How it works

From "let's talk" to shipped, cited, signed in 14 days.

No procurement. No six-month implementation. No SOC2 questionnaire blocking the kickoff. One scoping call, one one-page agreement, three sample artifacts — and Codex Reg is reviewing your real work.

Day 0 – 3

Step 1. The scoping call.

One 30-minute call. We decide which workflow goes first, you send three sample artifacts, and we confirm the pilot owner on your side. You leave with a fixed scope, a fixed price, and a draft pilot agreement landing by end of next business day.

Day 3 – 7

Step 2. The one-page agreement.

90 days. $1,500/mo. Mutual NDA. Per-tenant data isolation. Liability cap. Exit clause. Six promises in plain English, with a DPA on request. You can read it in five minutes; outside counsel can review it in twenty.

See the plain-English summary →

Day 7 – 10 · The moat

Step 3. Grounded on your SOPs, your specs, your formulas.

Every food company operates differently. The work is bound by internal SOPs, house spec templates, release criteria, brand voice, and a hundred small conventions that aren't written anywhere. Generic AI tools don't know your company — that's why they fail in regulated industries.

Your F&B Codex agent is trained on each of these artifacts before it sees its first real task. Your SOPs become both its citation source and its guardrails. Your spec templates become the format every output ships in. Your release criteria become the rules. Your brand voice becomes the way it writes.

The grounding is per-tenant, isolated by default, and never shared. Customer A's SOPs never appear in Customer B's output, even when both source from the same supplier. After 30 days, your agent sounds like a member of your team — because it has been trained on your team's work.

Day 10 – 14 · and every week after

Step 4. Reviews land.

You submit a task — a label PDF, a proposed claim, a state list — through email or a shared folder. Within one business day, three artifacts arrive in your inbox and your audit log:

  1. A human-readable Markdown report (the headline deliverable).
  2. A structured findings JSON for your downstream systems.
  3. A signed audit footer JSON — the artifact your auditor accepts.

Every BLOCKER and every claim rewrite is gated on a named human checkpoint. You sign off; the agent records the sign-off in the audit log. Nothing closes without it.

That's the whole engagement model. No procurement. No six-month implementation. The first review can be in your inbox before the second month's invoice arrives.
The two knowledge bases

A shared regulatory KB plus a private one for you.

Every Codex agent reads from two stores at the same time. The shared store holds the federal and state law — 21 CFR Part 101 in full, Part 111 supplement CGMP, Part 117 FSMA preventive controls, FSMA 204 traceability, FSVP, DSHEA, FALCPA + FASTER allergens, food additives (Parts 170–189), GRAS, color additives, California Prop 65, California AB 418, FTC Act §5, FTC Green Guides, FTC Endorsement Guides, plus state additive bills under monitoring. That store is the same for every customer because the law is the same.

The private store is yours alone. It holds your house SOPs, your spec templates, your formulas at the right revisions, your release criteria, your brand voice, your retailer requirements, your supplier history. Every claim the agent makes — every "this passes" and every BLOCKER — is grounded on the relevant primary source in the shared store and the relevant house artifact in your private store, with provenance landing in the audit footer of every output.

The shared KB is the credential. The private KB is the moat. Together they are the difference between a generic AI tool and an agent that sounds like a member of your team after thirty days.
The discipline behind the speed

Four rules we don't break.

Speed comes from constraints, not corners. These four rules are how a regulatory deliverable survives a warning letter, an outside-counsel review, or a SQF auditor's challenge.

Rule 01

Cite or strike

Every regulatory claim ships with a primary-source citation — a CFR section, an FDA guidance, an OEHHA listing, a state statute — and an access date. No claim, no ship.

Rule 02

Human checkpoint on every regulated output

BLOCKER findings and claim rewrites do not close without a named human signing the audit log. The agent never marks complete; you do.

Rule 03

Per-tenant isolation from Day 1

Your content stays in your tenant directory and your retrieval store. It is never used to train a shared model and never appears in another customer's response.

Rule 04

Drug-claim escalation always

Any input that drifts into disease treatment or prevention claims triggers an automatic escalation. We stop, flag, and recommend you engage outside counsel.

What every audit footer contains

The artifact that survives every second look.

The audit footer is not a UI element. It is a structured JSON record appended to every deliverable, written to per-tenant audit-log storage, and available for export at any time.

{
  "agent": "Regulatory Affairs Specialist",
  "agent_version": "v1.0",
  "model": "<model id>",
  "run_id": "<uuid>",
  "customer": "<your tenant id>",
  "task_id": "<your task id>",
  "inputs_hash": "sha256:<hash of every input>",
  "tools_used": ["lookup_cfr", "parse_label", "..."],
  "citations": [
    { "source": "21 CFR §101.14", "accessed": "2026-06-01" }
  ],
  "human_checkpoints_required": [
    "marketing_claim_signoff",
    "vp_quality_signoff_before_print"
  ],
  "confidence": "high",
  "started_at": "ISO-8601",
  "completed_at": "ISO-8601"
}

The first scoping call is 30 minutes. We'll know within 10 if we're a fit.

Start a pilot →