Skip to content
contract-ops CLI suite

Install

Nine installs, one workflow.

Each CLI is a standalone package on its native registry. Install whichever ones you need; they don't depend on each other and there's no shared runtime to set up.

TL;DR — pipx install extract-cli · pipx install template-vault-cli · npm i -g @drbaher/draft-cli · pipx install nda-review-cli · npm i -g compare-cli · npm i -g docx2pdf-cli · npm i -g @drbaher/sign-cli · pipx install contract-vault · pipx install contract-lint. Verify with --version on each.

Everything in one command

The fastest path: one script installs all nine from their native registries (pipx + npm), checks prerequisites, and prints versions. Re-run any time to upgrade.

one-command install
curl -fsSL https://cli.drbaher.com/install.sh | sh

Prefer to read before you run it? (Always reasonable for a piped installer.)

review, then run
curl -fsSL https://cli.drbaher.com/install.sh -o install.sh
less install.sh        # ~40 lines of pipx + npm, no magic
sh install.sh

Needs python3 + pipx and node 22+ / npm on your PATH (see Prerequisites). MIT, in the open at public/install.sh.

…or run them in a container

For CI, an agent sandbox, or a throwaway environment, the published image bundles all nine CLIs and the PDF backend (LibreOffice) — nothing to install on the host.

docker
# Run any CLI; mount the current directory as /work
docker run --rm -v "$PWD:/work" -w /work ghcr.io/drbaher/contract-ops extract contract.pdf --json

# …or drop into a shell with all nine on PATH
docker run --rm -it -v "$PWD:/work" -w /work ghcr.io/drbaher/contract-ops bash

Install the whole suite

Want all nine at once? Two package managers, six commands:

install all nine
# Five Python CLIs (pipx installs one package per command)
pipx install extract-cli
pipx install template-vault-cli
pipx install nda-review-cli
pipx install contract-vault
pipx install contract-lint

# Four Node CLIs (one npm command)
npm i -g @drbaher/draft-cli compare-cli docx2pdf-cli @drbaher/sign-cli

Then verify each with --version, or jump straight to the 5-minute tour.

Prerequisites

  • Node.js 18+ for draft-cli and docx2pdf-cli; Node.js 20+ for compare-cli (pinned by pdfjs-dist); Node.js 22+ for sign-cli (uses node:sqlite). Install via brew install node, nvm, or your platform's installer.
  • Python 3.9+ with pipx for extract-cli, template-vault-cli, nda-review-cli, contract-vault, and contract-lint. Install pipx via brew install pipx or your distro package manager, then pipx ensurepath.
  • A PDF backend (only for docx2pdf-cli) — LibreOffice, Microsoft Word, Apple Pages, or a Gotenberg / ConvertAPI server. The tool auto-detects what's installed.

Per-tool install paths

Each CLI is a standalone package — install only the ones you need; they don't depend on each other. Every tool's paths are below.

extract-cli

The Python CLI for the open-loop front door — ingest any contract (.md / .txt / .html / .docx / .pdf) into structured JSON. Stdlib-only at runtime (zero dependencies); the optional [docx] / [pdf] extras add higher-fidelity readers. Installs as extract on your PATH.

pipx install extract-cli
extract --version

Recommended — isolates dependencies and adds the CLI to your $PATH.

first run
# Zero-config: extract a bundled NDA into structured JSON
extract demo

# Your own document → structured JSON on stdout
extract path/to/contract.docx

template-vault-cli

The Python CLI for a Git-backed, clause-aware template vault. Stdlib-only at runtime — pipx installs it cleanly into its own environment. Installs as template-vault on your PATH. The optional [docx] extra adds python-docx for .docx ingestion and export.

pipx install template-vault-cli
template-vault --version

Recommended — isolates dependencies and adds the CLI to your $PATH.

first run
# Zero-config compose-and-swap tour against inline fixtures
template-vault demo

# Or start a vault of your own and pull a public template in
mkdir my-vault && cd my-vault
template-vault init
template-vault import common-paper-mutual-nda

draft-cli

The Node.js CLI for filling placeholders in markdown or .docx templates. Single-file ESM, one runtime dep (jszip) for .docx unzip. Installs as draft on your PATH.

npm i -g @drbaher/draft-cli
draft --version
sanity check
# See the bundled demo (no template needed)
draft --demo

# Discover what a template expects
draft path/to/template.md --list-placeholders

nda-review-cli

The Python CLI for drafting, reviewing, and negotiating NDAs. Stdlib-only at runtime — pipx installs it cleanly into its own environment.

pipx install nda-review-cli
nda-review-cli --version

Recommended — isolates dependencies and adds the CLI to your $PATH.

first-run setup
# 14 quick questions write your house policy
nda-review-cli quickstart

contract-lint-cli

The Python CLI for the pre-signature quality gate — lint one contract for internal-consistency defects (leftover placeholders, broken cross-references, defined-term and numbering issues) with CI-gateable exit codes. Stdlib-only at runtime, zero dependencies. Installs as contract-lint on your PATH (PyPI package contract-lint).

pipx install contract-lint
contract-lint --version

Recommended — isolates dependencies and adds the CLI to your $PATH.

first run
# Zero-config: lint a deliberately-flawed sample contract
contract-lint demo

# Lint your own document; gate CI on errors only
contract-lint your-contract.md --check --fail-on error

compare-cli

The Node.js CLI for clause-aware drift detection between two contract versions. Single-file, two runtime deps, Node ≥ 20. The package is compare-cli; the installed command is compare — the npx -p … -- form below tells npx which package to fetch and which bin to run, since the two names differ.

npm i -g compare-cli
compare --version
sanity check
# Bundled fixtures where the term silently shifted 2y → 3y; exits 2
compare --demo

# Real comparison — the exit code is the gate (0 safe · 2 drift · 3 cosmetic · 4 moved)
compare negotiated.docx ready-to-sign.pdf

docx2pdf-cli

The Node.js CLI for DOCX → PDF conversion with hybrid backends.

npm i -g docx2pdf-cli
docx2pdf --version
sanity check
# Probe what backends are detected on this machine
docx2pdf --doctor
docx2pdf --list-backends

The --doctor probe walks every backend candidate (LibreOffice, Word, Apple Pages, Gotenberg, ConvertAPI) and reports which ones are usable. Pick one with --backend or let the tool auto-select.

sign-cli

The TypeScript CLI for fully-offline PAdES signing (built-in PKCS#7 signer with a self-issued cert) plus optional Dropbox Sign / DocuSign / SignWell routing. Installs as sign on your PATH.

npm i -g @drbaher/sign-cli
sign --version

The offline demo walks the full lifecycle (create → approve → send → sign → audit verify → bundle export) using the built-in local PAdES signer — no signup, no third-party calls, ~5 seconds end to end. After install, run sign init for a guided provider setup or sign doctor preflight for a structured per-check readiness report.

contract-vault-cli

The Python CLI for the post-signature layer — register signed contracts, then surface renewals, notice deadlines, and obligations. Stdlib-only at runtime; the optional [docx] extra pulls in extract-cli for end-to-end ingest. Installs as contract-vault on your PATH (PyPI package contract-vault).

pipx install contract-vault
contract-vault --version

Recommended — isolates dependencies and adds the CLI to your $PATH.

first run
# Zero-config: register two sample contracts -> a renewals calendar
contract-vault demo

# Or start a vault and register your own signed contract
mkdir my-contracts && cd my-contracts
contract-vault init
extract ~/contracts/signed.pdf | contract-vault ingest -

Configuration locations

Each tool keeps its config in standard places. Nothing is shared across tools.

Tool Config Sensitive bits
template-vault-cli The vault is a Git repo — .vault.json at the vault root, one meta.json per template · optional shared LLM config at ~/.config/contract-ops/llm.json LLM provider keys (in the shared llm.json, outside the vault) when ask is used
draft-cli None by default · optional <template>.params.json alongside the template · optional parties.json for shared party records LLM provider keys (env only) when --from-deal is used
nda-review-cli config/org-policy.json, profiles/, optional config/llm.json (or the shared ~/.config/contract-ops/llm.json) LLM provider keys (gitignored)
compare-cli None · stateless and deterministic, all behavior driven by flags · for the MCP server, optional COMPARE_MCP_BASE_DIR env var to lock down path inputs None (no LLM tier, no network)
docx2pdf-cli Optional .docx2pdfrc Gotenberg URL if remote backend in use
sign-cli $XDG_CONFIG_HOME/sign-cli/profiles.json (named profile bundles) · project-level sign-profile.json (git-style upward discovery) · env vars (SIGN_PROFILE, SIGN_DB_PATH, etc.) Provider API keys via shell env + {{env:VAR}} profile references — credentials never live in the profile file

Updating

pipx upgrade extract-cli
pipx upgrade template-vault-cli
pipx upgrade nda-review-cli
pipx upgrade contract-vault
pipx upgrade contract-lint
npm update -g @drbaher/draft-cli compare-cli docx2pdf-cli @drbaher/sign-cli

Uninstalling

Each tool comes off cleanly. There are no daemons, services, or system-wide modifications to clean up afterwards.

pipx uninstall extract-cli
pipx uninstall template-vault-cli
pipx uninstall nda-review-cli
pipx uninstall contract-vault
pipx uninstall contract-lint
npm rm -g @drbaher/draft-cli compare-cli docx2pdf-cli @drbaher/sign-cli

Edit this page on GitHub