Installation
pip install licit-ai-cliOr from source:
git clone https://github.com/Diego303/licit-cli.git
cd licit-cli
pip install -e ".[dev]"Invocation
# As an installed command
licit [options] <command> [arguments]
# As a Python module
python -m licit [options] <command> [arguments]Global options
| Option | Description |
|---|---|
--version | Shows the licit version |
--config PATH | Path to a specific .licit.yaml file |
-v, --verbose | Enables detailed logging (DEBUG level) |
--help | Shows help |
licit --version
# licit, version 0.3.0
licit --verbose status
# Shows debug logs during executionCommands
licit init
Initializes licit in the current project. Automatically detects project characteristics and generates the configuration.
licit init [--framework {eu-ai-act|owasp|all}]Options:
| Option | Default | Description |
|---|---|---|
--framework | all | Regulatory framework to enable |
What it does:
- Runs
ProjectDetectorto detect languages, frameworks, CI/CD, AI agents, etc. - Generates
.licit.yamlwith configuration adapted to the project. - Creates the
.licit/directory for internal data. - If it detects architect or vigil, it automatically enables their connectors.
Example:
$ cd my-fastapi-project/
$ licit init
Initialized licit in my-fastapi-project
Languages: python
Frameworks: fastapi
Agent configs: CLAUDE.md
CI/CD: github-actions
Config saved to .licit.yamlExample with specific framework:
$ licit init --framework eu-ai-act
# Only enables EU AI Act, disables OWASPlicit status
Shows the current state of licit and connected data sources.
licit statusWhat it shows:
- Project information (name, languages, frameworks)
- Configuration status
- Enabled frameworks (EU AI Act, OWASP)
- Detected data sources (provenance, FRIA, changelog, etc.)
- Configured connectors (architect, vigil)
- AI agent configurations found
Example:
$ licit status
Project: my-fastapi-project
Root: /home/user/my-fastapi-project
Languages: python
Frameworks: fastapi
Git: 142 commits, 3 contributors
Config: .licit.yaml (loaded)
Frameworks:
EU AI Act: enabled
OWASP Agentic: enabled
Data sources:
Provenance: not collected
FRIA: not found
Annex IV: not found
Changelog: not found
Connectors:
architect: disabled
vigil: disabled
Agent configs:
CLAUDE.md (claude-code)
.cursorrules (cursor)licit connect
Configures optional connectors to integrate external data sources.
licit connect {architect|vigil} [--enable|--disable]Arguments:
| Argument | Description |
|---|---|
architect | Connector for Architect (reports and audit logs) |
vigil | Connector for Vigil (SARIF security findings) |
Options:
| Option | Default | Description |
|---|---|---|
--enable | (default) | Enables the connector |
--disable | Disables the connector |
Example:
$ licit connect architect
# Enables the architect connector
$ licit connect vigil --enable
# Enables the vigil connector
$ licit connect architect --disable
# Disables the architect connectorlicit trace
Tracks code provenance — identifies what was written by AI and what by humans.
Status: Functional (Phase 2 completed).
licit trace [--since DATE|TAG] [--report] [--stats]Options:
| Option | Description |
|---|---|
--since | Analyzes commits from a date (YYYY-MM-DD) or git tag |
--report | Generates provenance report file at .licit/reports/provenance.md |
--stats | Shows statistics in terminal |
What it does:
- Runs
GitAnalyzerto analyze commits with 6 heuristics (author, message, volume, co-authors, file patterns, time). - Optionally reads agent session logs (Claude Code).
- Classifies each file as
ai(score >= 0.7),mixed(>= 0.5), orhuman(< 0.5). - Stores results in
.licit/provenance.jsonl(append-only). - If
sign: true, signs each record with HMAC-SHA256.
Example:
$ licit trace --since 2026-01-01 --stats
Analyzing git history...
Records: 45 files analyzed
AI-generated: 18 (40.0%)
Human-written: 22 (48.9%)
Mixed: 5 (11.1%)
AI tools detected: claude-code (15), cursor (3)
Models detected: claude-sonnet-4 (12), claude-opus-4 (3), gpt-4o (3)
Stored in .licit/provenance.jsonlExample with report:
$ licit trace --report
# Generates .licit/reports/provenance.md with detailed per-file tableHeuristics used:
| # | Heuristic | Weight | What it detects |
|---|---|---|---|
| H1 | Author pattern | 3.0 | AI author names (claude, copilot, cursor, bot, etc.) |
| H2 | Message pattern | 1.5 | Commit patterns (conventional commits, “implement”, [ai]) |
| H3 | Bulk changes | 2.0 | Bulk changes (>20 files + >500 lines) |
| H4 | Co-author | 3.0 | Co-authored-by: with AI keywords |
| H5 | File patterns | 1.0 | All files are test files |
| H6 | Time pattern | 0.5 | Commits between 1am-5am |
Only heuristics that produce a signal (score > 0) contribute to the weighted average.
licit changelog
Generates a changelog of changes in AI agent configurations with semantic diffing and severity classification.
Status: Functional (Phase 3 completed).
licit changelog [--since DATE|TAG] [--format {markdown|json}]Options:
| Option | Default | Description |
|---|---|---|
--since | (all) | Changes since date or tag |
--format | markdown | Output format: markdown or json |
What it does:
- Runs
ConfigWatcherto retrieve the git history of monitored files. - Applies
diff_configs()(semantic differ) between consecutive versions of each file. - Classifies each change with
ChangeClassifier(MAJOR/MINOR/PATCH). - Renders the changelog with
ChangelogRenderer(Markdown or JSON). - Displays the output in terminal and saves it to
output_path.
Monitored files (by default):
CLAUDE.md,.cursorrules,.cursor/rulesAGENTS.md,.github/copilot-instructions.md,.github/agents/*.md.architect/config.yaml,architect.yaml
Example:
$ licit changelog
# Agent Config Changelog
> 3 change(s) detected across 2 file(s): **1** major, **1** minor, **1** patch
## .architect/config.yaml
- **[MAJOR]** Changed: model from claude-sonnet-4 to claude-opus-4 (`a1b2c3d4`) — 2026-03-12
- **[PATCH]** Changed: budget.max_cost_usd from 5.0 to 10.0 (`a1b2c3d4`) — 2026-03-12
## CLAUDE.md
- **[MINOR]** Changed: section:Rules from 5 lines to 8 lines (+3/-0) (`e5f6g7h8`) — 2026-03-11
Changelog saved to .licit/changelog.mdJSON example:
$ licit changelog --format json --since 2026-03-01
# Generates JSON with "changes" array and saves to .licit/changelog.mdSeverity classification:
| Severity | Trigger | Examples |
|---|---|---|
| MAJOR | Model/provider change, or deletion of a MINOR field | model: gpt-4 -> gpt-5, deleting guardrails |
| MINOR | Change to prompt, guardrails, tools, rules, Markdown sections | Editing system_prompt, adding blocked_commands |
| PATCH | Everything else | Parameter adjustments, formatting |
Supported diff formats:
| Format | Extensions | Strategy |
|---|---|---|
| YAML | .yaml, .yml | Recursive key-value diff |
| JSON | .json | Recursive key-value diff |
| Markdown | .md | Diff by sections (headings) |
| Plain text | Others | Full content diff |
For detailed documentation of the changelog system, see Changelog.
licit fria
Completes the Fundamental Rights Impact Assessment (EU AI Act Article 27).
Status: Registered in CLI. Functional from Phase 4.
licit fria [--update]Options:
| Option | Description |
|---|---|
--update | Updates an existing FRIA instead of creating a new one |
Generated files:
.licit/fria-data.json— Raw assessment data.licit/fria-report.md— Human-readable FRIA report
licit annex-iv
Generates the Annex IV Technical Documentation (EU AI Act).
Status: Registered in CLI. Functional from Phase 4.
licit annex-iv [--organization NAME] [--product NAME]Options:
| Option | Description |
|---|---|
--organization | Organization name |
--product | Product name |
Generated file:
.licit/annex-iv.md
licit report
Generates a unified compliance report.
Status: Registered in CLI. Functional from Phase 6.
licit report [--framework {eu-ai-act|owasp|all}] [--format {markdown|json|html}] [--output PATH]Options:
| Option | Default | Description |
|---|---|---|
--framework | all | Framework to evaluate |
--format | markdown | Output format |
-o, --output | .licit/reports/compliance-report.{ext} | Output file path |
licit gaps
Identifies compliance gaps with actionable recommendations.
Status: Registered in CLI. Functional from Phase 6.
licit gaps [--framework {eu-ai-act|owasp|all}]Options:
| Option | Default | Description |
|---|---|---|
--framework | all | Framework to analyze |
Future example:
$ licit gaps --framework eu-ai-act
EU AI Act Compliance Gaps:
[HIGH] ART-9-1: Risk Management System
Gap: No FRIA document found
Action: Run 'licit fria' to complete the assessment
Effort: medium
[MEDIUM] ART-13-1: Transparency
Gap: No provenance tracking configured
Action: Run 'licit trace' to analyze code provenance
Effort: lowlicit verify
Verifies compliance and returns an exit code for CI/CD.
Status: Registered in CLI. Functional from Phase 6.
licit verify [--framework {eu-ai-act|owasp|all}]Exit codes:
| Code | Meaning |
|---|---|
0 | COMPLIANT — All critical requirements met |
1 | NON_COMPLIANT — Some critical requirement not met |
2 | PARTIAL — Some requirement partially met |
Usage in CI/CD (GitHub Actions):
- name: Compliance check
run: licit verify
# The pipeline fails if exit code != 0Command summary table
| Command | Phase | Status | Short description |
|---|---|---|---|
init | 1 | Functional | Initializes licit in the project |
status | 1 | Functional | Shows status and connected sources |
connect | 1 | Functional | Configures connectors |
trace | 2 | Functional | Provenance traceability |
changelog | 3 | Functional | Agent config changelog |
fria | 4 | Skeleton | FRIA (EU AI Act Art. 27) |
annex-iv | 4 | Skeleton | Annex IV technical documentation |
report | 6 | Skeleton | Unified compliance report |
gaps | 6 | Skeleton | Compliance gaps |
verify | 6 | Skeleton | CI/CD gate |