← index

Judgement Day - Event-Driven Enterprise Document Auditing

Domain: Enterprise SaaS & AI Orchestration

Stack: AWS LambdaAWS SQSDynamoDBEvent-Driven ArchitectureGoogle GeminiDocker

Links: audit.blue-intel.app

Retrospect
Thought Process

Built as an internal tool to evaluate the thousands of pitch decks our Innovation Cell received. The first version had a single Lambda doing everything and hit timeouts constantly. I fixed it by splitting into three dedicated Lambdas: one lightweight function for auth and generating a presigned S3 URL so files go directly to the bucket, SQS to queue the upload event so nothing crashes, a passive indexer Lambda that registers files in DynamoDB and converts PPTX to PDF in the background, and a third Lambda that picks up indexed files from SQS and runs the actual AI audit. No timeouts, clean synchronized flow, and it's fast.

What I Learned

Debugging shared libraries (LD_LIBRARY_PATH) to get LibreOffice running inside ephemeral Lambda containers. The Presigned S3 Upload, S3 Events, SQS, fan-out Lambda pattern is the blueprint for any infinitely scalable document processing pipeline.

Built a fully serverless, event-driven platform that audits and scores enterprise documents at scale. Presigned S3 uploads bypass server bottlenecks, SQS decouples the processing pipeline, and custom Dockerized Lambdas (including headless LibreOffice) feed raw document bytes directly into a multimodal LLM for visual-context-aware analysis.

Judgement Day dashboard screenshot

Judgement Day - document audit dashboard

§1.  The Domain & The Problem

Auditing pitch decks, legal contracts, or technical reports requires deep contextual understanding. Standard chat-with-PDF tools rely on text extraction middleware (PyPDF2, OCR) that strips away images, charts, and formatting, causing the AI to hallucinate its analysis.

Document processing is resource-heavy. If 100 users upload 50 MB files simultaneously, a standard backend will exhaust memory, throttle connections, and crash.

§2.  The Mental Model & Trade-offs

Standard multipart/form-data uploads choke servers under load.

Client-to-Cloud Upload: The backend was removed from the upload path. The React frontend authenticates via a lightweight Lambda, gets a Presigned S3 PUT URL, and pushes files directly to S3. Zero latency on the API layer.

Processing Timeouts: Converting PPTXs to PDFs and running AI audits takes longer than standard API gateway timeouts (30s).

Decoupled Queues: An async pipeline using Amazon SQS splits the workload into distinct microservices: authentication, file normalization, and heavy AI inference.

AI Approach: Instead of extracting raw text, the AI Lambda sends raw PDF bytes directly to Gemini via Part.from_bytes. The multimodal LLM sees the document natively, preserving layout, charts, and visual flow.

§3.  The Architecture

Three purpose-built Lambda functions:

  1. The Gatekeeper (Lambda 1): A lightweight (256 MB) API handling JWT auth, TOTP 2FA, DynamoDB CRUD, and generating presigned URLs.
  2. The Normalizer (Lambda 2): Triggered by an S3 event via SQS JudgementQueue. Runs a custom Docker image with a Fedora-based LibreOffice install to convert .pptx uploads into standardized PDFs.
  3. The Brain (Lambda 3): Picks up normalized files via SQS AuditQueue. Maximum timeouts (900s) and memory (1024 MB) to stream the document to Gemini, enforce structured JSON scoring, and persist the markdown analysis to DynamoDB.