v1.0.0 — first stable release

terraform-review-agent v1.0.0 — first stable release

A reusable GitHub Actions workflow that reviews Terraform pull requests with a LangGraph multi-agent system and posts a single, severity-ranked sticky comment.

Highlights

• Multi-agent review. Three specialists run in parallel over the PR's changed Terraform files:
  • 🔒 Security — tfsec + checkov
  • 💰 Cost — infracost diff vs. the base branch
  • 🎨 Style — tflint + terraform fmt -check
• Deterministic findings. Scanners own detection and severity; the LLM only rewords each finding into a concise, actionable sentence — so the finding set is stable run to run.
• One sticky comment. Findings are merged, de-duplicated by (file, rule, line), severity-ranked, and upserted in place on every push. low/info collapse into a <details> block.
• Choice of LLM provider. OpenAI, Anthropic, or Google (Gemini), selectable via workflow inputs.
• Prebuilt container. Ships on GHCR bundling pinned terraform, tfsec, tflint, infracost, and checkov — no per-run tool installs.
• CI gating. Optional fail-on-severity floor fails the check on findings at/above a chosen severity (the comment is still posted first).

Usage

Call the reusable workflow from your repo and pin to this release:

jobs:
  terraform-review:
    uses: infiniumtek/terraform-review-agent/.github/workflows/terraform-review.yml@v1.0.0
    permissions:
      contents: read
      pull-requests: write
    with:
      llm-provider: anthropic
      llm-model: claude-sonnet-4-5
      fail-on-severity: high
    secrets:
      anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
      infracost-api-key: ${{ secrets.INFRACOST_API_KEY }}

See the README and examples/example-caller.yml for full inputs, secrets, and a sample comment.

Quality

• mypy --strict, ruff, and the full unit + integration test suite (131 tests) pass.
• Built on Python 3.13, LangGraph, and Pydantic v2.