Quick Start | Licit

Guide to get licit running in your project in 5 minutes.

1. Install

pip install licit-ai-cli

Requires Python 3.12+. If you have multiple versions: python3.12 -m pip install licit-ai-cli

Verify:

licit --version
# licit, version 0.2.0

2. Initialize

Navigate to your project directory and run:

cd my-project/
licit init

This will:

Automatically detect languages, frameworks, CI/CD, AI agents, and security tools.
Generate .licit.yaml with the adapted configuration.
Create the .licit/ directory for internal data.

Initialized licit in my-project
  Languages: python
  Frameworks: fastapi
  Agent configs: CLAUDE.md
  CI/CD: github-actions
  Config saved to .licit.yaml

If you only need a specific regulatory framework:

licit init --framework eu-ai-act     # EU AI Act only
licit init --framework owasp         # OWASP Agentic Top 10 only

3. View Status

licit status

Displays a summary of:

Detected project (name, languages, frameworks, git)
Loaded configuration
Enabled frameworks
Available data sources
Active connectors
Detected AI agent configurations

4. Connect Data Sources (optional)

If you use Architect or Vigil:

licit connect architect    # Reads reports and audit logs from Architect
licit connect vigil        # Reads SARIF findings from Vigil

To disconnect:

licit connect architect --disable

5. Version the Configuration

git add .licit.yaml
git commit -m "chore: initialize licit compliance tracking"

Add sensitive data to .gitignore:

.licit/provenance.jsonl
.licit/fria-data.json
.licit/.signing-key

6. Track Code Provenance

licit trace                      # Analyze entire git history
licit trace --since 2026-01-01   # From a specific date
licit trace --stats              # Show statistics
licit trace --report             # Generate Markdown report

Example output:

  Analyzing git history...
  Records: 45 files analyzed
  AI-generated: 18 (40.0%)
  Human-written: 22 (48.9%)
  Mixed: 5 (11.1%)

  Stored in .licit/provenance.jsonl

The trace command analyzes each commit with 6 heuristics (author, message, volume, co-authors, file patterns, time) and classifies each file as ai, human, or mixed.

What’s Next?

Once future phases of licit are completed, you will be able to:

# Generate agent config changelog
licit changelog

# Complete impact assessment (FRIA)
licit fria

# Generate Annex IV technical documentation
licit annex-iv --organization "My Company" --product "My App"

# View compliance report
licit report

# Identify gaps
licit gaps

# CI/CD gate (exit code 0 = pass)
licit verify

Generated Structure

After licit init, your project will have:

my-project/
├── .licit.yaml          # Configuration (version control)
├── .licit/              # Internal data
│   ├── provenance.jsonl # Traceability (DO NOT version control)
│   ├── changelog.md     # Agent config changelog
│   ├── fria-data.json   # FRIA data (DO NOT version control)
│   ├── fria-report.md   # FRIA report
│   ├── annex-iv.md      # Annex IV documentation
│   └── reports/         # Generated reports
└── ... your code ...

Quick Command Reference

Command	What it does
`licit init`	Initializes licit in the project
`licit status`	Shows status and connected sources
`licit connect <name>`	Enables/disables a connector
`licit trace`	Tracks code provenance
`licit changelog`	Generates agent config changelog
`licit fria`	Fundamental rights impact assessment
`licit annex-iv`	EU AI Act technical documentation
`licit report`	Unified compliance report
`licit gaps`	Identifies compliance gaps
`licit verify`	CI/CD gate (exit 0/1/2)

Global options: --version, --config PATH, --verbose, --help

For more details, see the full documentation.