
Redline – AI Policy Governance
1st-place winner at the GitAgent Hackathon. Turns company policies into version-controlled, auditable documents in git, with AI agents that detect compliance gaps, draft fixes, and enforce strict segregation of duties.
The Challenge
Company policies drift out of compliance silently. Teams edit documents in isolation, regulations change, and nobody notices the gaps until an audit does. Worse, letting a single AI agent draft, review, and approve its own changes is a governance non-starter — you can't trust a system that grades its own homework.
- Silent compliance drift against GDPR and SOC2
- No auditable trail of who changed what, and why
- AI that reviews its own work can't be trusted
- Policy edits scattered across disconnected tools
The Approach
I treated policies as version-controlled artifacts living in git, then modeled the workflow as separate AI agents with strictly enforced segregation of duties — the agent that drafts a fix is never the one that reviews or approves it. Every regulatory claim had to trace back to a specific checklist item, so nothing is asserted without a citation.
- Policies as auditable, version-controlled git documents
- Segregation of duties enforced across distinct agents
- Every change annotated and traced to a regulation
- Built on the gitagent specification standard
The Implementation
Redline runs gap analysis against GDPR (22 items) and SOC2 (34 items) checklists, produces ✅/❌/⚠️ scorecards with citations, and drafts fixes with inline REDLINE annotations that trace each edit to its regulation. A five-dimension review agent scores clarity, completeness, consistency, accuracy, and structure, and an append-only audit log makes the whole pipeline verifiable. GitHub Actions validates agent specs and policy metadata on every push.
- Gap analysis across 56 GDPR + SOC2 checklist items
- Scorecards with regulatory citations, not vibes
- Automated drafting with traceable REDLINE annotations
- Five-dimension review + cross-policy contradiction detection
- Append-only immutable audit trail with CI validation
The Outcome
Redline won 1st place at the GitAgent Hackathon. It demonstrates that compliance automation can be both autonomous and trustworthy — a system that catches gaps, fixes them with citations, and can never quietly approve its own work.
- 1st place, GitAgent Hackathon
- Autonomous compliance without self-approval
- Fully auditable, git-native workflow
- Reference implementation of the gitagent spec