I built an AI agent that audits businesses for Australian compliance — architecture + economics

Daniel Melbourne — Sat, 28 Mar 2026 02:17:56 +0000

# I built an AI agent that audits businesses for Australian compliance law — here's the architecture

Hey everyone! I wanted to share a side project I've been working on: an AI agent that audits businesses for compliance with Australian laws. It's still very much a work in progress, but I'm pretty excited about it, and I thought some of you might find the architecture interesting.

## The Problem: SMEs are drowning in compliance regulations

Running a small business in Australia is tough. Beyond the usual challenges, there's a mountain of compliance regulations to navigate.  Things like ABN registration, GST obligations, data privacy (the Privacy Act), workplace health and safety (WHS), and industry-specific licenses can be overwhelming.  Many SMEs simply don't know what they need to comply with, and the cost of hiring a lawyer or consultant to figure it out is often prohibitive.

## The Solution: Gemini-powered audit pipeline

My idea was simple: use a large language model (LLM) to analyze a business's activities and identify relevant compliance obligations. I chose Gemini (specifically Gemini 1.5 Pro) because of its context window size and relatively good performance with Australian legal jargon.

The agent takes a description of the business as input (e.g., "A small online store selling handmade jewelry") and outputs a list of relevant compliance areas, along with brief explanations and links to official government resources.

## Architecture: Flask API → Gemini → structured JSON → email delivery

The system is built around a fairly straightforward architecture:

1.  **Flask API:** A simple Flask API exposes a single endpoint that accepts a business description as input.
2.  **Gemini Integration:** The API sends the business description to Gemini 1.5 Pro via the Google AI Python SDK.  I've crafted a prompt that instructs Gemini to analyze the description and return a JSON object containing the audit results.
3.  **Structured JSON Output:** Gemini returns a JSON object with a standardized format, including fields for compliance area, description, relevant laws, and links to resources.
4.  **Email Delivery:** The API formats the JSON output into a human-readable email and sends it to the user.

Here's a simplified version of the Python code I'm using:

python
from flask import Flask, request, jsonify
import google.generativeai as genai
import os
import json
from sendgrid import SendGridAPIClient
from sendgrid.helpers.mail import Mail

app = Flask(name)

genai.configure(api_key=os.environ["GOOGLE_API_KEY"])
model = genai.GenerativeModel('gemini-1.5-pro')

def generate_audit(business_description):
prompt = f"""
You are a compliance auditor for Australian businesses. Analyze the following business description and identify relevant compliance areas.
Return a JSON object with the following format:
{{
"compliance_areas": [
{{
"area": "Name of compliance area (e.g., ABN Registration)",
"description": "Brief explanation of the compliance area",
"relevant_laws": "List of relevant Australian laws (e.g., A New Tax System (Australian Business Number) Act 1999)",
"resources": "Link to official government resources"
}}
]
}}

Business Description: {business_description}
"""
response = model.generate_content(prompt)
try:
    return json.loads(response.text)
except json.JSONDecodeError:
    return {"error": "Failed to parse JSON response from Gemini"}

def send_email(email_address, audit_results):
# SendGrid email logic (omitted for brevity)
pass

@app.route('/api/v1/audit', methods=['POST'])
def audit():
data = request.get_json()
business_description = data.get('business_description')
email_address = data.get('email_address')

if not business_description or not email_address:
    return jsonify({"error": "Missing business_description or email_address"}), 400

audit_results = generate_audit(business_description)

if "error" in audit_results:
    return jsonify(audit_results), 500

send_email(email_address, audit_results)

return jsonify({"message": "Audit completed and sent to your email address."}), 200

if name == 'main':
app.run(debug=True)


Here's an example of how to call the API using `curl`:

bash
curl -X POST \
https://theepic.shop/api/v1/audit \
-H 'Content-Type: application/json' \
-d '{
"business_description": "A small online store selling handmade jewelry from home in Victoria",
"email_address": "your_email@example.com"
}'


## The AEA Cost Model: π = revenue - (c_tokens + c_API)

I'm using a simplified cost model to track the profitability of each audit.  It boils down to:

π = revenue - (c\_tokens + c\_API)

Where:

*   π = Profit per audit
*   revenue = Revenue generated per audit (currently zero, it's a free service)
*   c\_tokens = Cost of Gemini tokens used for the audit.
*   c\_API = Cost of SendGrid API calls for email delivery (negligible).

## Actual Results: cost per audit ~$0.0003 USD, margin ~99%

The amazing thing is how cheap it is to run these audits.  Gemini is surprisingly efficient.  I've been running tests with different business descriptions, and the average cost per audit is around **$0.0003 USD**.  Since I'm offering the audit for free right now, my margin is technically negative, but the potential for monetization is huge.  If I were to charge even a dollar per audit, the margin would be over 99%.

Of course, this doesn't factor in development time, hosting costs, etc. But it highlights the power of LLMs to automate tasks at scale.

## Try it out!

If you're curious, you can try the audit tool here: [https://theepic.shop/audit/](https://theepic.shop/audit/)

And the API is available at: [https://theepic.shop/api/v1/](https://theepic.shop/api/v1/)

I'm still actively developing this project, so any feedback or suggestions are welcome!  I'm particularly interested in ideas for improving the accuracy of the audit results and finding ways to monetize the service without being predatory towards small businesses.  Let me know what you think!

DEV Community: Daniel Melbourne

I built an AI agent that audits businesses for Australian compliance — architecture + economics