Install
Nine installs, one workflow.
Each CLI is a standalone package on its native registry. Install whichever ones you need; they don't depend on each other and there's no shared runtime to set up.
pipx install extract-cli · pipx install template-vault-cli · npm i -g @drbaher/draft-cli · pipx install nda-review-cli · npm i -g compare-cli · npm i -g docx2pdf-cli · npm i -g @drbaher/sign-cli · pipx install contract-vault · pipx install contract-lint.
Verify with --version on each.
Everything in one command
The fastest path: one script installs all nine from their native registries (pipx + npm), checks prerequisites, and prints versions. Re-run any time to upgrade.
curl -fsSL https://cli.drbaher.com/install.sh | sh Prefer to read before you run it? (Always reasonable for a piped installer.)
curl -fsSL https://cli.drbaher.com/install.sh -o install.sh
less install.sh # ~40 lines of pipx + npm, no magic
sh install.sh Needs python3 + pipx and node 22+ / npm on your PATH (see Prerequisites). MIT, in the open at public/install.sh.
…or run them in a container
For CI, an agent sandbox, or a throwaway environment, the published image bundles all nine CLIs and the PDF backend (LibreOffice) — nothing to install on the host.
# Run any CLI; mount the current directory as /work
docker run --rm -v "$PWD:/work" -w /work ghcr.io/drbaher/contract-ops extract contract.pdf --json
# …or drop into a shell with all nine on PATH
docker run --rm -it -v "$PWD:/work" -w /work ghcr.io/drbaher/contract-ops bash Install the whole suite
Want all nine at once? Two package managers, six commands:
# Five Python CLIs (pipx installs one package per command)
pipx install extract-cli
pipx install template-vault-cli
pipx install nda-review-cli
pipx install contract-vault
pipx install contract-lint
# Four Node CLIs (one npm command)
npm i -g @drbaher/draft-cli compare-cli docx2pdf-cli @drbaher/sign-cli Then verify each with --version, or jump straight to the 5-minute tour.
Prerequisites
- Node.js 18+ for draft-cli and docx2pdf-cli; Node.js 20+ for compare-cli (pinned by
pdfjs-dist); Node.js 22+ for sign-cli (usesnode:sqlite). Install viabrew install node,nvm, or your platform's installer. - Python 3.9+ with
pipxfor extract-cli, template-vault-cli, nda-review-cli, contract-vault, and contract-lint. Install pipx viabrew install pipxor your distro package manager, thenpipx ensurepath. - A PDF backend (only for docx2pdf-cli) — LibreOffice, Microsoft Word, Apple Pages, or a Gotenberg / ConvertAPI server. The tool auto-detects what's installed.
Per-tool install paths
Each CLI is a standalone package — install only the ones you need; they don't depend on each other. Every tool's paths are below.
extract-cli
The Python CLI for the open-loop front door — ingest any contract (.md /
.txt / .html / .docx /
.pdf) into structured JSON. Stdlib-only at runtime (zero dependencies); the
optional [docx] / [pdf] extras add higher-fidelity
readers. Installs as extract on your PATH.
pipx install extract-cli
extract --version Recommended — isolates dependencies and adds the CLI to your $PATH.
pipx install 'extract-cli[docx,pdf]' Adds python-docx + pypdf for higher-fidelity .docx / .pdf parsing.
pip install extract-cli Stdlib-only core, no isolation. Make sure ~/.local/bin is on your $PATH.
# Zero-config: extract a bundled NDA into structured JSON
extract demo
# Your own document → structured JSON on stdout
extract path/to/contract.docx template-vault-cli
The Python CLI for a Git-backed, clause-aware template vault. Stdlib-only at runtime — pipx
installs it cleanly into its own environment. Installs as template-vault
on your PATH. The optional [docx] extra adds python-docx
for .docx ingestion and export.
pipx install template-vault-cli
template-vault --version Recommended — isolates dependencies and adds the CLI to your $PATH.
pipx install 'template-vault-cli[docx]' Adds python-docx for .docx ingestion / export.
pip install template-vault-cli Stdlib-only, no isolation. Make sure ~/.local/bin is on your $PATH.
# Zero-config compose-and-swap tour against inline fixtures
template-vault demo
# Or start a vault of your own and pull a public template in
mkdir my-vault && cd my-vault
template-vault init
template-vault import common-paper-mutual-nda draft-cli
The Node.js CLI for filling placeholders in markdown or .docx
templates. Single-file ESM, one runtime dep (jszip) for
.docx unzip. Installs as draft on your PATH.
npm i -g @drbaher/draft-cli
draft --version pnpm add -g @drbaher/draft-cli yarn global add @drbaher/draft-cli npx @drbaher/draft-cli --demo No install — runs the bundled NDA demo once.
# See the bundled demo (no template needed)
draft --demo
# Discover what a template expects
draft path/to/template.md --list-placeholders nda-review-cli
The Python CLI for drafting, reviewing, and negotiating NDAs. Stdlib-only at runtime — pipx installs it cleanly into its own environment.
pipx install nda-review-cli
nda-review-cli --version Recommended — isolates dependencies and adds the CLI to your $PATH.
pip install --user nda-review-cli Use if you don't have pipx. Make sure ~/.local/bin is on your $PATH.
git clone https://github.com/DrBaher/nda-review-cli.git
cd nda-review-cli && ./nda_review_cli.py --help Single-file stdlib-only Python — runs straight from a clone.
# 14 quick questions write your house policy
nda-review-cli quickstart contract-lint-cli
The Python CLI for the pre-signature quality gate — lint one contract for internal-consistency
defects (leftover placeholders, broken cross-references, defined-term and numbering issues) with
CI-gateable exit codes. Stdlib-only at runtime, zero dependencies. Installs as
contract-lint on your PATH (PyPI package contract-lint).
pipx install contract-lint
contract-lint --version Recommended — isolates dependencies and adds the CLI to your $PATH.
pip install contract-lint Stdlib-only. Make sure ~/.local/bin is on your $PATH.
# Zero-config: lint a deliberately-flawed sample contract
contract-lint demo
# Lint your own document; gate CI on errors only
contract-lint your-contract.md --check --fail-on error compare-cli
The Node.js CLI for clause-aware drift detection between two contract versions. Single-file, two
runtime deps, Node ≥ 20. The package is compare-cli; the installed command
is compare — the npx -p … -- form below tells npx
which package to fetch and which bin to run, since the two names differ.
npm i -g compare-cli
compare --version pnpm add -g compare-cli yarn global add compare-cli npx -p compare-cli@latest -- compare --demo No install — runs the bundled drift demo once.
# Bundled fixtures where the term silently shifted 2y → 3y; exits 2
compare --demo
# Real comparison — the exit code is the gate (0 safe · 2 drift · 3 cosmetic · 4 moved)
compare negotiated.docx ready-to-sign.pdf docx2pdf-cli
The Node.js CLI for DOCX → PDF conversion with hybrid backends.
npm i -g docx2pdf-cli
docx2pdf --version pnpm add -g docx2pdf-cli yarn global add docx2pdf-cli npx docx2pdf-cli@latest --doctor No install — runs the latest version once.
# Probe what backends are detected on this machine
docx2pdf --doctor
docx2pdf --list-backends
The --doctor probe walks every backend candidate (LibreOffice, Word,
Apple Pages, Gotenberg, ConvertAPI) and reports which ones are usable. Pick one with --backend
or let the tool auto-select.
sign-cli
The TypeScript CLI for fully-offline PAdES signing (built-in PKCS#7 signer with a self-issued
cert) plus optional Dropbox Sign / DocuSign / SignWell routing. Installs as
sign on your PATH.
npm i -g @drbaher/sign-cli
sign --version pnpm add -g @drbaher/sign-cli yarn global add @drbaher/sign-cli npx @drbaher/sign-cli demo One-shot offline demo — no install required.
The offline demo walks the full lifecycle (create → approve → send → sign → audit verify →
bundle export) using the built-in local PAdES signer — no signup, no third-party calls,
~5 seconds end to end. After install, run sign init for a guided
provider setup or sign doctor preflight for a structured per-check
readiness report.
contract-vault-cli
The Python CLI for the post-signature layer — register signed contracts, then surface renewals,
notice deadlines, and obligations. Stdlib-only at runtime; the optional [docx]
extra pulls in extract-cli for end-to-end ingest. Installs as
contract-vault on your PATH (PyPI package contract-vault).
pipx install contract-vault
contract-vault --version Recommended — isolates dependencies and adds the CLI to your $PATH.
pipx install 'contract-vault[docx]' Adds extract-cli[docx] so `ingest` can extract .docx/.pdf end to end.
pip install contract-vault Stdlib-only core. Make sure ~/.local/bin is on your $PATH.
# Zero-config: register two sample contracts -> a renewals calendar
contract-vault demo
# Or start a vault and register your own signed contract
mkdir my-contracts && cd my-contracts
contract-vault init
extract ~/contracts/signed.pdf | contract-vault ingest - Configuration locations
Each tool keeps its config in standard places. Nothing is shared across tools.
| Tool | Config | Sensitive bits |
|---|---|---|
| template-vault-cli | The vault is a Git repo — .vault.json at the vault root, one meta.json per template · optional shared LLM config at ~/.config/contract-ops/llm.json | LLM provider keys (in the shared llm.json, outside the vault) when ask is used |
| draft-cli | None by default · optional <template>.params.json alongside the template · optional parties.json for shared party records | LLM provider keys (env only) when --from-deal is used |
| nda-review-cli | config/org-policy.json, profiles/, optional config/llm.json (or the shared ~/.config/contract-ops/llm.json) | LLM provider keys (gitignored) |
| compare-cli | None · stateless and deterministic, all behavior driven by flags · for the MCP server, optional COMPARE_MCP_BASE_DIR env var to lock down path inputs | None (no LLM tier, no network) |
| docx2pdf-cli | Optional .docx2pdfrc | Gotenberg URL if remote backend in use |
| sign-cli | $XDG_CONFIG_HOME/sign-cli/profiles.json (named profile bundles) · project-level sign-profile.json (git-style upward discovery) · env vars (SIGN_PROFILE, SIGN_DB_PATH, etc.) | Provider API keys via shell env + {{env:VAR}} profile references — credentials never live in the profile file |
Updating
pipx upgrade extract-cli
pipx upgrade template-vault-cli
pipx upgrade nda-review-cli
pipx upgrade contract-vault
pipx upgrade contract-lint
npm update -g @drbaher/draft-cli compare-cli docx2pdf-cli @drbaher/sign-cli
Uninstalling
Each tool comes off cleanly. There are no daemons, services, or system-wide modifications to
clean up afterwards.
pipx uninstall extract-cli
pipx uninstall template-vault-cli
pipx uninstall nda-review-cli
pipx uninstall contract-vault
pipx uninstall contract-lint
npm rm -g @drbaher/draft-cli compare-cli docx2pdf-cli @drbaher/sign-cli