> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ubiquex.io/llms.txt
> Use this file to discover all available pages before exploring further.

# ubx review

> AI security, cost, reliability, and best practices review.

`ubx review` sends your `.iac` files to Claude and returns structured findings grouped by severity.

<Note>
  Requires `UBX_AI_API_KEY` or `ai.api_key` in `ubx.yaml`.
</Note>

## Usage

```bash theme={null}
ubx review [path] [flags]
```

## Examples

```bash theme={null}
ubx review
ubx review main.iac
ubx review --focus security
ubx review --focus cost
ubx review --focus reliability
ubx review --focus best-practices
ubx review --min-severity high
```

## Flags

| Flag                    | Description                                                                    |
| ----------------------- | ------------------------------------------------------------------------------ |
| `--focus string`        | Category: `all` (default), `security`, `cost`, `reliability`, `best-practices` |
| `--min-severity string` | Minimum severity: `low` (default), `medium`, `high`, `critical`                |

## Output

```
● CRITICAL (2)
  [unit.aws_s3_bucket_v2.assets] S3 bucket missing encryption
  No server-side encryption configured. Data at rest is not encrypted.
  → Add aws_s3_bucket_server_side_encryption_configuration with AES256 or KMS

  [unit.aws_s3_bucket_v2.assets] Missing public access block
  No BlockPublicAcl settings configured — bucket could be accidentally exposed.
  → Add block_public_acls = true, block_public_policy = true

● HIGH (2)
  [unit.aws_s3_bucket_v2.assets] Versioning not enabled
  → Add versioning with status = "Enabled"

  [unit.aws_s3_bucket_v2.assets] No lifecycle policy
  → Add lifecycle_rule block for cost management

Summary: Critical security gaps — encryption and public access controls missing.
```

## Severity Levels

| Level      | Meaning                                        |
| ---------- | ---------------------------------------------- |
| `critical` | Immediate security risk or data loss potential |
| `high`     | Significant risk — fix before production       |
| `medium`   | Best practice violation                        |
| `low`      | Minor improvement or informational note        |

## Exit Codes

| Code | Meaning                                        |
| ---- | ---------------------------------------------- |
| `0`  | No critical or high findings (after filtering) |
| `1`  | One or more critical or high findings          |

Exit code 1 makes `ubx review` safe for CI pipelines.