🔧 v4.2: Critical bug fixes + performance optimizations (7 bugs, 4 perf improvements)

README.md

@@ -10,11 +10,22 @@ app_file: app.py
 pinned: false
 ---
 
-# 🛡️ ClauseGuard v4.0 — World's Best Open-Source Legal Contract Analysis
+# 🛡️ ClauseGuard v4.2 — World's Best Open-Source Legal Contract Analysis
 
 **ClauseGuard** is the most comprehensive open-source AI-powered legal contract analysis tool. It analyzes contracts using state-of-the-art legal NLP models and provides actionable risk assessments, Q&A chatbot, clause redlining, and OCR for scanned PDFs.
 
-## 🆕 What's New in v4.0
+## 🆕 What's New in v4.2
+
+| Feature | Description |
+|---------|-------------|
+| **🔧 NLI Fix** | Fixed contradiction detection — now uses `CrossEncoder.predict()` instead of broken `pipeline("text-classification")` dict input. Contradictions actually work now. |
+| **🔒 Thread Safety** | `BoundedCache` now uses `threading.RLock` to prevent race conditions under concurrent Gradio requests |
+| **⚡ Pre-compiled Regex** | All regex patterns (clause classification, obligations, compliance negation) pre-compiled at module level — eliminates thousands of redundant compilations |
+| **🔗 Extension Fix** | Chrome extension risk formula now matches backend (diminishing returns, not normalized by doc length). Fixed API_BASE URL. |
+| **🏷️ Label Coverage** | Added missing regex-only labels (Indemnification, Confidentiality, Force Majeure, Penalties) to RISK_MAP and DESC_MAP |
+| **🛡️ Security** | API CORS localhost origins now require explicit opt-in via `CORS_ALLOW_LOCALHOST=true` env var |
+
+### Previous: v4.0
 
 | Feature | Description |
 |---------|-------------|

api/main.py

@@ -58,8 +58,9 @@ HF_API_TOKEN = os.environ.get("HF_API_TOKEN", "")
 SAULLM_ENDPOINT = os.environ.get("SAULLM_ENDPOINT", "")
 MAX_TEXT_LENGTH = int(os.environ.get("MAX_TEXT_LENGTH", "200000"))
 
-# ─── FIX v4.1: Sliding window rate limiter with proper IP extraction ───
+# ─── FIX v4.2: Improved sliding window rate limiter with periodic cleanup ───
 _rate_limits: dict[str, list[float]] = {}
+_rate_limits_last_cleanup: float = 0.0
 RATE_LIMIT_REQUESTS = 30
 RATE_LIMIT_WINDOW = 60  # seconds
 
@@ -71,8 +72,17 @@ def _get_client_ip(request: Request) -> str:
     return request.client.host if request.client else "unknown"
 
 def _check_rate_limit(client_ip: str) -> bool:
-    """Sliding window rate limiter."""
+    """Sliding window rate limiter with periodic stale-IP cleanup."""
+    global _rate_limits_last_cleanup
     now = time.time()
+
+    # FIX v4.2: Periodic cleanup every 60s regardless of dict size
+    if now - _rate_limits_last_cleanup > 60:
+        stale = [ip for ip, ts in _rate_limits.items() if not ts or now - ts[-1] > RATE_LIMIT_WINDOW * 2]
+        for ip in stale:
+            del _rate_limits[ip]
+        _rate_limits_last_cleanup = now
+
     if client_ip not in _rate_limits:
         _rate_limits[client_ip] = []
 
@@ -85,13 +95,6 @@ def _check_rate_limit(client_ip: str) -> bool:
         return False
 
     _rate_limits[client_ip].append(now)
-
-    # Periodic cleanup of stale IPs (every 100 requests)
-    if len(_rate_limits) > 1000:
-        stale = [ip for ip, ts in _rate_limits.items() if not ts or now - ts[-1] > RATE_LIMIT_WINDOW * 2]
-        for ip in stale:
-            del _rate_limits[ip]
-
     return True
 
 # ─── Supabase helper ───
@@ -193,11 +196,15 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(title="ClauseGuard API", version="4.1.0", lifespan=lifespan)
 
+# FIX v4.2: CORS origins configurable via env var; localhost only in dev
+_extra_origins = os.environ.get("CORS_EXTRA_ORIGINS", "").split(",")
 ALLOWED_ORIGINS = [
     "https://clauseguardweb.netlify.app",
-    "http://localhost:3000",
-    "http://localhost:3001",
 ]
+# Only add localhost origins if explicitly enabled via env
+if os.environ.get("CORS_ALLOW_LOCALHOST", "").lower() == "true":
+    ALLOWED_ORIGINS.extend(["http://localhost:3000", "http://localhost:3001"])
+ALLOWED_ORIGINS.extend([o.strip() for o in _extra_origins if o.strip()])
 app.add_middleware(
     CORSMiddleware,
     allow_origins=ALLOWED_ORIGINS,

compare.py

@@ -28,7 +28,7 @@ def _load_embedder():
     global _embedder
     if _HAS_EMBEDDINGS and _embedder is None:
         try:
-            _embedder = SentenceTransformer("all-MiniLM-L6-v2")
+            _embedder = SentenceTransformer("sentence-transformers/all-MiniLM-L6-v2")
             print("[ClauseGuard] Sentence embeddings loaded for comparison")
         except Exception as e:
             print(f"[ClauseGuard] Embeddings not available: {e}")

compliance.py

@@ -23,6 +23,9 @@ _NEGATION_PATTERNS = [
     r"notwithstanding.*(?:shall\s+not|does\s+not|is\s+not)",
 ]
 
+# FIX v4.2: Pre-compile negation patterns at module level
+_NEGATION_PATTERNS_COMPILED = [re.compile(p, re.IGNORECASE) for p in _NEGATION_PATTERNS]
+
 # Regulatory requirement definitions
 REGULATIONS = {
     "GDPR": {
@@ -214,13 +217,13 @@ def _check_negation(text_lower, keyword, window=200):
     wider_context = text_lower[start:end]
 
     # Check sentence first (higher confidence)
-    for neg_pat in _NEGATION_PATTERNS:
-        if re.search(neg_pat, sentence, re.IGNORECASE):
+    for neg_pat in _NEGATION_PATTERNS_COMPILED:
+        if neg_pat.search(sentence):
             return True
 
     # Then check wider window (lower confidence, still relevant)
-    for neg_pat in _NEGATION_PATTERNS[:4]:  # Only strong negation patterns for wider window
-        if re.search(neg_pat, wider_context, re.IGNORECASE):
+    for neg_pat in _NEGATION_PATTERNS_COMPILED[:4]:  # Only strong negation patterns for wider window
+        if neg_pat.search(wider_context):
             return True
 
     return False

extension/background.js

@@ -4,7 +4,8 @@
  * FIXED: Error handling and retry logic
  */
 
-const API_BASE = "https://gaurv007-clauseguard-api.hf.space";
+// FIX v4.2: Corrected API_BASE URL to match the actual Gradio Space
+const API_BASE = "https://gaurv007-clauseguard.hf.space";
 const FREE_SCANS_PER_MONTH = 10;
 const API_TIMEOUT_MS = 45000;
 
@@ -181,13 +182,19 @@ function localAnalyze(text) {
   });
 
   const flagged = results.filter(r => r.categories.length > 0);
-  const sev = { HIGH: 0, MEDIUM: 0, LOW: 0 };
-  flagged.forEach(r => r.categories.forEach(c => sev[c.severity]++));
-  const risk = Math.min(100, Math.round((sev.HIGH*20 + sev.MEDIUM*10 + sev.LOW*5) / Math.max(1, clauses.length) * 100));
+  const sev = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
+  flagged.forEach(r => r.categories.forEach(c => {
+    if (sev.hasOwnProperty(c.severity)) sev[c.severity]++;
+    else sev.MEDIUM++;  // default for unknown severity
+  }));
+  // FIX v4.2: Use the same diminishing-returns formula as the backend (app.py)
+  // instead of normalizing by clause count (which gave different scores)
+  const weighted = sev.CRITICAL*40 + sev.HIGH*20 + sev.MEDIUM*10 + sev.LOW*3;
+  const risk = Math.min(100, Math.round(100 * (1 - (1 / (1 + weighted / 30)))));
 
   return {
     risk_score: risk,
-    grade: risk >= 60 ? "F" : risk >= 40 ? "D" : risk >= 20 ? "C" : risk >= 10 ? "B" : "A",
+    grade: risk >= 70 ? "F" : risk >= 50 ? "D" : risk >= 30 ? "C" : risk >= 15 ? "B" : "A",
     total_clauses: clauses.length, flagged_count: flagged.length, results,
   };
 }

obligations.py

@@ -85,11 +85,26 @@ _PRIORITY_MAP = {
     "delivery": 1,
 }
 
+# FIX v4.2: Pre-compile obligation patterns at module level (was recompiling per sentence)
+_OBLIGATION_PATTERNS_COMPILED = {
+    otype: [re.compile(p, re.IGNORECASE) for p in patterns]
+    for otype, patterns in OBLIGATION_PATTERNS.items()
+}
+
+# FIX v4.2: Pre-compile false positive patterns
+_FALSE_POSITIVE_PATTERNS_COMPILED = [re.compile(p, re.IGNORECASE) for p in _FALSE_POSITIVE_PATTERNS]
+
+# FIX v4.2: Pre-compile time patterns
+_TIME_PATTERNS_COMPILED = [(re.compile(p, re.IGNORECASE), ptype) for p, ptype in TIME_PATTERNS]
+
+# FIX v4.2: Pre-compile party patterns
+_PARTY_PATTERNS_COMPILED = [re.compile(p) for p in PARTY_PATTERNS]
+
 
 def _is_false_positive(sentence):
     """Check if a sentence is a common false positive (definition/interpretation, not obligation)."""
-    for fp in _FALSE_POSITIVE_PATTERNS:
-        if re.search(fp, sentence, re.IGNORECASE):
+    for fp in _FALSE_POSITIVE_PATTERNS_COMPILED:
+        if fp.search(sentence):
             return True
     return False
 
@@ -111,9 +126,9 @@ def extract_obligations(text):
             continue
 
         found_types = set()
-        for otype, patterns in OBLIGATION_PATTERNS.items():
+        for otype, patterns in _OBLIGATION_PATTERNS_COMPILED.items():
             for pat in patterns:
-                if re.search(pat, sentence, re.IGNORECASE):
+                if pat.search(sentence):
                     found_types.add(otype)
                     break
 
@@ -128,8 +143,8 @@ def extract_obligations(text):
             party = obligation_direction
         else:
             # Fallback to pattern matching within the sentence
-            for pp in PARTY_PATTERNS:
-                m = re.search(pp, sentence)
+            for pp in _PARTY_PATTERNS_COMPILED:
+                m = pp.search(sentence)
                 if m:
                     candidate = m.group(0).strip()
                     # Fix 8: Reject party strings >40 chars (header bleed-through)
@@ -140,8 +155,8 @@ def extract_obligations(text):
         # Extract timeframe
         deadline = "Not specified"
         deadline_urgency = 0
-        for pat, ptype in TIME_PATTERNS:
-            m = re.search(pat, sentence, re.IGNORECASE)
+        for pat, ptype in _TIME_PATTERNS_COMPILED:
+            m = pat.search(sentence)
             if m:
                 if ptype == "relative":
                     num = m.group(1)