Skip to main content
Back to Projects

Ratify: Compliance Automation Platform

Production multi-tenant compliance automation platform for wine, beer, and spirits producers across all 51 US jurisdictions.

2026

FastAPI
Next.js
Supabase
pgvector
Anthropic Claude
LiteLLM
Railway
Vercel
View Technical DocsRead the Deep DiveRequest Source Access
  • 51 of 51 US jurisdictions (50 states + DC) with judge-grade HIGH-confidence wine DTC compliance extractors
  • 285 commits, 54 Postgres migrations, 1,273 tests
  • 32 compliance rule keys, 52 golden eval fixtures gating regressions in CI
  • 9 GitHub Actions workflows including nightly smoke tests, security scans, and Copilot rereview automation
Ratify: Compliance Automation Platform project screenshot

System Architecture

Ratify: Compliance Automation Platform system architecture diagram

The Problem

Selling beverage alcohol in the US means complying with 50+ state regulatory regimes, two distribution channels (DTC and three-tier wholesale), constant rule changes, and zero affordable automation. Sovos ShipCompliant sells eight separate products at enterprise prices. 82% of US wineries make fewer than 5,000 cases per year and cannot afford $500+/month software or $200-400/hour consultants.

Approach

Build the deterministic compliance and tax engine as a stand-alone rules system, with AI sitting next to it for the genuinely unstructured work: natural-language compliance questions, regulatory document extraction, expansion planning, and audit report synthesis. Use two-pass Anthropic Citations extraction so every AI-extracted rule carries a verbatim source citation back to the underlying document.

Architecture

FastAPI on Railway handles the compliance engine, background workers, and integrations (Commerce7, ShipStation, FedEx) without Vercel's 800-second function ceiling. Next.js 16 on Vercel runs the dashboard with Server Components. Supabase Postgres holds tenant data behind Row-Level Security; pgvector indexes the regulatory RAG corpus. LiteLLM proxies every LLM call with hard per-tenant and global budget caps and automatic fallback across providers. The jurisdiction-agnostic data model (jurisdiction_rules with type ENUM) supports states today, counties and territories tomorrow, international later, with zero schema changes.

Results

  • 51 of 51 US jurisdictions (50 states + DC) with judge-grade HIGH-confidence wine DTC compliance extractors
  • 285 commits, 54 Postgres migrations, 1,273 tests
  • 32 compliance rule keys, 52 golden eval fixtures gating regressions in CI
  • 9 GitHub Actions workflows including nightly smoke tests, security scans, and Copilot rereview automation
  • Production deployed: API on Railway, web on Vercel, Supabase us-east-1
  • Sentry observability with strict PII scrubbing

Lessons Learned

When the product needs to be 100% reliable and auditable, AI belongs next to the critical path, not inside it. Two-pass extraction with verbatim citations turns LLMs from a guessing tool into an auditable one. A jurisdiction-agnostic data model costs nothing on day one and saves a painful refactor later.

↑ Back to top