licit tracks who wrote what — human or AI — evaluates your project against the EU AI Act and OWASP Agentic Top 10, and generates the regulatory documentation your organization needs. One CLI. Zero infrastructure.
Six git heuristics analyze author patterns, commit messages, bulk changes, co-author trailers, file patterns, and timing to classify every file as human, AI, or mixed.
Reads Claude Code session logs for high-fidelity provenance. Extensible protocol for adding Cursor, Codex, and Copilot readers in V1.
HMAC-SHA256 signatures and Merkle tree batch hashing provide tamper-evident provenance records. Sigstore integration planned for V1.
Interactive 5-step questionnaire covering system description, rights identification, impact assessment, mitigation, and monitoring. Auto-detects answers from your project.
Generates EU AI Act Annex IV documents auto-populated from pyproject.toml, package.json, CI/CD configs, agent configs, and test frameworks.
Tracks changes in CLAUDE.md, .cursorrules, AGENTS.md, architect configs, and more. Classifies each change as MAJOR, MINOR, or PATCH.
Evaluates EU AI Act articles 9, 10, 12, 13, 14, 26, 27 and all OWASP Agentic Top 10 controls in a single pass with auto-collected evidence.
Identifies exactly which compliance requirements are missing, with specific recommendations, effort level (low/medium/high), and suggested tools per gap.
licit verify returns exit code 0 (compliant), 1 (non-compliant), or 2 (partial). Block non-compliant deploys automatically.
Your code is already being shaped by AI. Now you can prove it's compliant. One install. One command. Full regulatory visibility.