CLI Reference
ComplyForm CLI reference — all commands and options.
Global Options
Section titled “Global Options”These flags apply to every command:
| Flag | Type | Default | Description |
|---|---|---|---|
--verbose / --no-verbose | bool | false | Show debug output |
--quiet / --no-quiet | bool | false | Suppress non-error output |
--no-progress | bool | false | Suppress progress indicators |
--config, -c | path | ~/.complyform/config.yaml | Config file path |
--version | flag | — | Show version and exit |
--install-completion | flag | — | Install shell completion |
--show-completion | flag | — | Show shell completion script |
--help | flag | — | Show help and exit |
Exit Codes
Section titled “Exit Codes”| Code | Meaning |
|---|---|
0 | Success (all controls pass) |
1 | Compliance failures found |
2 | Runtime error |
3 | Partial failure (batch mode) |
130 | Interrupted (Ctrl+C) |
Commands
Section titled “Commands”Brownfield (existing infrastructure)
Section titled “Brownfield (existing infrastructure)”scan— Discover existing Terraform resources from state files or cloud APIsassess— Map resources to framework controls and produce compliance findingsremediate— Generate surgical Terraform patches for failing controlsvalidate— Confirm patched state passes compliance checksreport— Generate compliance reports (terminal, HTML, PDF)export— Export results to audit/GRC platforms (Vanta, Drata, Secureframe)
Greenfield (new infrastructure)
Section titled “Greenfield (new infrastructure)”init— Interactive setup wizard for new projectsgenerate— Generate.tffiles fromcomplyform.init.yaml(see below)
Discovery & Policy
Section titled “Discovery & Policy”frameworks— List, inspect, and compare compliance frameworkspolicy-gen— Generate policy-as-code artifacts (Checkov, OPA, GitHub Action)
Management
Section titled “Management”update— Check for CLI and profile updatesdoctor— Check environment healthactivate— Activate a license keyfeedback— Report bugs or request featuresversion— Show version informationdrift— Configure drift monitoring
Additional Commands
Section titled “Additional Commands”These commands don’t have dedicated sidebar pages.
Alias for the remediate → validate pipeline. Runs remediation then validation in sequence.
complyform fix --frameworks=soc2Accepts all flags from both remediate and validate. Exit code is remediate’s code if it fails, otherwise validate’s code. --interactive and --open-pr are mutually exclusive.
explain
Section titled “explain”Explain a finding from a cached assessment.
complyform explain CC6.1complyform explain CC6.1 --ai --frameworks=soc2| Flag | Type | Default | Description |
|---|---|---|---|
<target> | positional | — | Control ID or finding ID |
--frameworks | string | — | Framework context for explanation |
--ai | bool | false | AI-enhanced explanation (Pro+) |
--format | json|terminal | terminal | Output format |
generate
Section titled “generate”Generate .tf files from a complyform.init.yaml configuration (created by init).
complyform generate --config=./complyform.init.yaml| Flag | Type | Default | Description |
|---|---|---|---|
--config | path | ./complyform.init.yaml | Config file path |
--force | bool | false | Overwrite existing files |
--estimate-cost | bool | false | Include cost estimation |
--dry-run | bool | false | Preview without writing |
After generating, run complyform validate to verify compliance.
verify
Section titled “verify”Verify an attestation signature and integrity (SPEC-017).
complyform verify ./attestation.json| Flag | Type | Default | Description |
|---|---|---|---|
<attestation-file> | positional | — | Path to attestation file |
--assessment | path | — | Assessment file to verify against |
--format | json|terminal | terminal | Output format |
mcp-server
Section titled “mcp-server”Launch an MCP (Model Context Protocol) server on stdio for AI assistant integration. This is a hidden command — it does not appear in --help output.
complyform mcp-serverExposes 8 read-only tools over stdio transport. Intended for use with AI coding assistants that support the MCP protocol.