Developers / Docs
Legalithm developer docs
EU AI Act (Regulation (EU) 2024/1689) compliance in your coding loop. Free, open-source, offline. A cited starting point — not legal advice.
Install
Nothing to install globally — run via npx. One command wires both editors:
npx @legalithm/cli setupThis writes the Claude Code hooks (.claude/settings.json), the Cursor rule + MCP config (.cursor/, .mcp.json), and a CLAUDE.md note. Idempotent and non-destructive.
Quickstart
Get a free API key at legalithm.com (Settings → API Keys), then:
npx @legalithm/cli login --key lgl_...
npx @legalithm/cli init # → compliance/legalithm.json (+ annex-iv.md, checklist.md)
npx @legalithm/cli check # re-verify; non-zero exit on drift (for CI)CLI reference
| Command | Key? | What it does |
|---|---|---|
| setup | no | Wire Legalithm into Claude Code + Cursor (hooks, rule, MCP). |
| guard | no | Fast offline gate: AI deps present without a record? (used by hooks/CI). |
| init | yes | Detect the stack, classify, write the compliance record + Annex IV + checklist. |
| check | yes | Re-verify the record; exit non-zero on input/rule/risk drift. --json, --fail-on. |
| classify | yes | Quick risk hint for the current repo. --role, --domain, --use-case. |
| login | — | Save an API key: legalithm login --key lgl_... |
Env: LEGALITHM_API_KEY, LEGALITHM_API_URL (default https://www.legalithm.com). Telemetry is anonymous ({ surface, command, repoHash }); opt out with DO_NOT_TRACK=1.
MCP server (Cursor & Claude Code)
The MCP server runs offline — no key, no network — and gives your agent four tools.
{
"mcpServers": {
"legalithm": { "command": "npx", "args": ["-y", "@legalithm/mcp-server"] }
}
}Add to .cursor/mcp.json or .mcp.json (or just run legalithm setup).
classify— risk tier + cited Article for a use case.explain_obligation— the cited obligation checklist for a role + tier.generate_disclosure— an Article 50 transparency snippet (EN/DE).check_record— fetch a published Trust Center record by slug.
GitHub Action
Run check on every PR; fail the build on drift.
- uses: PedramMadani/legalithm/packages/action@v1
with:
api-key: ${{ secrets.LEGALITHM_API_KEY }}
fail-on: risk-or-ruleThe compliance record
compliance/legalithm.json is deterministic and dated — the same input always produces the same record. Key fields:
{
"asOf": "2026-06-18",
"classification": {
"risk": "high",
"citations": [{ "article": "6(2)", "annex": "III" }],
"confidenceScore": 0.92,
"reviewRequired": false
},
"legalBasis": { "statement": "As of 2026-06-18, per Regulation (EU) 2024/1689 ..." },
"system": { "input": { "role": "provider", "domain": "employment", "use_case": "..." } }
}check regenerates from the stored input and reports input drift (your code changed), rule drift (the engine/law moved), or risk drift (the tier changed).
Exit codes (check / guard)
0— in sync / ok1— drift at or above the--fail-onthreshold2— usage / no record (guard: blocking)3— API / auth / network error (never a false "compliant")
Troubleshooting
"No API key found" — setup and guard need no key; init/check do. Get one at legalithm.com.
MCP server not showing in Cursor — reload the window (Cursor caches MCP config at launch), then check Settings → MCP.
Issues + source: github.com/PedramMadani/legalithm. Not legal advice; verify low-confidence results with a qualified person.