-
Notifications
You must be signed in to change notification settings - Fork 6
Home
Huzefaaa2 edited this page Jan 24, 2026
·
52 revisions
Terraform Guardrail MCP (Model Context Protocol) is a governance control plane for Infrastructure as Code. It runs outside Terraform, exposes provider context, and enforces guardrails that prevent bad state before apply.
Non-negotiable safety floor, composable freedom above it. Guardrails live outside Terraform.
flowchart LR
USER[Platform + Product Teams] --> CHANNELS[CLI • Streamlit • REST API • MCP]
CHANNELS --> GUARDRAIL[Terraform Guardrail MCP]
GUARDRAIL --> REPORTS[Readable Guidance + Evidence]
GUARDRAIL --> TERRAFORM[Safer Terraform Applies]
- Roadmap
- Architecture
- Diagrams
- Comparison with Other Tools
- CLI Usage
- GitHub Action
- MCP Server
- Compliance Rules
- Streamlit Deployment
- Docker Compose Stack
- Live Streamlit App
- PyPI Package
- Release Process
- Version: 0.2.10
- Container image: https://github.com/Huzefaaa2/terraform-guardrail/pkgs/container/terraform-guardrail
- Supported providers: AWS, Azure, GCP, Kubernetes, Helm, OCI, Vault, Alicloud, vSphere
- Local stack: Docker Compose (API + UI + policy registry, optional analytics)
- Policy registry: OPA bundles published under
/bundles/*.tar.gz - Policy evaluation available via CLI when OPA is installed
| Area | CLI | Web UI / Streamlit |
|---|---|---|
Config scan (.tf, .tfvars, .hcl) |
Yes | Yes |
State leak scan (.tfstate) |
Yes | Yes |
| Schema-aware validation | Yes | Yes |
| CSV export | No | Yes |
| Provider metadata | Yes | Yes |
| Snippet generation | Yes | No |
| Multi-file scan | Yes (directory) | Yes (upload up to 10) |