Skip to main content

CLI Reference

Global Options

These flags are available on all commands:

--help, -h       Show help for a command
--version, -v    Print version number
--no-color       Disable colored output
--verbose        Show debug-level output

purgit scan

Scan a file for metadata findings without modifying it.

purgit scan <file> [options]

Options:

| Flag | Description | Default | |------|-------------|---------| | --policy <name> | Policy to apply: strict, standard, minimal, legal, healthcare | standard | | --format <format> | Output format: text, json, html | text | | --output <path> | Write report to file instead of stdout | — | | --quiet, -q | Suppress output; exit code only | false |

Exit codes: 0 = no findings, 1 = findings found, 2 = error, 3 = unsupported format.

Examples:

# Scan a PDF with the default (standard) policy
purgit scan contract.pdf

# Scan with the legal policy and output JSON to a file
purgit scan contract.pdf --policy legal --format json --output report.json

# Scan an image, quiet mode (for scripts)
purgit scan photo.jpg --quiet
echo $?  # 0 = clean, 1 = findings

# Scan a DOCX with verbose output for debugging
purgit scan brief.docx --verbose

purgit sanitize

Remove metadata from a file and produce a clean copy. By default, a verification rescan runs on the output file to confirm all auto-fixable findings have been resolved.

purgit sanitize <file> [options]

Options:

| Flag | Description | Default | |------|-------------|---------| | --policy <name> | Policy to apply | standard | | --output <path> | Output file path | <name>-clean.<ext> | | --no-verify | Skip verification rescan (not recommended) | false | | --dry-run | Show what would be removed without modifying | false |

Examples:

# Sanitize a PDF (output: contract-clean.pdf)
purgit sanitize contract.pdf

# Sanitize with a specific output path
purgit sanitize photo.jpg --output photo-clean.jpg

# Sanitize a DOCX with the legal policy
purgit sanitize brief.docx --policy legal --output brief-final.docx

# Preview what would be removed without actually sanitizing
purgit sanitize contract.pdf --dry-run

purgit verify

Re-scan a file that has already been sanitized to confirm no findings remain. Uses the standard policy by default.

purgit verify <file> [options]

Options:

| Flag | Description | Default | |------|-------------|---------| | --policy <name> | Policy to verify against | standard | | --format <format> | Output format: text, json | text |

Examples:

# Verify a sanitized file
purgit verify contract-clean.pdf

# Verify with JSON output for CI
purgit verify contract-clean.pdf --format json

purgit report

Generate a standalone report for a file without sanitizing it. Useful for auditing or sharing findings with a team.

purgit report <file> [options]

Options:

| Flag | Description | Default | |------|-------------|---------| | --format <format> | Report format: json, html, pdf | html | | --output <path> | Output path | stdout (json) or <name>-report.<ext> | | --policy <name> | Policy to apply | standard |

Examples:

# Generate an HTML report
purgit report contract.pdf

# Generate a PDF report for sharing
purgit report contract.pdf --format pdf --output report.pdf

# Generate a JSON report for automation
purgit report contract.pdf --format json --output report.json

purgit policy list

List all available policies with their rule counts and descriptions.

purgit policy list

Example output:

Name          Rules  Description
strict          93   All rules, all severities
standard        71   All rules, medium+ severity
minimal         23   Critical and high severity only
legal           58   Legal-profession-specific rules
healthcare      47   HIPAA-focused rules (GPS, dates, device IDs)

purgit config

Manage CLI configuration values.

purgit config list                    # Show all config values
purgit config get <key>               # Get a specific value
purgit config set <key> <value>       # Set a value

Available config keys:

| Key | Description | Default | |-----|-------------|---------| | policy | Default scan/sanitize policy | standard | | format | Default output format | text | | color | Enable colored output | true |

Examples:

# View all settings
purgit config list

# Set default policy to legal
purgit config set policy legal

# Check current default policy
purgit config get policy

purgit auth

Manage authentication credentials.

purgit auth login     # Open browser for OAuth login
purgit auth logout    # Remove stored credentials
purgit auth status    # Show current auth status

Exit Codes

All commands follow a consistent exit code scheme:

| Code | Meaning | |------|---------| | 0 | Success / no findings | | 1 | Findings found (scan/verify) | | 2 | Error (invalid input, auth failure, network error) | | 3 | Unsupported file format |

Use exit codes in shell scripts and CI pipelines to gate deployments or flag documents for review.

Environment Variables

| Variable | Description | |----------|-------------| | PURGIT_API_KEY | API key for authentication (alternative to purgit auth login) | | PURGIT_POLICY | Default policy (overrides config file) | | NO_COLOR | Disable colored output (standard convention) |

Next Steps

  • REST API Overview — Use the HTTP API directly for custom integrations.
  • Integrations — GitHub Actions, Node.js, Python, and webhook examples.

Last updated: 2026-03-06