infiniumtek/terraform-review-agent — explained in plain English
Analysis updated 2026-05-18
Automatically catch insecure Terraform configs like unencrypted storage buckets before they merge.
See the monthly cost impact of infrastructure changes directly on the pull request.
Enforce consistent Terraform formatting and linting across a team without manual review.
Block merges when a change introduces a high or critical severity infrastructure risk.
| infiniumtek/terraform-review-agent | ajay150313/agentsre-langchain | lorenliu13/claude-code-for-hydrology | |
|---|---|---|---|
| Stars | 44 | 44 | 44 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | easy | easy |
| Complexity | 3/5 | 2/5 | 2/5 |
| Audience | ops devops | developer | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires an API key for whichever LLM provider you choose (OpenAI, Anthropic, or Google).
Terraform is a tool that developers use to define and provision infrastructure, such as servers, databases, and networks, using code files rather than clicking through web interfaces. When a team uses Terraform, they submit changes via pull requests for review before applying them. This project automates part of that review: it is a reusable GitHub Actions workflow that reads the changed Terraform files in a pull request and posts a single comment summarizing what it found. Three specialized reviewers run in parallel each time the workflow triggers. One checks for security misconfigurations using two scanners called tfsec and checkov, which look for things like storage buckets without encryption or resources exposed to the internet. A second reviewer estimates how much the proposed changes would cost per month, using a tool called infracost. The third checks formatting and style consistency using tflint and terraform fmt. Each reviewer hands its raw scanner findings to an AI language model, which rephrases each finding into a plain, actionable sentence. The AI cannot change severity ratings, file references, or rule identifiers, so the set of findings is consistent across runs. All findings from all three reviewers are merged, deduplicated, ranked by severity, and posted as one comment on the pull request. On the next push, that same comment is edited in place rather than creating a new one. Setup requires adding a small workflow YAML file to the repository. The caller specifies which AI provider to use (OpenAI, Anthropic, or Google), which model, and at what severity level a finding should fail the CI check. Cost review is optional and requires a free Infracost API key. All scanner binaries ship inside a prebuilt container image, so there is nothing to install on each run.
A GitHub Action that reviews Terraform pull requests for security issues, cost changes, and style problems, then posts one summary comment.
Mainly Python. The stack also includes Python, LangGraph, Terraform.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.