5 specialized tools · 90 unit tests · live FastAPI backend

IVDR compliance,compressed from months to hours.

Conformly is an autonomous AI co-pilot for in-vitro diagnostic manufacturers entering the EU under Regulation (EU) 2017/746. It tracks every client across a 45-step program, parses Notified Body letters in 30 seconds, and benches the technical file against IVDR Annex I clause-by-clause — all driven by Gemini 3.

Try the live demoSee the portfolio dashboard

no demo trick · the dashboard reads live markdown from this repo's vault/

Why this matters

IVDR is a multi-million-euro,
multi-year program. Conformly cuts it in half.

-78%

Time

beforeManually triaging a Notified Body deficiency letter and mapping each finding to IVDR clauses takes a senior regulatory affairs lead 4–6 hours.

afterConformly returns a structured deficiency plan, severity, evidence required, and a draft response skeleton in under 30 seconds.

-65%

Cognitive load

beforeA GSPR gap analysis touches 20+ IVDR Annex I clauses across thousands of pages of regulation, MDCG guidance, and ISO standards.

afterOne Gemini 3 Pro call reads the entire curated checklist + the client's whole dossier in a single 2M-token context — every clause scored, every gap quoted.

-40%

Consulting fees

beforeA typical IVDR Class C submission costs €350k–€800k in consulting alone, with consultants billing manual triage and document drafting at €1.5–2.5k/day.

afterConformly drafts the repeatable 70% (status reports, NB responses, gap analyses), leaving consultants free to focus on the irreplaceable 30%.

The complexity

IVDR is the most complex MD regulation ever passed in the EU.

The 2017/746 regulation reclassified 80%+ of IVD devices into higher compliance tiers. What used to be a self-declaration is now a full Notified-Body assessment plus EMA opinion plus EU reference lab review.

  • 22

    GSPR clauses every device must satisfy

  • 45

    steps in a typical engagement, signature to certificate

  • 60+

    sub-steps in a Clinical Performance Study (CPS) alone

  • 24

    EU official languages every IFU must support (Article 17)

  • 2,500+

    pages of regulation + MDCG guidance + ISO + CLSI to internalise

  • 30+ mo

    average Class D submission timeline today, end-to-end

The product

Five focused tools. One regulatory-affairs co-pilot.

The agent calls these tools the way a senior consultant would dictate to a junior — one specific task at a time, always citing the source document, never going off-script.

Triage a Notified Body letter

30 s vs. 5 h

A BSI / TÜV SÜD / DEKRA letter goes in — English, German, or Italian. A structured deficiency plan comes out: IVDR clause map, severity, evidence required, draft response skeleton.

conformly_parse_nb_letter()

Bench against IVDR Annex I

2 min vs. 3 days

One call, 22 GSPR clauses, one structured report. addressed / partial / open / n-a, with quoted evidence per addressed clause and a concrete recommended action per gap.

conformly_gspr_gap_analyzer()

See the whole portfolio

instant

Class, phase, day-in-journey, risk level, next deadline — every active engagement on one screen. Sort by risk to know who needs you today.

conformly_list_clients()

Open one file

instant

A single client dossier becomes a typed status object: GREEN LIGHTs passed, open risks with severity, soonest deadline, communication log.

conformly_get_client_status()

Cite the regulation

cached forever

A live catalog of every IVDR / MDCG / ISO / CLSI document in the vault. Filter by family, query by substring, let the long-context LLM do the reading and the quoting.

conformly_search_regulation()

How it works

Plain markdown. Long-context LLM. Git for memory.

No vector database. No embeddings. No RAG infrastructure. The agent reads files the way a consultant would — by path, by section, by quote.

1

Vault = source of truth

Clients, projects, regulations, NB letters — all markdown with YAML frontmatter. Git-versioned, diff-able, auditor-friendly. ISO 13485 reviewers love it.

2

Hermes Agent runtime

The agent loop, model routing, and skill dispatch come from the NousResearch Hermes Agent project. We plug in five custom Python tools through its standard plugin interface.

3

Gemini 3 Pro + Flash

Gemini 3 Pro handles deep reasoning (GSPR analysis, NB letter parse) with its 2M-token context window. Flash handles fast triage and selection.

4

Production-ready deploy

One Vultr VPS, one shell script, two services (FastAPI + Next.js) behind nginx, Let's Encrypt for HTTPS. Costs €15/month to run.

  ┌─────────────────────────────────────────────────────────────────────┐
  │                       Conformly architecture                        │
  ├─────────────────────────────────────────────────────────────────────┤
  │                                                                     │
  │   user / consultant                                                 │
  │         │                                                           │
  │         ▼                                                           │
  │   ┌───────────────────┐   tool_call   ┌──────────────────────────┐  │
  │   │  Hermes Agent     │ ────────────► │  Conformly plugin (5)    │  │
  │   │  + Gemini 3 Pro   │ ◄──── JSON ── │  • get_client_status     │  │
  │   │  + Gemini 3 Flash │               │  • list_clients          │  │
  │   └────────┬──────────┘               │  • search_regulation     │  │
  │            │                          │  • parse_nb_letter   ⚡  │  │
  │            │                          │  • gspr_gap_analyzer ⚡  │  │
  │            │                          └────────────┬─────────────┘  │
  │            │                                       │                │
  │            │                                       ▼                │
  │            │                          ┌──────────────────────────┐  │
  │            │                          │   vault/  (markdown)     │  │
  │            └────────────HTTP─────────►│   clients/, projects/,   │  │
  │                                       │   raw/regulations/,      │  │
  │                                       │   notes/  ←──git─────┐   │  │
  │                                       └──────────────────────┼───┘  │
  │                                                              │      │
  │                              ⚡ = LLM-backed tool            │      │
  │                              ◀ everything is auditable in git┘      │
  └─────────────────────────────────────────────────────────────────────┘

Read-only by default

Reads and drafts run free; any outbound action (CAPA, submission, email) pauses for a human approval routed to Slack.

Cite or refuse

Every regulatory answer carries a document ID + section number. If the source is silent, the agent says so rather than invent.

Audit trail by construction

Every tool invocation writes one JSON line to ~/.conformly/audit.log. ISO 13485 evidence ready out of the box.

No vendor lock-in

Markdown vault, standard OpenAI tool-call schemas, open-source Hermes runtime. Swap LLM providers in one config line.

In practice

Three scenarios. One regulatory week, replayed in 90 seconds.

Act I

A Notified Body deficiency letter lands at 9:00 AM.

manufacturer

before — manual

A 4-page BSI letter with 4 findings: precision, clinical, software, stability. Your RA lead spends the morning reading, classifying, mapping each to IVDR clauses, drafting a response outline, escalating to the project sponsor.

after — Conformly

Conformly parses the PDF, extracts the four deficiencies with IVDR Annex I references, flags clock-stop status (yes, 60-day window), and drafts the point-by-point response. Total wall-time: 30 seconds.

manual: 4–6 hConformly: 30 s
Act II

The sponsor asks: 'are we ready for submission?'

regulatory affairs lead

before — manual

The traditional answer is a 3-day cross-functional sprint: pull the technical file, cross-reference 22 GSPR clauses, interview each team owner, write a gap report. Then re-do it next week because something changed.

after — Conformly

One conformly_gspr_gap_analyzer call. Twenty-two clauses scored, evidence quoted, gaps named, recommended actions ranked by priority. Reproducible from any commit — git checkout the past, see the past gap report.

manual: 2–3 daysConformly: 2 min
Act III

Monday morning portfolio review.

CRO operations director

before — manual

A spreadsheet (always slightly out of date), three open chat threads, and a vague feeling about which client is closest to a deadline. PM has to ping each project lead individually before the 10:00 standup.

after — Conformly

One screen. Every active engagement, sorted by risk. Day-in-journey. Days since last contact. The soonest next deadline, by date. Click any card to drill into the source file.

manual: 45 minConformly: instant
Play these scenarios live

running right now

Active clients in the vault
3

Reading vault/clients/*.md live

High-risk engagements
2

Need attention this week

IVDR classes covered
3

A · B · C · D

Sit down with the agent for 90 seconds.

Three scripted scenarios, real tool outputs, every assistant message exactly what a sponsor would see on Slack today. Replay any run from your history.

Start the demo