complyform remediate
Generate surgical Terraform patches for failing compliance controls.
complyform remediate [options]Options
Section titled “Options”| Flag | Type | Default | Description |
|---|---|---|---|
--controls | string | all failing | Comma-separated control IDs to remediate (e.g., CC6.1,CC6.7) |
--output | path | ./patches | Output directory for .tf patch files |
--dry-run | bool | false | Preview patches without writing |
--estimate-cost | bool | false | Cost impact of remediation. Team+. |
--iam-analysis | bool | false | Include IAM remediation patches (role narrowing). Team+. |
--open-pr | bool | false | Create branch + commit patches + open PR on GitHub. Pro+. (SPEC-002) |
--pr-branch | string | complyform/{framework}-{timestamp} | Override PR branch name |
--pr-repo | string | inferred from git remote | Override GitHub repo (owner/repo) |
--pr-base | string | repo default branch | PR target branch |
--pr-title | string | auto-generated | Override PR title |
--pr-draft | bool | false | Open as draft PR |
--interactive | bool | false | Review each patch before writing. Requires TTY. Mutually exclusive with --open-pr. (SPEC-006) |
Examples
Section titled “Examples”Generate patches for all failing controls:
complyform remediate --frameworks=soc2 --output=./patchesPreview patches without writing:
complyform remediate --frameworks=soc2 --dry-runRemediate specific controls:
complyform remediate --controls=CC6.1,CC7.5Open a pull request with patches (Pro+):
complyform remediate --frameworks=soc2 --open-prInteractive review mode:
complyform remediate --frameworks=soc2 --interactive