Skip to main content

Local-first control plane for Terraform & Terragrunt — inventory, plan/apply, drift, locks and a cloud shell, in one UI.

Project description

TerraUi

A local-first control plane for Terraform & Terragrunt. Point it at the folder that holds all your IaC repos; it discovers every unit, and gives one web UI to inventory stacks, run plan/apply/destroy (streamed live), detect drift, read state and locks, browse the Terragrunt dependency graph, open a cloud shell, and ask an AI assistant.

This repo implements the TerraUi.dc.html design (the product surface) plus the backend from BACKEND_SPEC.md. It ships as a Python package with the compiled frontend bundled and served at /.

pip install -e .            # from this repo (Python 3.10+)
cd ~/acme/infra             # the folder containing your IaC repos
terraui start               # discovers everything, opens http://localhost:8787

No IaC in the current folder? terraui start falls back to a fully-populated demo dataset (the one from the design) so you can explore the whole UI.

Cloud SDK setup (gcloud / aws / az)

TerraUi shells out to your existing cloud CLIs — it never stores credentials. On first terraui start it runs a read-only check of the providers your stacks actually use and, if anything is missing, points you at terraui setup:

terraui setup            # per provider: detect → offer install → offer login

setup is per-provider and skippable — if you only use GCP, skip AWS and Azure and configure them later. It shows the exact install/login command before running it and asks for confirmation; nothing happens silently. GCP runs both required logins (gcloud auth login for the CLI and gcloud auth application-default login for the Terraform provider).

CLI

terraui start [PATH]        Local mode: scan PATH (default cwd), serve UI + executor
    --port 8787             Port (default 8787)
    --scan ./live ./mods    Extra roots to scan
    --no-open               Don't auto-open the browser
    --shell powershell|zsh|bash
    --drift-interval 30m    Background drift cadence (0 = off)
    --demo                  Force the bundled demo dataset
    --check                 Run interactive cloud-SDK setup before serving
    --skip-checks           Skip the cloud-SDK status check

terraui setup [PATH]        Detect / install / authenticate cloud SDKs (per-provider, skippable)
    --providers aws,gcp,azure   Limit to specific providers
    --yes                       Non-interactive (install only; skip browser logins)

terraui scan [PATH] --json  Print discovered units as JSON (CI / debug)
terraui server  --config …  Team mode (scaffold — see BACKEND_SPEC §11)
terraui agent   --server …  Remote executor (scaffold)

What's implemented

Area Status
Discovery (HCL walk, backend/provider/deps parse, Terragrunt DAG) discovery/
Execution engine (flag model → build_command, streamed over WS, persisted) execution/, store/
Cloud auth probes (AWS / GCP-with-ADC / Azure) clouds/
State & lock read (terraform state list, acquire/release) state/
Drift (per-stack snapshots; demo data, live scan scaffolded) drift endpoint
Cloud Shell PTY (pywinpty / ptyprocess, subprocess fallback) shell/
AI assistant (Claude claude-haiku-4-5 proxy + offline fallback) ai/
Frontend bundle (all views, drawer, flag modal, toast) web/index.html
VCS webhooks, server/agent mode, RBAC, policy gates ☐ scaffolded (§10–11)

The command the UI previews is exactly the command the executor runs — buildCmdStr (frontend) and build_command (backend) are kept identical and unit-tested against the spec example (terragrunt run-all plan -var-file=env/prod.tfvars --terragrunt-non-interactive).

Architecture

Browser (web/index.html)
  REST  /api/*            inventory, runs, drift, locks, graph, clouds, ai
  WS    /ws/run/{id}      live plan/apply output
  WS    /ws/term/{sess}   PTY terminal
        │
FastAPI app (server/app.py)
  discovery · execution · clouds · state · drift · ai · store
        │ subprocess (user's shell)
        ▼
terraform / terragrunt / aws / gcloud / az  on the local machine

Develop

pip install -e ".[dev,pty]"
pytest                       # command builder, discovery, API smoke tests
terraui start --demo         # run the UI against the demo dataset

The AI assistant proxies to Claude when ANTHROPIC_API_KEY is set (model claude-haiku-4-5); otherwise it returns grounded canned answers. The key never reaches the browser.

Security

Local mode binds to 127.0.0.1. No secrets are stored — TerraUi shells out using the cloud SDK credential chains already on your machine. Commands are built from a structured flag model and passed as argv (never shell-interpolated); the action is checked against an allow-list. Secrets are redacted from streamed logs before they are persisted. See BACKEND_SPEC.md §14 for the full model.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

terraui-0.1.9.tar.gz (89.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

terraui-0.1.9-py3-none-any.whl (83.8 kB view details)

Uploaded Python 3

File details

Details for the file terraui-0.1.9.tar.gz.

File metadata

  • Download URL: terraui-0.1.9.tar.gz
  • Upload date:
  • Size: 89.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for terraui-0.1.9.tar.gz
Algorithm Hash digest
SHA256 19ef690d286c7c3b9d8d16cf523be77092b4db23c43c881a5b5ccca749e7e254
MD5 b8e014b3bb4ae95b55d5f95c17a3180b
BLAKE2b-256 20524e07b68ffb24b7a39371cb28bfa583edf4c32a180ac7ffbf40dbd63b9ed2

See more details on using hashes here.

File details

Details for the file terraui-0.1.9-py3-none-any.whl.

File metadata

  • Download URL: terraui-0.1.9-py3-none-any.whl
  • Upload date:
  • Size: 83.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for terraui-0.1.9-py3-none-any.whl
Algorithm Hash digest
SHA256 638d34bc24143713a4186b8e90b4f078777e3e82a191526bbc1e29ce64241bc4
MD5 cdbe5cc0bc64f8a989621773853cc68c
BLAKE2b-256 ddae0d03dfb8db967276a4484e8511119e0ccf9f242d2cb972ba85d630da9a86

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page