Skip to content
contract-ops CLI suite

Recipes

Recipes for real situations.

The tour and workflow walk the happy path start to finish. These are the off-path situations that actually come up — copy-paste sequences you can adapt. Discover any tool's exact flags with <cli> --catalog json.

Turn a counterparty's PDF into structured data

The deal arrives as their paper. extract-cli is the open-loop front door — any format in, structured JSON out, with a confidence and source on every field.

ingest foreign paper
# Any contract — yours or a counterparty's — into structured JSON
extract counterparty.pdf --json > deal.json

# Verify, don't trust: who are the parties, the term, the governing law?
jq '{parties: [.parties[].name], term: .term, law: .governing_law.value}' deal.json

# extract is a pipe — feed the JSON straight into review or the vault
extract counterparty.pdf --json | contract-vault ingest -

Review an incoming third-party NDA

Someone sends you their paper. Score it against your house policy, then gate the final text before you sign.

review their paper
# 1. Score it against your house policy, with evidence for each finding
nda-review-cli review --file their-nda.docx --playbook config/org-policy.json --why

# 2. Negotiate the points you don't accept (see the tool page for the full
#    negotiate subcommands); nda-review tracks hash-chained negotiation state.

# 3. Before signing, gate the version they sent back against what you agreed
compare --from-negotiation negotiation.json their-nda-final.docx
#   exit 0 = matches the agreed text · 2 = it drifted — don't sign

Negotiate an NDA to convergence

The back-and-forth itself, tracked. nda-review's two-party negotiate flow keeps hash-chained state — every round is tamper-evident — and feeds straight into the pre-signature gate.

negotiate round by round
# Open a negotiation from your house template (creates hash-chained state)
nda-review-cli negotiate init --base nda/house-mutual --out negotiation.json

# Each round: a party counters, the other reviews — the chain records who changed what
nda-review-cli negotiate counter --state negotiation.json --as party-b --amendments-file edits.json
nda-review-cli negotiate review  --state negotiation.json --as party-a
nda-review-cli negotiate status  --state negotiation.json

# Both sign off, then finalize to the agreed text (Markdown / .docx / PDF)
nda-review-cli negotiate sign-off --state negotiation.json --as party-a --yes
nda-review-cli negotiate finalize --state negotiation.json --out-md agreed.md

# When the executed copy comes back, gate it against exactly what was agreed
compare --from-negotiation negotiation.json ready-to-sign.docx   #  exit 2 = it drifted

Build a house template from a public source

Don't draft from scratch. template-vault keeps public sources (Common Paper, YC SAFE, Bonterms) and your own house paper in one git-backed vault — fork a base and swap clauses with recorded provenance.

compose a template
# Discover the public sources, then import one into your vault
template-vault sources
template-vault import <source-id>          # pick an id from the list above

# Fork it into your house vault, then swap in your own clause (provenance recorded)
template-vault compose --base nda/mutual --as nda/house-mutual
template-vault swap nda/house-mutual --clause confidentiality --from msa/standard

Lint a draft before it leaves your hands

Fill a template, then catch the internal defects — leftover placeholders, broken cross-references, numbering gaps — before the draft ever reaches a counterparty.

fill + lint
# Pull the versioned template, fill it, lint the result
template-vault get nda/house-mutual | draft - --params deal.json > ready.md
contract-lint ready.md --fail-on error
#   exit 0 = clean · 1 = a placeholder or broken reference slipped through

Gate drift and defects in CI

Run the two pre-signature gates before a build can ship a contract: contract-lint for internal-consistency defects within the document, compare for drift between versions. The exit code is the gate, no parsing required.

ci gate
# Lint the ready-to-sign doc for internal defects (0 clean · 1 findings · 2 bad usage)
contract-lint ready-to-sign.docx --check --fail-on error

# Gate drift against the agreed text (0 safe · 2 substantive · 3 cosmetic · 4 moved)
compare agreed.md ready-to-sign.docx --check

# …or emit SARIF for GitHub code-scanning / a PR annotation
contract-lint ready-to-sign.docx --sarif > lint.sarif
compare agreed.md ready-to-sign.docx --sarif > drift.sarif

Drive the pipeline from an agent

An LLM agent does the operational work; the human only makes the signing gesture. The per-signer token is the boundary — the agent never sees it.

agent loop
# 1. Discover each tool's surface at startup — never hardcode flags
draft --catalog json    compare --catalog json    sign --catalog json

# 2. Agent fills, gates, and converts (branching on exit codes + --json)
template-vault get nda/house-mutual | draft - --params deal.json | tee filled.md
compare agreed.md filled.md --json   # agent reads the verdict, decides to proceed

# 3. Agent requests a signature; the human receives a scoped, single-use token
sign request create --title "NDA" --document filled.pdf --signer "name:Alice,email:alice@acme.com,order:1"
sign sign --token <token-the-human-received>   # the agent never holds this

Batch convert, then sign a folder

A directory of agreed documents → PDFs → out for signature, fully offline.

batch
# Convert every .docx in a folder to PDF
docx2pdf --out-dir out/ contracts/*.docx

# Send each PDF for signature with the built-in offline signer (no signup)
for f in out/*.pdf; do
  sign request create --document "$f" --signer "name:Signer,email:$SIGNER_EMAIL,order:1"
done

Verify a signed contract and its audit trail

The reason to use an audit-grade signer is being able to prove it later. sign re-verifies a signed PDF, a portable receipt bundle, and the hash-chained audit log — fully offline.

verify after the fact
# Confirm a signed PDF matches what was recorded for its request
sign request verify-signed-pdf --request-id <id> --path signed.pdf

# Export a portable receipt bundle, then re-verify it offline (hand it to a counterparty)
sign request receipt --request-id <id> --out receipt/
sign request verify-receipt --bundle receipt/

# Walk the hash-chained audit log, and integrity-scan every chain for breaks
sign audit show --request-id <id>
sign audit scan

Never miss a renewal or notice deadline

Signing is the start, not the end. contract-vault registers each executed contract in a git-backed vault and surfaces the deadlines you'd otherwise miss — as a calendar feed and a cron-friendly digest.

renewals calendar
# Register the signed contract, then project the next quarter's deadlines
contract-vault ingest ~/signed/acme-msa.pdf
contract-vault due --within 90d --format ics > renewals.ics   # subscribe in any calendar

# A reminder digest for cron or an agent — only what's due to nudge right now
contract-vault remind --json

Catch a silent auto-renewal before it fires

The expensive miss is an auto-renewing contract whose notice window passes unnoticed. risk --strict is a CI gate for exactly that; mark the obligation done once handled and it drops off the calendar.

renewal-exposure gate
# Fail the job on a CRITICAL: a missed/imminent notice on an auto-renewing deal
contract-vault risk --within 30d --strict
#   exit 1 = act now (notice deadline missed or imminent while it auto-renews)

# Mark the obligation done once handled (assign an owner; it leaves the digest)
contract-vault obligation acme-corporation/master-services-agreement 1 --owner "Legal" --status done

Onboard a folder of signed contracts

Have a backlog of executed PDFs? Extract and register them in one pass, then read the portfolio.

bulk onboard
# Extract + register every signed PDF into the git-backed vault
for f in ~/signed/*.pdf; do extract "$f" --json | contract-vault ingest -; done

# Portfolio at a glance, then export for finance / legal
contract-vault stats
contract-vault export --format csv > portfolio.csv
More — Run any of these in the browser on the playground · full step-by-step in the workflow · agent wire-up in built for agents.

Edit this page on GitHub