Skip to main content

Local-first control plane for Terraform & Terragrunt — inventory, plan/apply, drift, locks and a cloud shell, in one UI.

Project description

TerraUi

A local-first control plane for Terraform & Terragrunt. Point it at the folder that holds all your IaC repos; it discovers every unit, and gives one web UI to inventory stacks, run plan/apply/destroy (streamed live), detect drift, read state and locks, browse the Terragrunt dependency graph, open a cloud shell, and ask an AI assistant.

This repo implements the TerraUi.dc.html design (the product surface) plus the backend from BACKEND_SPEC.md. It ships as a Python package with the compiled frontend bundled and served at /.

pip install -e .            # from this repo (Python 3.10+)
cd ~/acme/infra             # the folder containing your IaC repos
terraui start               # discovers everything, opens http://localhost:8787

No IaC in the current folder? terraui start falls back to a fully-populated demo dataset (the one from the design) so you can explore the whole UI.

Cloud SDK setup (gcloud / aws / az)

TerraUi shells out to your existing cloud CLIs — it never stores credentials. On first terraui start it runs a read-only check of the providers your stacks actually use and, if anything is missing, points you at terraui setup:

terraui setup            # per provider: detect → offer install → offer login

setup is per-provider and skippable — if you only use GCP, skip AWS and Azure and configure them later. It shows the exact install/login command before running it and asks for confirmation; nothing happens silently. GCP runs both required logins (gcloud auth login for the CLI and gcloud auth application-default login for the Terraform provider).

CLI

terraui start [PATH]        Local mode: scan PATH (default cwd), serve UI + executor
    --port 8787             Port (default 8787)
    --scan ./live ./mods    Extra roots to scan
    --no-open               Don't auto-open the browser
    --shell powershell|zsh|bash
    --drift-interval 30m    Background drift cadence (0 = off)
    --demo                  Force the bundled demo dataset
    --check                 Run interactive cloud-SDK setup before serving
    --skip-checks           Skip the cloud-SDK status check

terraui setup [PATH]        Detect / install / authenticate cloud SDKs (per-provider, skippable)
    --providers aws,gcp,azure   Limit to specific providers
    --yes                       Non-interactive (install only; skip browser logins)

terraui scan [PATH] --json  Print discovered units as JSON (CI / debug)
terraui server  --config …  Team mode (scaffold — see BACKEND_SPEC §11)
terraui agent   --server …  Remote executor (scaffold)

What's implemented

Area Status
Discovery (HCL walk, backend/provider/deps parse, Terragrunt DAG) discovery/
Execution engine (flag model → build_command, streamed over WS, persisted) execution/, store/
Cloud auth probes (AWS / GCP-with-ADC / Azure) clouds/
State & lock read (terraform state list, acquire/release) state/
Drift (per-stack snapshots; demo data, live scan scaffolded) drift endpoint
Cloud Shell PTY (pywinpty / ptyprocess, subprocess fallback) shell/
AI assistant (Claude claude-haiku-4-5 proxy + offline fallback) ai/
Frontend bundle (all views, drawer, flag modal, toast) web/index.html
VCS webhooks, server/agent mode, RBAC, policy gates ☐ scaffolded (§10–11)

The command the UI previews is exactly the command the executor runs — buildCmdStr (frontend) and build_command (backend) are kept identical and unit-tested against the spec example (terragrunt run-all plan -var-file=env/prod.tfvars --terragrunt-non-interactive).

Architecture

Browser (web/index.html)
  REST  /api/*            inventory, runs, drift, locks, graph, clouds, ai
  WS    /ws/run/{id}      live plan/apply output
  WS    /ws/term/{sess}   PTY terminal
        │
FastAPI app (server/app.py)
  discovery · execution · clouds · state · drift · ai · store
        │ subprocess (user's shell)
        ▼
terraform / terragrunt / aws / gcloud / az  on the local machine

Develop

pip install -e ".[dev,pty]"
pytest                       # command builder, discovery, API smoke tests
terraui start --demo         # run the UI against the demo dataset

The AI assistant proxies to Claude when ANTHROPIC_API_KEY is set (model claude-haiku-4-5); otherwise it returns grounded canned answers. The key never reaches the browser.

Security

Local mode binds to 127.0.0.1. No secrets are stored — TerraUi shells out using the cloud SDK credential chains already on your machine. Commands are built from a structured flag model and passed as argv (never shell-interpolated); the action is checked against an allow-list. Secrets are redacted from streamed logs before they are persisted. See BACKEND_SPEC.md §14 for the full model.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

terraui-0.1.8.tar.gz (86.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

terraui-0.1.8-py3-none-any.whl (80.8 kB view details)

Uploaded Python 3

File details

Details for the file terraui-0.1.8.tar.gz.

File metadata

  • Download URL: terraui-0.1.8.tar.gz
  • Upload date:
  • Size: 86.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for terraui-0.1.8.tar.gz
Algorithm Hash digest
SHA256 d5e2a56704344bc905973314bc07084464424ccb2e286a5ed0398e245945dd66
MD5 77d3ff022ae1e0fc4a99e0ff5d3027a3
BLAKE2b-256 6e3ea0a3d14275f3a4bda8815626a13d3e15e0903b5bd7ecfd3c401e820ebfbc

See more details on using hashes here.

File details

Details for the file terraui-0.1.8-py3-none-any.whl.

File metadata

  • Download URL: terraui-0.1.8-py3-none-any.whl
  • Upload date:
  • Size: 80.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for terraui-0.1.8-py3-none-any.whl
Algorithm Hash digest
SHA256 40dc7f79632bc52e8b84fc1fd51ad26659a7bb73fecab090de4004d033704bdf
MD5 a4e03d4bbfc93f2248129c8f47ffe589
BLAKE2b-256 a713531b0cc4e312113e5fc781254ca99add354a7ecc6d17e8012270f3c2f3c1

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page