Most contract review tools today do one of two things: send
your documents to a cloud AI, or charge you $2,000/year for
the privilege of doing so.
Neither felt acceptable to me for sensitive legal documents.
So I built CRIP; a deterministic, rule-based contract risk
scanner that runs entirely as a single HTML file on your
machine. No server. No API. No data leaves your device.
30-second demo
https://www.youtube.com/watch?v=12OQpdB6uZA
The problem with AI for contract review
AI contract tools are impressive. But for this specific use
case, they have three fundamental problems.
1. Your documents leave your machine
NDAs, vendor agreements, privileged materials — uploading
them to any external service creates exposure. Many NDAs
explicitly prohibit sharing document contents with third
parties.
You can technically breach the very agreement you're reviewing
just by running it through a cloud tool.
2. Results are probabilistic, not auditable
Ask an AI to review the same contract twice and you may get
different results.
When you're presenting risk findings to a board or legal
counsel, "the AI flagged it" is not an acceptable explanation.
You need to show exactly which rule triggered, why, and where
in the document.
3. Restricted environments can't use them
Air-gapped networks. Government contractors. Regulated
industries.
These environments have real contract review needs and
almost no tools that work within their restrictions.
The deterministic alternative
CRIP uses four detection methods against a configurable
playbook of 217+ clause patterns.
Exact Phrase
Finds precise wording.
termination without cause
Stem Match
Catches all word variations.
terminat- → terminate, terminating, termination
Token Proximity
Flags risk spread across a sentence.
liability within 12 tokens of unlimited
Regex
Advanced structural matching.
\b(indemnif)(y|ies|ied|ication)\b
Every flagged clause shows:
- the exact document location
- the rule that triggered it
- a severity level (High / Medium / Low)
No black box. Fully auditable.
What deterministic gives you that AI doesn't
- Reproducibility — same contract, same playbook, same result
- Auditability — every flag traces to a rule and document location
- Speed — results in seconds with a single local pass
- Privacy — nothing transmitted at any stage
- Air-gap compatibility — works in fully offline environments
The output
Each scan generates an executive report exportable as:
- DOCX
- PowerPoint
Reports include:
- Contract health score (logarithmic, weighted by clause severity)
- Estimated financial exposure
- Risk radar map across clause categories
- Clause-by-clause action plan
The tradeoff
Deterministic detection won't catch a completely novel clause
written in a creative way that doesn't match any pattern.
AI might.
But for the 217+ known high-risk clause patterns that appear
in the majority of commercial contracts — uncapped indemnity,
auto-renewal traps, termination without cause, unfavorable
jurisdiction clauses — deterministic detection is faster,
reproducible, and far easier to audit.
The playbook is also fully editable.
You can add your own rules using any of the four detection
methods and clauses for detection.
Architecture
- Single HTML file.
- Runs in any modern browser.
- No installation. No dependencies. No internet required after initial font loading.
Works in:
- air-gapped environments
- restricted networks
- regulated infrastructures
One-time purchase. No subscriptions. No seat limits.
If you work in legal, procurement, or compliance and have
ever felt uncomfortable uploading a sensitive contract to
a cloud AI tool, this might be useful.
CRIP; Contract Risk Intelligence Platform
https://cripengine.netlify.app/
Happy to discuss the detection engine or architecture in the comments.
Top comments (0)