Getting Started

Run a first scan and inspect the output.

Compliance Flag is an AI-assisted command-line tool. A developer or technical user can install it, connect an Anthropic API key, scan authorized content, and hand the report and saved source files to reviewers.

Requirements

  • Python 3.10 or later.
  • An Anthropic API key for Opus model calls.
  • Network access for model calls and URL scans.
  • Authorization to review the files or URLs being scanned.

The API key is a credential from Anthropic, not from Compliance Flag. Create one in the Anthropic Console API keys page after setting up an Anthropic API account.

Install from PyPI

Install the package with pip:

pip install compliance-flag

Then set your Anthropic API key in the environment where the command will run:

export ANTHROPIC_API_KEY="..."

When a scan runs, the CLI sends the captured source content and bundled regulatory context to Anthropic's Opus model through this key so the model can draft the report findings.

Keep keys out of shared files.

Do not commit Anthropic API keys, reports containing private material, local evidence captures, or client content to a shared repository. Anthropic API usage may be billed through the account that owns the key.

Run a first scan

For a local HTML, Markdown, or text file:

compliance-flag scan --file page.html

For an authorized URL:

compliance-flag scan --url https://example.com

URL mode is only for pages you own, control, administer, or have explicit permission to assess. Do not run URL scans against third-party websites or systems without authorization. Authorized URLs can include intranet, localhost, or firewall-restricted resources when the scanner is run in an environment allowed to reach them.

Find the report files

By default, generated artifacts are written to reports/. Each scan writes a JSON report, an HTML report, the raw captured source, and source metadata.

ArtifactPurpose
scan-*.jsonSchema-validated report for review and integrations.
scan-*.htmlHuman-readable rendering of the same report.
scan-*.source.<ext>Raw captured source exactly as analyzed.
scan-*.source-meta.jsonCapture metadata such as URL, content type, status code, and source filename.
Previous Overview Next Usage

Compliance Flag and Quillmark LLC are not law firms and do not provide legal, compliance, regulatory, investment, tax, accounting, or financial advice. The project, scan outputs, articles, and examples are for informational and operational use only. They should be reviewed by qualified personnel before use. Compliance Flag and Quillmark LLC do not determine that any communication meets all applicable requirements and are not affiliated with, endorsed by, or acting on behalf of the SEC or any other regulator. Regulatory and enforcement references are based on source materials and may not reflect later developments.

Compliance Flag is a Quillmark Open Source initiative. Compliance Flag is not endorsed by, sponsored by, or affiliated with OpenAI, Anthropic, or any model provider.