Recipes
Recipes for real situations.
The tour and workflow walk the happy path
start to finish. These are the off-path situations that actually come up — copy-paste
sequences you can adapt. Discover any tool's exact flags with <cli> --catalog json.
| Recipe | Tools |
|---|---|
| Turn a counterparty's PDF into structured data | extract · contract-vault |
| Review an incoming third-party NDA | nda-review · compare |
| Negotiate an NDA to convergence | nda-review · compare |
| Build a house template from a public source | template-vault |
| Lint a draft before it leaves your hands | template-vault · draft · contract-lint |
| Gate drift and defects in CI | contract-lint · compare |
| Drive the pipeline from an agent | draft · compare · sign |
| Batch convert, then sign a folder | docx2pdf · sign |
| Verify a signed contract and its audit trail | sign |
| Never miss a renewal or notice deadline | contract-vault |
| Catch a silent auto-renewal before it fires | contract-vault |
| Onboard a folder of signed contracts | extract · contract-vault |
Turn a counterparty's PDF into structured data
The deal arrives as their paper. extract-cli is the open-loop front door — any format in, structured JSON out, with a confidence and source on every field.
# Any contract — yours or a counterparty's — into structured JSON
extract counterparty.pdf --json > deal.json
# Verify, don't trust: who are the parties, the term, the governing law?
jq '{parties: [.parties[].name], term: .term, law: .governing_law.value}' deal.json
# extract is a pipe — feed the JSON straight into review or the vault
extract counterparty.pdf --json | contract-vault ingest - Review an incoming third-party NDA
Someone sends you their paper. Score it against your house policy, then gate the final text before you sign.
# 1. Score it against your house policy, with evidence for each finding
nda-review-cli review --file their-nda.docx --playbook config/org-policy.json --why
# 2. Negotiate the points you don't accept (see the tool page for the full
# negotiate subcommands); nda-review tracks hash-chained negotiation state.
# 3. Before signing, gate the version they sent back against what you agreed
compare --from-negotiation negotiation.json their-nda-final.docx
# exit 0 = matches the agreed text · 2 = it drifted — don't sign Negotiate an NDA to convergence
The back-and-forth itself, tracked. nda-review's two-party negotiate flow keeps hash-chained state — every round is tamper-evident — and feeds straight into the pre-signature gate.
# Open a negotiation from your house template (creates hash-chained state)
nda-review-cli negotiate init --base nda/house-mutual --out negotiation.json
# Each round: a party counters, the other reviews — the chain records who changed what
nda-review-cli negotiate counter --state negotiation.json --as party-b --amendments-file edits.json
nda-review-cli negotiate review --state negotiation.json --as party-a
nda-review-cli negotiate status --state negotiation.json
# Both sign off, then finalize to the agreed text (Markdown / .docx / PDF)
nda-review-cli negotiate sign-off --state negotiation.json --as party-a --yes
nda-review-cli negotiate finalize --state negotiation.json --out-md agreed.md
# When the executed copy comes back, gate it against exactly what was agreed
compare --from-negotiation negotiation.json ready-to-sign.docx # exit 2 = it drifted Build a house template from a public source
Don't draft from scratch. template-vault keeps public sources (Common Paper, YC SAFE, Bonterms) and your own house paper in one git-backed vault — fork a base and swap clauses with recorded provenance.
# Discover the public sources, then import one into your vault
template-vault sources
template-vault import <source-id> # pick an id from the list above
# Fork it into your house vault, then swap in your own clause (provenance recorded)
template-vault compose --base nda/mutual --as nda/house-mutual
template-vault swap nda/house-mutual --clause confidentiality --from msa/standard Lint a draft before it leaves your hands
Fill a template, then catch the internal defects — leftover placeholders, broken cross-references, numbering gaps — before the draft ever reaches a counterparty.
# Pull the versioned template, fill it, lint the result
template-vault get nda/house-mutual | draft - --params deal.json > ready.md
contract-lint ready.md --fail-on error
# exit 0 = clean · 1 = a placeholder or broken reference slipped through Gate drift and defects in CI
Run the two pre-signature gates before a build can ship a contract: contract-lint for internal-consistency defects within the document, compare for drift between versions. The exit code is the gate, no parsing required.
# Lint the ready-to-sign doc for internal defects (0 clean · 1 findings · 2 bad usage)
contract-lint ready-to-sign.docx --check --fail-on error
# Gate drift against the agreed text (0 safe · 2 substantive · 3 cosmetic · 4 moved)
compare agreed.md ready-to-sign.docx --check
# …or emit SARIF for GitHub code-scanning / a PR annotation
contract-lint ready-to-sign.docx --sarif > lint.sarif
compare agreed.md ready-to-sign.docx --sarif > drift.sarif Drive the pipeline from an agent
An LLM agent does the operational work; the human only makes the signing gesture. The per-signer token is the boundary — the agent never sees it.
# 1. Discover each tool's surface at startup — never hardcode flags
draft --catalog json compare --catalog json sign --catalog json
# 2. Agent fills, gates, and converts (branching on exit codes + --json)
template-vault get nda/house-mutual | draft - --params deal.json | tee filled.md
compare agreed.md filled.md --json # agent reads the verdict, decides to proceed
# 3. Agent requests a signature; the human receives a scoped, single-use token
sign request create --title "NDA" --document filled.pdf --signer "name:Alice,email:alice@acme.com,order:1"
sign sign --token <token-the-human-received> # the agent never holds this Batch convert, then sign a folder
A directory of agreed documents → PDFs → out for signature, fully offline.
# Convert every .docx in a folder to PDF
docx2pdf --out-dir out/ contracts/*.docx
# Send each PDF for signature with the built-in offline signer (no signup)
for f in out/*.pdf; do
sign request create --document "$f" --signer "name:Signer,email:$SIGNER_EMAIL,order:1"
done Verify a signed contract and its audit trail
The reason to use an audit-grade signer is being able to prove it later. sign re-verifies a signed PDF, a portable receipt bundle, and the hash-chained audit log — fully offline.
# Confirm a signed PDF matches what was recorded for its request
sign request verify-signed-pdf --request-id <id> --path signed.pdf
# Export a portable receipt bundle, then re-verify it offline (hand it to a counterparty)
sign request receipt --request-id <id> --out receipt/
sign request verify-receipt --bundle receipt/
# Walk the hash-chained audit log, and integrity-scan every chain for breaks
sign audit show --request-id <id>
sign audit scan Never miss a renewal or notice deadline
Signing is the start, not the end. contract-vault registers each executed contract in a git-backed vault and surfaces the deadlines you'd otherwise miss — as a calendar feed and a cron-friendly digest.
# Register the signed contract, then project the next quarter's deadlines
contract-vault ingest ~/signed/acme-msa.pdf
contract-vault due --within 90d --format ics > renewals.ics # subscribe in any calendar
# A reminder digest for cron or an agent — only what's due to nudge right now
contract-vault remind --json Catch a silent auto-renewal before it fires
The expensive miss is an auto-renewing contract whose notice window passes unnoticed. risk --strict is a CI gate for exactly that; mark the obligation done once handled and it drops off the calendar.
# Fail the job on a CRITICAL: a missed/imminent notice on an auto-renewing deal
contract-vault risk --within 30d --strict
# exit 1 = act now (notice deadline missed or imminent while it auto-renews)
# Mark the obligation done once handled (assign an owner; it leaves the digest)
contract-vault obligation acme-corporation/master-services-agreement 1 --owner "Legal" --status done Onboard a folder of signed contracts
Have a backlog of executed PDFs? Extract and register them in one pass, then read the portfolio.
# Extract + register every signed PDF into the git-backed vault
for f in ~/signed/*.pdf; do extract "$f" --json | contract-vault ingest -; done
# Portfolio at a glance, then export for finance / legal
contract-vault stats
contract-vault export --format csv > portfolio.csv