# drbaher CLI suite > Four composable, local-first, agent-first CLIs for end-to-end contract operations. The agent does the operational work (drafting, reviewing, sending, tracking, verifying); the human approves the gestures that need a deliberate human action (signing, accepting a final position, escalating non-negotiables). Site: https://cli.drbaher.com/ ## The four CLIs 1. **draft-cli** — Agent-first placeholder-filler for legal-document templates. Five-tier detection cascade (bracket / mustache / `.docx` highlight / heuristic / opt-in LLM). `.docx` round-trip preserves runs and styling, with smart cross-run merging by default and `--strict-runs` as the opt-out. Typed parameters (date / money / party with format + currency), computed placeholders (date arithmetic), positional addressing, `parties.json` registry, multi-document bundles, `--from-deal` LLM inference from prose. Single-file ESM, one runtime dep (`jszip`). - GitHub: https://github.com/DrBaher/draft-cli - npm: https://www.npmjs.com/package/@drbaher/draft-cli - Install: `npm i -g @drbaher/draft-cli` - Agent discovery: `draft --list-placeholders --json` (per-template structured manifest with keys, aliases, types, defaults), `draft --validate` (precheck) - Agent contract: https://github.com/DrBaher/draft-cli/blob/main/AGENTS.md - Schema contract: https://github.com/DrBaher/draft-cli/blob/main/PARAM_SCHEMA.md (locked; stable across minor versions) 2. **nda-review-cli** — Agent-first NDA review, drafting, and two-party negotiation. Deterministic rules by default; opt-in LLM adjudication via Anthropic / OpenAI / Ollama / any OpenAI-compatible endpoint. Hash-chained negotiation state. Local-first, stdlib Python. - GitHub: https://github.com/DrBaher/nda-review-cli - PyPI: https://pypi.org/project/nda-review-cli/ - Install: `pipx install nda-review-cli` - Agent discovery: `nda-review-cli --catalog json` (23 subcommands, including 12 nested `negotiate` subcommands) - Agent contract: https://github.com/DrBaher/nda-review-cli/blob/main/AGENTS.md 3. **docx2pdf-cli** — Agent-first DOCX → PDF converter. Six hybrid backends (LibreOffice, Gotenberg, ConvertAPI, Apple Pages, Microsoft Word, textutil-cups). Strict-fidelity guard, machine-readable `--capabilities` + `--doctor` JSON (both schema-validated). NDJSON batch mode. - GitHub: https://github.com/DrBaher/docx2pdf-cli - npm: https://www.npmjs.com/package/docx2pdf-cli - Install: `npm i -g docx2pdf-cli` - Agent discovery: `docx2pdf --capabilities` (machine-readable feature contract), `docx2pdf --doctor` (host-readiness JSON), `docx2pdf --catalog json` (flag inventory) - Agent contract: https://github.com/DrBaher/docx2pdf-cli/blob/main/AGENTS.md 4. **sign-cli** — Agent-first e-signature CLI. Built-in fully-offline PAdES signer (PKCS#7 in `/ByteRange`, self-issued cert) produces real cryptographically verifiable signed PDFs with no signup. Or routes through Dropbox Sign / DocuSign / SignWell. 19-tool MCP server over stdio. 20-route HTTP API at `/v1/*`. Hash-chained audit log with append-only DB triggers. RFC 3161 timestamp anchoring. Per-signer approval tokens (TTL-bounded, single-use, scoped to one email). - GitHub: https://github.com/DrBaher/sign-cli - npm: https://www.npmjs.com/package/@drbaher/sign-cli (scoped — the unscoped `sign-cli` belongs to an unrelated project) - Install: `npm i -g @drbaher/sign-cli` - One-shot demo (no install, no signup, 5 seconds): `npx @drbaher/sign-cli demo` - Agent discovery: `sign --catalog json`, `sign mcp tools` - MCP server: `sign mcp serve` (stdio, 19 tools, capability scoping via `--read-only`, `--tool`, `--capability`) - HTTP API: `sign serve --port 4000` (20 routes under `/v1/*`, schema at `/v1/openapi.json`) - Agent contract: https://github.com/DrBaher/sign-cli/blob/main/AGENTS.md ## The architectural claim The asymmetry is the architecture: an agent can drive every step except the actual signing gesture, which stays gated behind a human. The mechanism is the per-signer approval token — TTL-bounded, scoped to a single signer's email, single-use. The requester (which can be the agent) holds and DMs the token to the human signer; the signer pastes it into `sign sign --token ...`. The agent never sees signer tokens. Pre-sign safety checks (`--require-hash`, `--require-title`, `--require-signer-email`) throw structured errors before any state mutation. This means an LLM agent can do all the operational work (sending documents, tracking status, verifying receipts, reporting back, even drafting and negotiating amendments) without the legal liability of a hallucinating model accidentally executing a contract. ## Cross-suite agent contract All four CLIs share the same contract: - **Output**: success JSON to stdout, exit `0`. Errors as `{ ok: false, error: { code, message, hint?, details? } }` to stderr, non-zero exit. - **Exit codes**: `0` success, `2` invalid input, `3` policy/chain/verification failed, `4` not found. (draft-cli's matrix has additional codes for vault failures and LLM errors; see its CHANGELOG.) - **Discovery**: each CLI exposes a machine-readable manifest at startup. draft-cli: `draft --list-placeholders --json` (per-template schema). nda-review-cli + sign-cli: ` --catalog json` (subcommand + flag inventory). docx2pdf-cli additionally exposes `--capabilities` (feature contract) and `--doctor` (host readiness), both schema-validated under `schemas/`. sign-cli additionally exposes `sign mcp tools` (live MCP tool catalog). - **Never hardcode tool counts, flag lists, or sub-command names** — call the discovery commands at startup. ## Repository shape (consistent across all four) ``` README.md # lede + "Run this" + decision tree AGENTS.md # agent quickstart: output contract / exit codes / discovery / failure→recovery CHANGELOG.md docs/ ├── setup/ # per-provider/per-backend setup ├── reference/ # one canonical file per concept (audit-chain, exit-codes, policy, …) └── recipes/ # task-oriented recipes (sign-cli only) schemas/ # JSON schemas for machine-readable outputs ``` ## MCP wire-up for sign-cli (the only one with an MCP server) Claude Code / Claude Desktop `~/.config/claude-code/settings.json` or `claude_desktop_config.json`: ```json { "mcpServers": { "sign-cli": { "command": "npx", "args": ["-y", "@drbaher/sign-cli", "mcp", "serve"] } } } ``` Cursor `~/.cursor/mcp.json`: ```json { "mcpServers": { "sign-cli": { "command": "npx", "args": ["-y", "@drbaher/sign-cli", "mcp", "serve"], "env": {} } } } ``` Sandboxed (read-only mode, narrowed tool set): ```bash sign mcp serve --read-only true \ --tool request_show --tool audit_verify --tool pdf_detect_signature_field ``` ## Key URLs for agents - Suite home: https://cli.drbaher.com/ - Workflow walkthrough: https://cli.drbaher.com/workflow/ - MCP integration guide: https://cli.drbaher.com/mcp/ - Built for agents (Claude, Cursor, Codex, langchain): https://cli.drbaher.com/built-for-agents/ - Comparison vs SaaS suites: https://cli.drbaher.com/compare/ - Changelog: https://cli.drbaher.com/changelog/ - Principles: https://cli.drbaher.com/principles/ ## License All four CLIs are MIT-licensed. The showcase site itself is also open source.