tfmcp

A Rust-based MCP tool providing AI assistants with 31 structured tools to manage Terraform environments, including plan analysis with risk scoring, state drift detection, workspace management, and security scanning.

Evaluated Mar 07, 2026 (0d ago) vv0.1.9
Homepage ↗ Repo ↗ Other terraform mcp infrastructure-as-code rust devops ai-ops security
⚙ Agent Friendliness
77
/ 100
Can an agent use this?
🔒 Security
83
/ 100
Is it safe for agents?
⚡ Reliability
76
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
80
Error Messages
70
Auth Simplicity
72
Rate Limits
72

🔒 Security

TLS Enforcement
95
Auth Strength
82
Scope Granularity
78
Dep. Hygiene
80
Secret Handling
80

Terraform MCP server. Uses Terraform Cloud tokens or local credentials. Infrastructure provisioning = high blast radius. Use read-only tokens for planning, separate write tokens for apply.

⚡ Reliability

Uptime/SLA
78
Version Stability
78
Breaking Changes
75
Error Recovery
75
AF Security Reliability

Best When

Your team uses Terraform and wants AI assistants to help analyze plans, inspect state, and manage workspaces safely with built-in guardrails against destructive operations.

Avoid When

You need fully automated apply/destroy without human oversight, or your infrastructure tooling is not Terraform-based.

Use Cases

  • AI-assisted Terraform plan review with automated risk scoring before applying changes
  • Natural language infrastructure queries (e.g., 'show me drifted resources in production')
  • Workspace management and state inspection for multi-environment Terraform setups
  • Security scanning of Terraform configs for secrets and dangerous patterns
  • Dependency graph visualization and module health analysis

Not For

  • Teams using Pulumi, CDK, or other non-Terraform IaC tools
  • Fully automated unattended apply workflows without human review (dangerous ops disabled by default)
  • Air-gapped environments without Terraform CLI installed

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: environment-variable
OAuth: No Scopes: No

Uses Terraform's own credential chain (env vars, ~/.terraform.d/credentials.tfrc.json, etc.). TFMCP_ALLOW_DANGEROUS_OPS, TFMCP_MAX_RESOURCES, and TFMCP_AUDIT_ENABLED control safety behavior.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Open source. Terraform CLI and any cloud provider costs apply separately.

Agent Metadata

Pagination
none
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Dangerous operations (apply/destroy) disabled by default via TFMCP_ALLOW_DANGEROUS_OPS=false - must be explicitly enabled
  • Requires Terraform CLI to be installed and accessible in PATH
  • Requires Rust 1.85.0+ (edition 2024) to build from source
  • Resource limit of 50 by default (TFMCP_MAX_RESOURCES) may be too low for large state files
  • Sensitive file pattern blocking (prod*, secret*) is heuristic-based and may produce false positives

Alternatives

OpenTofu MCP Pulumi AI Spacelift Atlantis

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for tfmcp.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered