The LQ.AI Atlas

LQ.AI's documentation, bound to the code it describes

Journeys

First hour with LQ.AI

The orientation path: what LQ.AI is and why, how to run it, how decisions are routed, the system shape, and how to tell what's real.

7 stops →

The Inference Gateway: the security boundary

The component that holds the keys and guards the egress: its pipeline, the threat model around it, what anonymization does to outbound prompts, how model routing stays inspectable, and where the inference-tier boundary sits.

6 stops →

Document review & citations, end to end

How a contract becomes reviewed, cited, and trustworthy: the verification cascade, where citations are stored, the playbook and tabular surfaces that ride on it, and the honest edges where verification stops.

5 stops →

The Autonomous Layer (M4)

The opt-in background executor and the discipline that makes unattended agency acceptable: its design lineage, the five-phase walk, the single chokepoint, the brakes, the honest caveats, and what shipped.

6 stops →

Getting Started

The front door. What LQ.AI is, how to stand it up, and the agent-orientation file that routes every implementation decision. Start with README, run it via QUICKSTART, then keep CLAUDE.md open as you work.

Product & Vision

The canonical specification and the live work list it generates. The PRD is the reference of record (transparency as a founding principle, the five-tier inference spectrum, the DE-XXX backlog); HONEST-STATE is its conscience — what actually ships today vs. what's plumbing — and ROADMAP turns the gap into sized, tagged contributor tasks.

Honest State Whenever you need the truth about what works today vs. what's plumbing — with the file or test that proves it.
LQ.AI Open Roadmap When you want to pick up open work sized and tagged to your background.
LQ.AI — Product Requirements Document The reference of record for any product, capability, or architectural decision — jump to the relevant § via its table of contents.

Architecture & Decisions

Why the system is shaped this way: the self-hosted topology, the single gateway security boundary, the Postgres 16 + pgvector schema, the observability surface, the opt-in autonomous executor — and the 13 ADRs that record each load-bearing decision and the tradeoff it accepted.

Capabilities & Services

The features a legal team actually touches and the services that run them: the four-stage Citation Engine, Playbooks, Tabular Review, the Word add-in, the Slack/Teams intake bridges, and the README for each service (api, gateway, word-addin, the two bridges). The docs are honest about what's shipped vs. scaffold.

Citation Engine You're touching citation verification, the message_citations table, ensemble judging, or the anonymization skip boundary.
LQ.AI Backend API You need the backend's local run/test commands or health endpoint.
LQ.AI Inference Gateway You need the gateway's run/test commands, its endpoint paths, or where its config schema lives.
LQ.AI Slack Bridge (M3-D1) You need the Slack bridge's env config, run command, manifest scopes, or token-handling posture.
LQ.AI Teams Bridge (M3-D3) You need the Teams bridge's env config, the Azure AD registration steps, or why Teams has no per-tenant encryption.
LQ.AI Word add-in You need to build, validate, run-in-Word, or sideload the add-in, or want the per-surface roadmap.
Playbooks You're working on playbook execution, the Easy Playbook pipeline, or the seeded built-ins.
Slack / Teams Light Intake Bridges You're working on the Slack/Teams OAuth bridges or need their honest verification state before claiming they work.
Tabular / Multi-Document Review You're working on the tabular grid, table-mode skills, cell extraction, or export.
Word Add-In You're touching Word add-in install/manifest, the OAuth dialog, or the version handshake — or assessing what it actually does.

Security

The security posture as inspectable artifacts: the STRIDE threat model, the Presidio anonymization layer, append-only audit logging, the cryptographic inventory, encrypted provider keys, the Greenwood boundary-registers map, and the disclosure policy. The Inference Gateway is the trust boundary throughout.

Anonymization Layer — operator's guide You're configuring anonymization recognizers or assessing PII-leak risk for a deployment.
Audit Logging You're querying the audit trail or answering a 'do you log admin actions' procurement question.
Boundary Registers — Restraint Catalog You're assessing which agentic-restraint controls are implemented vs. deferred, or attaching work to a register.
Cryptography You're tracing a specific crypto control, algorithm, or key-rotation path.
Dependencies & Vulnerability Monitoring You're adding a dependency or verifying a release's dependency tree for CVEs.
Encrypted-at-Rest Provider Keys — Operator Workflow You're bootstrapping, rotating, or recovering encrypted provider keys in gateway.yaml.
Release Verification You're verifying a downloaded release's signature, SBOM, or build provenance.
Security Documentation You need to find which security artifact exists and its shipped-vs-deferred status.
Security Policy You're reporting a vulnerability or need the disclosure SLAs and safe-harbor terms.
Threat Model You're assessing the threat surface or adding a control.

Skills

Skills are the canonical artifact of value — open, attorney-attested legal work product, not hidden prompts. This category holds the authoring guide; the 14 starter skills themselves are indexed for search and deep-link into the sibling Skills Explorer for their curated, diagrammed experience.

Contributing & Governance

How to contribute and how the project is governed: the engineering PR path (DCO, ruff/mypy, the test taxonomy), the Code of Conduct, the upstream-skill provenance ledger, the skill-acceptance-testing framework, and the eight short-cycle "easiest contributions" mini-PRDs, each a pre-written maintainer decision.

Contributing to LQ.AI Before opening any engineering PR, or to find the code-style/testing/DCO rules.
Contributor Covenant Code of Conduct To report conduct issues or to know the enforcement consequences.
Easiest Contributions When you want to pick a short-cycle, well-scoped contribution.
LQ.AI — Acceptance Testing Framework When you're drafting a skill test plan or running an acceptance pass.
Mini-PRD: Acceptance Tests for the Built-in Skills To run or contribute an acceptance pass for a built-in skill.
Mini-PRD: Air-Gap Install Verification CI Test To implement or understand the air-gap egress CI gate.
Mini-PRD: Community Skill Installer (admin UI) To build the runtime community-skill install path.
Mini-PRD: NIST AI RMF 1.0 Profile Mapping To author the NIST AI RMF / GenAI Profile compliance mapping.
Mini-PRD: OpenSSF Scorecard + Best Practices Badge (Passing Tier) To add OpenSSF Scorecard + Best Practices badges and SECURITY-INSIGHTS.
Mini-PRD: OWASP LLM Top 10 Mitigation Mapping To author the OWASP LLM Top 10 security mapping.
Mini-PRD: Procurement-Readiness Pack To build the SIG/CAIQ procurement-response pack (DE-086).
Mini-PRD: Reverse-Proxy + TLS Deployment Recipes To author production reverse-proxy + TLS recipes.
NOTICES — Upstream Skill Provenance When porting an external skill, or to check a skill's upstream license and attribution.
PULL_REQUEST_TEMPLATE
Repo-Opening Checklist

Operations & Compliance

Running, deploying, and selling the thing: the optional OpenTelemetry observability recipes, the procurement-readiness pack (SIG Lite / CAIQ), the compliance-alignment stubs (SOC 2 / ISO / GDPR / HIPAA / FedRAMP), and the upstream-research analysis behind the skill library.

`claude-for-legal` — review for M1 incorporation analysis You're scoping skill-library expansion, the dual slash/attach invocation model, or a community-skill installer.
Compliance Alignment Pack You're starting compliance/certification work, or want to know which framework-alignment docs exist vs. are stubs.
LQ.AI — Observability Deployment Recipes You're deciding which observability recipe to use, or need the no-telemetry-by-default ground truth.
Observability recipe: Grafana + Tempo + Loki + Prometheus You're standing up the full self-hosted Tempo/Loki/Prometheus/Grafana stack or verifying a first trace.
Observability recipe: standalone OpenTelemetry Collector You already run Honeycomb/Datadog/Lightstep (or any OTLP backend) and just need to forward LQ.AI's spans there.
Procurement-Readiness Pack You need procurement questionnaire material or want the operator-configurable answer convention.
SIG Lite — Privileged-Matter Handling (M2-D3 starter) + M3 External Trust Boundaries A procurement reviewer asks how LQ.AI handles privileged matters, audit logging, or the Word/Slack/Teams credentials.
v0.4.0 — M4 release: the Autonomous Layer (opt-in), platform operability, and a docs/Learn honesty sweep You want to know what shipped in M4/v0.4.0, the brake model, or what was explicitly deferred.

Developer Tools

The documentation tooling itself — the static Repository + Skills Explorer that ships under docs/explore. (This Atlas lives alongside it and is not indexed in its own corpus.)

Atlas doc-build log You're running an incremental Atlas update, or want to know when the curation was last refreshed and against which commit.
Repository Explorer (`docs/explore`) You want to browse/review the docs corpus locally, or understand how the Explorer is built.

Planning & History

The working record: milestone implementation plans, dated session handoffs, the superpowers plan/spec set, the LQVern (M4) design and handoff docs, and the sample NDAs/MSAs used as fixtures. Indexed for search; not curated or drift-checked, because handoffs reference code as it stood that day.