Usage

The scan command has one required source.

Use either a supported local file or an authorized URL. Each scan sends captured content to Anthropic's Opus model, writes a report, and keeps the captured source beside it.

Command shape

compliance-flag scan (--file PATH | --url URL) [--out DIR] [--model NAME]

--file and --url are mutually exclusive. A scan succeeds only when the Opus model response can be parsed and validated against the bundled report schema.

The command requires ANTHROPIC_API_KEY in the environment. Get that key from the Anthropic Console API keys page.

Local files

Use --file for local content that is ready for review.

compliance-flag scan --file page.html

Supported local file types are .html, .htm, .md, and .txt. Local file scans preserve the input extension in the saved source artifact.

Authorized URLs

Use --url for pages your team is authorized to review, including intranet, localhost, or firewall-restricted resources when the scanner is run in an environment allowed to reach them.

compliance-flag scan --url https://example.com

URL mode captures the page first, checks the content type, saves the raw source material, and analyzes the captured content.

Do not scan third-party websites without permission.

URL scans are intended for websites, pages, or other content the user owns, controls, administers, or has explicit permission to assess.

Output directory and Opus model

Write output to a specific directory:

compliance-flag scan --file page.html --out reports/example

Override the Opus model only when you have a specific reason to test another model:

compliance-flag scan --file page.html --model claude-sonnet-4-6

The --model value is sent to the Anthropic API. Model override is experimental, and non-default models may produce output that fails schema validation.

Exit codes

CodeMeaning
0Scan completed and the report validated against the schema.
1Scan failed because of input, network, Anthropic API, or schema-validation error. Details are written to stderr.
130Scan was cancelled by the user with Ctrl-C.

A non-zero exit code does not indicate a compliance finding. Findings are reported inside the JSON and HTML output.

Previous Getting Started Next Reading a Report

Compliance Flag and Quillmark LLC are not law firms and do not provide legal, compliance, regulatory, investment, tax, accounting, or financial advice. The project, scan outputs, articles, and examples are for informational and operational use only. They should be reviewed by qualified personnel before use. Compliance Flag and Quillmark LLC do not determine that any communication meets all applicable requirements and are not affiliated with, endorsed by, or acting on behalf of the SEC or any other regulator. Regulatory and enforcement references are based on source materials and may not reflect later developments.

Compliance Flag is a Quillmark Open Source initiative. Compliance Flag is not endorsed by, sponsored by, or affiliated with OpenAI, Anthropic, or any model provider.