Skip to main content

AI-powered Terraform plan reviewer — verify your plan matches your intent before apply

Project description

tfrev — AI-Powered Terraform Plan Reviewer

Verify your Terraform plan matches your code intent before apply.

tfrev uses Claude AI to review your terraform plan output against your code changes, catching mismatches, security risks, and unexpected side effects before they hit production. Works with any Terraform provider — AWS, Azure, GCP, Kubernetes, and more.

Quick Start

# Install
pip install tfrev

# Set your API key
export ANTHROPIC_API_KEY=sk-ant-...

# Review a plan
terraform plan -out=tfplan
terraform show -json tfplan > plan.json

tfrev review --plan plan.json

Or use auto-detection:

terraform plan -out=tfplan
tfrev review --auto

To diff against a specific ref (e.g. last deployed SHA):

tfrev review --plan plan.json --base-ref abc1234

What It Catches

  • Intent mismatches — plan does something the code change didn't intend
  • Unexpected replacements — a tag change triggering a full resource destroy+create
  • Security regressions — widened security groups, broadened IAM policies
  • Blast radius — too many resources changing at once
  • Drift — plan changes with no corresponding code change
  • Policy violations — custom team rules defined in .tfrev.yaml

CI/CD Integration

GitHub Actions

- name: AI Plan Review
  uses: bishalOps/tfrev@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    post_comment: "true"
    fail_on: high

GitLab CI

include:
  - remote: 'https://raw.githubusercontent.com/bishalOps/tfrev/main/ci/gitlab/.gitlab-ci-template.yml'

Jenkins

Copy ci/jenkins/Jenkinsfile into your repo and add ANTHROPIC_API_KEY as a credential.

Any CI/CD

pip install tfrev
export ANTHROPIC_API_KEY=$YOUR_SECRET
tfrev review --auto --output markdown --fail-on high --quiet

Note: Always pass --quiet in CI/CD. Without it, tfrev prompts for interactive confirmation before sending the plan + diff to Claude and will hang waiting for input on a non-interactive stdin. --quiet also suppresses the --base-ref confirmation and the context-overflow prompt.

Configuration

Create a .tfrev.yaml in your project root:

model: claude-sonnet-4-6
fail_on: high
policies:
  - name: no-public-ingress
    description: "Flag security group rules allowing 0.0.0.0/0"
    severity: critical
sensitive_resources:
  - aws_iam_*            # AWS
  - google_project_iam_* # GCP
  - azurerm_key_vault*   # Azure

See .tfrev.yaml.example for all options.

Sample Output

────────────────────────────────────────────────────────────────────────
  ❌  Verdict: FAIL   Confidence: 95%
────────────────────────────────────────────────────────────────────────

  This plan contains three significant security regressions introduced by the code diff:
  SSH access widened from a private CIDR to 0.0.0.0/0, an RDS database marked
  publicly_accessible=true, and an S3 bucket ACL changed from private to public-read. All
  four resource creations are explained by code changes, but the security posture of the
  planned infrastructure is critically degraded and should not be applied without
  deliberate review and approval.

  Resources: 4 reviewed  |  +4 create  |  ~0 update  |  -0 delete  |  -/+0 replace

  ID     Severity     Category             Resource                                   Title
  ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  F001   CRITICAL     security             aws_security_group.web_sg                  SSH ingress opened to the entire internet (0.0.0.0/0)
  F002   CRITICAL     security             aws_db_instance.app_db                     RDS database instance set to publicly_accessible=true
  F003   HIGH         security             aws_s3_bucket.app_assets                   S3 bucket ACL changed from private to public-read
  F004   MEDIUM       best_practice        aws_db_instance.app_db                     deletion_protection is false on the database resource
  F005   MEDIUM       best_practice        aws_db_instance.app_db                     db_instance_class upsized from db.t3.small to db.t3.medium
  F006   LOW          best_practice        general                                    All four resources lack lifecycle prevent_destroy protections

  ────────────────────────────────────────────────────────────────────────
  [F001] ❗ CRITICAL — SSH ingress opened to the entire internet (0.0.0.0/0)

  The code diff explicitly changes ingress_ssh_cidr from 10.0.0.0/8 (a private RFC-1918
  range) to 0.0.0.0/0, exposing SSH (port 22) to all public IPs.

  Code: main.tf (lines 18-19)
  Plan: aws_security_group.web_sg (create)

  Recommendation:
  Revert ingress_ssh_cidr to a specific, restricted CIDR. Consider using AWS Systems
  Manager Session Manager to eliminate SSH exposure entirely.

  ────────────────────────────────────────────────────────────────────────
  [F002] ❗ CRITICAL — RDS database instance set to publicly_accessible=true

  ...

Output Formats

tfrev review --plan plan.json --output table     # Terminal (default)
tfrev review --plan plan.json --output markdown  # PR comments
tfrev review --plan plan.json --output json      # Machine consumption

Exit Codes

Code Meaning
0 Review passed
1 Review failed (findings at or above --fail-on severity)
2 Error (API failure, invalid input)

Cost

Each review is a single Claude API call. Typical cost is $0.01–$0.10 per review depending on plan size and model. If the combined input exceeds the model's context window, tfrev drops context files to fit — it never splits into multiple calls.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tfrev-2.0.0.tar.gz (40.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tfrev-2.0.0-py3-none-any.whl (31.6 kB view details)

Uploaded Python 3

File details

Details for the file tfrev-2.0.0.tar.gz.

File metadata

  • Download URL: tfrev-2.0.0.tar.gz
  • Upload date:
  • Size: 40.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for tfrev-2.0.0.tar.gz
Algorithm Hash digest
SHA256 530d75272146a39b3006dbaf27841b9d2bae0df933433ba5c4826a992699db5b
MD5 2c75ad5c7eb21e610658418b22618322
BLAKE2b-256 7ffbe705e4f33cbb85013e627a5210de64274141ee2f2144991e2a62052cdb25

See more details on using hashes here.

Provenance

The following attestation bundles were made for tfrev-2.0.0.tar.gz:

Publisher: publish.yml on bishalOps/tfrev

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file tfrev-2.0.0-py3-none-any.whl.

File metadata

  • Download URL: tfrev-2.0.0-py3-none-any.whl
  • Upload date:
  • Size: 31.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for tfrev-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b3d4ca0063bfd33521b08ddb935ac9074c2998117a4d015dee8a40d3d9225850
MD5 27110cb37df7ab941f528436076eec40
BLAKE2b-256 5ea2faaaf0c7a82db4aaaa2bf8fa4d868055275c6b1d010d2a93adf6662e289f

See more details on using hashes here.

Provenance

The following attestation bundles were made for tfrev-2.0.0-py3-none-any.whl:

Publisher: publish.yml on bishalOps/tfrev

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page