListener("click", async () => {
-    try { await chrome.sidePanel.open({ tabId: tab.id }); } catch(e) { console.warn("sidePanel.open failed:", e); }
-    window.close();
+  if (btnDetails) btnDetails.addEventListener("click", () => {
+    try { chrome.sidePanel.open({ tabId: tab.id }); } catch {} window.close();
   });
 
   // Login button
   const btnLogin = document.getElementById("btn-login");
   if (btnLogin) btnLogin.addEventListener("click", () => {
-    chrome.tabs.create({ url: "https://clauseguardweb.netlify.app/auth/login" });
+    chrome.tabs.create({ url: "https://clauseguardweb.netlify.app/auth/login" }); // Update with your actual URL
   });
 });
 
@@ -115,20 +110,15 @@ function showResults(results) {
     bar.className = "bar-fill " + (results.risk_score >= 60 ? "bar-red" : results.risk_score >= 30 ? "bar-amber" : "bar-green");
   }
 
-  // FIX v4.3: Count CRITICAL severity too (backend can return it)
-  const counts = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
-  (results.results || []).forEach(r => (r.categories || []).forEach(c => {
-    if (counts[c.severity] !== undefined) counts[c.severity]++;
-    else counts.MEDIUM++; // Unknown severities default to MEDIUM
-  }));
-  // Merge CRITICAL into HIGH for display (popup only has 3 columns)
-  if (el("c-high")) el("c-high").textContent = counts.CRITICAL + counts.HIGH;
+  const counts = { HIGH: 0, MEDIUM: 0, LOW: 0 };
+  (results.results || []).forEach(r => (r.categories || []).forEach(c => { if (counts[c.severity] !== undefined) counts[c.severity]++; }));
+  if (el("c-high")) el("c-high").textContent = counts.HIGH;
   if (el("c-med")) el("c-med").textContent = counts.MEDIUM;
   if (el("c-low")) el("c-low").textContent = counts.LOW;
 
   // Show source indicator
   const src = el("scan-source");
-  if (src) src.textContent = results.source === "api" ? "Legal-BERT" : results.source === "local" ? "Local (offline)" : "";
+  if (src) src.textContent = results.source === "api" ? "Legal-BERT" : results.source === "local" ? "Local" : "";
 }
 
 function updateUsage(usage) {

extension/sidepanel.html

@@ -29,7 +29,6 @@
     .filter-btn.active { background: #18181b; color: #fff; border-color: #18181b; }
     .filter-count { font-size: 10px; opacity: 0.6; }
     .dot { width: 6px; height: 6px; border-radius: 50%; }
-    .dot-purple { background: #a855f7; }
     .dot-red { background: #ef4444; }
     .dot-amber { background: #f59e0b; }
     .dot-blue { background: #3b82f6; }
@@ -37,7 +36,6 @@
     .clause-list { padding: 8px; }
     .clause-card { border: 1px solid #e4e4e7; border-radius: 10px; padding: 12px; margin-bottom: 6px; transition: all 0.15s; cursor: default; }
     .clause-card:hover { border-color: #d4d4d8; box-shadow: 0 1px 3px rgba(0,0,0,0.04); }
-    .clause-card.sev-critical { border-left: 3px solid #a855f7; }
     .clause-card.sev-high { border-left: 3px solid #ef4444; }
     .clause-card.sev-medium { border-left: 3px solid #f59e0b; }
     .clause-card.sev-low { border-left: 3px solid #3b82f6; }
@@ -45,7 +43,6 @@
     .clause-tags { display: flex; flex-wrap: wrap; gap: 4px; }
     .tag { font-size: 10px; font-weight: 600; padding: 2px 8px; border-radius: 4px; border: 1px solid; display: inline-flex; align-items: center; gap: 3px; }
     .tag svg { width: 10px; height: 10px; }
-    .tag-critical { background: #faf5ff; color: #7c3aed; border-color: #d8b4fe; }
     .tag-high { background: #fef2f2; color: #b91c1c; border-color: #fecaca; }
     .tag-medium { background: #fffbeb; color: #a16207; border-color: #fde68a; }
     .tag-low { background: #eff6ff; color: #1d4ed8; border-color: #bfdbfe; }
@@ -74,7 +71,6 @@
 
   <div class="filters" id="filters" style="display:none;">
     <button class="filter-btn active" data-filter="all">All</button>
-    <button class="filter-btn" data-filter="CRITICAL" id="filter-critical" style="display:none;"><span class="dot dot-purple"></span>Critical <span class="filter-count" id="fc-crit">0</span></button>
     <button class="filter-btn" data-filter="HIGH"><span class="dot dot-red"></span>High <span class="filter-count" id="fc-high">0</span></button>
     <button class="filter-btn" data-filter="MEDIUM"><span class="dot dot-amber"></span>Medium <span class="filter-count" id="fc-med">0</span></button>
     <button class="filter-btn" data-filter="LOW"><span class="dot dot-blue"></span>Low <span class="filter-count" id="fc-low">0</span></button>

extension/sidepanel.js

@@ -1,8 +1,5 @@
 /**
- * ClauseGuard — Side Panel v4.3
- *
- * FIXED v4.3: Added CRITICAL severity support (filter, cards, icons, descriptions).
- * FIXED v4.3: Severity ordering now uses numeric mapping consistently.
+ * ClauseGuard — Side Panel (redesigned)
  */
 
 const DESCS = {
@@ -16,12 +13,8 @@ const DESCS = {
   "Arbitration": "You waive your right to sue in court.",
 };
 
-// Severity numeric ordering (higher = more severe)
-const SEV_ORDER = { CRITICAL: 4, HIGH: 3, MEDIUM: 2, LOW: 1 };
-
 // SVG icons for severity
 const SEV_ICONS = {
-  CRITICAL: '<svg width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><path d="m21.73 18-8-14a2 2 0 0 0-3.48 0l-8 14A2 2 0 0 0 4 21h16a2 2 0 0 0 1.73-3"/><path d="M12 9v4"/><path d="M12 17h.01"/></svg>',
   HIGH: '<svg width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><path d="m21.73 18-8-14a2 2 0 0 0-3.48 0l-8 14A2 2 0 0 0 4 21h16a2 2 0 0 0 1.73-3"/><path d="M12 9v4"/><path d="M12 17h.01"/></svg>',
   MEDIUM: '<svg width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 8v4"/><path d="M12 16h.01"/></svg>',
   LOW: '<svg width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><path d="M12 16v-4"/><path d="M12 8h.01"/></svg>',
@@ -58,20 +51,10 @@ async function loadResults() {
   pf.style.width = `${results.risk_score}%`;
   pf.style.background = results.risk_score >= 60 ? "#ef4444" : results.risk_score >= 30 ? "#f59e0b" : "#22c55e";
 
-  // FIX v4.3: Count CRITICAL severity too
-  const counts = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
+  // Counts
+  const counts = { HIGH: 0, MEDIUM: 0, LOW: 0 };
   const flagged = results.results.filter(r => r.categories?.length > 0);
-  flagged.forEach(r => r.categories.forEach(c => {
-    if (counts[c.severity] !== undefined) counts[c.severity]++;
-    else counts.MEDIUM++; // Default unknown to MEDIUM
-  }));
-
-  // Show CRITICAL count in the filter if any exist
-  const fcCrit = document.getElementById("fc-crit");
-  const critFilter = document.getElementById("filter-critical");
-  if (fcCrit) fcCrit.textContent = counts.CRITICAL;
-  if (critFilter) critFilter.style.display = counts.CRITICAL > 0 ? "flex" : "none";
-
+  flagged.forEach(r => r.categories.forEach(c => { if (counts[c.severity] !== undefined) counts[c.severity]++; }));
   document.getElementById("fc-high").textContent = counts.HIGH;
   document.getElementById("fc-med").textContent = counts.MEDIUM;
   document.getElementById("fc-low").textContent = counts.LOW;
@@ -91,10 +74,11 @@ function renderClauses() {
 
   list.innerHTML = filtered.map((clause, i) => {
     const maxSev = clause.categories.reduce((m, c) => {
-      return (SEV_ORDER[c.severity] || 0) > (SEV_ORDER[m] || 0) ? c.severity : m;
+      const o = { HIGH: 3, MEDIUM: 2, LOW: 1 };
+      return (o[c.severity] || 0) > (o[m] || 0) ? c.severity : m;
     }, "LOW");
 
-    const tagMap = { CRITICAL: "tag-critical", HIGH: "tag-high", MEDIUM: "tag-medium", LOW: "tag-low" };
+    const tagMap = { HIGH: "tag-high", MEDIUM: "tag-medium", LOW: "tag-low" };
 
     const tags = clause.categories.map(c =>
       `<span class="tag ${tagMap[c.severity] || "tag-medium"}">${SEV_ICONS[c.severity] || ""} ${c.name}</span>`

extension/styles/content.css

@@ -1,5 +1,4 @@
 /* ClauseGuard — Content Script Styles (injected into web pages) */
-/* v4.3: Added CRITICAL severity styles */
 
 /* Highlight severity levels */
 .clauseguard-highlight {
@@ -10,16 +9,6 @@
   position: relative;
 }
 
-/* CRITICAL — purple (most severe) */
-.clauseguard-critical {
-  background: rgba(168, 85, 247, 0.22);
-  border-bottom: 2.5px solid #a855f7;
-}
-.clauseguard-critical:hover {
-  background: rgba(168, 85, 247, 0.38);
-}
-
-/* HIGH — red */
 .clauseguard-high {
   background: rgba(239, 68, 68, 0.22);
   border-bottom: 2.5px solid #ef4444;
@@ -28,7 +17,6 @@
   background: rgba(239, 68, 68, 0.35);
 }
 
-/* MEDIUM — amber */
 .clauseguard-medium {
   background: rgba(245, 158, 11, 0.18);
   border-bottom: 2.5px solid #f59e0b;
@@ -37,7 +25,6 @@
   background: rgba(245, 158, 11, 0.32);
 }
 
-/* LOW — blue */
 .clauseguard-low {
   background: rgba(59, 130, 246, 0.14);
   border-bottom: 2.5px solid #3b82f6;
@@ -87,10 +74,6 @@
   letter-spacing: 0.5px;
 }
 
-.clauseguard-badge-critical {
-  background: #e9d5ff;
-  color: #6b21a8;
-}
 .clauseguard-badge-high {
   background: #fecaca;
   color: #991b1b;

ml/export_onnx_v2.py

@@ -1,169 +0,0 @@
-"""
-ClauseGuard — ONNX Export + INT8 Quantization Pipeline (v2)
-═══════════════════════════════════════════════════════════
-PERF v4.3: Full pipeline to export the CUAD LoRA classifier to ONNX+INT8.
-
-Steps:
-  1. Load base Legal-BERT + LoRA adapter
-  2. merge_and_unload() → plain PreTrainedModel
-  3. Export to ONNX via optimum
-  4. Dynamic INT8 quantization (no calibration data needed)
-  5. Push quantized model to HuggingFace Hub
-
-Usage:
-    pip install "optimum[onnxruntime]" peft transformers torch
-    python export_onnx_v2.py
-
-    # Or with custom paths:
-    HUB_MODEL_ID=gaurv007/clauseguard-onnx-int8 python export_onnx_v2.py
-
-Hardware: Any CPU (no GPU needed for export)
-Time: ~2-5 minutes
-"""
-
-import os
-import sys
-import shutil
-
-# ── Configuration ──
-BASE_MODEL = os.environ.get("BASE_MODEL", "nlpaueb/legal-bert-base-uncased")
-ADAPTER_MODEL = os.environ.get("ADAPTER_MODEL", "Mokshith31/legalbert-contract-clause-classification")
-HUB_MODEL_ID = os.environ.get("HUB_MODEL_ID", "gaurv007/clauseguard-onnx-int8")
-PUSH_TO_HUB = os.environ.get("PUSH_TO_HUB", "true").lower() == "true"
-
-MERGED_DIR = "./merged_legalbert"
-ONNX_DIR = "./onnx_legalbert"
-QUANT_DIR = "./onnx_legalbert_int8"
-
-CUAD_LABELS = [
-    "Document Name", "Parties", "Agreement Date", "Effective Date",
-    "Expiration Date", "Renewal Term", "Notice Period to Terminate Renewal",
-    "Governing Law", "Most Favored Nation", "Non-Compete", "Exclusivity",
-    "No-Solicit of Customers", "No-Solicit of Employees", "Non-Disparagement",
-    "Termination for Convenience", "ROFR/ROFO/ROFN", "Change of Control",
-    "Anti-Assignment", "Revenue/Profit Sharing", "Price Restriction",
-    "Minimum Commitment", "Volume Restriction", "IP Ownership Assignment",
-    "Joint IP Ownership", "License Grant", "Non-Transferable License",
-    "Affiliate License-Licensor", "Affiliate License-Licensee",
-    "Unlimited/All-You-Can-Eat License", "Irrevocable or Perpetual License",
-    "Source Code Escrow", "Post-Termination Services", "Audit Rights",
-    "Uncapped Liability", "Cap on Liability", "Liquidated Damages",
-    "Warranty Duration", "Insurance", "Covenant Not to Sue",
-    "Third Party Beneficiary", "Other",
-]
-
-
-def main():
-    print("🛡️  ClauseGuard ONNX Export + INT8 Quantization")
-    print("=" * 60)
-    print(f"   Base model:   {BASE_MODEL}")
-    print(f"   LoRA adapter: {ADAPTER_MODEL}")
-    print(f"   Hub target:   {HUB_MODEL_ID}")
-    print()
-
-    # ── Step 1: Load and merge LoRA ──
-    print("📦 Step 1: Loading base model + LoRA adapter...")
-    from transformers import AutoModelForSequenceClassification, AutoTokenizer
-    from peft import PeftModel
-
-    tokenizer = AutoTokenizer.from_pretrained(BASE_MODEL)
-    base_model = AutoModelForSequenceClassification.from_pretrained(
-        BASE_MODEL, num_labels=41, ignore_mismatched_sizes=True
-    )
-    peft_model = PeftModel.from_pretrained(base_model, ADAPTER_MODEL)
-
-    print("🔀 Step 2: Merging LoRA weights into base model...")
-    merged_model = peft_model.merge_and_unload(safe_merge=True)
-
-    # Set label mapping
-    merged_model.config.id2label = {str(i): name for i, name in enumerate(CUAD_LABELS)}
-    merged_model.config.label2id = {name: i for i, name in enumerate(CUAD_LABELS)}
-
-    os.makedirs(MERGED_DIR, exist_ok=True)
-    merged_model.save_pretrained(MERGED_DIR)
-    tokenizer.save_pretrained(MERGED_DIR)
-    print(f"   ✅ Merged model saved to {MERGED_DIR}")
-
-    # Free memory
-    del peft_model, base_model, merged_model
-    import gc
-    gc.collect()
-
-    # ── Step 3: Export to ONNX ──
-    print("\n📤 Step 3: Exporting to ONNX...")
-    from optimum.onnxruntime import ORTModelForSequenceClassification
-
-    ort_model = ORTModelForSequenceClassification.from_pretrained(
-        MERGED_DIR, export=True
-    )
-    os.makedirs(ONNX_DIR, exist_ok=True)
-    ort_model.save_pretrained(ONNX_DIR)
-    tokenizer.save_pretrained(ONNX_DIR)
-    print(f"   ✅ ONNX model saved to {ONNX_DIR}")
-
-    # ── Step 4: Dynamic INT8 Quantization ──
-    print("\n⚡ Step 4: Applying dynamic INT8 quantization...")
-    from optimum.onnxruntime.configuration import AutoQuantizationConfig
-    from optimum.onnxruntime import ORTQuantizer
-
-    qconfig = AutoQuantizationConfig.avx512_vnni(is_static=False, per_channel=False)
-    quantizer = ORTQuantizer.from_pretrained(ort_model)
-    os.makedirs(QUANT_DIR, exist_ok=True)
-    quantizer.quantize(save_dir=QUANT_DIR, quantization_config=qconfig)
-
-    # Copy tokenizer files to quantized dir
-    tokenizer.save_pretrained(QUANT_DIR)
-    # Copy config.json too
-    shutil.copy2(os.path.join(ONNX_DIR, "config.json"), QUANT_DIR)
-    print(f"   ✅ Quantized model saved to {QUANT_DIR}")
-
-    # ── Step 5: Verify ──
-    print("\n🧪 Step 5: Verifying quantized model...")
-    quant_model = ORTModelForSequenceClassification.from_pretrained(
-        QUANT_DIR, file_name="model_quantized.onnx"
-    )
-    quant_tokenizer = AutoTokenizer.from_pretrained(QUANT_DIR)
-
-    test_texts = [
-        "The company may terminate your account at any time without notice.",
-        "Either party shall indemnify and hold harmless the other party.",
-        "This Agreement shall be governed by the laws of the State of Delaware.",
-    ]
-    inputs = quant_tokenizer(test_texts, return_tensors="pt", padding=True, truncation=True, max_length=512)
-
-    import torch
-    with torch.no_grad():
-        outputs = quant_model(**inputs)
-        probs = torch.softmax(outputs.logits, dim=-1)
-
-    for i, text in enumerate(test_texts):
-        top_prob, top_idx = torch.max(probs[i], dim=0)
-        label = CUAD_LABELS[int(top_idx)] if int(top_idx) < len(CUAD_LABELS) else f"Class-{int(top_idx)}"
-        print(f"   Text: {text[:60]}...")
-        print(f"   → {label} ({top_prob:.3f})")
-
-    # ── Step 6: Push to Hub ──
-    if PUSH_TO_HUB:
-        print(f"\n🚀 Step 6: Pushing to {HUB_MODEL_ID}...")
-        quant_model.push_to_hub(HUB_MODEL_ID, use_auth_token=True)
-        quant_tokenizer.push_to_hub(HUB_MODEL_ID, use_auth_token=True)
-        print(f"   ✅ Pushed to https://huggingface.co/{HUB_MODEL_ID}")
-    else:
-        print("\n⏭️  Skipping Hub push (PUSH_TO_HUB=false)")
-
-    # ── Summary ──
-    onnx_size = os.path.getsize(os.path.join(ONNX_DIR, "model.onnx")) / 1e6
-    quant_size = os.path.getsize(os.path.join(QUANT_DIR, "model_quantized.onnx")) / 1e6
-    print(f"\n{'='*60}")
-    print(f"   📊 ONNX model size:      {onnx_size:.1f} MB")
-    print(f"   📊 Quantized model size:  {quant_size:.1f} MB")
-    print(f"   📊 Size reduction:        {(1 - quant_size/onnx_size)*100:.0f}%")
-    print(f"   🔥 Expected speedup:      2-4x on CPU")
-    print(f"{'='*60}")
-    print("\n✅ Export complete!")
-    print(f"\nTo use in ClauseGuard, set ONNX_MODEL_PATH={QUANT_DIR}")
-    print("or point to the Hub model: gaurv007/clauseguard-onnx-int8")
-
-
-if __name__ == "__main__":
-    main()

obligations.py

@@ -85,26 +85,11 @@ _PRIORITY_MAP = {
     "delivery": 1,
 }
 
-# FIX v4.2: Pre-compile obligation patterns at module level (was recompiling per sentence)
-_OBLIGATION_PATTERNS_COMPILED = {
-    otype: [re.compile(p, re.IGNORECASE) for p in patterns]
-    for otype, patterns in OBLIGATION_PATTERNS.items()
-}
-
-# FIX v4.2: Pre-compile false positive patterns
-_FALSE_POSITIVE_PATTERNS_COMPILED = [re.compile(p, re.IGNORECASE) for p in _FALSE_POSITIVE_PATTERNS]
-
-# FIX v4.2: Pre-compile time patterns
-_TIME_PATTERNS_COMPILED = [(re.compile(p, re.IGNORECASE), ptype) for p, ptype in TIME_PATTERNS]
-
-# FIX v4.2: Pre-compile party patterns
-_PARTY_PATTERNS_COMPILED = [re.compile(p) for p in PARTY_PATTERNS]
-
 
 def _is_false_positive(sentence):
     """Check if a sentence is a common false positive (definition/interpretation, not obligation)."""
-    for fp in _FALSE_POSITIVE_PATTERNS_COMPILED:
-        if fp.search(sentence):
+    for fp in _FALSE_POSITIVE_PATTERNS:
+        if re.search(fp, sentence, re.IGNORECASE):
             return True
     return False
 
@@ -126,9 +111,9 @@ def extract_obligations(text):
             continue
 
         found_types = set()
-        for otype, patterns in _OBLIGATION_PATTERNS_COMPILED.items():
+        for otype, patterns in OBLIGATION_PATTERNS.items():
             for pat in patterns:
-                if pat.search(sentence):
+                if re.search(pat, sentence, re.IGNORECASE):
                     found_types.add(otype)
                     break
 
@@ -143,8 +128,8 @@ def extract_obligations(text):
             party = obligation_direction
         else:
             # Fallback to pattern matching within the sentence
-            for pp in _PARTY_PATTERNS_COMPILED:
-                m = pp.search(sentence)
+            for pp in PARTY_PATTERNS:
+                m = re.search(pp, sentence)
                 if m:
                     candidate = m.group(0).strip()
                     # Fix 8: Reject party strings >40 chars (header bleed-through)
@@ -155,8 +140,8 @@ def extract_obligations(text):
         # Extract timeframe
         deadline = "Not specified"
         deadline_urgency = 0
-        for pat, ptype in _TIME_PATTERNS_COMPILED:
-            m = pat.search(sentence)
+        for pat, ptype in TIME_PATTERNS:
+            m = re.search(pat, sentence, re.IGNORECASE)
             if m:
                 if ptype == "relative":
                     num = m.group(1)
@@ -192,26 +177,6 @@ def extract_obligations(text):
     # Sort by priority (highest first)
     obligations.sort(key=lambda x: x.get("priority", 0), reverse=True)
 
-    # FIX v4.3: Deduplicate obligations — same text producing multiple types
-    # Keep the more specific type (termination > compliance > monetary > general)
-    _TYPE_PRIORITY = {"termination": 1, "compliance": 2, "reporting": 3, "delivery": 4, "monetary": 5}
-    seen_texts = {}
-    deduped = []
-    for ob in obligations:
-        # Hash on first 80 chars of description + party
-        key = hash(ob["description"][:80] + ob["party"])
-        type_pri = _TYPE_PRIORITY.get(ob["type"], 99)
-        if key not in seen_texts:
-            seen_texts[key] = (type_pri, len(deduped))
-            deduped.append(ob)
-        else:
-            existing_pri, existing_idx = seen_texts[key]
-            if type_pri < existing_pri:
-                # This type is more specific — replace
-                deduped[existing_idx] = ob
-                seen_texts[key] = (type_pri, existing_idx)
-    obligations = deduped
-
     return obligations
 
 

redlining.py

@@ -408,66 +408,24 @@ Write the refined safer clause (adapt the template to this specific contract's c
 
 
 # ═══════════════════════════════════════════════════════════════════════
-# FIX v4.3: Keyword validation — ensure original clause matches the label
+# PUBLIC API
 # ═══════════════════════════════════════════════════════════════════════
 
-_LABEL_KEYWORDS = {
-    "Limitation of liability": ["liable", "liability", "damages", "limitation of liability", "in no event"],
-    "Uncapped Liability": ["uncapped", "unlimited", "no limit", "no cap"],
-    "Governing Law": ["governed by", "governing law", "jurisdiction", "laws of"],
-    "Termination for Convenience": ["terminat", "cancel", "convenience", "without cause"],
-    "Non-Compete": ["non-compete", "not compete", "competition restriction"],
-    "No-Solicit of Employees": ["solicit", "recruit", "induce", "encourage", "employee"],
-    "No-Solicit of Customers": ["solicit", "customer", "client", "divert"],
-    "Non-Disparagement": ["disparag", "defam", "negative", "derogatory"],
-    "Arbitration": ["arbitrat", "binding arbitration", "waive", "class action"],
-    "IP Ownership Assignment": ["intellectual property", "ip", "assign", "work for hire", "ownership"],
-    "Indemnification": ["indemnif", "hold harmless", "defend"],
-    "Confidentiality": ["confidential", "non-disclosure", "nda"],
-    "Exclusivity": ["exclusive", "exclusivity"],
-    "Anti-Assignment": ["assign", "transfer", "without consent"],
-    "Content removal": ["remove", "delete", "content"],
-    "Unilateral change": ["modify", "change", "amend", "sole discretion"],
-    "Unilateral termination": ["terminat", "suspend", "at any time"],
-    "Liquidated Damages": ["liquidated", "pre-determined", "stipulated"],
-    "Choice of law": ["governed by", "laws of", "choice of law"],
-    "Jurisdiction": ["jurisdiction", "courts of", "exclusive jurisdiction"],
-    "Contract by using": ["by using", "continued use", "acceptance"],
-}
-
-# FIX v4.3.1: Exclusion keywords — if ANY of these appear, the clause is rejected for this label.
-# Catches chunks that span two sections (e.g., §12.5 Waiver + §12.6 Non-Solicitation merged into one chunk).
-_LABEL_EXCLUDE_KEYWORDS = {
-    "No-Solicit of Employees": ["waiver of", "waive any", "waives the right", "failure to enforce"],
-    "No-Solicit of Customers": ["waiver of", "waive any", "waives the right", "failure to enforce"],
-    "Non-Disparagement": ["arbitrat", "aaa", "jams", "class action", "waives any right to participate"],
-}
-
-
-def _validate_clause_match(label, clause_text):
-    """FIX v4.3.1: Validate clause matches label — checks BOTH required AND excluded keywords."""
-    text_lower = clause_text.lower()
-
-    # Check exclusions first — hard reject
-    exclusions = _LABEL_EXCLUDE_KEYWORDS.get(label, [])
-    if exclusions and any(kw in text_lower for kw in exclusions):
-        return False
-
-    # Check required keywords
-    keywords = _LABEL_KEYWORDS.get(label, [])
-    if not keywords:
-        return True
-    return any(kw in text_lower for kw in keywords)
-
-
 def generate_redlines(analysis_result, use_llm=True):
     """
     Generate redline suggestions for all flagged clauses in the analysis.
-
-    FIX v4.3:
-      - Validates original clause matches label keywords before showing
-      - Deduplicates by suggested text (catches template mapping bugs)
-      - Picks the BEST clause for each label (highest confidence + keyword match)
+    
+    Returns list of redline suggestions:
+    [{
+        "original_text": str,
+        "clause_label": str,
+        "risk_level": str,
+        "safe_alternative": str,
+        "legal_basis": str,
+        "consumer_standard": str,
+        "tier": "template" | "llm_refined",
+        "confidence": str,
+    }]
     """
     if analysis_result is None:
         return []
@@ -476,40 +434,23 @@ def generate_redlines(analysis_result, use_llm=True):
     if not clauses:
         return []
 
-    # FIX v4.3: Group clauses by label and pick the best match for each
-    label_clauses = {}
-    for clause in clauses:
-        label = clause.get("label", "")
-        risk = clause.get("risk", "LOW")
-        text = clause.get("text", "")
-        confidence = clause.get("confidence", 0) or 0
-
-        if risk == "LOW":
-            continue
-
-        # Validate that the clause text actually matches the label
-        if not _validate_clause_match(label, text):
-            continue
-
-        # Keep the highest-confidence match for each label
-        if label not in label_clauses or confidence > (label_clauses[label].get("confidence", 0) or 0):
-            label_clauses[label] = clause
-
     redlines = []
-    seen_alternatives = set()  # FIX v4.3: Dedup by suggested text
+    seen_labels = set()  # Deduplicate by label
 
     # Sort by risk level: CRITICAL first
     risk_order = {"CRITICAL": 0, "HIGH": 1, "MEDIUM": 2, "LOW": 3}
-    sorted_labels = sorted(
-        label_clauses.keys(),
-        key=lambda l: risk_order.get(label_clauses[l].get("risk", "LOW"), 3)
-    )
+    sorted_clauses = sorted(clauses, key=lambda c: risk_order.get(c.get("risk", "LOW"), 3))
 
-    for label in sorted_labels:
-        clause = label_clauses[label]
+    for clause in sorted_clauses:
+        label = clause.get("label", "")
         risk = clause.get("risk", "LOW")
         text = clause.get("text", "")
 
+        # Skip LOW risk and already-seen labels
+        if risk == "LOW" or label in seen_labels:
+            continue
+        seen_labels.add(label)
+
         # Find matching templates (Tier 1 + Tier 2)
         matches = _find_similar_templates(label, text)
         if not matches:
@@ -517,12 +458,6 @@ def generate_redlines(analysis_result, use_llm=True):
 
         best_key, best_template, score = matches[0]
 
-        # FIX v4.3: Dedup — skip if this template's alternative was already used
-        alt_fingerprint = best_template["safe_alternative"][:120]
-        if alt_fingerprint in seen_alternatives:
-            continue
-        seen_alternatives.add(alt_fingerprint)
-
         # Tier 3: Try LLM refinement if enabled
         refined_text = None
         tier = "template"

requirements.txt

@@ -9,4 +9,3 @@ accelerate>=1.2.0
 sentence-transformers>=3.0.0
 python-doctr[torch]>=0.9.0
 huggingface_hub>=0.25.0
-optimum[onnxruntime]>=1.23.0

web/.env.example

@@ -17,13 +17,7 @@ RESEND_API_KEY=re_...
 
 # App
 NEXT_PUBLIC_SITE_URL=http://localhost:3000
-
-# ClauseGuard Gradio Space URL (used by analyze, compare, redline routes)
-CLAUSEGUARD_GRADIO_URL=https://gaurv007-clauseguard.hf.space
-
-# Optional: FastAPI backend URL (only needed if deployed separately for chat/RAG sessions)
-# If not set, chat will direct users to the Gradio Space
-CLAUSEGUARD_API_URL=
+CLAUSEGUARD_API_URL=https://gaurv007-clauseguard-api.hf.space
 
 # HF Inference API (for chatbot + redlining LLM)
 HF_TOKEN=hf_...

web/app/api/analyze/route.ts

@@ -1,22 +1,11 @@
 import { NextRequest, NextResponse } from "next/server";
-import { createClient } from "@/lib/supabase/server";
 
 const GRADIO_URL = process.env.CLAUSEGUARD_GRADIO_URL || "https://gaurv007-clauseguard.hf.space";
 
-// FIX v4.1: Max text size validation (prevent oversized payloads)
-const MAX_TEXT_LENGTH = 200_000; // 200KB
-
 export async function POST(req: NextRequest) {
   try {
-    const supabase = await createClient();
-    const { data: { user } } = await supabase.auth.getUser();
-
-    if (!user) {
-      return NextResponse.json({ error: "Unauthorized. Please log in to analyze texts." }, { status: 401 });
-    }
-
     const body = await req.json();
-    let { text } = body;
+    const { text } = body;
 
     if (!text || typeof text !== "string" || text.trim().length < 50) {
       return NextResponse.json(
@@ -25,41 +14,8 @@ export async function POST(req: NextRequest) {
       );
     }
 
-    // FIX v4.1: Input size validation
-    if (text.length > MAX_TEXT_LENGTH) {
-      return NextResponse.json(
-        { error: `Text too long (${(text.length / 1000).toFixed(0)}KB). Maximum is ${MAX_TEXT_LENGTH / 1000}KB.` },
-        { status: 400 }
-      );
-    }
-
-    // FIX v4.1: REMOVED the XSS sanitization that corrupted contract text.
-    // The old code did: text = text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
-    // This PERMANENTLY MUTATED the text before analysis, corrupting contracts
-    // that contain < or > characters (e.g., "shall not exceed >$10,000").
-    // Sanitization should happen at RENDER TIME in the frontend, not at analysis time.
-    // The frontend already uses React which auto-escapes HTML in JSX.
-
-    // Check scan limits — FIX v4.1: query the CORRECT table name
-    const { data: profile } = await supabase
-      .from("profiles")
-      .select("plan, role, analyses_this_month")
-      .eq("id", user.id)
-      .single();
-
-    const isAdmin = profile?.role === "admin";
-    const plan = profile?.plan || "free";
-
-    // FIX v4.1: Use analyses_this_month from profiles (already tracked), not a separate count query
-    const scanCount = profile?.analyses_this_month ?? 0;
-    const limit = isAdmin ? 999999 : plan === "free" ? 10 : 999999;
-    if (scanCount >= limit) {
-      return NextResponse.json({ error: "Monthly scan limit reached. Please upgrade to Pro." }, { status: 403 });
-    }
-
     // Step 1: Submit to Gradio Space
-    // FIX v4.3: Use the explicit api_name="analyze" set in app.py scan_btn.click()
-    const submitRes = await fetch(`${GRADIO_URL}/gradio_api/call/analyze`, {
+    const submitRes = await fetch(`${GRADIO_URL}/gradio_api/call/_analysis_and_index`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({ data: [text] }),
@@ -72,16 +28,15 @@ export async function POST(req: NextRequest) {
     const { event_id } = await submitRes.json();
     if (!event_id) throw new Error("No event_id from Gradio");
 
-    // FIX v4.1: Improved SSE polling with proper streaming support
-    // Uses exponential backoff instead of fixed 1s intervals
+    // Step 2: Poll for result (SSE)
+    // The Gradio API streams but we need the full response
     let resultText = "";
     let attempts = 0;
-    const maxAttempts = 90; // 90 seconds max (increased from 60)
-    let delay = 500; // Start at 500ms, increase
+    const maxAttempts = 60; // 60 seconds max
 
     while (attempts < maxAttempts) {
       const resultRes = await fetch(
-        `${GRADIO_URL}/gradio_api/call/analyze/${event_id}`,
+        `${GRADIO_URL}/gradio_api/call/_analysis_and_index/${event_id}`,
         { headers: { Accept: "text/event-stream" } }
       );
 
@@ -93,26 +48,31 @@ export async function POST(req: NextRequest) {
         throw new Error(errMatch ? errMatch[1] : "Analysis failed in backend");
       }
 
-      await new Promise(r => setTimeout(r, delay));
-      delay = Math.min(delay * 1.2, 2000); // Cap at 2s
+      // Wait 1 second and retry
+      await new Promise(r => setTimeout(r, 1000));
       attempts++;
     }
 
     if (!resultText.includes("event: complete")) {
-      throw new Error("Analysis timed out. The backend may be loading models. Please try again in 30 seconds.");
+      throw new Error("Analysis timed out");
     }
 
     // Step 3: Parse the SSE data
+    // Format: "event: complete\ndata: [...]"
+    // The data contains HTML with literal newlines, so we need to find 'data: ' after 'event: complete'
     const completeIdx = resultText.indexOf("event: complete");
     const dataIdx = resultText.indexOf("data: ", completeIdx);
     if (dataIdx === -1) throw new Error("No data in response");
 
     const dataStr = resultText.substring(dataIdx + 6).trim();
 
+    // Parse JSON — the HTML strings contain control characters so we need to handle that
+    // In JS, JSON.parse is more lenient with control chars in strings than Python's strict mode
     let gradioData: any[];
     try {
       gradioData = JSON.parse(dataStr);
     } catch {
+      // If direct parse fails, try replacing problematic control characters
       const cleaned = dataStr.replace(/[\x00-\x1f]/g, (ch: string) => {
         if (ch === "\n") return "\\n";
         if (ch === "\r") return "\\r";
@@ -123,11 +83,13 @@ export async function POST(req: NextRequest) {
     }
 
     // Step 4: Download the JSON report file (structured data)
+    // gradioData[8] is the JSON file object with { url, path, ... }
     const jsonFileObj = gradioData[8];
     if (!jsonFileObj?.url) {
       throw new Error("No JSON report generated");
     }
 
+    // Download immediately (temp files expire quickly)
     const jsonRes = await fetch(jsonFileObj.url);
     if (!jsonRes.ok) throw new Error("Failed to download analysis JSON");
     const analysisData = await jsonRes.json();
@@ -153,80 +115,37 @@ export async function POST(req: NextRequest) {
     }
     const results = Array.from(clauseMap.values());
 
-    // FIX v4.1: Parse redlines from structured JSON data instead of fragile HTML regex
+    // Parse redlines from HTML (gradioData[7])
     const redlines: any[] = [];
-
-    // Try to extract redlines from the analysis JSON first (if available)
-    if (analysisData.redlines && Array.isArray(analysisData.redlines)) {
-      for (const rl of analysisData.redlines) {
-        redlines.push({
-          clause_label: rl.clause_label || "",
-          risk_level: rl.risk_level || "MEDIUM",
-          original_text: rl.original_text || "",
-          safe_alternative: rl.safe_alternative || "",
-          template_alternative: rl.template_alternative || "",
-          legal_basis: rl.legal_basis || "",
-          consumer_standard: rl.consumer_standard || "",
-          tier: rl.tier || "template",
-        });
-      }
-    }
-
-    // Fallback: try parsing from HTML only if no structured data
-    if (redlines.length === 0) {
-      const redlineHtml = typeof gradioData[7] === "string" ? gradioData[7] : "";
-      if (redlineHtml.includes("Clause Redlining")) {
-        const blocks = redlineHtml.split(/border-left:4px solid #/);
-        for (let i = 1; i < blocks.length; i++) {
-          const block = blocks[i];
-          const labelMatch = block.match(/font-weight:600[^>]*>([^<]+)<\/span>\s*<span[^>]*font-weight:600[^>]*>([^<]+)/);
-          const origMatch = block.match(/<del>([^<]*)<\/del>/);
-          const safeBlock = block.match(/Suggested Alternative[\s\S]*?<div[^>]*color:#166534[^>]*>([\s\S]*?)<\/div>/);
-          const legalMatch = block.match(/Legal Basis<\/div>\s*<div[^>]*>([^<]+)/);
-          const consumerMatch = block.match(/Consumer Standard<\/div>\s*<div[^>]*>([^<]+)/);
-          const isLLM = block.includes("LLM Refined");
-
-          if (labelMatch) {
-            redlines.push({
-              clause_label: labelMatch[1].trim(),
-              risk_level: labelMatch[2].trim(),
-              original_text: origMatch ? origMatch[1].trim() : "",
-              safe_alternative: safeBlock ? safeBlock[1].replace(/<[^>]+>/g, "").trim() : "",
-              legal_basis: legalMatch ? legalMatch[1].trim() : "",
-              consumer_standard: consumerMatch ? consumerMatch[1].trim() : "",
-              tier: isLLM ? "llm_refined" : "template",
-            });
-          }
+    const redlineHtml = typeof gradioData[7] === "string" ? gradioData[7] : "";
+    if (redlineHtml.includes("Clause Redlining")) {
+      // Split by redline card borders
+      const blocks = redlineHtml.split(/border-left:4px solid #/);
+      for (let i = 1; i < blocks.length; i++) {
+        const block = blocks[i];
+        const labelMatch = block.match(/font-weight:600[^>]*>([^<]+)<\/span>\s*<span[^>]*font-weight:600[^>]*>([^<]+)/);
+        const origMatch = block.match(/<del>([^<]*)<\/del>/);
+        const safeBlock = block.match(/Suggested Alternative[\s\S]*?<div[^>]*color:#166534[^>]*>([\s\S]*?)<\/div>/);
+        const legalMatch = block.match(/Legal Basis<\/div>\s*<div[^>]*>([^<]+)/);
+        const consumerMatch = block.match(/Consumer Standard<\/div>\s*<div[^>]*>([^<]+)/);
+        const isLLM = block.includes("LLM Refined");
+
+        if (labelMatch) {
+          redlines.push({
+            clause_label: labelMatch[1].trim(),
+            risk_level: labelMatch[2].trim(),
+            original_text: origMatch ? origMatch[1].trim() : "",
+            safe_alternative: safeBlock ? safeBlock[1].replace(/<[^>]+>/g, "").trim() : "",
+            legal_basis: legalMatch ? legalMatch[1].trim() : "",
+            consumer_standard: consumerMatch ? consumerMatch[1].trim() : "",
+            tier: isLLM ? "llm_refined" : "template",
+          });
         }
       }
     }
 
     const modelStatus = analysisData.metadata?.model || "";
 
-    // FIX v4.1: Increment scan count in profiles table
-    await supabase
-      .from("profiles")
-      .update({ analyses_this_month: scanCount + 1 })
-      .eq("id", user.id);
-
-    // FIX v4.3: Save analysis to DB so it shows in history
-    // Wrapped in Promise.resolve() because Supabase returns PromiseLike (no .catch)
-    Promise.resolve(
-      supabase.from("analyses").insert({
-        user_id: user.id,
-        total_clauses: totalClauses,
-        flagged_count: flaggedCount,
-        risk_score: riskScore,
-        grade,
-        clauses: results,
-        entities: analysisData.entities || [],
-        contradictions: analysisData.contradictions || [],
-        obligations: analysisData.obligations || [],
-        compliance: analysisData.compliance || {},
-        model: modelStatus.includes("loaded") ? "ml" : "regex",
-      })
-    ).catch(() => {}); // fire-and-forget, don't block response
-
     return NextResponse.json({
       risk_score: riskScore,
       grade,

web/app/api/chat/route.ts

@@ -1,35 +1,11 @@
 import { NextRequest, NextResponse } from "next/server";
-import { createClient } from "@/lib/supabase/server";
 
-/**
- * FIX v4.3: Chat route completely rewritten.
- *
- * ARCHITECTURE:
- * The Gradio ChatInterface uses gr.State for RAG embeddings — these are
- * per-browser-session and NOT accessible via the Gradio REST API. Every API
- * call creates a new session with empty state, so chat via Gradio API will
- * NEVER have contract context.
- *
- * The correct approach:
- * 1. PRIMARY: Use the FastAPI backend (/api/chat) which manages RAG sessions
- *    with proper TTL-based expiry. The session_id comes from /api/analyze.
- * 2. FALLBACK: If FastAPI is unavailable, return a clear error directing
- *    the user to use the Gradio Space directly.
- *
- * The old code tried to call a non-existent Gradio "chat" endpoint which
- * always failed. Removed the broken Gradio fallback entirely.
- */
+const GRADIO_URL = process.env.CLAUSEGUARD_GRADIO_URL || "https://gaurv007-clauseguard.hf.space";
+
 export async function POST(req: NextRequest) {
   try {
-    const supabase = await createClient();
-    const { data: { user } } = await supabase.auth.getUser();
-
-    if (!user) {
-      return NextResponse.json({ error: "Unauthorized. Please log in." }, { status: 401 });
-    }
-
     const body = await req.json();
-    const { message, history, session_id } = body;
+    const { message, history } = body;
 
     if (!message) {
       return NextResponse.json(
@@ -38,64 +14,55 @@ export async function POST(req: NextRequest) {
       );
     }
 
-    if (message.length > 2000) {
-      return NextResponse.json(
-        { error: "Message too long (max 2000 characters)" },
-        { status: 400 }
-      );
-    }
+    // The Gradio ChatInterface endpoint is /chat
+    // It accepts: message (str), then the additional_inputs are handled by Gradio state
+    // We need to call the Gradio API with the message
+    const submitRes = await fetch(`${GRADIO_URL}/gradio_api/call/chat`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ data: [message] }),
+    });
 
-    // Try the FastAPI backend (it has proper RAG session management)
-    const apiUrl = process.env.CLAUSEGUARD_API_URL || "";
-    if (apiUrl && session_id) {
-      try {
-        const apiRes = await fetch(`${apiUrl}/api/chat`, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({ message, session_id, history: history || [] }),
-        });
-        if (apiRes.ok) {
-          const data = await apiRes.json();
-          return NextResponse.json({ response: data.response });
-        }
-        // If 404, session expired
-        if (apiRes.status === 404) {
-          return NextResponse.json({
-            response: "⚠️ Your chat session has expired (sessions last 1 hour). " +
-              "Please analyze the contract again to start a new chat session."
-          });
-        }
-      } catch {
-        // FastAPI backend unreachable — fall through to error message
-      }
+    if (!submitRes.ok) {
+      const errText = await submitRes.text().catch(() => "");
+      throw new Error(`Chat submit failed (${submitRes.status}): ${errText}`);
     }
 
-    // No FastAPI backend available or no session_id
-    // FIX v4.3: Return a clear, helpful message instead of trying a broken Gradio endpoint
-    if (!apiUrl) {
-      return NextResponse.json({
-        response: "⚠️ Contract Q&A chat requires the FastAPI backend which is not currently deployed. " +
-          "You can use the chat feature directly in the [Gradio Space](https://gaurv007-clauseguard.hf.space) " +
-          "— analyze a contract there, then switch to the Q&A tab."
-      });
+    const { event_id } = await submitRes.json();
+    if (!event_id) throw new Error("No event_id from Gradio chat");
+
+    // Poll for streaming result
+    const resultRes = await fetch(
+      `${GRADIO_URL}/gradio_api/call/chat/${event_id}`,
+      { headers: { Accept: "text/event-stream" } }
+    );
+
+    if (!resultRes.ok) {
+      throw new Error(`Chat result failed: ${resultRes.status}`);
     }
 
-    if (!session_id) {
-      return NextResponse.json({
-        response: "⚠️ No active chat session. Please analyze a contract first — " +
-          "the chat session is created when you run analysis."
-      });
+    const resultText = await resultRes.text();
+
+    // Find the complete event data
+    const dataMatch = resultText.match(/event:\s*complete\s*\ndata:\s*(.+)/);
+    if (!dataMatch) {
+      // Check for error
+      const errMatch = resultText.match(/event:\s*error\s*\ndata:\s*(.+)/);
+      if (errMatch) {
+        throw new Error(`Chat error: ${errMatch[1]}`);
+      }
+      throw new Error("No response from chatbot. Analyze a contract first in the Gradio Space, then try chatting.");
     }
 
-    return NextResponse.json({
-      response: "⚠️ Chat service is temporarily unavailable. Please try again, or use the " +
-        "[Gradio Space](https://gaurv007-clauseguard.hf.space) directly."
-    });
+    const responseData = JSON.parse(dataMatch[1]);
+    // The ChatInterface returns the response as a string
+    const responseText = typeof responseData === "string" ? responseData : responseData[0] || "";
 
+    return NextResponse.json({ response: responseText });
   } catch (error: any) {
     console.error("Chat error:", error.message);
     return NextResponse.json(
-      { error: error.message || "Chat failed. Make sure you analyzed a contract first." },
+      { error: error.message || "Chat failed. Make sure you analyzed a contract in the Gradio Space first." },
       { status: 500 }
     );
   }

web/app/api/compare/route.ts

@@ -1,17 +1,9 @@
 import { NextRequest, NextResponse } from "next/server";
-import { createClient } from "@/lib/supabase/server";
 
 const GRADIO_URL = process.env.CLAUSEGUARD_GRADIO_URL || "https://gaurv007-clauseguard.hf.space";
 
 export async function POST(req: NextRequest) {
   try {
-    const supabase = await createClient();
-    const { data: { user } } = await supabase.auth.getUser();
-
-    if (!user) {
-      return NextResponse.json({ error: "Unauthorized. Please log in." }, { status: 401 });
-    }
-
     const body = await req.json();
     const { text_a, text_b } = body;
 
@@ -22,13 +14,8 @@ export async function POST(req: NextRequest) {
       );
     }
 
-    // FIX v4.3: REMOVED HTML-escaping that CORRUPTED contract text before analysis.
-    // The old code did text_a.replace(/</g, "&lt;") which permanently mutated
-    // the text (e.g., ">$10,000" → "&gt;$10,000"). Sanitization is the
-    // frontend's job — React auto-escapes in JSX. Never mutate analysis input.
-
     // Call Gradio Space API
-    const submitRes = await fetch(`${GRADIO_URL}/gradio_api/call/compare`, {
+    const submitRes = await fetch(`${GRADIO_URL}/gradio_api/call/run_comparison`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({ data: [text_a, text_b] }),
@@ -41,44 +28,24 @@ export async function POST(req: NextRequest) {
     const { event_id } = await submitRes.json();
     if (!event_id) throw new Error("No event_id from Gradio");
 
-    // Poll for result with retry
-    let resultText = "";
-    let attempts = 0;
-    const maxAttempts = 60;
-    let delay = 500;
-
-    while (attempts < maxAttempts) {
-      const resultRes = await fetch(
-        `${GRADIO_URL}/gradio_api/call/compare/${event_id}`,
-        { headers: { Accept: "text/event-stream" } }
-      );
-
-      resultText = await resultRes.text();
-
-      if (resultText.includes("event: complete")) break;
-      if (resultText.includes("event: error")) {
-        const errMatch = resultText.match(/data:\s*(.+)/);
-        throw new Error(errMatch ? errMatch[1] : "Comparison failed in backend");
-      }
-
-      await new Promise(r => setTimeout(r, delay));
-      delay = Math.min(delay * 1.2, 2000);
-      attempts++;
-    }
+    // Poll for result
+    const resultRes = await fetch(
+      `${GRADIO_URL}/gradio_api/call/run_comparison/${event_id}`,
+      { headers: { Accept: "text/event-stream" } }
+    );
 
-    if (!resultText.includes("event: complete")) {
-      throw new Error("Comparison timed out. Please try again.");
+    if (!resultRes.ok) {
+      throw new Error(`Gradio result failed: ${resultRes.status}`);
     }
 
-    const completeIdx = resultText.indexOf("event: complete");
-    const dataIdx = resultText.indexOf("data: ", completeIdx);
-    if (dataIdx === -1) throw new Error("No data in response");
-
-    const dataStr = resultText.substring(dataIdx + 6).trim();
-    const gradioData = JSON.parse(dataStr);
+    const resultText = await resultRes.text();
+    const dataMatch = resultText.match(/event:\s*complete\s*\ndata:\s*(.+)/);
+    if (!dataMatch) throw new Error("No complete event from Gradio");
 
+    const gradioData = JSON.parse(dataMatch[1]);
     // gradioData[0] = comparison HTML
     // gradioData[1] = raw JSON comparison data
+
     const comparisonResult = gradioData[1];
     if (typeof comparisonResult === "object" && comparisonResult !== null) {
       return NextResponse.json(comparisonResult);

web/app/api/parse-upload/route.ts

@@ -1,20 +1,9 @@
 import { NextRequest, NextResponse } from "next/server";
-import { createClient } from "@/lib/supabase/server";
 
 export const runtime = "nodejs";
 
-// Add a 5MB size limit
-const MAX_FILE_SIZE = 5 * 1024 * 1024;
-
 export async function POST(req: NextRequest) {
   try {
-    const supabase = await createClient();
-    const { data: { user } } = await supabase.auth.getUser();
-
-    if (!user) {
-      return NextResponse.json({ error: "Unauthorized. Please log in." }, { status: 401 });
-    }
-
     const formData = await req.formData();
     const file = formData.get("file") as File | null;
 
@@ -22,10 +11,6 @@ export async function POST(req: NextRequest) {
       return NextResponse.json({ error: "No file uploaded" }, { status: 400 });
     }
 
-    if (file.size > MAX_FILE_SIZE) {
-      return NextResponse.json({ error: "File exceeds 5MB size limit" }, { status: 400 });
-    }
-
     const name = file.name.toLowerCase();
     const buffer = Buffer.from(await file.arrayBuffer());
     let text = "";
@@ -33,20 +18,13 @@ export async function POST(req: NextRequest) {
     if (name.endsWith(".txt") || name.endsWith(".md")) {
       text = new TextDecoder().decode(buffer);
     } else if (name.endsWith(".pdf")) {
-      // pdf-parse v2 API: named export PDFParse class + worker import
-      try {
-        await import("pdf-parse/worker");
-        const { PDFParse } = await import("pdf-parse");
-        const parser = new PDFParse({ data: buffer });
-        const result = await parser.getText();
-        text = result.text;
-        await parser.destroy();
-      } catch (pdfErr: any) {
-        console.error("PDF parse error:", pdfErr);
-        return NextResponse.json({
-          error: "PDF parsing failed. Please copy-paste the text directly, or use the Gradio Space which has OCR support."
-        }, { status: 400 });
-      }
+      // pdf-parse v2
+      await import("pdf-parse/worker");
+      const { PDFParse } = await import("pdf-parse");
+      const parser = new PDFParse({ data: buffer });
+      const result = await parser.getText();
+      text = result.text;
+      await parser.destroy();
     } else if (name.endsWith(".docx")) {
       const mammoth = (await import("mammoth")).default;
       const result = await mammoth.extractRawText({ buffer });

web/app/api/redline/route.ts

@@ -1,25 +1,9 @@
 import { NextRequest, NextResponse } from "next/server";
-import { createClient } from "@/lib/supabase/server";
 
-/**
- * FIX v4.3: Redline route now works through the Gradio Space directly.
- * The old code pointed to a non-existent FastAPI Space (gaurv007-clauseguard-api.hf.space).
- * Since redlining is already part of the analyze pipeline (returned in analysis results),
- * this endpoint is primarily for re-running redlines on existing text.
- */
-
-const GRADIO_URL = process.env.CLAUSEGUARD_GRADIO_URL || "https://gaurv007-clauseguard.hf.space";
-const API_URL = process.env.CLAUSEGUARD_API_URL || "";
+const API_URL = process.env.CLAUSEGUARD_API_URL || "https://gaurv007-clauseguard-api.hf.space";
 
 export async function POST(req: NextRequest) {
   try {
-    const supabase = await createClient();
-    const { data: { user } } = await supabase.auth.getUser();
-
-    if (!user) {
-      return NextResponse.json({ error: "Unauthorized. Please log in." }, { status: 401 });
-    }
-
     const body = await req.json();
     const { session_id, text, use_llm } = body;
 
@@ -30,89 +14,19 @@ export async function POST(req: NextRequest) {
       );
     }
 
-    // Try FastAPI backend first (if configured and available)
-    if (API_URL) {
-      try {
-        const response = await fetch(`${API_URL}/api/redline`, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({ session_id, text, use_llm: use_llm ?? true }),
-        });
-
-        if (response.ok) {
-          const result = await response.json();
-          return NextResponse.json(result);
-        }
-      } catch {
-        // Fall through to Gradio approach
-      }
-    }
-
-    // Fallback: If text is provided, run full analysis via Gradio (includes redlines)
-    if (text) {
-      if (text.trim().length < 50) {
-        return NextResponse.json({ error: "Text too short (min 50 chars)" }, { status: 400 });
-      }
-
-      const submitRes = await fetch(`${GRADIO_URL}/gradio_api/call/analyze`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ data: [text] }),
-      });
+    const response = await fetch(`${API_URL}/api/redline`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ session_id, text, use_llm: use_llm ?? true }),
+    });
 
-      if (!submitRes.ok) {
-        throw new Error(`Gradio submit failed: ${submitRes.status}`);
-      }
-
-      const { event_id } = await submitRes.json();
-      if (!event_id) throw new Error("No event_id from Gradio");
-
-      let resultText = "";
-      let attempts = 0;
-      while (attempts < 90) {
-        const resultRes = await fetch(
-          `${GRADIO_URL}/gradio_api/call/analyze/${event_id}`,
-          { headers: { Accept: "text/event-stream" } }
-        );
-        resultText = await resultRes.text();
-        if (resultText.includes("event: complete")) break;
-        if (resultText.includes("event: error")) throw new Error("Redline analysis failed");
-        await new Promise(r => setTimeout(r, 1000));
-        attempts++;
-      }
-
-      if (!resultText.includes("event: complete")) {
-        throw new Error("Analysis timed out");
-      }
-
-      // Parse the result to extract redlines from the JSON report
-      const completeIdx = resultText.indexOf("event: complete");
-      const dataIdx = resultText.indexOf("data: ", completeIdx);
-      if (dataIdx === -1) throw new Error("No data in response");
-
-      const dataStr = resultText.substring(dataIdx + 6).trim();
-      const gradioData = JSON.parse(dataStr);
-
-      // Download JSON report file
-      const jsonFileObj = gradioData[8];
-      if (jsonFileObj?.url) {
-        const jsonRes = await fetch(jsonFileObj.url);
-        if (jsonRes.ok) {
-          const analysisData = await jsonRes.json();
-          if (analysisData.redlines) {
-            return NextResponse.json({ redlines: analysisData.redlines, count: analysisData.redlines.length });
-          }
-        }
-      }
-
-      return NextResponse.json({ redlines: [], count: 0 });
+    if (!response.ok) {
+      const err = await response.text().catch(() => "");
+      throw new Error(err || `Backend error: ${response.status}`);
     }
 
-    // No FastAPI backend and only session_id provided (can't access Gradio sessions)
-    return NextResponse.json({
-      error: "Redline by session_id requires the FastAPI backend. Provide contract text instead, or use the analysis results which already include redline suggestions.",
-    }, { status: 400 });
-
+    const result = await response.json();
+    return NextResponse.json(result);
   } catch (error: any) {
     console.error("Redline error:", error.message);
     return NextResponse.json(

web/app/api/subscribe/create/route.ts

@@ -13,7 +13,7 @@ export async function POST(req: NextRequest) {
       return NextResponse.json({ error: "Invalid plan" }, { status: 400 });
     }
 
-    const planId = PLANS[plan as keyof typeof PLANS].razorpay_plan_id;
+    const planId = PLANS[plan].razorpay_plan_id;
     if (!planId) return NextResponse.json({ error: "Plan not configured" }, { status: 500 });
 
     const razorpay = getRazorpay();

web/app/auth/callback/route.ts

@@ -4,14 +4,9 @@ import { NextResponse } from "next/server";
 export async function GET(request: Request) {
   const requestUrl = new URL(request.url);
   const code = requestUrl.searchParams.get("code");
-  let next = requestUrl.searchParams.get("next") || "/dashboard-pages/dashboard";
+  const next = requestUrl.searchParams.get("next") || "/dashboard-pages/dashboard";
   const origin = requestUrl.origin;
 
-  // Prevent open redirect
-  if (next && !next.startsWith("/")) {
-    next = "/dashboard-pages/dashboard";
-  }
-
   if (code) {
     const supabase = await createClient();
     const { error } = await supabase.auth.exchangeCodeForSession(code);

web/app/auth/login/page.tsx

@@ -1,13 +1,13 @@
 "use client";
 
-import { useState, useEffect, Suspense } from "react";
+import { useState, useEffect } from "react";
 import { createClient } from "@/lib/supabase/client";
 import { getBaseUrl } from "@/lib/auth-url";
 import Link from "next/link";
-import { useSearchParams, useRouter } from "next/navigation";
+import { useSearchParams } from "next/navigation";
 import { ArrowLeft, Mail, Loader2 } from "lucide-react";
 
-function LoginForm() {
+export default function LoginPage() {
   const [email, setEmail] = useState("");
   const [password, setPassword] = useState("");
   const [error, setError] = useState("");
@@ -16,22 +16,21 @@ function LoginForm() {
   const [magicSent, setMagicSent] = useState(false);
   const supabase = createClient();
   const searchParams = useSearchParams();
-  const router = useRouter();
   const next = searchParams.get("next") || "/dashboard-pages/dashboard";
 
   // Check if already logged in — redirect immediately
   useEffect(() => {
     supabase.auth.getUser().then(({ data: { user } }) => {
-      if (user) { router.push(next); }
+      if (user) { window.location.href = next; }
       else { setChecking(false); }
     });
-  }, [next, supabase.auth, router]);
+  }, []);
 
   async function handleLogin(e: React.FormEvent) {
     e.preventDefault(); setLoading(true); setError("");
     const { error } = await supabase.auth.signInWithPassword({ email, password });
     if (error) { setError(error.message); setLoading(false); }
-    else { router.push(next); }
+    else { window.location.href = next; }
   }
 
   async function handleMagicLink() {
@@ -120,15 +119,3 @@ function LoginForm() {
     </div>
   );
 }
-
-export default function LoginPage() {
-  return (
-    <Suspense fallback={
-      <div className="min-h-screen flex items-center justify-center bg-white">
-        <Loader2 className="w-5 h-5 text-zinc-300 animate-spin" />
-      </div>
-    }>
-      <LoginForm />
-    </Suspense>
-  );
-}

web/app/auth/signup/page.tsx

@@ -4,7 +4,6 @@ import { useState, useEffect } from "react";
 import { createClient } from "@/lib/supabase/client";
 import { getBaseUrl } from "@/lib/auth-url";
 import Link from "next/link";
-import { useRouter } from "next/navigation";
 import { ArrowLeft, Loader2 } from "lucide-react";
 
 export default function SignupPage() {
@@ -15,15 +14,14 @@ export default function SignupPage() {
   const [checking, setChecking] = useState(true);
   const [done, setDone] = useState(false);
   const supabase = createClient();
-  const router = useRouter();
 
   // Redirect if already logged in
   useEffect(() => {
     supabase.auth.getUser().then(({ data: { user } }) => {
-      if (user) { router.push("/dashboard-pages/dashboard"); }
+      if (user) { window.location.href = "/dashboard-pages/dashboard"; }
       else { setChecking(false); }
     });
-  }, [router, supabase.auth]);
+  }, []);
 
   async function handleSignup(e: React.FormEvent) {
     e.preventDefault(); setLoading(true); setError("");

web/app/dashboard-pages/analyze/loading.tsx

@@ -1,50 +0,0 @@
-/**
- * ClauseGuard — Loading skeleton for Analyze page
- * FIX v4.1: Added loading.tsx for instant navigation feedback
- * Next.js App Router automatically shows this while the page component loads
- */
-
-import { ScanText } from "lucide-react";
-
-export default function AnalyzeLoading() {
-  return (
-    <div className="min-h-screen bg-zinc-50/30">
-      <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-6 sm:py-10">
-        {/* Header skeleton */}
-        <div className="mb-6 sm:mb-8">
-          <h1 className="text-xl sm:text-2xl font-semibold tracking-tight flex items-center gap-2">
-            <ScanText className="w-5 h-5 sm:w-6 sm:h-6 text-zinc-400" />
-            Scan a document
-          </h1>
-          <div className="mt-2 h-4 w-96 bg-zinc-200 rounded animate-pulse" />
-        </div>
-
-        <div className="grid lg:grid-cols-5 gap-4 sm:gap-6">
-          {/* Input panel skeleton */}
-          <div className="lg:col-span-2">
-            <div className="bg-white border border-zinc-200 rounded-xl p-3 sm:p-4">
-              <div className="w-full h-[260px] sm:h-[360px] bg-zinc-100 rounded-lg animate-pulse" />
-              <div className="mt-3 flex gap-2">
-                <div className="flex-1 h-10 bg-zinc-900/10 rounded-lg animate-pulse" />
-                <div className="w-20 h-10 bg-zinc-100 rounded-lg animate-pulse" />
-                <div className="w-10 h-10 bg-zinc-100 rounded-lg animate-pulse" />
-              </div>
-            </div>
-          </div>
-
-          {/* Results panel skeleton */}
-          <div className="lg:col-span-3">
-            <div className="bg-white border border-zinc-200 rounded-xl p-4 sm:p-5">
-              <div className="flex items-center justify-center h-48 text-zinc-300">
-                <div className="text-center">
-                  <ScanText className="w-10 h-10 mx-auto mb-3 text-zinc-200" />
-                  <div className="h-4 w-48 bg-zinc-100 rounded mx-auto animate-pulse" />
-                </div>
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-    </div>
-  );
-}

web/app/dashboard-pages/analyze/page.tsx

@@ -3,7 +3,7 @@
 import { useState, useRef, useEffect } from "react";
 import {
   ScanText, ScanLine, TriangleAlert, CircleAlert, CircleCheck, Info,
-  ChevronDown, ChevronUp, Copy, Check, Upload, FileText,
+  FileDown, ChevronDown, ChevronUp, Copy, Check, Upload, FileText,
   ShieldCheck, ShieldAlert, Scale, Gavel, Ban, Globe, Eye, Stamp, FileX,
   Lock, Sparkles as SparklesIcon, X, Layers, Landmark, Briefcase,
   AlertTriangle, Tag, BookOpen, ClipboardList, DollarSign,
@@ -12,7 +12,6 @@ import {
   ShieldOff, CircleSlash, MessageSquareWarning, Construction,
   MessageSquare, Send, Loader2
 } from "lucide-react";
-import { ExportDropdown } from "@/components/export-dropdown";
 
 interface Cat { name: string; severity: string; description?: string; confidence?: number; }
 interface Clause { text: string; categories: Cat[]; }
@@ -20,7 +19,7 @@ interface Entity { text: string; type: string; score?: number; source?: string;
 interface Contradiction { type: string; explanation: string; severity: string; confidence?: number; source?: string; }
 interface Obligation { type: string; party: string; description: string; deadline: string; priority?: number; }
 interface ComplianceCheck { requirement: string; description: string; severity: string; status: string; matched_keywords: string[]; context?: string[]; }
-interface ComplianceReg { description: string; compliance_rate: number; checks: ComplianceCheck[]; overall_status: string; negated_count?: number; ambiguous_count?: number; note?: string; }
+interface ComplianceReg { description: string; compliance_rate: number; checks: ComplianceCheck[]; overall_status: string; negated_count?: number; ambiguous_count?: number; }
 interface Redline {
   original_text: string;
   clause_label: string;
@@ -101,7 +100,6 @@ const COMPLIANCE_STATUS: Record<string, { bg: string; text: string; border: stri
   PARTIAL: { bg: "bg-amber-50", text: "text-amber-700", border: "border-amber-200" },
   "NON-COMPLIANT": { bg: "bg-red-50", text: "text-red-700", border: "border-red-200" },
   WARNING: { bg: "bg-orange-50", text: "text-orange-700", border: "border-orange-200" },
-  NOT_APPLICABLE: { bg: "bg-zinc-50", text: "text-zinc-400", border: "border-zinc-200" },
 };
 
 function SourceBadge({ isML, confidence }: { isML: boolean; confidence?: number | null }) {
@@ -235,6 +233,17 @@ export default function AnalyzePage() {
     if (fileInputRef.current) fileInputRef.current.value = "";
   }
 
+  async function handleDownloadPDF() {
+    if (!results) return;
+    try {
+      const res = await fetch("/api/pdf/report", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(results) });
+      const blob = await res.blob();
+      const url = URL.createObjectURL(blob);
+      const a = document.createElement("a"); a.href = url; a.download = "clauseguard-report.pdf"; a.click();
+      URL.revokeObjectURL(url);
+    } catch {}
+  }
+
   function handleCopy() {
     if (!results) return;
     const summary = `ClauseGuard Report\nRisk: ${results.risk_score}/100 (Grade ${results.grade})\n${results.flagged_count} of ${results.total_clauses} clauses flagged\nEntities: ${results.entities.length}\nContradictions: ${results.contradictions.length}\nObligations: ${results.obligations.length}\n\n` +
@@ -360,51 +369,41 @@ export default function AnalyzePage() {
           <div className="lg:col-span-3">
             {results ? (
               <div className="space-y-3 sm:space-y-4">
-                {/* Score Card — redesigned with circular gauge */}
-                <div className="bg-white border border-zinc-200 rounded-2xl p-5 sm:p-6 shadow-sm">
-                  <div className="flex items-center gap-5 sm:gap-6">
-                    {/* Circular score gauge */}
-                    <div className="relative w-20 h-20 sm:w-24 sm:h-24 shrink-0">
-                      <svg className="w-full h-full -rotate-90" viewBox="0 0 100 100">
-                        <circle cx="50" cy="50" r="42" fill="none" stroke="#f4f4f5" strokeWidth="8" />
-                        <circle cx="50" cy="50" r="42" fill="none"
-                          stroke={results.risk_score >= 60 ? "#ef4444" : results.risk_score >= 30 ? "#f59e0b" : "#22c55e"}
-                          strokeWidth="8" strokeLinecap="round"
-                          strokeDasharray={`${results.risk_score * 2.64} 264`}
-                          className="transition-all duration-1000 ease-out" />
-                      </svg>
-                      <div className="absolute inset-0 flex flex-col items-center justify-center">
-                        <span className="text-xl sm:text-2xl font-bold tracking-tight">{results.risk_score}</span>
-                        <span className="text-[9px] text-zinc-400 -mt-0.5">/ 100</span>
+                {/* Score Card */}
+                <div className="bg-white border border-zinc-200 rounded-xl p-4 sm:p-5">
+                  <div className="flex flex-col sm:flex-row sm:items-start sm:justify-between gap-3">
+                    <div>
+                      <div className="flex items-baseline gap-2">
+                        <span className="text-3xl sm:text-4xl font-semibold tracking-tight">{results.risk_score}</span>
+                        <span className="text-sm text-zinc-400">/100 risk</span>
                       </div>
-                    </div>
-
-                    <div className="flex-1 min-w-0">
-                      <div className="flex items-center gap-2 mb-2">
-                        <span className={`text-sm font-bold px-3 py-1 rounded-lg border ${GRADE_STYLE[results.grade] || GRADE_STYLE.C}`}>
-                          Grade {results.grade}
-                        </span>
-                        <span className="text-xs text-zinc-400">
-                          {results.risk_score < 20 ? "Low Risk" : results.risk_score < 40 ? "Moderate Risk" : results.risk_score < 60 ? "Elevated Risk" : results.risk_score < 80 ? "High Risk" : "Critical Risk"}
-                        </span>
+                      <div className="mt-2 h-1.5 w-full sm:w-48 bg-zinc-100 rounded-full overflow-hidden">
+                        <div className={`h-full rounded-full transition-all duration-700 ${
+                          results.risk_score >= 60 ? "bg-red-500" : results.risk_score >= 30 ? "bg-amber-400" : "bg-emerald-500"
+                        }`} style={{ width: `${results.risk_score}%` }} />
                       </div>
+                    </div>
+                    <span className={`self-start text-sm font-semibold px-3 py-1 rounded-lg border ${GRADE_STYLE[results.grade] || GRADE_STYLE.C}`}>
+                      Grade {results.grade}
+                    </span>
+                  </div>
 
-                      {/* Severity breakdown — compact horizontal */}
-                      <div className="grid grid-cols-4 gap-1.5">
-                        {(["CRITICAL", "HIGH", "MEDIUM", "LOW"] as const).map(sev => {
-                          const c = SEV_CONFIG[sev];
-                          return (
-                            <div key={sev} className={`text-center py-1.5 px-1 rounded-lg ${c.bg} border ${c.border}`}>
-                              <span className={`text-sm font-bold ${c.text}`}>{sevCounts[sev]}</span>
-                              <p className={`text-[9px] ${c.text} opacity-70`}>{c.label}</p>
-                            </div>
-                          );
-                        })}
-                      </div>
+                  {/* Severity breakdown grid */}
+                  <div className="mt-4 grid grid-cols-4 gap-2">
+                    {(["CRITICAL", "HIGH", "MEDIUM", "LOW"] as const).map(sev => {
+                      const c = SEV_CONFIG[sev];
+                      return (
+                        <div key={sev} className={`text-center p-2 rounded-lg ${c.bg} border ${c.border}`}>
+                          <span className={`text-lg font-bold ${c.text}`}>{sevCounts[sev]}</span>
+                          <p className={`text-[10px] ${c.text} opacity-70`}>{c.label}</p>
+                        </div>
+                      );
+                    })}
+                  </div>
 
-                      {/* Meta stats */}
-                      <div className="mt-2.5 flex items-center gap-2 text-[10px] text-zinc-400 flex-wrap">
-                        <span className="flex items-center gap-1"><Layers className="w-3 h-3" />{results.total_clauses} clauses</span>
+                  {/* Meta stats */}
+                  <div className="mt-3 flex items-center gap-2 sm:gap-3 text-[11px] text-zinc-400 flex-wrap">
+                    <span className="flex items-center gap-1"><Layers className="w-3 h-3" />{results.total_clauses} clauses</span>
                     <span className="w-px h-3 bg-zinc-200" />
                     <span className="flex items-center gap-1"><Tag className="w-3 h-3" />{results.entities.length} entities</span>
                     <span className="w-px h-3 bg-zinc-200" />
@@ -412,11 +411,9 @@ export default function AnalyzePage() {
                     <span className="w-px h-3 bg-zinc-200" />
                     <span className="flex items-center gap-1"><Clock className="w-3 h-3" />{results.latency_ms}ms</span>
                     <span className="w-px h-3 bg-zinc-200" />
-                        <span className="flex items-center gap-1">
-                          {results.model !== "regex" ? <><Cpu className="w-3 h-3" /> ML Models</> : <><FileSearch className="w-3 h-3" /> Pattern fallback</>}
-                        </span>
-                      </div>
-                    </div>
+                    <span className="flex items-center gap-1">
+                      {results.model !== "regex" ? <><Cpu className="w-3 h-3" /> ML Models</> : <><FileSearch className="w-3 h-3" /> Pattern fallback</>}
+                    </span>
                   </div>
                 </div>
 
@@ -436,11 +433,11 @@ export default function AnalyzePage() {
                       </button>
                     ))}
                   </div>
-                  <div className="flex gap-1.5 self-end sm:self-auto items-center">
+                  <div className="flex gap-1.5 self-end sm:self-auto">
                     <button onClick={handleCopy} className="p-2 rounded-md hover:bg-zinc-100 text-zinc-400 hover:text-zinc-600 transition-colors" title="Copy summary">
                       {copied ? <Check className="w-4 h-4 text-emerald-500" /> : <Copy className="w-4 h-4" />}
                     </button>
-                    <ExportDropdown results={results} />
+                    <button onClick={handleDownloadPDF} className="p-2 rounded-md hover:bg-zinc-100 text-zinc-400 hover:text-zinc-600 transition-colors" title="Download PDF"><FileDown className="w-4 h-4" /></button>
                   </div>
                 </div>
 
@@ -460,7 +457,7 @@ export default function AnalyzePage() {
                 </div>
 
                 {/* Tab Content */}
-                <div className="max-h-[450px] sm:max-h-[560px] overflow-y-auto pr-1 scroll-smooth">
+                <div className="max-h-[350px] sm:max-h-[420px] overflow-y-auto pr-1">
 
                   {/* Clauses */}
                   {activeTab === "clauses" && (
@@ -660,9 +657,8 @@ export default function AnalyzePage() {
                         </div>
                       ) : Object.entries(results.compliance).map(([regName, reg]) => {
                         const status = COMPLIANCE_STATUS[reg.overall_status] || COMPLIANCE_STATUS.PARTIAL;
-                        const isNA = reg.overall_status === "NOT_APPLICABLE";
                         return (
-                          <div key={regName} className={`bg-white border border-zinc-200 rounded-xl overflow-hidden ${isNA ? "opacity-60" : ""}`}>
+                          <div key={regName} className="bg-white border border-zinc-200 rounded-xl overflow-hidden">
                             <div className={`flex flex-col sm:flex-row sm:items-center justify-between p-4 border-b ${status.bg} ${status.border}`}>
                               <div>
                                 <div className="flex items-center gap-2 flex-wrap">
@@ -681,15 +677,10 @@ export default function AnalyzePage() {
                                 <p className="text-[11px] text-zinc-500 mt-0.5">{reg.description}</p>
                               </div>
                               <div className="text-left sm:text-right mt-2 sm:mt-0">
-                                <span className={`text-lg font-bold ${status.text}`}>{isNA ? "N/A" : `${reg.compliance_rate}%`}</span>
+                                <span className={`text-lg font-bold ${status.text}`}>{reg.compliance_rate}%</span>
                                 <span className={`text-[11px] font-medium block ${status.text}`}>{reg.overall_status}</span>
                               </div>
                             </div>
-                            {isNA ? (
-                              <div className="p-3 text-xs text-zinc-400 italic">
-                                {reg.note || `${regName} does not appear applicable to this contract type.`}
-                              </div>
-                            ) : (
                             <div className="p-3 space-y-0.5">
                               {reg.checks.map((check, i) => {
                                 const sev = SEV_CONFIG[check.severity] || SEV_CONFIG.MEDIUM;
@@ -716,7 +707,6 @@ export default function AnalyzePage() {
                                 );
                               })}
                             </div>
-                            )}
                           </div>
                         );
                       })}
@@ -857,18 +847,8 @@ export default function AnalyzePage() {
                   )}
                 </div>
               </div>
-            ) : loading ? (
-              <div className="bg-white border border-zinc-200 rounded-2xl h-[300px] sm:h-[420px] flex flex-col items-center justify-center shadow-sm">
-                <div className="relative w-16 h-16 mb-4">
-                  <div className="absolute inset-0 rounded-full border-2 border-zinc-100" />
-                  <div className="absolute inset-0 rounded-full border-2 border-t-zinc-900 animate-spin" />
-                  <ScanLine className="absolute inset-0 m-auto w-6 h-6 text-zinc-400" />
-                </div>
-                <p className="text-sm font-medium text-zinc-700">Analyzing contract...</p>
-                <p className="text-xs text-zinc-400 mt-1">Running 6 ML models · This may take 30-60 seconds</p>
-              </div>
             ) : (
-              <div className="bg-white border border-dashed border-zinc-200 rounded-2xl h-[300px] sm:h-[420px] flex flex-col items-center justify-center">
+              <div className="bg-white border border-dashed border-zinc-200 rounded-xl h-[300px] sm:h-[420px] flex flex-col items-center justify-center">
                 <ScanText className="w-10 h-10 text-zinc-200 mb-3" />
                 <p className="text-sm text-zinc-300">Paste text and analyze to see results</p>
               </div>

web/app/dashboard-pages/compare/loading.tsx

@@ -1,22 +0,0 @@
-import { GitCompare } from "lucide-react";
-
-export default function CompareLoading() {
-  return (
-    <div className="min-h-screen bg-zinc-50/30">
-      <div className="max-w-6xl mx-auto px-4 sm:px-6 py-8 sm:py-12">
-        <div className="flex items-center gap-3 mb-8">
-          <GitCompare className="w-6 h-6 text-zinc-400 animate-pulse" />
-          <div className="h-7 w-44 bg-zinc-200 rounded-lg animate-pulse" />
-        </div>
-        <div className="grid md:grid-cols-2 gap-6">
-          {[...Array(2)].map((_, i) => (
-            <div key={i} className="bg-white rounded-xl p-4 border border-zinc-200">
-              <div className="h-3 w-24 bg-zinc-100 rounded animate-pulse mb-3" />
-              <div className="h-[280px] bg-zinc-50 rounded-lg animate-pulse" />
-            </div>
-          ))}
-        </div>
-      </div>
-    </div>
-  );
-}

web/app/dashboard-pages/dashboard/loading.tsx

@@ -1,45 +0,0 @@
-import { ShieldCheck, Loader2 } from "lucide-react";
-
-export default function DashboardLoading() {
-  return (
-    <div className="min-h-screen bg-zinc-50/30">
-      <div className="max-w-6xl mx-auto px-4 sm:px-6 py-8 sm:py-12">
-        <div className="flex items-center gap-3 mb-8">
-          <ShieldCheck className="w-6 h-6 text-indigo-400 animate-pulse" />
-          <div className="h-7 w-32 bg-zinc-200 rounded-lg animate-pulse" />
-        </div>
-        <div className="grid grid-cols-2 lg:grid-cols-4 gap-4 mb-10">
-          {[...Array(4)].map((_, i) => (
-            <div key={i} className="bg-white rounded-xl p-5 border border-zinc-200">
-              <div className="h-3 w-20 bg-zinc-100 rounded animate-pulse mb-3" />
-              <div className="h-7 w-16 bg-zinc-200 rounded animate-pulse" />
-            </div>
-          ))}
-        </div>
-        <div className="grid sm:grid-cols-3 gap-4 mb-10">
-          {[...Array(3)].map((_, i) => (
-            <div key={i} className="bg-white rounded-xl p-5 border border-zinc-200 flex items-center gap-4">
-              <div className="w-10 h-10 rounded-lg bg-zinc-100 animate-pulse" />
-              <div>
-                <div className="h-3 w-24 bg-zinc-100 rounded animate-pulse mb-2" />
-                <div className="h-5 w-12 bg-zinc-200 rounded animate-pulse" />
-              </div>
-            </div>
-          ))}
-        </div>
-        <div className="bg-white rounded-xl border border-zinc-200 p-6">
-          <div className="h-5 w-28 bg-zinc-200 rounded animate-pulse mb-6" />
-          {[...Array(4)].map((_, i) => (
-            <div key={i} className="flex items-center justify-between py-4 border-b border-zinc-50">
-              <div>
-                <div className="h-4 w-48 bg-zinc-100 rounded animate-pulse mb-2" />
-                <div className="h-3 w-32 bg-zinc-50 rounded animate-pulse" />
-              </div>
-              <div className="h-7 w-14 bg-zinc-100 rounded-full animate-pulse" />
-            </div>
-          ))}
-        </div>
-      </div>
-    </div>
-  );
-}

web/app/dashboard-pages/settings/loading.tsx

@@ -1,23 +0,0 @@
-import { Settings } from "lucide-react";
-
-export default function SettingsLoading() {
-  return (
-    <div className="min-h-screen bg-zinc-50/30">
-      <div className="max-w-3xl mx-auto px-4 sm:px-6 py-8 sm:py-12">
-        <div className="flex items-center gap-3 mb-8">
-          <Settings className="w-6 h-6 text-zinc-400 animate-pulse" />
-          <div className="h-7 w-28 bg-zinc-200 rounded-lg animate-pulse" />
-        </div>
-        {[...Array(3)].map((_, i) => (
-          <div key={i} className="bg-white rounded-xl p-6 border border-zinc-200 mb-4">
-            <div className="h-5 w-32 bg-zinc-200 rounded animate-pulse mb-4" />
-            <div className="space-y-3">
-              <div className="h-10 bg-zinc-50 rounded-lg animate-pulse" />
-              <div className="h-10 bg-zinc-50 rounded-lg animate-pulse" />
-            </div>
-          </div>
-        ))}
-      </div>
-    </div>
-  );
-}

web/components/export-dropdown.tsx

@@ -1,69 +0,0 @@
-"use client";
-
-import { useState, useRef, useEffect } from "react";
-import { FileDown, ChevronDown, Loader2 } from "lucide-react";
-import { EXPORT_FORMATS } from "@/lib/export-utils";
-import type { AnalysisResult } from "@/lib/types";
-
-export function ExportDropdown({ results }: { results: AnalysisResult }) {
-  const [open, setOpen] = useState(false);
-  const [exporting, setExporting] = useState<string | null>(null);
-  const ref = useRef<HTMLDivElement>(null);
-
-  useEffect(() => {
-    function handleClickOutside(e: MouseEvent) {
-      if (ref.current && !ref.current.contains(e.target as Node)) setOpen(false);
-    }
-    document.addEventListener("mousedown", handleClickOutside);
-    return () => document.removeEventListener("mousedown", handleClickOutside);
-  }, []);
-
-  async function handleExport(key: string, fn: (r: AnalysisResult) => void | Promise<any>) {
-    setExporting(key);
-    try {
-      await fn(results);
-    } catch (e) {
-      console.error("Export failed:", e);
-    }
-    setExporting(null);
-    setOpen(false);
-  }
-
-  return (
-    <div ref={ref} className="relative">
-      <button
-        onClick={() => setOpen(!open)}
-        className="inline-flex items-center gap-1.5 px-3 py-1.5 text-xs font-medium text-zinc-600 bg-white border border-zinc-200 rounded-lg hover:bg-zinc-50 hover:border-zinc-300 transition-all shadow-sm"
-      >
-        <FileDown className="w-3.5 h-3.5" />
-        Export
-        <ChevronDown className={`w-3 h-3 transition-transform ${open ? "rotate-180" : ""}`} />
-      </button>
-
-      {open && (
-        <div className="absolute right-0 top-full mt-1.5 w-64 bg-white border border-zinc-200 rounded-xl shadow-xl z-50 overflow-hidden animate-in fade-in slide-in-from-top-1 duration-150">
-          <div className="px-3 py-2 border-b border-zinc-100">
-            <p className="text-[10px] font-semibold text-zinc-400 uppercase tracking-wider">Export Report</p>
-          </div>
-          <div className="py-1">
-            {EXPORT_FORMATS.map((fmt) => (
-              <button
-                key={fmt.key}
-                onClick={() => handleExport(fmt.key, fmt.fn)}
-                disabled={exporting !== null}
-                className="w-full flex items-center gap-3 px-3 py-2.5 text-left hover:bg-zinc-50 transition-colors disabled:opacity-40"
-              >
-                <span className="text-base w-5 text-center">{fmt.icon}</span>
-                <div className="flex-1 min-w-0">
-                  <p className="text-sm font-medium text-zinc-700">{fmt.label}</p>
-                  <p className="text-[10px] text-zinc-400">{fmt.description}</p>
-                </div>
-                {exporting === fmt.key && <Loader2 className="w-3.5 h-3.5 text-zinc-400 animate-spin" />}
-              </button>
-            ))}
-          </div>
-        </div>
-      )}
-    </div>
-  );
-}

web/components/extension-bridge.tsx

@@ -57,24 +57,20 @@ export function ExtensionBridge() {
     const { data: { subscription } } = supabase.auth.onAuthStateChange(async (event, session) => {
       // Handle ALL events that mean "user is logged in"
       if (session && (event === "SIGNED_IN" || event === "INITIAL_SESSION" || event === "TOKEN_REFRESHED")) {
-        let profileData = null;
-        try {
-          const result = await supabase
-            .from("profiles")
-            .select("plan, full_name")
-            .eq("id", session.user.id)
-            .single();
-          profileData = result.data;
-        } catch {
-          // ignore
-        }
+        const { data: profile } = await supabase
+          .from("profiles")
+          .select("plan, full_name")
+          .eq("id", session.user.id)
+          .single()
+          .then(r => r)
+          .catch(() => ({ data: null }));
 
         sendAuthToExtension(
           session.access_token,
           session.user.email || "",
-          profileData?.full_name || session.user.user_metadata?.full_name || "",
+          profile?.full_name || session.user.user_metadata?.full_name || "",
           session.user.id,
-          profileData?.plan || "free",
+          profile?.plan || "free",
         );
       }
 

web/components/nav.tsx

@@ -29,69 +29,33 @@ export function Nav() {
   const hasTeam = !!userTeam;
 
   useEffect(() => {
-    let cancelled = false;
     const supabase = createClient();
-
-    // Single source of truth: onAuthStateChange.
-    // Fires INITIAL_SESSION immediately on setup (synchronous replay of stored session).
-    // Then fires SIGNED_IN, SIGNED_OUT, TOKEN_REFRESHED on auth changes.
-    // No separate getSession/getUser call — that was causing race conditions.
-    const { data: { subscription } } = supabase.auth.onAuthStateChange(
-      (event, session) => {
-        if (cancelled) return;
-
-        if (!session?.user) {
-          setUserEmail(null);
-          setUserRole(null);
-          setUserTeam(null);
-          setLoaded(true);
-          return;
-        }
-
-        // User is authenticated — show logged-in nav immediately
-        setUserEmail(session.user.email || null);
-        setLoaded(true);
-
-        // Fetch profile (role, team) in background — don't block the UI
-        supabase
+    supabase.auth.getUser().then(async ({ data }) => {
+      const user = data.user;
+      setUserEmail(user?.email || null);
+      if (user) {
+        const { data: profile } = await supabase
           .from("profiles")
           .select("role, team_id")
-          .eq("id", session.user.id)
-          .single()
-          .then(({ data: profile, error }) => {
-            if (cancelled) return;
-            if (error) {
-              console.error("[ClauseGuard Nav] Profile error:", error.message);
-              setUserRole("user");
-              setUserTeam(null);
-            } else {
-              setUserRole(profile?.role || "user");
-              setUserTeam(profile?.team_id || null);
-            }
-          });
+          .eq("id", user.id)
+          .single();
+        setUserRole(profile?.role || "user");
+        setUserTeam(profile?.team_id || null);
       }
-    );
-
-    return () => {
-      cancelled = true;
-      subscription.unsubscribe();
-    };
-  }, []); // eslint-disable-line react-hooks/exhaustive-deps
+      setLoaded(true);
+    });
+  }, []);
 
   async function handleSignOut() {
-    try {
-      const supabase = createClient();
-      await supabase.auth.signOut();
-    } catch {
-      // ignore
-    }
+    const supabase = createClient();
+    await supabase.auth.signOut();
     setUserEmail(null);
     setUserRole(null);
     setUserTeam(null);
     window.location.href = "/";
   }
 
-  // Public links - always visible
+  // Public links — always visible
   const mainLinks: NavLink[] = [
     { href: "/#features", label: "Features", icon: Sparkles },
     { href: "/#pricing", label: "Pricing", icon: CreditCard },
@@ -106,12 +70,12 @@ export function Nav() {
         <Link href="/" className="flex items-center gap-2">
           <ShieldCheck className="w-5 h-5 text-zinc-900" strokeWidth={2.2} />
           <span className="font-semibold text-[15px] tracking-tight text-zinc-900">ClauseGuard</span>
-          <span className="hidden sm:inline text-[10px] font-medium text-zinc-400 ml-1 border border-zinc-200 px-1.5 py-0.5 rounded">v4.3</span>
+          <span className="hidden sm:inline text-[10px] font-medium text-zinc-400 ml-1 border border-zinc-200 px-1.5 py-0.5 rounded">v4.0</span>
         </Link>
 
-        {/* Desktop Nav */}
+        {/* ─── Desktop Nav ─── */}
         <div className="hidden md:flex items-center gap-0.5">
-          {/* Public links - always visible */}
+          {/* Public links — always visible */}
           {mainLinks.map((l) => {
             const isActive = pathname === l.href;
             return (
@@ -124,7 +88,7 @@ export function Nav() {
             );
           })}
 
-          {/* Loading skeleton while auth state resolves */}
+          {/* ── Loading skeleton ── */}
           {!loaded && (
             <>
               <div className="w-px h-4 bg-zinc-200 mx-1.5" />
@@ -135,7 +99,7 @@ export function Nav() {
             </>
           )}
 
-          {/* Logged-in links */}
+          {/* ── Logged-in links ── */}
           {loaded && isLoggedIn && (
             <>
               {/* Dashboard */}
@@ -149,7 +113,7 @@ export function Nav() {
                 Dashboard
               </Link>
 
-              {/* Team - only when user belongs to a team */}
+              {/* Team — only when user has a team */}
               {hasTeam && (
                 <Link href="/dashboard-pages/team"
                   className={`flex items-center gap-1.5 px-2.5 py-1.5 text-[13px] rounded-md transition-colors ${
@@ -162,7 +126,7 @@ export function Nav() {
                 </Link>
               )}
 
-              {/* Admin - only for admin role */}
+              {/* Admin — only for admin role */}
               {isAdmin && (
                 <Link href="/admin"
                   className={`flex items-center gap-1.5 px-2.5 py-1.5 text-[13px] rounded-md transition-colors ${
@@ -187,13 +151,14 @@ export function Nav() {
                 <Settings className="w-3.5 h-3.5" />
                 Settings
               </Link>
-              {/* User indicator with hover dropdown */}
+
+              {/* User indicator + sign out dropdown */}
               <div className="relative group ml-1">
                 <button className="flex items-center gap-1.5 px-2.5 py-1.5 text-[13px] text-zinc-500 hover:text-zinc-900 rounded-md hover:bg-zinc-50 transition-colors">
                   <UserCircle className="w-3.5 h-3.5" />
                   <span className="max-w-[100px] truncate">{userEmail?.split("@")[0]}</span>
                 </button>
-                {/* Dropdown on hover */}
+                {/* Dropdown */}
                 <div className="absolute right-0 top-full mt-1 w-52 bg-white border border-zinc-200 rounded-xl shadow-lg opacity-0 invisible group-hover:opacity-100 group-hover:visible transition-all duration-150 z-50">
                   <div className="px-3 py-2.5 border-b border-zinc-100">
                     <p className="text-xs text-zinc-400">Signed in as</p>
@@ -233,7 +198,7 @@ export function Nav() {
             </>
           )}
 
-          {/* Logged-out links */}
+          {/* ── Logged-out links ── */}
           {loaded && !isLoggedIn && (
             <>
               <div className="w-px h-4 bg-zinc-200 mx-1.5" />
@@ -261,7 +226,7 @@ export function Nav() {
         </button>
       </div>
 
-      {/* Mobile Menu */}
+      {/* ─── Mobile Menu ─── */}
       {open && (
         <div className="md:hidden border-t border-zinc-100 bg-white px-5 py-3 space-y-0.5">
           {/* Public links */}
@@ -279,7 +244,7 @@ export function Nav() {
             );
           })}
 
-          {/* Mobile loading skeleton */}
+          {/* ── Mobile loading skeleton ── */}
           {!loaded && (
             <>
               <div className="h-px bg-zinc-100 my-1.5" />
@@ -290,12 +255,12 @@ export function Nav() {
             </>
           )}
 
-          {/* Mobile: Logged-in links */}
+          {/* ── Mobile: Logged-in links ── */}
           {loaded && isLoggedIn && (
             <>
               <div className="h-px bg-zinc-100 my-1.5" />
 
-              {/* User info banner */}
+              {/* User info */}
               <div className="px-3 py-2">
                 <p className="text-xs text-zinc-400">Signed in as</p>
                 <p className="text-sm text-zinc-700 font-medium truncate">{userEmail}</p>
@@ -319,7 +284,7 @@ export function Nav() {
                 <Settings className="w-4 h-4 text-zinc-400" /> Settings
               </Link>
 
-              {/* Team link */}
+              {/* Team */}
               {hasTeam && (
                 <Link href="/dashboard-pages/team" onClick={() => setOpen(false)}
                   className={`flex items-center gap-2.5 px-3 py-2.5 text-sm rounded-md ${
@@ -331,7 +296,7 @@ export function Nav() {
                 </Link>
               )}
 
-              {/* Admin link */}
+              {/* Admin */}
               {isAdmin && (
                 <Link href="/admin" onClick={() => setOpen(false)}
                   className={`flex items-center gap-2.5 px-3 py-2.5 text-sm rounded-md ${
@@ -359,7 +324,7 @@ export function Nav() {
             </>
           )}
 
-          {/* Mobile: Logged-out links */}
+          {/* ── Mobile: Logged-out links ── */}
           {loaded && !isLoggedIn && (
             <>
               <div className="h-px bg-zinc-100 my-1.5" />

web/lib/export-utils.ts

@@ -1,454 +0,0 @@
-/**
- * ClauseGuard — Multi-format Report Export Utility
- * Generates reports in: JSON, CSV, Markdown, Plain Text, HTML
- * PDF and DOCX use server-side generation via API routes.
- */
-
-import type { AnalysisResult, Clause, Entity, Contradiction, Obligation, ComplianceReg, Redline } from "./types";
-
-// ── Severity ordering ──
-const SEV_ORDER: Record<string, number> = { CRITICAL: 4, HIGH: 3, MEDIUM: 2, LOW: 1 };
-
-function sevSort(a: string, b: string) {
-  return (SEV_ORDER[b] || 0) - (SEV_ORDER[a] || 0);
-}
-
-function timestamp() {
-  return new Date().toISOString().replace(/[:.]/g, "-").slice(0, 19);
-}
-
-function download(content: string | Blob, filename: string, mime: string) {
-  const blob = content instanceof Blob ? content : new Blob([content], { type: mime });
-  const url = URL.createObjectURL(blob);
-  const a = document.createElement("a");
-  a.href = url;
-  a.download = filename;
-  document.body.appendChild(a);
-  a.click();
-  document.body.removeChild(a);
-  URL.revokeObjectURL(url);
-}
-
-// ═══════════════════════════════════════════════════════════════
-// JSON Export
-// ═══════════════════════════════════════════════════════════════
-
-export function exportJSON(results: AnalysisResult, formatted = true) {
-  const json = formatted
-    ? JSON.stringify(results, null, 2)
-    : JSON.stringify(results);
-  download(json, `clauseguard-report-${timestamp()}.json`, "application/json");
-}
-
-// ═══════════════════════════════════════════════════════════════
-// CSV Export
-// ═══════════════════════════════════════════════════════════════
-
-function escapeCSV(val: string): string {
-  if (val.includes(",") || val.includes('"') || val.includes("\n")) {
-    return `"${val.replace(/"/g, '""')}"`;
-  }
-  return val;
-}
-
-export function exportCSV(results: AnalysisResult) {
-  const rows: string[] = [];
-
-  // Header
-  rows.push("Section,Category,Severity,Confidence,Source,Text,Description");
-
-  // Clauses
-  for (const clause of results.results) {
-    for (const cat of clause.categories) {
-      rows.push([
-        "Clause",
-        escapeCSV(cat.name),
-        cat.severity,
-        cat.confidence != null ? String(Math.round(cat.confidence * 100)) + "%" : "pattern",
-        cat.confidence != null ? "ML" : "Pattern",
-        escapeCSV(clause.text.slice(0, 500)),
-        escapeCSV(cat.description || ""),
-      ].join(","));
-    }
-  }
-
-  // Entities
-  for (const ent of results.entities) {
-    rows.push([
-      "Entity",
-      escapeCSV(ent.type),
-      "",
-      ent.score ? String(Math.round(ent.score * 100)) + "%" : "",
-      ent.source || "",
-      escapeCSV(ent.text),
-      "",
-    ].join(","));
-  }
-
-  // Contradictions
-  for (const c of results.contradictions) {
-    rows.push([
-      "Contradiction",
-      escapeCSV(c.type),
-      c.severity,
-      c.confidence ? String(Math.round(c.confidence * 100)) + "%" : "",
-      c.source || "",
-      escapeCSV(c.explanation),
-      "",
-    ].join(","));
-  }
-
-  // Obligations
-  for (const o of results.obligations) {
-    rows.push([
-      "Obligation",
-      escapeCSV(o.type),
-      o.priority != null && o.priority >= 3 ? "HIGH" : o.priority === 2 ? "MEDIUM" : "LOW",
-      "",
-      "",
-      escapeCSV(o.description),
-      escapeCSV(`${o.party} · ${o.deadline}`),
-    ].join(","));
-  }
-
-  download(rows.join("\n"), `clauseguard-report-${timestamp()}.csv`, "text/csv");
-}
-
-// ═══════════════════════════════════════════════════════════════
-// Markdown Export
-// ═══════════════════════════════════════════════════════════════
-
-export function exportMarkdown(results: AnalysisResult) {
-  const lines: string[] = [];
-  const flagged = results.results.filter(r => r.categories.length > 0);
-  const sevCounts = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
-  flagged.forEach(r => r.categories.forEach(c => {
-    if (sevCounts[c.severity as keyof typeof sevCounts] !== undefined) sevCounts[c.severity as keyof typeof sevCounts]++;
-  }));
-
-  lines.push("# 🛡️ ClauseGuard Analysis Report");
-  lines.push("");
-  lines.push(`**Generated:** ${new Date().toLocaleString()}`);
-  lines.push(`**Risk Score:** ${results.risk_score}/100 · **Grade:** ${results.grade}`);
-  lines.push(`**Clauses:** ${results.total_clauses} total · ${results.flagged_count} flagged`);
-  lines.push(`**Model:** ${results.model === "ml" || results.model !== "regex" ? "ML Models" : "Pattern Matching"}`);
-  lines.push("");
-
-  // Severity breakdown
-  lines.push("## 📊 Risk Breakdown");
-  lines.push("");
-  lines.push("| Severity | Count |");
-  lines.push("|----------|-------|");
-  lines.push(`| 🔴 Critical | ${sevCounts.CRITICAL} |`);
-  lines.push(`| 🟠 High | ${sevCounts.HIGH} |`);
-  lines.push(`| 🟡 Medium | ${sevCounts.MEDIUM} |`);
-  lines.push(`| 🟢 Low | ${sevCounts.LOW} |`);
-  lines.push("");
-
-  // Flagged clauses
-  if (flagged.length > 0) {
-    lines.push("## ⚠️ Flagged Clauses");
-    lines.push("");
-    for (const clause of flagged) {
-      const labels = clause.categories.map(c => `**${c.name}** (${c.severity})`).join(", ");
-      lines.push(`### ${labels}`);
-      lines.push("");
-      lines.push(`> ${clause.text.slice(0, 500)}${clause.text.length > 500 ? "..." : ""}`);
-      lines.push("");
-      for (const cat of clause.categories) {
-        if (cat.description) lines.push(`- ${cat.description}`);
-        const src = cat.confidence != null ? `ML ${Math.round(cat.confidence * 100)}%` : "Pattern match";
-        lines.push(`- *Source: ${src}*`);
-      }
-      lines.push("");
-    }
-  }
-
-  // Entities
-  if (results.entities.length > 0) {
-    lines.push("## 🏷️ Extracted Entities");
-    lines.push("");
-    const grouped: Record<string, string[]> = {};
-    results.entities.forEach(e => {
-      if (!grouped[e.type]) grouped[e.type] = [];
-      if (!grouped[e.type].includes(e.text)) grouped[e.type].push(e.text);
-    });
-    for (const [type, items] of Object.entries(grouped)) {
-      lines.push(`**${type.replace(/_/g, " ")}:** ${items.join(", ")}`);
-    }
-    lines.push("");
-  }
-
-  // Contradictions
-  if (results.contradictions.length > 0) {
-    lines.push("## 🔍 Contradictions & Issues");
-    lines.push("");
-    for (const c of results.contradictions) {
-      lines.push(`- **[${c.severity}] ${c.type}:** ${c.explanation}`);
-    }
-    lines.push("");
-  }
-
-  // Obligations
-  if (results.obligations.length > 0) {
-    lines.push("## 📋 Obligations");
-    lines.push("");
-    lines.push("| Type | Party | Description | Deadline |");
-    lines.push("|------|-------|-------------|----------|");
-    for (const o of results.obligations) {
-      lines.push(`| ${o.type} | ${o.party} | ${o.description.slice(0, 100)} | ${o.deadline} |`);
-    }
-    lines.push("");
-  }
-
-  // Compliance
-  if (Object.keys(results.compliance).length > 0) {
-    lines.push("## ⚖️ Compliance");
-    lines.push("");
-    for (const [name, reg] of Object.entries(results.compliance)) {
-      lines.push(`### ${name} — ${reg.compliance_rate}% (${reg.overall_status})`);
-      lines.push(`*${reg.description}*`);
-      lines.push("");
-      for (const check of reg.checks) {
-        const icon = check.status === "PASS" ? "✅" : check.status === "MISSING" ? "❌" : "⚠️";
-        lines.push(`${icon} ${check.description} (${check.severity})`);
-      }
-      lines.push("");
-    }
-  }
-
-  // Redlines
-  if (results.redlines && results.redlines.length > 0) {
-    lines.push("## ✏️ Redlining Suggestions");
-    lines.push("");
-    for (const rl of results.redlines) {
-      lines.push(`### ${rl.clause_label} (${rl.risk_level})`);
-      lines.push("");
-      lines.push(`~~${rl.original_text.slice(0, 200)}~~`);
-      lines.push("");
-      lines.push(`✅ **Suggested:** ${rl.safe_alternative}`);
-      lines.push(`📚 ${rl.legal_basis} · 🛡️ ${rl.consumer_standard}`);
-      lines.push("");
-    }
-  }
-
-  lines.push("---");
-  lines.push("*⚠️ Not legal advice. Generated by ClauseGuard AI.*");
-
-  download(lines.join("\n"), `clauseguard-report-${timestamp()}.md`, "text/markdown");
-}
-
-// ═══════════════════════════════════════════════════════════════
-// Plain Text Export
-// ═══════════════════════════════════════════════════════════════
-
-export function exportText(results: AnalysisResult) {
-  const lines: string[] = [];
-  const flagged = results.results.filter(r => r.categories.length > 0);
-
-  lines.push("═══════════════════════════════════════════════════════");
-  lines.push("  CLAUSEGUARD ANALYSIS REPORT");
-  lines.push("═══════════════════════════════════════════════════════");
-  lines.push("");
-  lines.push(`Date:        ${new Date().toLocaleString()}`);
-  lines.push(`Risk Score:  ${results.risk_score}/100`);
-  lines.push(`Grade:       ${results.grade}`);
-  lines.push(`Clauses:     ${results.total_clauses} total, ${results.flagged_count} flagged`);
-  lines.push(`Entities:    ${results.entities.length}`);
-  lines.push(`Issues:      ${results.contradictions.length}`);
-  lines.push(`Obligations: ${results.obligations.length}`);
-  lines.push("");
-  lines.push("───────────────────────────────────────────────────────");
-  lines.push("  FLAGGED CLAUSES");
-  lines.push("───────────────────────────────────────────────────────");
-  lines.push("");
-
-  for (let i = 0; i < flagged.length; i++) {
-    const clause = flagged[i];
-    const labels = clause.categories.map(c => `[${c.severity}] ${c.name}`).join(", ");
-    lines.push(`${i + 1}. ${labels}`);
-    lines.push(`   ${clause.text.slice(0, 300)}${clause.text.length > 300 ? "..." : ""}`);
-    lines.push("");
-  }
-
-  if (results.entities.length > 0) {
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("  ENTITIES");
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("");
-    const grouped: Record<string, string[]> = {};
-    results.entities.forEach(e => {
-      if (!grouped[e.type]) grouped[e.type] = [];
-      if (!grouped[e.type].includes(e.text)) grouped[e.type].push(e.text);
-    });
-    for (const [type, items] of Object.entries(grouped)) {
-      lines.push(`  ${type}: ${items.join(", ")}`);
-    }
-    lines.push("");
-  }
-
-  if (results.contradictions.length > 0) {
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("  CONTRADICTIONS & ISSUES");
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("");
-    for (const c of results.contradictions) {
-      lines.push(`  [${c.severity}] ${c.type}: ${c.explanation}`);
-    }
-    lines.push("");
-  }
-
-  if (results.obligations.length > 0) {
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("  OBLIGATIONS");
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("");
-    for (const o of results.obligations) {
-      lines.push(`  [${o.type}] ${o.party}: ${o.description} (${o.deadline})`);
-    }
-    lines.push("");
-  }
-
-  if (results.redlines && results.redlines.length > 0) {
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("  REDLINING SUGGESTIONS");
-    lines.push("───────────────────────────────────────────────────────");
-    lines.push("");
-    for (const rl of results.redlines) {
-      lines.push(`  [${rl.risk_level}] ${rl.clause_label}`);
-      lines.push(`  ORIGINAL: ${rl.original_text.slice(0, 200)}`);
-      lines.push(`  SUGGESTED: ${rl.safe_alternative}`);
-      lines.push("");
-    }
-  }
-
-  lines.push("═══════════════════════════════════════════════════════");
-  lines.push("  NOT LEGAL ADVICE — Generated by ClauseGuard AI");
-  lines.push("═══════════════════════════════════════════════════════");
-
-  download(lines.join("\n"), `clauseguard-report-${timestamp()}.txt`, "text/plain");
-}
-
-// ═══════════════════════════════════════════════════════════════
-// HTML Export (self-contained styled report)
-// ═══════════════════════════════════════════════════════════════
-
-export function exportHTML(results: AnalysisResult) {
-  const flagged = results.results.filter(r => r.categories.length > 0);
-  const sevCounts = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
-  flagged.forEach(r => r.categories.forEach(c => {
-    if (sevCounts[c.severity as keyof typeof sevCounts] !== undefined) sevCounts[c.severity as keyof typeof sevCounts]++;
-  }));
-
-  const sevColor: Record<string, string> = { CRITICAL: "#dc2626", HIGH: "#ea580c", MEDIUM: "#ca8a04", LOW: "#16a34a" };
-
-  const clauseHTML = flagged.map(clause => {
-    const tags = clause.categories.map(c =>
-      `<span style="display:inline-block;background:${sevColor[c.severity] || '#888'}15;color:${sevColor[c.severity] || '#888'};border:1px solid ${sevColor[c.severity] || '#888'}40;padding:2px 10px;border-radius:4px;font-size:12px;font-weight:600;margin-right:4px;">${c.name} (${c.severity})</span>`
-    ).join("");
-    return `<div style="border:1px solid #e5e7eb;border-radius:8px;padding:16px;margin-bottom:12px;">
-      <div style="margin-bottom:8px;">${tags}</div>
-      <p style="font-size:13px;color:#374151;line-height:1.7;margin:0;">${clause.text.replace(/</g, "&lt;").slice(0, 500)}</p>
-    </div>`;
-  }).join("\n");
-
-  const entityHTML = (() => {
-    const grouped: Record<string, string[]> = {};
-    results.entities.forEach(e => {
-      if (!grouped[e.type]) grouped[e.type] = [];
-      if (!grouped[e.type].includes(e.text)) grouped[e.type].push(e.text);
-    });
-    return Object.entries(grouped).map(([type, items]) =>
-      `<div style="margin-bottom:12px;"><strong style="font-size:12px;text-transform:uppercase;color:#6b7280;">${type.replace(/_/g, " ")}</strong><div style="margin-top:4px;">${items.map(t => `<span style="display:inline-block;background:#f3f4f6;padding:3px 10px;border-radius:4px;font-size:12px;margin:2px;">${t}</span>`).join("")}</div></div>`
-    ).join("\n");
-  })();
-
-  const html = `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1">
-  <title>ClauseGuard Report — ${new Date().toLocaleDateString()}</title>
-  <style>
-    *{margin:0;padding:0;box-sizing:border-box}
-    body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;color:#1f2937;background:#fff;padding:40px;max-width:800px;margin:0 auto}
-    h1{font-size:24px;font-weight:700;margin-bottom:4px}
-    h2{font-size:16px;font-weight:600;margin:24px 0 12px;padding-bottom:8px;border-bottom:1px solid #e5e7eb}
-    .meta{font-size:12px;color:#9ca3af}
-    .score-card{display:flex;justify-content:space-between;align-items:center;background:#fafafa;border:1px solid #e5e7eb;border-radius:12px;padding:20px;margin:16px 0}
-    .score{font-size:36px;font-weight:700}
-    .grade{font-size:18px;font-weight:700;padding:6px 16px;border-radius:8px;border:1px solid #e5e7eb}
-    .sev-grid{display:grid;grid-template-columns:repeat(4,1fr);gap:8px;margin:12px 0}
-    .sev-item{text-align:center;padding:8px;border-radius:8px}
-    .disclaimer{margin-top:32px;padding:12px;background:#fefce8;border:1px solid #fde68a;border-radius:8px;font-size:11px;color:#92400e}
-    @media print{body{padding:20px}h2{break-before:auto}}
-  </style>
-</head>
-<body>
-  <h1>🛡️ ClauseGuard Analysis Report</h1>
-  <p class="meta">${new Date().toLocaleString()} · ${results.model !== "regex" ? "ML Models" : "Pattern Matching"}</p>
-
-  <div class="score-card">
-    <div>
-      <p class="meta">RISK SCORE</p>
-      <p class="score">${results.risk_score}<span style="font-size:16px;color:#9ca3af">/100</span></p>
-    </div>
-    <span class="grade">Grade ${results.grade}</span>
-  </div>
-
-  <div class="sev-grid">
-    <div class="sev-item" style="background:#fef2f2"><strong style="color:#dc2626">${sevCounts.CRITICAL}</strong><br><small style="color:#dc2626">Critical</small></div>
-    <div class="sev-item" style="background:#fff7ed"><strong style="color:#ea580c">${sevCounts.HIGH}</strong><br><small style="color:#ea580c">High</small></div>
-    <div class="sev-item" style="background:#fefce8"><strong style="color:#ca8a04">${sevCounts.MEDIUM}</strong><br><small style="color:#ca8a04">Medium</small></div>
-    <div class="sev-item" style="background:#f0fdf4"><strong style="color:#16a34a">${sevCounts.LOW}</strong><br><small style="color:#16a34a">Low</small></div>
-  </div>
-
-  <p class="meta">${results.total_clauses} clauses · ${results.flagged_count} flagged · ${results.entities.length} entities · ${results.obligations.length} obligations</p>
-
-  ${flagged.length > 0 ? `<h2>⚠️ Flagged Clauses (${flagged.length})</h2>${clauseHTML}` : ""}
-  ${results.entities.length > 0 ? `<h2>🏷️ Entities (${results.entities.length})</h2>${entityHTML}` : ""}
-  ${results.contradictions.length > 0 ? `<h2>🔍 Issues (${results.contradictions.length})</h2>${results.contradictions.map(c => `<div style="border:1px solid #e5e7eb;border-left:3px solid ${sevColor[c.severity] || '#888'};border-radius:6px;padding:12px;margin-bottom:8px;"><strong style="color:${sevColor[c.severity]};font-size:11px;text-transform:uppercase">${c.type} (${c.severity})</strong><p style="font-size:13px;margin-top:4px">${c.explanation}</p></div>`).join("")}` : ""}
-  ${results.obligations.length > 0 ? `<h2>📋 Obligations (${results.obligations.length})</h2><table style="width:100%;border-collapse:collapse;font-size:12px"><thead><tr style="background:#f9fafb;border-bottom:1px solid #e5e7eb"><th style="text-align:left;padding:8px">Type</th><th style="text-align:left;padding:8px">Party</th><th style="text-align:left;padding:8px">Description</th><th style="text-align:left;padding:8px">Deadline</th></tr></thead><tbody>${results.obligations.map(o => `<tr style="border-bottom:1px solid #f3f4f6"><td style="padding:8px;font-weight:500">${o.type}</td><td style="padding:8px">${o.party}</td><td style="padding:8px">${o.description.slice(0, 120)}</td><td style="padding:8px">${o.deadline}</td></tr>`).join("")}</tbody></table>` : ""}
-  ${results.redlines && results.redlines.length > 0 ? `<h2>✏️ Redlining (${results.redlines.length})</h2>${results.redlines.map(rl => `<div style="border:1px solid #e5e7eb;border-radius:8px;padding:16px;margin-bottom:12px"><strong style="color:${sevColor[rl.risk_level]}">${rl.clause_label} (${rl.risk_level})</strong><div style="background:#fef2f2;padding:8px;border-radius:4px;margin:8px 0;font-size:12px;text-decoration:line-through;color:#991b1b">${rl.original_text.slice(0, 200)}</div><div style="background:#f0fdf4;padding:8px;border-radius:4px;font-size:12px;color:#166534">${rl.safe_alternative}</div><p style="font-size:10px;color:#9ca3af;margin-top:6px">📚 ${rl.legal_basis} · 🛡️ ${rl.consumer_standard}</p></div>`).join("")}` : ""}
-
-  <div class="disclaimer">⚠️ <strong>Not legal advice.</strong> This report was generated by ClauseGuard AI for informational purposes only. Consult a licensed attorney for legal decisions.</div>
-</body>
-</html>`;
-
-  download(html, `clauseguard-report-${timestamp()}.html`, "text/html");
-}
-
-// ═══════════════════════════════════════════════════════════════
-// PDF Export (via server-side API route)
-// ═══════════════════════════════════════════════════════════════
-
-export async function exportPDF(results: AnalysisResult) {
-  try {
-    const res = await fetch("/api/pdf/report", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(results),
-    });
-    if (!res.ok) throw new Error("PDF generation failed");
-    const blob = await res.blob();
-    download(blob, `clauseguard-report-${timestamp()}.pdf`, "application/pdf");
-    return true;
-  } catch {
-    // Fallback: print HTML version
-    exportHTML(results);
-    return false;
-  }
-}
-
-// ═══════════════════════════════════════════════════════════════
-// Export formats manifest (for the UI dropdown)
-// ═══════════════════════════════════════════════════════════════
-
-export const EXPORT_FORMATS = [
-  { key: "pdf", label: "PDF Report", icon: "📄", description: "Formatted PDF document", fn: exportPDF },
-  { key: "html", label: "HTML Report", icon: "🌐", description: "Styled HTML (printable)", fn: exportHTML },
-  { key: "md", label: "Markdown", icon: "📝", description: "GitHub-flavored markdown", fn: exportMarkdown },
-  { key: "txt", label: "Plain Text", icon: "📋", description: "Simple text format", fn: exportText },
-  { key: "csv", label: "CSV Spreadsheet", icon: "📊", description: "For Excel / Google Sheets", fn: exportCSV },
-  { key: "json", label: "JSON (formatted)", icon: "🔧", description: "Full structured data", fn: (r: AnalysisResult) => exportJSON(r, true) },
-  { key: "json-raw", label: "JSON (raw)", icon: "⚡", description: "Compact, no whitespace", fn: (r: AnalysisResult) => exportJSON(r, false) },
-] as const;

web/lib/supabase/client.ts

@@ -2,8 +2,8 @@ import { createBrowserClient } from "@supabase/ssr";
 
 export function createClient() {
   return createBrowserClient(
-    process.env.NEXT_PUBLIC_SUPABASE_URL || "https://dummy-project.supabase.co",
-    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY || "dummy-anon-key",
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY!,
     {
       auth: {
         autoRefreshToken: true,

web/lib/supabase/schema.sql

@@ -1,5 +1,4 @@
--- ClauseGuard — Full Database Schema v3.1
--- FIX v4.1: Removed hardcoded admin email (was committed to public repo)
+-- ClauseGuard — Full Database Schema v3.0
 -- Tables ordered by dependency (no forward references)
 
 -- ─── 1. Teams (no dependencies) ───
@@ -128,35 +127,24 @@ ALTER TABLE public.api_keys ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.custom_rules ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.admin_logs ENABLE ROW LEVEL SECURITY;
 
--- ─── FIX v4.3: SECURITY DEFINER function to check admin role ───
--- Querying profiles FROM a profiles policy causes infinite recursion (42P17).
--- SECURITY DEFINER bypasses RLS, breaking the cycle.
-CREATE OR REPLACE FUNCTION public.is_admin()
-RETURNS boolean AS $$
-  SELECT EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = auth.uid() AND role = 'admin'
-  );
-$$ LANGUAGE sql SECURITY DEFINER STABLE;
-
 -- Profiles
 CREATE POLICY "Users see own profile" ON public.profiles FOR SELECT USING (auth.uid() = id);
 CREATE POLICY "Users update own profile" ON public.profiles FOR UPDATE USING (auth.uid() = id);
-CREATE POLICY "Admins read all profiles" ON public.profiles FOR SELECT USING (public.is_admin());
-CREATE POLICY "Admins update all profiles" ON public.profiles FOR UPDATE USING (public.is_admin());
+CREATE POLICY "Admins read all profiles" ON public.profiles FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
+CREATE POLICY "Admins update all profiles" ON public.profiles FOR UPDATE USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
 
 -- Analyses
 CREATE POLICY "Users see own analyses" ON public.analyses FOR SELECT
   USING (auth.uid() = user_id OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
 CREATE POLICY "Users insert analyses" ON public.analyses FOR INSERT WITH CHECK (auth.uid() = user_id);
 CREATE POLICY "Users delete own analyses" ON public.analyses FOR DELETE USING (auth.uid() = user_id);
-CREATE POLICY "Admins read all analyses" ON public.analyses FOR SELECT USING (public.is_admin());
+CREATE POLICY "Admins read all analyses" ON public.analyses FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
 
 -- Teams
 CREATE POLICY "Team members can view" ON public.teams FOR SELECT
   USING (id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()) OR owner_id = auth.uid());
 CREATE POLICY "Owner can update team" ON public.teams FOR UPDATE USING (owner_id = auth.uid());
-CREATE POLICY "Admins read all teams" ON public.teams FOR SELECT USING (public.is_admin());
+CREATE POLICY "Admins read all teams" ON public.teams FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
 
 -- Team invites
 CREATE POLICY "Members see team invites" ON public.team_invites FOR SELECT
@@ -167,17 +155,17 @@ CREATE POLICY "Users can invite" ON public.team_invites FOR INSERT WITH CHECK (i
 CREATE POLICY "Users see own API keys" ON public.api_keys FOR SELECT
   USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
 CREATE POLICY "Users manage own API keys" ON public.api_keys FOR ALL USING (user_id = auth.uid());
-CREATE POLICY "Admins read all api_keys" ON public.api_keys FOR SELECT USING (public.is_admin());
+CREATE POLICY "Admins read all api_keys" ON public.api_keys FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
 
 -- Custom Rules
 CREATE POLICY "Users see own rules" ON public.custom_rules FOR SELECT
   USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
 CREATE POLICY "Users manage own rules" ON public.custom_rules FOR ALL USING (user_id = auth.uid());
-CREATE POLICY "Admins read all rules" ON public.custom_rules FOR SELECT USING (public.is_admin());
+CREATE POLICY "Admins read all rules" ON public.custom_rules FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
 
 -- Admin Logs
 CREATE POLICY "Admins manage logs" ON public.admin_logs FOR ALL
-  USING (public.is_admin());
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
 
 -- ─── Auto-create profile on signup ───
 CREATE OR REPLACE FUNCTION public.handle_new_user()
@@ -198,19 +186,11 @@ CREATE TRIGGER on_auth_user_created
   AFTER INSERT ON auth.users
   FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
 
--- ─── FIX v4.1: Admin setup via environment variable ───
--- DO NOT hardcode admin emails in source code committed to public repos.
--- Instead, run this manually after your first signup:
---
---   UPDATE public.profiles
---   SET role = 'admin', plan = 'pro'
---   WHERE email = '<YOUR_EMAIL>';
---
--- Or set ADMIN_EMAIL env var and run:
---   DO $$ BEGIN
---     UPDATE public.profiles SET role = 'admin', plan = 'pro'
---     WHERE email = current_setting('app.admin_email', true);
---   END $$;
+-- ─── Set owner as admin with full access ───
+-- Run this AFTER your first signup with your email:
+UPDATE public.profiles
+SET role = 'admin', plan = 'pro'
+WHERE email = 'ankygaur9972@gmail.com';
 
 -- ─── Monthly reset function ───
 CREATE OR REPLACE FUNCTION public.reset_monthly_usage()

web/lib/types.ts

@@ -1,87 +0,0 @@
-// ClauseGuard — Shared TypeScript types for the web app
-
-export interface Cat {
-  name: string;
-  severity: string;
-  description?: string;
-  confidence?: number;
-}
-
-export interface Clause {
-  text: string;
-  categories: Cat[];
-}
-
-export interface Entity {
-  text: string;
-  type: string;
-  score?: number;
-  source?: string;
-}
-
-export interface Contradiction {
-  type: string;
-  explanation: string;
-  severity: string;
-  confidence?: number;
-  source?: string;
-}
-
-export interface Obligation {
-  type: string;
-  party: string;
-  description: string;
-  deadline: string;
-  priority?: number;
-}
-
-export interface ComplianceCheck {
-  requirement: string;
-  description: string;
-  severity: string;
-  status: string;
-  matched_keywords: string[];
-  context?: string[];
-}
-
-export interface ComplianceReg {
-  description: string;
-  compliance_rate: number;
-  checks: ComplianceCheck[];
-  overall_status: string;
-  negated_count?: number;
-  ambiguous_count?: number;
-  note?: string;
-}
-
-export interface Redline {
-  original_text: string;
-  clause_label: string;
-  risk_level: string;
-  safe_alternative: string;
-  template_alternative?: string;
-  legal_basis: string;
-  consumer_standard: string;
-  tier: string;
-}
-
-export interface ChatMessage {
-  role: "user" | "assistant";
-  content: string;
-}
-
-export interface AnalysisResult {
-  risk_score: number;
-  grade: string;
-  total_clauses: number;
-  flagged_count: number;
-  results: Clause[];
-  entities: Entity[];
-  contradictions: Contradiction[];
-  obligations: Obligation[];
-  compliance: Record<string, ComplianceReg>;
-  redlines: Redline[];
-  model: string;
-  latency_ms: number;
-  session_id?: string;
-}

web/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clauseguard-web",
-  "version": "1.1.0",
+  "version": "1.0.0",
   "private": true,
   "scripts": {
     "dev": "next dev --turbopack",

web/proxy.ts

@@ -47,10 +47,5 @@ export async function proxy(request: NextRequest) {
 }
 
 export const config = {
-  // FIX v4.3: Match ALL routes so auth cookies are refreshed on every page load.
-  // Without this, navigating to / or other non-dashboard pages doesn't refresh
-  // the Supabase session cookie, causing auth to break on page reload.
-  matcher: [
-    "/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp|ico)$).*)",
-  ],
+  matcher: ["/dashboard-pages/:path*", "/auth/:path*", "/admin/:path*"],
 };

web/tsconfig.json

@@ -1,11 +1,7 @@
 {
   "compilerOptions": {
     "target": "ES2017",
-    "lib": [
-      "dom",
-      "dom.iterable",
-      "esnext"
-    ],
+    "lib": ["dom", "dom.iterable", "esnext"],
     "allowJs": true,
     "skipLibCheck": true,
     "strict": true,
@@ -15,27 +11,11 @@
     "moduleResolution": "bundler",
     "resolveJsonModule": true,
     "isolatedModules": true,
-    "jsx": "react-jsx",
+    "jsx": "preserve",
     "incremental": true,
-    "plugins": [
-      {
-        "name": "next"
-      }
-    ],
-    "paths": {
-      "@/*": [
-        "./*"
-      ]
-    }
+    "plugins": [{ "name": "next" }],
+    "paths": { "@/*": ["./*"] }
   },
-  "include": [
-    "next-env.d.ts",
-    "**/*.ts",
-    "**/*.tsx",
-    ".next/types/**/*.ts",
-    ".next/dev/types/**/*.ts"
-  ],
-  "exclude": [
-    "node_modules"
-  ]
+  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
+  "exclude": ["node_modules"]
 }