Documentation

Everything you need to scan your codebase and generate compliance documents.

Quick Start

Generate compliance documents from your codebase in under a minute. No account, no API key, no network calls.

1.Run a single command

$ npx codepliant go

Requires Node.js 18+. Or install globally: npm install -g codepliant

2.Documents appear in your project

legal/
├── PRIVACY_POLICY.md
├── TERMS_OF_SERVICE.md
├── COOKIE_POLICY.md
├── AI_DISCLOSURE.md
├── SECURITY.md
├── DATA_FLOW_MAP.md
├── DATA_CLASSIFICATION.md
└── ... (138+ document types)

Generated in ~1.2s

3.Customize with a config file (optional)

$ codepliant init

Creates a .codepliantrc.json with your company name, email, jurisdiction, and other settings.

Configuration

Create a .codepliantrc.json file in your project root to customize document generation. Run codepliant init to generate one interactively.

.codepliantrc.json

{
  "companyName": "Acme Inc.",
  "contactEmail": "privacy@acme.com",
  "website": "https://acme.com",
  "jurisdiction": "GDPR",
  "jurisdictions": ["GDPR", "CCPA"],
  "outputDir": "legal",
  "outputFormat": "markdown",
  "dpoName": "Jane Smith",
  "dpoEmail": "dpo@acme.com",
  "dataRetentionDays": 365,
  "aiRiskLevel": "limited",
  "language": "en"
}

Field	Type	Description
companyName	string	Your company or project name, used in all generated documents.
contactEmail	string	Contact email displayed in privacy policies and terms.
website	string	Your website URL.
jurisdiction	string	Primary regulation: "GDPR", "CCPA", or "UK GDPR".
jurisdictions	string[]	Array of all applicable jurisdictions if you serve multiple regions.
outputDir	string	Where to write generated documents. Default: "legal".
outputFormat	string	Output format: markdown or json (free CLI). HTML, PDF, DOCX, Notion, Confluence, and Wiki require the paid cloud service.
dpoName	string	Data Protection Officer name (required for GDPR).
dpoEmail	string	Data Protection Officer email.
euRepresentative	string	EU representative name (required if company is outside the EU).
dataRetentionDays	number	Data retention period in days.
aiRiskLevel	string	AI risk classification: "minimal", "limited", or "high".
aiUsageDescription	string	Description of how your application uses AI.
excludeServices	string[]	Services to exclude from scan results (false positives).
confirmedServices	string[]	Services manually confirmed as in use.
plugins	string[]	Custom generator plugins to load.
language	string	Output language: en, de, fr, or es.

CLI Commands

Codepliant provides commands for scanning, generating, and managing compliance documents. Every command works offline.

Generation

codepliant go

Scan your codebase and generate all applicable compliance documents in one step. This is the command most users start with.

codepliant sbom

Generate a CycloneDX Software Bill of Materials (SBOM) from your dependency scan.

codepliant update

Re-scan and regenerate documents, then show a diff of what changed.

codepliant export

Export all compliance documents as a ZIP file for sharing or archival.

codepliant report

Generate a comprehensive compliance report covering all detected services and documents.

Scanning and Analysis

codepliant scan

Scan your project and output detected services as JSON. Does not generate documents.

codepliant check

Quick compliance pass/fail check. Returns exit code 0 (pass) or 1 (fail) for CI/CD pipelines.

codepliant dashboard

Show an interactive compliance status dashboard with scores, coverage, and recommendations.

codepliant diff

Show what changed in your compliance posture since the last generation.

codepliant audit

Run a comprehensive self-audit and generate an AUDIT_REPORT.md with findings and recommendations.

codepliant lint

Check existing generated documents for completeness and accuracy.

Setup

codepliant init

Interactive setup wizard that creates a .codepliantrc.json config file. Use --from-env for CI/CD environments.

codepliant wizard

Step-by-step compliance wizard that walks you through confirming detected services and configuring document generation.

codepliant config show

Pretty-print your current configuration with validation status.

codepliant hook install

Install a pre-commit Git hook that re-scans on every commit.

Common Flags

Flag	Description
--output, -o <dir>	Output directory (default: ./legal)
--format <fmt>	Output format: markdown, json (free CLI). html, pdf, docx, notion, confluence, wiki require paid cloud service.
--json	Output scan results as JSON (for scan command)
--quiet, -q	Suppress banner and non-essential output
--dry-run	Preview what would be generated without writing files to disk
--ci	CI mode: non-interactive, deterministic output
--company-name <name>	Inject company name into all generated documents
--contact-email <email>	Inject contact email into privacy policies and legal documents

Output Formats

The free CLI generates Markdown and JSON locally — unlimited, no account needed. HTML, DOCX, PDF, and other rich formats are available through our paid cloud service (from $10/mo), which also adds per-document format folders, company name/email injection, and priority support.

Format	Flag	Description	Availability
Markdown	--format markdown	Default. Clean .md files ready for GitHub, docs sites, or static generators.	Free
JSON	--format json	Structured JSON output for programmatic consumption.	Free
HTML	--format html	Styled HTML documents ready to embed on your website. Cloud service only.	Cloud
PDF	--format pdf	Publication-ready PDFs with professional formatting. Cloud service only.	Cloud
DOCX	--format docx	Microsoft Word documents for legal review. Cloud service only.	Cloud
Notion	--format notion	Notion-compatible markdown with block structure. Cloud service only.	Cloud
Confluence	--format confluence	Confluence wiki markup. Cloud service only.	Cloud

Generate Markdown (free CLI):

$ codepliant go --company-name "Acme Inc"

Multi-format output structure (Cloud service)

The paid cloud service generates each document in all 4 formats (MD, HTML, DOCX, PDF) within per-document folders:

legal/
├── PRIVACY_POLICY.md
├── PRIVACY_POLICY.html
├── PRIVACY_POLICY.docx
├── PRIVACY_POLICY.pdf
security/
├── SECURITY.md
├── SECURITY.html
├── SECURITY.docx
├── SECURITY.pdf
...

MCP Server

Codepliant includes a built-in Model Context Protocol (MCP) server, enabling AI coding assistants like Claude Code and Cursor to scan projects and generate compliance documents directly.

Setup with Claude Code

Add the following to your .claude/mcp_servers.json file:

{
  "codepliant": {
    "command": "npx",
    "args": ["-y", "codepliant", "serve", "--mcp"]
  }
}

Setup with Cursor

Add to your .cursor/mcp.json file:

{
  "mcpServers": {
    "codepliant": {
      "command": "npx",
      "args": ["-y", "codepliant", "serve", "--mcp"]
    }
  }
}

Available MCP Tools

Once connected, your AI assistant can use these tools:

codepliant_scan

Scan a project directory and return detected services, data practices, and recommendations.

codepliant_go

Scan and generate all applicable compliance documents in one step.

codepliant_get_config

Read the current .codepliantrc.json configuration for a project.

codepliant_set_config

Update configuration values. Merges with existing config.

The MCP server uses stdio transport. No HTTP server is started and no ports are opened.

Frequently Asked Questions

Does Codepliant send my code to any server?

No. Codepliant makes zero network calls. Everything runs locally on your machine. Your source code never leaves your computer.

Do I need an API key or account?

No. The free tier works with no account, no API key, and no internet connection. Just run npx codepliant go.

Can I use the generated documents in production?

Yes, but we recommend having a lawyer review them. Codepliant generates documents based on what your code actually does, achieving 97.8% detection precision across 1,200+ tested repos. The documents include a disclaimer recommending legal review.

What languages and frameworks are supported?

Codepliant supports 13 ecosystems: TypeScript/Node.js, Python/Django, Ruby on Rails, Go, Java/Spring, PHP/Laravel, Rust, .NET/C#, Swift/iOS, Kotlin, Elixir, Terraform/IaC, and Flutter/Dart. It scans package manifests, source code imports, environment variables, and configuration files.

How does Codepliant detect services?

Codepliant uses deterministic pattern matching (no AI/LLM) to scan dependency files (package.json, requirements.txt, etc.), source code imports, .env files, and config files. Every detection is reproducible and auditable.

What documents can Codepliant generate?

Over 138 document types including Privacy Policy, Terms of Service, Cookie Policy, AI Disclosure, EU AI Act Checklist, Data Processing Agreement, SBOM, Security Policy, Data Flow Map, Data Classification, DSAR procedures, and many more.

How do I keep documents up to date?

Run codepliant update to re-scan and regenerate documents with a diff showing what changed. You can also install a Git pre-commit hook with codepliant hook install to re-scan on every commit, or set up a CI/CD pipeline with codepliant ci.

Can I customize the generated documents?

Yes. Use the sectionOverrides field in .codepliantrc.json to replace specific sections with your own text. You can also use the template system (codepliant template init) for full control over document structure.

Compliance Frameworks

Codepliant generates documentation for multiple compliance frameworks. Each page explains the framework requirements and how Codepliant automates documentation.