cbx Reference

CloudBooster CLI

This reference documents every command, flag, and subcommand exposed by cbx-cli.

cbx
cbx audit
cbx audit aws
cbx login
cbx config
cbx llm
cbx upgrade
cbx version
cbx completion

cbx

cbx

CloudBooster CLI

The CloudBooster CLI (cbx) is the primary command-line interface for interacting with the CloudBooster platform.

Flags

Flag	Shorthand	Type	Default	Required	Description
`--help`	`-h`	bool	false		Show help for cbx
`--version`	`-v`	bool	false		Print the CLI version

Global flags (available on every command)

Flag	Shorthand	Type	Default	Description
`--output`	`-o`	string	text	Output format: `text` or `json`
`--no-color`		bool	false	Disable colored output
`--quiet`	`-q`	bool	false	Suppress non-essential output

Subcommands

audit — Audit a live AWS account against CloudBooster's curated rules
login — Log in to your CloudBooster account
config — Manage CLI configuration
llm — Manage LLM providers and local CLI executors
upgrade — Upgrade cbx-cli to the latest version
version — Print the CLI version
completion — Generate a shell completion script

Related guide

See the install guide.

cbx audit

cbx audit

Run a security and compliance audit

cbx audit on its own lists the available audit subcommand. The only audit surface is cbx audit aws, which audits a live AWS account.

The earlier IaC state-file inputs (--source, --pulumi-state, --terraform-state, --scanners) are no longer a CLI surface. State-file and source parsing survive only as a Go library path (pkg/audit) for downstream consumers — see Use cbx audit.

Subcommands

aws — Audit a live AWS account

cbx audit aws

cbx audit aws [profile] [flags]

Audit a live AWS account

Discovers resources in a live AWS account via the AWS SDK, grounds findings in CloudBooster's curated AWS knowledge and rule pack (fetched from api.cloudbooster.io/v1/knowledge/aws/*), and runs a local LLM CLI (claude -p by default, or codex exec) to produce a cited report.

The chosen LLM CLI (claude or codex) must be on your PATH and owns its own auth. Before any AWS call, a pre-discovery preflight probes the executor; failure aborts with E_LLM_PREFLIGHT.

Example

cbx audit aws
cbx audit aws prod --region us-east-1 --region us-west-2
cbx audit aws --region all -o json
cbx audit aws --llm-executor codex --llm-model gpt-5-codex

Flags

Flag	Type	Default	Description
`--region`	string (repeatable)	profile region	Region to audit; repeat for several, or pass `all` to fan out across enabled regions
`--llm-executor`	string	follows `cbx llm default` (else `claude-code`)	Local LLM CLI to drive the audit: `claude-code` or `codex`
`--llm-model`	string	executor default	Pin the model passed to the executor
`--llm-max-cost`	float	—	USD cap on LLM spend (enforced for `claude-code` only; `codex` reports no cost)
`--rulepack-version`	string	latest	Pin the curated rule-pack version (env `CBX_RULEPACK_VERSION`)
`--diagnose`	bool	false	Emit a per-call breakdown of discovery permission errors
`--dry-run`	bool	false	Run discovery and preflight without invoking the analyzer
`--no-tui`	bool	false	Disable the interactive TUI
`--strict`	bool	false	Treat warnings as failures
`--aws-concurrency`	int	4	Concurrent AWS calls per service
`--credentials-file`	string	—	Path to an explicit AWS credentials file

Related guide

See Use cbx audit aws.

cbx login [flags]

Log in to your CloudBooster account

Opens a PKCE OAuth browser flow to authenticate your CLI with CloudBooster. Tokens are stored in your OS-native keyring.

Example

cbx login

cbx config

cbx config [subcommand]

Manage CLI configuration

View and set configuration values for the CloudBooster CLI.

Example

cbx config

cbx llm

cbx llm [subcommand]

Manage LLM providers and local CLI executors

Commands for managing API-key LLM providers and local CLI executors used by cbx audit aws. API providers: claude (Anthropic) and codex (OpenAI). Local CLI executors: claude-code and codex.

Subcommands

Command	Description
`cbx llm api login <provider>`	Store an API key for a provider (`claude` or `codex`)
`cbx llm api logout <provider>`	Remove a stored API key
`cbx llm api list`	List configured API providers
`cbx llm api test <provider>`	Verify an API provider's credentials
`cbx llm cli list`	List detected local CLI executors
`cbx llm cli test <executor>`	Verify a local CLI executor (e.g. `claude-code`, `codex`) with a real prompt probe
`cbx llm default <name>`	Set the default provider/executor (honored by `cbx audit aws --llm-executor`)
`cbx llm list`	List all providers and executors
`cbx llm model <name> <model>`	Pin the model for a provider or executor

Example

# Store an API key
cbx llm api login claude
 
# Verify the local Claude Code CLI executor
cbx llm cli test claude-code
 
# Make codex the default executor for audits
cbx llm default codex
 
# Pin a model
cbx llm model claude-code claude-sonnet-4-6

cbx upgrade

cbx upgrade

Upgrade cbx-cli to the latest version

Downloads and installs the latest stable cbx-cli release.

Example

cbx upgrade

cbx version

cbx version

Print the CLI version

Prints the current version of cbx-cli, including the build commit and release date.

Example

cbx version

cbx completion

cbx completion [bash|zsh|fish|powershell]

Generate a shell completion script

Outputs a completion script for the named shell. See cbx completion --help for per-shell install instructions.

Example

cbx completion zsh > ~/.cbx-completion.zsh

cbx Reference

cbx Reference

Table of Contents

cbx

cbx audit

cbx audit aws

cbx config

cbx llm

cbx upgrade

cbx version

cbx completion

On this page