Documentation
Everything you need to scan your codebase and generate compliance documents.
Quick Start
Generate compliance documents from your codebase in under a minute. No account, no API key, no network calls.
1.Run a single command
$ npx codepliant go
Requires Node.js 18+. Or install globally: npm install -g codepliant
2.Documents appear in your project
legal/ ├── PRIVACY_POLICY.md ├── TERMS_OF_SERVICE.md ├── COOKIE_POLICY.md ├── AI_DISCLOSURE.md ├── SECURITY.md ├── DATA_FLOW_MAP.md ├── DATA_CLASSIFICATION.md └── ... (123+ document types) Generated in ~1.2s
3.Customize with a config file (optional)
$ codepliant init
Creates a .codepliantrc.json with your company name, email, jurisdiction, and other settings.
Configuration
Create a .codepliantrc.json file in your project root to customize document generation. Run codepliant init to generate one interactively.
{
"companyName": "Acme Inc.",
"contactEmail": "privacy@acme.com",
"website": "https://acme.com",
"jurisdiction": "GDPR",
"jurisdictions": ["GDPR", "CCPA"],
"outputDir": "legal",
"outputFormat": "markdown",
"dpoName": "Jane Smith",
"dpoEmail": "dpo@acme.com",
"dataRetentionDays": 365,
"aiRiskLevel": "limited",
"language": "en"
}| Field | Description |
|---|---|
| companyName | Your company or project name, used in all generated documents. |
| contactEmail | Contact email displayed in privacy policies and terms. |
| website | Your website URL. |
| jurisdiction | Primary regulation: "GDPR", "CCPA", or "UK GDPR". |
| jurisdictions | Array of all applicable jurisdictions if you serve multiple regions. |
| outputDir | Where to write generated documents. Default: "legal". |
| outputFormat | Output format: markdown, html, pdf, json, notion, confluence, wiki, docx, or all. |
| dpoName | Data Protection Officer name (required for GDPR). |
| dpoEmail | Data Protection Officer email. |
| euRepresentative | EU representative name (required if company is outside the EU). |
| dataRetentionDays | Data retention period in days. |
| aiRiskLevel | AI risk classification: "minimal", "limited", or "high". |
| aiUsageDescription | Description of how your application uses AI. |
| excludeServices | Services to exclude from scan results (false positives). |
| confirmedServices | Services manually confirmed as in use. |
| plugins | Custom generator plugins to load. |
| language | Output language: en, de, fr, or es. |
CLI Commands
Codepliant provides commands for scanning, generating, and managing compliance documents. Every command works offline.
Generation
codepliant goScan your codebase and generate all applicable compliance documents in one step. This is the command most users start with.
codepliant sbomGenerate a CycloneDX Software Bill of Materials (SBOM) from your dependency scan.
codepliant updateRe-scan and regenerate documents, then show a diff of what changed.
codepliant exportExport all compliance documents as a ZIP file for sharing or archival.
codepliant reportGenerate a comprehensive compliance report covering all detected services and documents.
Scanning and Analysis
codepliant scanScan your project and output detected services as JSON. Does not generate documents.
codepliant checkQuick compliance pass/fail check. Returns exit code 0 (pass) or 1 (fail) for CI/CD pipelines.
codepliant dashboardShow an interactive compliance status dashboard with scores, coverage, and recommendations.
codepliant diffShow what changed in your compliance posture since the last generation.
codepliant auditRun a comprehensive self-audit and generate an AUDIT_REPORT.md with findings and recommendations.
codepliant lintCheck existing generated documents for completeness and accuracy.
Setup
codepliant initInteractive setup wizard that creates a .codepliantrc.json config file. Use --from-env for CI/CD environments.
codepliant wizardStep-by-step compliance wizard that walks you through confirming detected services and configuring document generation.
codepliant config showPretty-print your current configuration with validation status.
codepliant hook installInstall a pre-commit Git hook that re-scans on every commit.
Common Flags
| Flag | Description |
|---|---|
| --output, -o <dir> | Output directory (default: ./legal) |
| --format <fmt> | Output format: markdown, html, pdf, json, notion, confluence, wiki, docx, all |
| --json | Output scan results as JSON (for scan command) |
| --quiet, -q | Suppress banner and non-essential output |
| --dry-run | Preview what would be generated without writing files to disk |
| --ci | CI mode: non-interactive, deterministic output |
Output Formats
Codepliant can output documents in multiple formats. Markdown and JSON are available on the free tier. Other formats require a Pro or Team plan.
| Format | Description | Free |
|---|---|---|
| Markdown | Default. Clean .md files ready for GitHub, docs sites, or static generators. | |
| HTML | Styled HTML documents ready to embed on your website. | Pro |
| Print-ready PDFs. Requires Puppeteer. | Pro | |
| JSON | Structured JSON output for programmatic consumption. | |
| Notion | Notion-compatible markdown with block structure. | Pro |
| Confluence | Confluence wiki markup. | Pro |
| DOCX | Microsoft Word documents for legal review. | Pro |
| All | Generate every format at once. | Pro |
Generate HTML and Markdown at the same time:
$ codepliant go --format all
MCP Server
Codepliant includes a built-in Model Context Protocol (MCP) server, enabling AI coding assistants like Claude Code and Cursor to scan projects and generate compliance documents directly.
Setup with Claude Code
Add the following to your .claude/mcp_servers.json file:
{
"codepliant": {
"command": "npx",
"args": ["-y", "codepliant", "serve", "--mcp"]
}
}Setup with Cursor
Add to your .cursor/mcp.json file:
{
"mcpServers": {
"codepliant": {
"command": "npx",
"args": ["-y", "codepliant", "serve", "--mcp"]
}
}
}Available MCP Tools
Once connected, your AI assistant can use these tools:
codepliant_scanScan a project directory and return detected services, data practices, and recommendations.
codepliant_goScan and generate all applicable compliance documents in one step.
codepliant_get_configRead the current .codepliantrc.json configuration for a project.
codepliant_set_configUpdate configuration values. Merges with existing config.
The MCP server uses stdio transport. No HTTP server is started and no ports are opened.
Frequently Asked Questions
Does Codepliant send my code to any server?
No. Codepliant makes zero network calls. Everything runs locally on your machine. Your source code never leaves your computer.
Do I need an API key or account?
No. The free tier works with no account, no API key, and no internet connection. Just run npx codepliant go.
Can I use the generated documents in production?
Yes, but we recommend having a lawyer review them. Codepliant generates documents based on what your code actually does, achieving 97.8% detection precision across 1,200+ tested repos. The documents include a disclaimer recommending legal review.
What languages and frameworks are supported?
Codepliant supports 13 ecosystems: TypeScript/Node.js, Python/Django, Ruby on Rails, Go, Java/Spring, PHP/Laravel, Rust, .NET/C#, Swift/iOS, Kotlin, Elixir, Terraform/IaC, and Flutter/Dart. It scans package manifests, source code imports, environment variables, and configuration files.
How does Codepliant detect services?
Codepliant uses deterministic pattern matching (no AI/LLM) to scan dependency files (package.json, requirements.txt, etc.), source code imports, .env files, and config files. Every detection is reproducible and auditable.
What documents can Codepliant generate?
Over 123 document types including Privacy Policy, Terms of Service, Cookie Policy, AI Disclosure, EU AI Act Checklist, Data Processing Agreement, SBOM, Security Policy, Data Flow Map, Data Classification, DSAR procedures, and many more.
How do I keep documents up to date?
Run codepliant update to re-scan and regenerate documents with a diff showing what changed. You can also install a Git pre-commit hook with codepliant hook install to re-scan on every commit, or set up a CI/CD pipeline with codepliant ci.
Can I customize the generated documents?
Yes. Use the sectionOverrides field in .codepliantrc.json to replace specific sections with your own text. You can also use the template system (codepliant template init) for full control over document structure.
Compliance Frameworks
Codepliant generates documentation for multiple compliance frameworks. Each page explains the framework requirements and how Codepliant automates documentation.
GDPR Compliance
Privacy policies, DPAs, data flow maps, and 12+ GDPR documents from your code.
HIPAA Compliance
PHI detection, risk assessments, BAA templates, and audit-ready HIPAA documentation.
SOC 2 Compliance
Readiness checklists, control mappings, and evidence docs for all 5 Trust Service Criteria.
AI Governance
EU AI Act and NIST AI RMF aligned governance documentation for AI-powered applications.
Data Privacy Hub
GDPR, CCPA, LGPD, PIPEDA, and DPDP Act documentation from a single scan.
Guides & Tutorials
In-depth guides covering specific compliance topics, with practical examples and code snippets.
Generate a Privacy Policy from Code in 30 Seconds
Step-by-step tutorial for scanning your codebase and generating an accurate privacy policy.
GDPR Compliance for Developers
Practical guide to consent, data subject rights, DPAs, and common GDPR mistakes.
How to Write a Privacy Policy for Your SaaS App
GDPR Article 13, CCPA requirements, and a template you can adapt.
SOC 2 for Startups: A Developer's Survival Guide
Trust Service Criteria, common mistakes, and a 30-day readiness timeline.
HIPAA for SaaS Developers
PHI identifiers, technical safeguards, BAAs, and compliance automation.
EU AI Act: What Developers Need to Know
Risk classifications, Article 50 transparency, and the August 2026 deadline.
Colorado AI Act Compliance Guide
SB 24-205 requirements, algorithmic impact assessments, and NIST AI RMF defense.
Ready to get started?
No account needed. No API key. Works offline.