If your team is building autonomous AI agents, you eventually hit a hard wall: how do you let them act on regulated text without one bad draft turning into a regulatory problem?
When an agent answers a billing dispute or writes a collections notice, you can’t have it invent a deadline or skip a required disclosure. But you also can’t bottleneck a fast agentic workflow behind a slow review on every single action.
The answer is to put a compliance check in the loop — fast where it can be, deep where it matters. That’s what BaseLyr, Midlyr’s integration layer, is for: it gives you two checks and two ways to wire them in.
Built to drop in. We obsessed over making integration trivial, so you don’t have to. Whether you connect over MCP or call the API directly, it’s a few lines of code — you can have a real compliance check running in about 10 minutes, not a sprint.
Two checks: a fast score and a deep review
Every piece of agent-generated text gets measured against a scenario — dispute, marketing_asset, debt_collection, complaint, or generic — so it’s judged against the right regulatory lens. From there you have two options:
- Risk Assessment — a fast, synchronous numeric score from 0–100 (
0–20Limited,21–40Low,41–60Moderate,61–80High,81–100Critical). It comes back in seconds. Use it for triage, gating, and high-volume scoring — anywhere a human or another step is waiting. - Screen Analysis — a deeper, multi-step review that returns prioritized findings (
p1blocking,p2material,p3advisory), each backed by exact regulatory citations. Use it when you need to know what is wrong and which rule says so.
The natural pattern is to route between them: score everything fast, and only pay for a deep review when the score says it’s worth it.
The agentic way: MCP
If you’re building an agent, the cleanest integration is the Model Context Protocol. Midlyr hosts an MCP server — nothing to install — so you just point your agent’s client at it:
https://mcp.midlyr.com/mcpNow compliance is a set of tools the agent can call inside its own loop: riskAssessment (the fast score), complianceScreening (the deep review), and regulation-lookup tools like queryRegulations and readRegulatoryDocument.
This is what makes the agentic version powerful: the agent doesn’t just get a verdict, it gets structured feedback it can act on. A screening finding comes back like this —
{
"priority": "p1",
"title": "Missing provisional credit disclosure",
"details": "Under Regulation E, the institution must provisionally credit the account within 10 business days of a notice of error.",
"citations": [
{
"regulation": { "title": "Electronic Fund Transfers", "authorities": ["cfpb"] },
"chunks": [{ "sectionPath": "Electronic Fund Transfers > § 1005.11 > (c)(2)" }]
}
]
}— so the agent can close the loop on its own:
- Draft the response.
- Call
riskAssessmentto triage. Low score? Send it. - High score? Call
complianceScreeningfor the findings and citations. - Read the cited rule with
queryRegulations/readRegulatoryDocumentto understand exactly what it missed. - Revise the draft to fix it — then re-screen to confirm.
- Send the corrected response.
The agent fixes its own work, grounded in the actual regulation, before anything reaches a customer. The compliance check lives inside the agent’s reasoning instead of bolted on around it.
The programmatic way: the API and SDK
Not everything is an agent. For a deterministic pipeline — a content workflow, a batch job, a gate in front of an outbound queue — call the Analysis API directly and own the routing yourself. The TypeScript SDK (@midlyr/sdk-js) wraps both checks:
import { Midlyr } from "@midlyr/sdk-js";
const midlyr = new Midlyr({ apiKey: process.env.MIDLYR_API_KEY! });
// Fast check — synchronous risk score (0–100), no polling
const risk = await midlyr.analysis.risk({
content: { type: "text", text: draft },
scenario: "dispute",
});
if (risk.result.riskScore < 40) {
send(draft); // low risk — ship it
} else {
// Deep check — asynchronous screening job with findings + citations
const { id } = await midlyr.analysis.screen({
content: { type: "text", text: draft },
scenario: "dispute",
});
let job = await midlyr.jobs.get(id);
while (job.status === "running") {
await new Promise((r) => setTimeout(r, 1000));
job = await midlyr.jobs.get(id);
}
if (job.status === "succeeded") {
const blocking = job.result.findings.filter((f) => f.priority === "p1");
// Halt the send, route for review, or hand the findings
// back to your model to revise — your call.
}
}analysis.risk resolves synchronously to a riskScore — ideal for triage, gating, and high-volume scoring. analysis.screen runs the deep review as a background job; poll it with jobs.get until it’s done, then read the prioritized findings and citations. (Prefer raw HTTP? The same two checks are POST /api/v1/analysis/risk and POST /api/v1/analysis/screen.)
Same two checks, same findings and citations — you just own the routing instead of the agent.
The code in this post illustrates the flow, not production wiring. Real deployments add error handling, retries and backoff, timeouts, and a persistence/audit layer — left out here for clarity, not because you should skip them.
Screening reports; you decide the fix
One thing worth being explicit about: Screen Analysis tells you what’s wrong and cites the rule, but it doesn’t rewrite the text for you. That’s deliberate — the fix belongs to whoever owns the content.
In the MCP path, that’s the agent: it reads the finding, pulls the cited regulation, and revises. In the API path, that’s your code: halt the send, route to a human, or feed the findings back to your own model for a redraft. Either way, the findings come back structured — priority plus citations — precisely so that reacting to them is straightforward.
That’s the whole point of putting the check in the loop: low-risk actions clear in seconds, high-risk ones get caught and corrected against the real regulation, and nothing risky ships unreviewed.
Ready to wire it in? Start with the MCP overview for agents, or the Analysis API reference for everything else.