Deterministic Contract Risk Scanning in a Single HTML File (No AI, No Cloud)

Majed — Tue, 10 Mar 2026 23:23:28 +0000

Most contract review tools today do one of two things: send
your documents to a cloud AI, or charge you $2,000/year for
the privilege of doing so.

Neither felt acceptable to me for sensitive legal documents.

So I built CRIP; a deterministic, rule-based contract risk
scanner that runs entirely as a single HTML file on your
machine. No server. No API. No data leaves your device.

30-second demo

https://www.youtube.com/watch?v=12OQpdB6uZA

The problem with AI for contract review

AI contract tools are impressive. But for this specific use
case, they have three fundamental problems.

1. Your documents leave your machine

NDAs, vendor agreements, privileged materials — uploading
them to any external service creates exposure. Many NDAs
explicitly prohibit sharing document contents with third
parties.

You can technically breach the very agreement you're reviewing
just by running it through a cloud tool.

2. Results are probabilistic, not auditable

Ask an AI to review the same contract twice and you may get
different results.

When you're presenting risk findings to a board or legal
counsel, "the AI flagged it" is not an acceptable explanation.

You need to show exactly which rule triggered, why, and where
in the document.

3. Restricted environments can't use them

Air-gapped networks. Government contractors. Regulated
industries.

These environments have real contract review needs and
almost no tools that work within their restrictions.

The deterministic alternative

CRIP uses four detection methods against a configurable
playbook of 217+ clause patterns.

Exact Phrase

Finds precise wording.

termination without cause

Stem Match

Catches all word variations.

terminat- → terminate, terminating, termination

Token Proximity

Flags risk spread across a sentence.

liability within 12 tokens of unlimited

Regex

Advanced structural matching.

\b(indemnif)(y|ies|ied|ication)\b

Every flagged clause shows:

the exact document location
the rule that triggered it
a severity level (High / Medium / Low)

No black box. Fully auditable.

What deterministic gives you that AI doesn't

Reproducibility — same contract, same playbook, same result
Auditability — every flag traces to a rule and document location
Speed — results in seconds with a single local pass
Privacy — nothing transmitted at any stage
Air-gap compatibility — works in fully offline environments

The output

Each scan generates an executive report exportable as:

PDF
DOCX
PowerPoint

Reports include:

Contract health score (logarithmic, weighted by clause severity)
Estimated financial exposure
Risk radar map across clause categories
Clause-by-clause action plan

The tradeoff

Deterministic detection won't catch a completely novel clause
written in a creative way that doesn't match any pattern.

AI might.

But for the 217+ known high-risk clause patterns that appear
in the majority of commercial contracts — uncapped indemnity,
auto-renewal traps, termination without cause, unfavorable
jurisdiction clauses — deterministic detection is faster,
reproducible, and far easier to audit.

The playbook is also fully editable.

You can add your own rules using any of the four detection
methods and clauses for detection.

Architecture

Single HTML file.
Runs in any modern browser.
No installation. No dependencies. No internet required after initial font loading.

Works in:

air-gapped environments
restricted networks
regulated infrastructures

One-time purchase. No subscriptions. No seat limits.

If you work in legal, procurement, or compliance and have
ever felt uncomfortable uploading a sensitive contract to
a cloud AI tool, this might be useful.

CRIP; Contract Risk Intelligence Platform

https://cripengine.netlify.app/

Happy to discuss the detection engine or architecture in the comments.

Forem: Majed