Drifts

Manage and resolve infrastructure drifts from the command line.

List Drifts

View all detected drifts:

controlinfra drifts list

Output:

┌──────────┬─────────────────────────────────┬──────────┬──────────┬────────┬─────────────┐
│ ID       │ Resource                        │ Severity │ Status   │ Action │ Detected    │
├──────────┼─────────────────────────────────┼──────────┼──────────┼────────┼─────────────┤
│ a1b2c3d4 │ aws_instance.web                │ high     │ detected │ update │ 2 hours ago │
│ e5f6g7h8 │ aws_security_group.allow_ssh    │ critical │ detected │ delete │ 3 hours ago │
│ i9j0k1l2 │ aws_s3_bucket.logs              │ low      │ analyzed │ update │ 1 day ago   │
└──────────┴─────────────────────────────────┴──────────┴──────────┴────────┴─────────────┘

Filter Options

Option	Description
--scan <id>	Filter by scan
--repo <id>	Filter by repository
--severity <level>	Filter by severity (critical, high, medium, low)
--status <status>	Filter by status (detected, analyzed, resolved, ignored)
--limit <n>	Number of drifts to show (default: 50)

# Critical drifts only
controlinfra drifts list --severity critical

# From specific scan
controlinfra drifts list --scan a1b2c3d4

# Unresolved drifts
controlinfra drifts list --status detected

View Drift Details

Get detailed information about a drift:

controlinfra drifts show <drift-id>

Output:

┌──────────────────────────────────────────────────────────┐
│ Drift Details                                             │
├──────────────────────────────────────────────────────────┤
│ ID:          a1b2c3d4                                     │
│ Resource:    aws_instance.web                             │
│ Type:        aws_instance                                 │
│ Severity:    high                                         │
│ Status:      detected                                     │
│ Action:      update                                       │
│ Detected:    2 hours ago                                  │
└──────────────────────────────────────────────────────────┘

Changes:
────────────────────────────────────────────────────────────
  instance_type:
    - t2.micro
    + t2.small
  tags.Environment:
    - production
    + staging

AI Analysis:
────────────────────────────────────────────────────────────
  The instance type was manually changed from t2.micro to t2.small,
  likely to handle increased load. This should be reflected in
  Terraform to prevent future drift.

Generate AI Fix

Get an AI-generated fix for a drift:

controlinfra drifts fix <drift-id>

Output:

✓ Fix generated successfully

Generated Fix:
────────────────────────────────────────────────────────────
resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
- instance_type = "t2.micro"
+ instance_type = "t2.small"

  tags = {
    Name        = "web-server"
-   Environment = "production"
+   Environment = "staging"
  }
}
────────────────────────────────────────────────────────────

Create PR with: controlinfra drifts pr a1b2c3d4

Specify AI Provider

controlinfra drifts fix <drift-id> --provider anthropic
controlinfra drifts fix <drift-id> --provider openai

Create Pull Request

Automatically create a PR with the fix:

controlinfra drifts pr <drift-id>

Output:

✓ Pull request created

PR URL: https://github.com/myorg/infrastructure/pull/42

Auto-Merge

Enable auto-merge on the PR:

controlinfra drifts pr <drift-id> --auto-merge

Mark as Ignored

Ignore a drift (won't be reported in future scans):

controlinfra drifts ignore <drift-id>

Output:

✓ Drift marked as ignored

Mark as Resolved

Manually mark a drift as resolved:

controlinfra drifts resolve <drift-id>

Output:

✓ Drift marked as resolved

Drift Statistics

Get an overview of drift statistics:

controlinfra drifts stats

Output:

┌──────────────────────────────────────────────────────────┐
│ Drift Statistics                                          │
├──────────────────────────────────────────────────────────┤
│ Total Drifts:   28                                        │
│                                                           │
│ By Severity:                                              │
│   Critical:     3                                         │
│   High:         8                                         │
│   Medium:       12                                        │
│   Low:          5                                         │
│                                                           │
│ By Status:                                                │
│   Detected:     15                                        │
│   Analyzed:     5                                         │
│   Resolved:     6                                         │
│   Ignored:      2                                         │
└──────────────────────────────────────────────────────────┘

Filter by Repository

controlinfra drifts stats --repo myorg/infrastructure

Workflow Example

Complete drift resolution workflow:

# 1. List critical drifts
controlinfra drifts list --severity critical

# 2. View drift details
controlinfra drifts show a1b2c3d4

# 3. Generate a fix
controlinfra drifts fix a1b2c3d4

# 4. Create a PR
controlinfra drifts pr a1b2c3d4

# 5. After PR is merged, mark as resolved
controlinfra drifts resolve a1b2c3d4

Next Steps

• Runners - Self-hosted runners
• Integrations - Slack, AWS, AI setup