-
Notifications
You must be signed in to change notification settings - Fork 6
Release v5.0.0
Huzefaaa2 edited this page May 13, 2026
·
1 revision
v5.0.0 moves Terraform Guardrail from explaining governance decisions to operating the governance loop. It keeps the v2 enterprise control plane, v3 ecosystem layer, and v4 intelligence features, then adds remediation workflows, scheduled governance, GitHub PR automation, evidence scheduling, and dashboard trends.
- GitHub Release: https://github.com/Huzefaaa2/terraform-guardrail/releases/tag/v5.0.0
- PyPI: https://pypi.org/project/terraform-guardrail/5.0.0/
- README: https://github.com/Huzefaaa2/terraform-guardrail
- Roadmap: Roadmap
- Guide: Autonomous Governance
| Capability | Delivered behavior |
|---|---|
| Remediation plans | Converts stored evaluation results into reviewable actions with suggested fixes and Terraform snippet previews. |
| PR-ready patch bundles | Generates branch metadata, commit messages, PULL_REQUEST.md, manifests, and Terraform snippet files. |
| GitHub PR automation | Records safe dry-run PR plans by default and can call gh pr create when explicitly requested. |
| Scheduled scans | Stores recurring governance scan targets with path, cadence, provider, baseline, fail threshold, and context. |
| Evidence scheduling | Defines recurring JSON, CSV, or PDF audit exports by result, context, standard, or control. |
| Background runner | Executes enabled scan and evidence schedules from a cron, CI, CodeBuild, or platform orchestrator entrypoint. |
| Governance health | Summarizes decisions, recurring rules, waivers, evidence, remediation plans, PR records, and risk signals. |
| Trend dashboard | Charts waiver aging, evidence coverage, remediation flow, PR activity, and 7-day governance activity. |
terraform-guardrail evaluate ./infra \
--context environment=prod \
--context risk_tier=high \
--format jsonterraform-guardrail enterprise remediation create <result-id> \
--format markdown \
--output guardrail-remediation.md
terraform-guardrail enterprise remediation patch-bundle <plan-id>
terraform-guardrail enterprise remediation github-pr <bundle-id> \
--repository Huzefaaa2/terraform-guardrailterraform-guardrail enterprise schedule create \
--name daily-prod \
--path ./infra \
--cadence daily \
--provider aws \
--context environment=prod
terraform-guardrail evidence schedule create \
--name monthly-soc2 \
--standard SOC2 \
--format json \
--repo payments-infra
terraform-guardrail enterprise automation run
terraform-guardrail enterprise trendsPOST /remediation/plansPOST /remediation/patch-bundlesPOST /remediation/patch-bundles/{bundle_id}/github-prGET /governance/healthGET /governance/trendsPOST /scheduled-scansPOST /scheduled-scans/{target_id}/runPOST /evidence/schedulesPOST /evidence/schedules/{schedule_id}/runPOST /automation/run
The v5.0.0 release hardening path verifies:
- Full test suite.
- Ruff linting.
- Source distribution and wheel build.
- Wheel installation smoke test.
- CLI version and enterprise command smoke tests.
- GitHub Actions CI on
main.
- Existing v1-v4 CLI, REST API, web UI, Streamlit, MCP, registry, policy bundle, and evidence flows remain backward compatible.
- Enterprise data still defaults to
.guardrail/enterpriseand can be overridden withGUARDRAIL_ENTERPRISE_DATA_DIR. - GitHub PR automation is dry-run by default; use
--createonly after the remediation branch has been prepared and pushed. - Windows installation is through PyPI:
py -m pip install terraform-guardrail.