Uninstall — how to cleanly remove ComplianceLint from a project

For: all
Tier: free+
Time: ~3 min

Why you'd do this

You may want to remove ComplianceLint from a specific project for a few reasons: the project is archived, you're migrating to a different scan tool, you want a clean re-init from scratch, or you're handing the repo to someone else. The uninstall command handles the in-project files (.mcp.json, .compliancelint/, .compliancelintrc); the dashboard record (if you were synced) is removed separately from the SaaS dashboard. This chapter covers all the states cleanly so you don't end up with orphaned data on either side.

Before you start

Decide whether you want to keep your scan history and evidence (.compliancelint/evidence/) — that directory is the git-committed audit trail and is the artifact you would reference if a regulator asks "show me what you scanned, when, with what result". Uninstall is non-destructive by default; you have to opt into deleting it.
If you were synced to compliancelint.dev: only the OWNER of the dashboard repo can remove it from the dashboard. Members see a permission-denied message.

Step 1

Remove the MCP server registration

In your project root (the directory containing .mcp.json), run:

npx compliancelint uninstall

This always removes the compliancelint entry from .mcp.json. If ComplianceLint was the only MCP server registered, the whole .mcp.json file is removed; if you had other MCP servers (e.g. filesystem, GitHub, custom), their entries are kept untouched.

After this step you should restart your AI IDE (Claude Code, Cursor, Windsurf) so it picks up the new .mcp.json and stops loading the ComplianceLint MCP server.

Step 2

Decide on local data

By default, after removing the MCP registration the command prompts:

Local data present:
  .compliancelint/      scan cache + evidence audit trail
  .compliancelintrc     project config

Delete these too? [y/N]:

Type y and press Enter → both paths are deleted immediately. Use this when you're sure you don't need the audit trail (e.g. archived project, starting completely fresh).
Press Enter (default N) → both paths stay on disk. Use this when you want to keep the audit trail for git history but stop running new scans.

If you change your mind later, delete them manually:

Remove-Item -Recurse -Force .compliancelint, .compliancelintrc   # PowerShell
rm -rf .compliancelint .compliancelintrc                          # bash

Step 3

Skip the prompt with flags (CI / scripts)

If you're automating the uninstall (CI cleanup, container build, scripted teardown), the interactive prompt won't work — use one of the explicit flags instead:

# Remove MCP registration AND all local data, no prompt
npx compliancelint uninstall --purge

# Remove MCP registration ONLY, never touch local data, no prompt
npx compliancelint uninstall --keep-local

The two flags are mutually exclusive (passing both is an error with exit 1, so a CI script can fail fast if a config bug sends conflicting flags).

Step 4

Clean up the dashboard record (if you were synced)

If your .compliancelintrc contained a saas_api_key (i.e. you had connected this project to compliancelint.dev), the uninstall command prints a final warning with a direct link:

**Warning** - Dashboard record may still exist on https://compliancelint.dev.
  Local removal does not touch the SaaS-side repo entry. To clean it up:
    → Open https://compliancelint.dev/dashboard/repos/<repo-id>/settings
    → Danger Zone → Remove from dashboard

This is the OWNER-only action. On that Settings page:

Disconnect syncing — keeps the dashboard record but stops accepting new scans for this repo. Reversible: just re-attach later.
Remove from dashboard — hides the repo. Local data on your machine is preserved either way (uninstall already took care of that side per your choice in Step 2). Team members lose shared access.
Purge all data — irreversible full wipe. The dashboard exposes this as guidance only; the actual purge happens via the cl_delete --target=all MCP tool before you uninstall, while the MCP server is still loaded. If you've already uninstalled and want a full purge, re-init ComplianceLint, run cl_delete with target=all, then uninstall again with --purge.

If you were NEVER synced (Free-tier user who never connected), there is no dashboard record to clean up — Step 4 doesn't apply and no warning is shown.

Step 5

Optionally remove the Python package globally

Steps 1–4 only touch the current project's files. The ComplianceLint Python package (the MCP server itself) stays installed on your machine, ready to be wired into the next project that runs npx compliancelint init. If you don't expect to use ComplianceLint on this machine again, remove it globally:

pip uninstall compliancelint

This is purely housekeeping — nothing in the uninstalled project depends on the package after Steps 1–3.

Step 6

Sanity check + reinstall later

After uninstalling, the project root should match one of these two states:

Full clean (chose y or --purge): no .mcp.json, no .compliancelint/, no .compliancelintrc. The project is back to exactly what it was before npx compliancelint init was first run.
MCP-only clean (chose N or --keep-local): no .mcp.json (or .mcp.json exists but no compliancelint entry inside), but .compliancelint/ and .compliancelintrc are still present. The audit trail is preserved for git history; future scans would need a fresh npx compliancelint init to re-register the MCP server.

To reinstall later, just run npx compliancelint init again. If you kept .compliancelintrc, the previous project_id and attester identity are restored automatically; if you ran a full clean, init re-derives them from git.

Step 7

When things go wrong

| Symptom | Likely cause | Resolution | |---|---|---| | Nothing to uninstall. printed immediately | You ran the command in the wrong directory (no .mcp.json here) OR compliancelint was already removed. | Check with ls .mcp.json (bash) or Test-Path .mcp.json (PowerShell). If you intended a different project, cd there first. | | Could not parse .mcp.json: ... | The file has invalid JSON (manual edit corruption). | Open .mcp.json in your editor, fix the JSON syntax (missing comma, unquoted key, etc.), re-run. | | Old version doesn't recognise uninstall | Your local npx cache might still have an older ComplianceLint version that pre-dates the uninstall command. | Force the latest with npx compliancelint@latest uninstall. | | Dashboard Remove from dashboard button is greyed out | You're not the OWNER of that repo. | Ask the owner to remove it, or transfer ownership first (planned feature). | | You want the Python package removed across all projects | pip uninstall only affects the current Python environment. | Re-run pip uninstall compliancelint in each environment where it's installed (system Python, virtualenvs, conda envs). |

Last updated: 2026-06-16

Uninstall — how to cleanly remove ComplianceLint from a project

For: all
Tier: free+
Time: ~3 min

Why you'd do this

Before you start

Decide whether you want to keep your scan history and evidence (.compliancelint/evidence/) — that directory is the git-committed audit trail and is the artifact you would reference if a regulator asks "show me what you scanned, when, with what result". Uninstall is non-destructive by default; you have to opt into deleting it.
If you were synced to compliancelint.dev: only the OWNER of the dashboard repo can remove it from the dashboard. Members see a permission-denied message.

Step 1

Remove the MCP server registration

In your project root (the directory containing .mcp.json), run:

npx compliancelint uninstall

After this step you should restart your AI IDE (Claude Code, Cursor, Windsurf) so it picks up the new .mcp.json and stops loading the ComplianceLint MCP server.

Step 2

Decide on local data

By default, after removing the MCP registration the command prompts:

Local data present:
  .compliancelint/      scan cache + evidence audit trail
  .compliancelintrc     project config

Delete these too? [y/N]:

Type y and press Enter → both paths are deleted immediately. Use this when you're sure you don't need the audit trail (e.g. archived project, starting completely fresh).
Press Enter (default N) → both paths stay on disk. Use this when you want to keep the audit trail for git history but stop running new scans.

If you change your mind later, delete them manually:

Remove-Item -Recurse -Force .compliancelint, .compliancelintrc   # PowerShell
rm -rf .compliancelint .compliancelintrc                          # bash

Step 3

Skip the prompt with flags (CI / scripts)

If you're automating the uninstall (CI cleanup, container build, scripted teardown), the interactive prompt won't work — use one of the explicit flags instead:

# Remove MCP registration AND all local data, no prompt
npx compliancelint uninstall --purge

# Remove MCP registration ONLY, never touch local data, no prompt
npx compliancelint uninstall --keep-local

The two flags are mutually exclusive (passing both is an error with exit 1, so a CI script can fail fast if a config bug sends conflicting flags).

Step 4

Clean up the dashboard record (if you were synced)

If your .compliancelintrc contained a saas_api_key (i.e. you had connected this project to compliancelint.dev), the uninstall command prints a final warning with a direct link:

**Warning** - Dashboard record may still exist on https://compliancelint.dev.
  Local removal does not touch the SaaS-side repo entry. To clean it up:
    → Open https://compliancelint.dev/dashboard/repos/<repo-id>/settings
    → Danger Zone → Remove from dashboard

This is the OWNER-only action. On that Settings page:

Disconnect syncing — keeps the dashboard record but stops accepting new scans for this repo. Reversible: just re-attach later.
Remove from dashboard — hides the repo. Local data on your machine is preserved either way (uninstall already took care of that side per your choice in Step 2). Team members lose shared access.
Purge all data — irreversible full wipe. The dashboard exposes this as guidance only; the actual purge happens via the cl_delete --target=all MCP tool before you uninstall, while the MCP server is still loaded. If you've already uninstalled and want a full purge, re-init ComplianceLint, run cl_delete with target=all, then uninstall again with --purge.

If you were NEVER synced (Free-tier user who never connected), there is no dashboard record to clean up — Step 4 doesn't apply and no warning is shown.

Step 5

Optionally remove the Python package globally

pip uninstall compliancelint

This is purely housekeeping — nothing in the uninstalled project depends on the package after Steps 1–3.

Step 6

Sanity check + reinstall later

After uninstalling, the project root should match one of these two states:

Full clean (chose y or --purge): no .mcp.json, no .compliancelint/, no .compliancelintrc. The project is back to exactly what it was before npx compliancelint init was first run.
MCP-only clean (chose N or --keep-local): no .mcp.json (or .mcp.json exists but no compliancelint entry inside), but .compliancelint/ and .compliancelintrc are still present. The audit trail is preserved for git history; future scans would need a fresh npx compliancelint init to re-register the MCP server.

Step 7

When things go wrong

Last updated: 2026-06-16

Uninstall — how to cleanly remove ComplianceLint from a project

Why you'd do this

Before you start

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Related

Uninstall — how to cleanly remove ComplianceLint from a project

Why you'd do this

Before you start

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Related