ubx review sends your .iac files to Claude and returns structured findings grouped by severity.
Requires UBX_AI_API_KEY or ai.api_key in ubx.yaml.
Usage
ubx review [path] [flags]
Examples
ubx review
ubx review main.iac
ubx review --focus security
ubx review --focus cost
ubx review --focus reliability
ubx review --focus best-practices
ubx review --min-severity high
Flags
| Flag | Description |
|---|
--focus string | Category: all (default), security, cost, reliability, best-practices |
--min-severity string | Minimum severity: low (default), medium, high, critical |
Output
● CRITICAL (2)
[unit.aws_s3_bucket_v2.assets] S3 bucket missing encryption
No server-side encryption configured. Data at rest is not encrypted.
→ Add aws_s3_bucket_server_side_encryption_configuration with AES256 or KMS
[unit.aws_s3_bucket_v2.assets] Missing public access block
No BlockPublicAcl settings configured — bucket could be accidentally exposed.
→ Add block_public_acls = true, block_public_policy = true
● HIGH (2)
[unit.aws_s3_bucket_v2.assets] Versioning not enabled
→ Add versioning with status = "Enabled"
[unit.aws_s3_bucket_v2.assets] No lifecycle policy
→ Add lifecycle_rule block for cost management
Summary: Critical security gaps — encryption and public access controls missing.
Severity Levels
| Level | Meaning |
|---|
critical | Immediate security risk or data loss potential |
high | Significant risk — fix before production |
medium | Best practice violation |
low | Minor improvement or informational note |
Exit Codes
| Code | Meaning |
|---|
0 | No critical or high findings (after filtering) |
1 | One or more critical or high findings |
ubx review safe for CI pipelines.