ubx explain reads .iac files and uses Claude to produce a structured, plain-English explanation.
Requires UBX_AI_API_KEY or ai.api_key in ubx.yaml.
Usage
ubx explain [path-or-address] [flags]
Examples
ubx explain
ubx explain main.iac
ubx explain unit.aws_s3_bucket_v2.assets
ubx explain --audience exec
ubx explain --audience ops
Flags
| Flag | Description |
|---|
--audience string | dev (default), ops, or exec |
Audience Modes
| Mode | Description |
|---|
dev | Technical — resource types, config details, security notes |
ops | Operational — scaling, availability, failure modes |
exec | Non-technical — business purpose only |
Example Output
Explaining: main.iac (audience: dev)
Summary
────────────────────────────────────────────────────────────
This configuration provisions a PostgreSQL database and an S3 storage
bucket for the staging environment.
Resources (2)
────────────────────────────────────────────────────────────
PostgreSQL database (db.t3.micro)
Stores application data. skip_final_snapshot = true means no snapshot
on deletion — appropriate for non-production.
S3 assets bucket
Stores static application assets. force_destroy is enabled.
Outputs (1)
────────────────────────────────────────────────────────────
db_endpoint RDS connection endpoint for the application tier
Risks
────────────────────────────────────────────────────────────
• Hardcoded password — use secret() to pull from secrets manager
• skip_final_snapshot = true — data loss risk on accidental destroy
• No S3 bucket encryption configured
Next Steps
────────────────────────────────────────────────────────────
Replace hardcoded password with secret("aws_secrets_manager", "..."),
add S3 encryption, verify skip_final_snapshot is intentional.
Setup
export UBX_AI_API_KEY=sk-ant-...
ubx.yaml:
ai:
enabled: true
api_key: "sk-ant-..."
model: "claude-haiku-4-5"
