{"id":26296482,"url":"https://github.com/nwiizo/tfmcp","last_synced_at":"2026-01-02T22:11:57.372Z","repository":{"id":281357091,"uuid":"945036417","full_name":"nwiizo/tfmcp","owner":"nwiizo","description":null,"archived":false,"fork":false,"pushed_at":"2025-03-08T14:10:30.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-08T14:35:32.981Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nwiizo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-08T14:10:29.000Z","updated_at":"2025-03-08T14:10:33.000Z","dependencies_parsed_at":"2025-03-08T14:35:35.436Z","dependency_job_id":"2352ea08-6ab5-46dd-a8ba-4e40797c6d00","html_url":"https://github.com/nwiizo/tfmcp","commit_stats":null,"previous_names":["nwiizo/tfmcp"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nwiizo%2Ftfmcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nwiizo%2Ftfmcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nwiizo%2Ftfmcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nwiizo%2Ftfmcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nwiizo","download_url":"https://codeload.github.com/nwiizo/tfmcp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243681418,"owners_count":20330221,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-15T04:18:49.822Z","updated_at":"2026-01-02T22:11:57.367Z","avatar_url":"https://github.com/nwiizo.png","language":null,"funding_links":[],"categories":["Cloud Infrastructure","Cloud \u0026 Infrastructure","Cloud \u0026 DevOps MCP Servers","Tools","Applications","📚 Projects (1974 total)","Legend","MCP Servers","Cloud Platforms","Infrastructure as Code","サーバー実装","MCP 服务器精选列表","Task and Project Management","Table of Contents","☁️ Cloud Platforms","🔧 Utilities","Uncategorized","Rust","Server Implementations","Agentic Systems"],"sub_categories":["🏗️ Infrastructure as Code","Virtualization \u0026 IaC","Community providers","System tools","MCP Servers","☁️ \u003ca name=\"cloud-platforms\"\u003e\u003c/a\u003eCloud Platforms","Cloud \u0026 DevOps","☁️ \u003ca name=\"cloud-platforms\"\u003e\u003c/a\u003eクラウドプラットフォーム","☁️ 云平台与服务集成 (AWS, Cloudflare, Azure, K8s, etc.)","☁️ Cloud Platforms","System Automation","Uncategorized"],"readme":"# tfmcp: Terraform Model Context Protocol Tool\n\n[![Trust Score](https://archestra.ai/mcp-catalog/api/badge/quality/nwiizo/tfmcp)](https://archestra.ai/mcp-catalog/nwiizo__tfmcp)\n\n*⚠️  This project includes production-ready security features but is still under active development. While the security system provides robust protection, please review all operations carefully in production environments. ⚠️*\n\ntfmcp is a command-line tool that helps you interact with Terraform via the Model Context Protocol (MCP). It allows LLMs to manage and operate your Terraform environments, including:\n\n## 🎮 Demo\n\nSee tfmcp in action with Claude Desktop:\n\n![tfmcp Demo with Claude Desktop](.github/images/tfmcp-demo.gif)\n\n- Reading Terraform configuration files\n- Analyzing Terraform plan outputs\n- Applying Terraform configurations\n- Managing Terraform state\n- Creating and modifying Terraform configurations\n\n## 🎉 Latest Release\n\nThe latest version of tfmcp (v0.1.9) is now available on Crates.io! You can easily install it using Cargo:\n\n```bash\ncargo install tfmcp\n```\n\n### 🆕 What's New in v0.1.9\n- **📊 Plan Analysis**: Structured plan analysis with risk scoring and recommendations\n- **🔍 State Analysis**: Deep state inspection with drift detection\n- **📁 Workspace Management**: Full terraform workspace support (list, show, new, select, delete)\n- **📥 Import Helper**: Guided resource import with config generation\n- **✨ Code Formatting**: terraform fmt integration\n- **🔗 Dependency Graph**: terraform graph visualization with DOT output\n- **📤 Output Management**: terraform output access\n- **🏷️ Taint/Untaint**: Resource taint management (with deprecation notices for 1.5+)\n- **🔄 State Refresh**: Explicit state refresh operations\n- **📦 Provider Info**: Detailed provider information with lock file parsing\n- **🦀 Rust Edition 2024**: Migrated to Rust Edition 2024 (requires Rust 1.85.0+)\n\n## Features\n\n- 🚀 **Terraform Integration**\n  Deeply integrates with the Terraform CLI to analyze and execute operations.\n\n- 📄 **MCP Server Capabilities**\n  Runs as a Model Context Protocol server, allowing AI assistants to access and manage Terraform.\n\n- 🔬 **Module Health Analysis**\n  Whitebox approach to Infrastructure as Code with cohesion/coupling analysis, health scoring, and refactoring suggestions based on software engineering principles.\n\n- 📊 **Resource Dependency Graph**\n  Visualize resource relationships including explicit depends_on and implicit reference dependencies.\n\n- 📦 **Module Registry Integration**\n  Search and explore Terraform modules from the registry, get module details and versions.\n\n- 🔐 **Enterprise Security**\n  Production-ready security controls with configurable policies, audit logging, and access restrictions.\n\n- 📊 **Advanced Analysis**\n  Detailed Terraform configuration analysis with best practice recommendations and security checks.\n\n- 📋 **Guideline Compliance** (v0.1.8)\n  Future Architect Terraform guidelines integration with compliance scoring, secret detection, and variable quality checks.\n\n- ⚡️ **Blazing Fast**\n  High-speed processing powered by the Rust ecosystem with optimized parsing and caching.\n\n- 🛠️ **Automatic Setup**\n  Automatically creates sample Terraform projects when needed, ensuring smooth operation even for new users.\n\n- 🐳 **Docker Support**\n  Run tfmcp in a containerized environment with all dependencies pre-installed.\n\n## Installation\n\n### From Source\n```bash\n# Clone the repository\ngit clone https://github.com/nwiizo/tfmcp\ncd tfmcp\n\n# Build and install\ncargo install --path .\n```\n\n### From Crates.io\n```bash\ncargo install tfmcp\n```\n\n### Using Docker\n```bash\n# Clone the repository\ngit clone https://github.com/nwiizo/tfmcp\ncd tfmcp\n\n# Build the Docker image\ndocker build -t tfmcp .\n\n# Run the container\ndocker run -it tfmcp\n```\n\n## Requirements\n\n- Rust (edition 2021)\n- Terraform CLI installed and available in PATH\n- Claude Desktop (for AI assistant integration)\n- Docker (optional, for containerized deployment)\n\n## Usage\n\n```bash\n$ tfmcp --help\n✨ A CLI tool to manage Terraform configurations and operate Terraform through the Model Context Protocol (MCP).\n\nUsage: tfmcp [OPTIONS] [COMMAND]\n\nCommands:\n  mcp       Launch tfmcp as an MCP server\n  analyze   Analyze Terraform configurations\n  help      Print this message or the help of the given subcommand(s)\n\nOptions:\n  -c, --config \u003cPATH\u003e    Path to the configuration file\n  -d, --dir \u003cPATH\u003e       Terraform project directory\n  -V, --version          Print version\n  -h, --help             Print help\n```\n\n### Using Docker\n\nWhen using Docker, you can run tfmcp commands like this:\n\n```bash\n# Run as MCP server (default)\ndocker run -it tfmcp\n\n# Run with specific command and options\ndocker run -it tfmcp analyze --dir /app/example\n\n# Mount your Terraform project directory\ndocker run -it -v /path/to/your/terraform:/app/terraform tfmcp --dir /app/terraform\n\n# Set environment variables\ndocker run -it -e TFMCP_LOG_LEVEL=debug tfmcp\n```\n\n### Integrating with Claude Desktop\n\nTo use tfmcp with Claude Desktop:\n\n1. If you haven't already, install tfmcp:\n   ```bash\n   cargo install tfmcp\n   ```\n\n   Alternatively, you can use Docker:\n   ```bash\n   docker build -t tfmcp .\n   ```\n\n2. Find the path to your installed tfmcp executable:\n   ```bash\n   which tfmcp\n   ```\n\n3. Add the following configuration to `~/Library/Application\\ Support/Claude/claude_desktop_config.json`:\n\n```json\n{\n  \"mcpServers\": {\n    \"tfmcp\": {\n      \"command\": \"/path/to/your/tfmcp\",  // Replace with the actual path from step 2\n      \"args\": [\"mcp\"],\n      \"env\": {\n        \"HOME\": \"/Users/yourusername\",  // Replace with your username\n        \"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\",\n        \"TERRAFORM_DIR\": \"/path/to/your/terraform/project\"  // Optional: specify your Terraform project\n      }\n    }\n  }\n}\n```\n\nIf you're using Docker with Claude Desktop, you can set up the configuration like this:\n\n```json\n{\n  \"mcpServers\": {\n    \"tfmcp\": {\n      \"command\": \"docker\",\n      \"args\": [\"run\", \"--rm\", \"-v\", \"/path/to/your/terraform:/app/terraform\", \"tfmcp\", \"mcp\"],\n      \"env\": {\n        \"TERRAFORM_DIR\": \"/app/terraform\"\n      }\n    }\n  }\n}\n```\n\n4. Restart Claude Desktop and enable the tfmcp tool.\n\n5. tfmcp will automatically create a sample Terraform project in `~/terraform` if one doesn't exist, ensuring Claude can start working with Terraform right away. The sample project is based on the examples included in the `example/demo` directory of this repository.\n\n## MCP Tools\n\ntfmcp provides 31 MCP tools for AI assistants:\n\n### Core Terraform Operations\n| Tool | Description |\n|------|-------------|\n| `init_terraform` | Initialize Terraform working directory |\n| `get_terraform_plan` | Generate and show execution plan |\n| `analyze_plan` | **NEW** Analyze plan with risk scoring and recommendations |\n| `apply_terraform` | Apply Terraform configuration |\n| `destroy_terraform` | Destroy Terraform-managed infrastructure |\n| `validate_terraform` | Validate configuration syntax |\n| `validate_terraform_detailed` | Detailed validation with guidelines |\n| `get_terraform_state` | Show current state |\n| `analyze_state` | **NEW** Analyze state with drift detection |\n| `list_terraform_resources` | List all managed resources |\n| `set_terraform_directory` | Change active project directory |\n\n### Workspace \u0026 State (v0.1.9)\n| Tool | Description |\n|------|-------------|\n| `terraform_workspace` | **NEW** Manage workspaces (list, show, new, select, delete) |\n| `terraform_import` | **NEW** Import existing resources |\n| `terraform_taint` | **NEW** Taint/untaint resources |\n| `terraform_refresh` | **NEW** Refresh state |\n\n### Code \u0026 Output (v0.1.9)\n| Tool | Description |\n|------|-------------|\n| `terraform_fmt` | **NEW** Format code |\n| `terraform_graph` | **NEW** Generate dependency graph |\n| `terraform_output` | **NEW** Get output values |\n| `terraform_providers` | **NEW** Get provider info with lock file |\n\n### Analysis \u0026 Security\n| Tool | Description |\n|------|-------------|\n| `analyze_terraform` | Analyze configuration |\n| `analyze_module_health` | Module health with cohesion/coupling metrics |\n| `get_resource_dependency_graph` | Resource dependencies visualization |\n| `suggest_module_refactoring` | Refactoring suggestions |\n| `get_security_status` | Security scan with secret detection |\n\n### Registry\n| Tool | Description |\n|------|-------------|\n| `search_terraform_providers` | Search providers |\n| `get_provider_info` | Provider details |\n| `get_provider_docs` | Provider documentation |\n| `search_terraform_modules` | Search modules |\n| `get_module_details` | Module details |\n| `get_latest_module_version` | Latest module version |\n| `get_latest_provider_version` | Latest provider version |\n\n## Logs and Troubleshooting\n\nThe tfmcp server logs are available at:\n```\n~/Library/Logs/Claude/mcp-server-tfmcp.log\n```\n\nCommon issues and solutions:\n\n- **Claude can't connect to the server**: Make sure the path to the tfmcp executable is correct in your configuration\n- **Terraform project issues**: tfmcp automatically creates a sample Terraform project if none is found\n- **Method not found errors**: MCP protocol support includes resources/list and prompts/list methods\n- **Docker issues**: If using Docker, ensure your container has proper volume mounts and permissions\n\n## Environment Variables\n\n### Core Configuration\n- `TERRAFORM_DIR`: Set this to specify a custom Terraform project directory. If not set, tfmcp will use the directory provided by command line arguments, configuration files, or fall back to `~/terraform`. You can also change the project directory at runtime using the `set_terraform_directory` tool.\n- `TFMCP_LOG_LEVEL`: Set to `debug`, `info`, `warn`, or `error` to control logging verbosity.\n- `TFMCP_DEMO_MODE`: Set to `true` to enable demo mode with additional safety features.\n\n### Security Configuration\n- `TFMCP_ALLOW_DANGEROUS_OPS`: Set to `true` to enable apply/destroy operations (default: `false`)\n- `TFMCP_ALLOW_AUTO_APPROVE`: Set to `true` to enable auto-approve for dangerous operations (default: `false`)\n- `TFMCP_MAX_RESOURCES`: Set maximum number of resources that can be managed (default: 50)\n- `TFMCP_AUDIT_ENABLED`: Set to `false` to disable audit logging (default: `true`)\n- `TFMCP_AUDIT_LOG_FILE`: Custom path for audit log file (default: `~/.tfmcp/audit.log`)\n- `TFMCP_AUDIT_LOG_SENSITIVE`: Set to `true` to include sensitive information in audit logs (default: `false`)\n\n## Security Considerations\n\ntfmcp includes comprehensive security features designed for production use:\n\n### 🔒 Built-in Security Features\n- **Access Controls**: Automatic blocking of production/sensitive file patterns\n- **Operation Restrictions**: Dangerous operations (apply/destroy) disabled by default\n- **Resource Limits**: Configurable maximum resource count protection\n- **Audit Logging**: Complete operation tracking with timestamps and user identification\n- **Directory Validation**: Security policy enforcement for project directories\n\n### 🛡️ Security Best Practices\n- **Default Safety**: Apply/destroy operations are disabled by default - explicitly enable only when needed\n- **Review Plans**: Always review Terraform plans before applying, especially AI-generated ones\n- **IAM Boundaries**: Use appropriate IAM permissions and role boundaries in cloud environments\n- **Audit Monitoring**: Regularly review audit logs at `~/.tfmcp/audit.log`\n- **File Patterns**: Built-in protection against accessing `prod*`, `production*`, and `secret*` patterns\n- **Docker Security**: When using containers, carefully consider volume mounts and exposed data\n\n### ⚙️ Production Configuration\n```bash\n# Recommended production settings\nexport TFMCP_ALLOW_DANGEROUS_OPS=false    # Keep disabled for safety\nexport TFMCP_ALLOW_AUTO_APPROVE=false     # Require manual approval\nexport TFMCP_MAX_RESOURCES=10             # Limit resource scope\nexport TFMCP_AUDIT_ENABLED=true           # Enable audit logging\nexport TFMCP_AUDIT_LOG_SENSITIVE=false    # Don't log sensitive data\n```\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n1. Fork the repository\n2. Create your feature branch (`git checkout -b feature/amazing-feature`)\n3. Run quality checks before committing:\n   ```bash\n   cargo fmt --all\n   cargo clippy --all-targets --all-features\n   cargo test --all-features\n   ```\n4. Commit your changes (`git commit -m 'Add some amazing feature'`)\n5. Push to the branch (`git push origin feature/amazing-feature`)\n6. Open a Pull Request\n\n### Release Process\n\nReleases are done manually (automated CI release is disabled):\n\n1. Update version in `Cargo.toml`\n2. Create GitHub release: `gh release create v0.1.x --title \"v0.1.x - Title\" --notes \"Release notes\"`\n3. Publish to crates.io: `cargo publish`\n\n## Roadmap\n\nHere are some planned improvements and future features for tfmcp:\n\n### Completed\n- [x] **Basic Terraform Integration**  \n  Core integration with Terraform CLI for analyzing and executing operations.\n\n- [x] **MCP Server Implementation**  \n  Initial implementation of the Model Context Protocol server for AI assistants.\n\n- [x] **Automatic Project Creation**  \n  Added functionality to automatically create sample Terraform projects when needed.\n\n- [x] **Claude Desktop Integration**  \n  Support for seamless integration with Claude Desktop.\n\n- [x] **Core MCP Methods**  \n  Implementation of essential MCP methods including resources/list and prompts/list.\n\n- [x] **Error Handling Improvements**  \n  Better error handling and recovery mechanisms for robust operation.\n\n- [x] **Dynamic Project Directory Switching**  \n  Added ability to change the active Terraform project directory without restarting the service.\n\n- [x] **Crates.io Publication**  \n  Published the package to Crates.io for easy installation via Cargo.\n  \n- [x] **Docker Support**  \n  Added containerization support for easier deployment and cross-platform compatibility.\n\n- [x] **Security Enhancements**\n  Comprehensive security system with configurable policies, audit logging, access controls, and production-ready safety features.\n\n- [x] **Module Health Analysis (v0.1.6)**\n  Whitebox approach to IaC with cohesion/coupling metrics, health scoring, and refactoring suggestions.\n\n- [x] **Resource Dependency Graph (v0.1.6)**\n  Visualization of resource relationships including explicit and implicit dependencies.\n\n- [x] **Module Registry Integration (v0.1.6)**\n  Search and explore Terraform modules from the registry.\n\n- [x] **Comprehensive Testing Framework**\n  85+ tests including integration tests with real Terraform configurations.\n\n- [x] **RMCP SDK Migration (v0.1.8)**\n  Migrated to official RMCP SDK with proper tool annotations for better MCP compliance.\n\n- [x] **Future Architect Guidelines (v0.1.8)**\n  Terraform coding standards compliance checks with secret detection and variable quality validation.\n\n### In Progress\n- [ ] **Multi-Environment Support**\n  Add support for managing multiple Terraform environments, workspaces, and modules.\n\n### Planned\n- [ ] **Expanded MCP Protocol Support**\n  Implement additional MCP methods and capabilities for richer integration with AI assistants.\n\n- [ ] **Performance Optimization**  \n  Optimize resource usage and response times for large Terraform projects.\n\n- [ ] **Cost Estimation**  \n  Integrate with cloud provider pricing APIs to provide cost estimates for Terraform plans.\n\n- [ ] **Interactive TUI**  \n  Develop a terminal-based user interface for easier local usage and debugging.\n\n- [ ] **Integration with Other AI Platforms**  \n  Extend beyond Claude to support other AI assistants and platforms.\n\n- [ ] **Plugin System**  \n  Develop a plugin architecture to allow extensions of core functionality.\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnwiizo%2Ftfmcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnwiizo%2Ftfmcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnwiizo%2Ftfmcp/lists"}