Install command
Provided
Automatically runs terraform plan when .tf files are modified to preview infrastructure changes.
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
0
78
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as source-backed.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
No package verification flag provided.
Checksum metadata
No checksum provided for downloaded artifact.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Provided
Config snippet
Provided
Copy snippet
Provided
Prerequisites
None
Platforms
1 listed
Difficulty
0/100
Adoption plan
Current risk score 16/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
No package verification/checksum metadata.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (5/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is missing.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
5/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is missing.
rollout
Install payload is available.
No required blockers for this timeline preset.
Safety & privacy surface
3 safety and 3 privacy notes across 4 risk areas. Review closely: credentials & tokens, third-party handling.
#!/bin/bash
# Read the tool input from stdin
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [ -z "$FILE_PATH" ]; then
exit 0
fi
# Check if this is a Terraform file
if [[ "$FILE_PATH" == *.tf ]] || [[ "$FILE_PATH" == *.tfvars ]]; then
echo "🏗️ Terraform Plan Executor - Analyzing infrastructure changes..."
echo "📄 File: $FILE_PATH"
# Check if file exists
if [ ! -f "$FILE_PATH" ]; then
echo "⚠️ Terraform file not found: $FILE_PATH"
exit 1
fi
# Get the directory containing the Terraform file
TF_DIR=$(dirname "$FILE_PATH")
TF_FILE=$(basename "$FILE_PATH")
echo "📁 Working directory: $TF_DIR"
cd "$TF_DIR" || exit 1
# Check if Terraform is installed
if ! command -v terraform >/dev/null 2>&1; then
echo "⚠️ Terraform not found - please install Terraform"
echo "💡 Install from: https://www.terraform.io/downloads"
exit 1
fi
# Get Terraform version
TF_VERSION=$(terraform version -json 2>/dev/null | jq -r '.terraform_version' 2>/dev/null || terraform version | head -1)
echo "📦 Terraform version: $TF_VERSION"
# Step 1: Format check
echo ""
echo "🎨 Checking Terraform formatting..."
if terraform fmt -check "$TF_FILE"; then
echo "✅ Terraform formatting is correct"
else
echo "⚠️ Terraform formatting issues detected"
echo "💡 Run 'terraform fmt' to fix formatting"
# Auto-fix formatting if requested
echo "🔧 Auto-fixing formatting..."
terraform fmt "$TF_FILE"
echo "✅ Formatting applied to $TF_FILE"
fi
# Step 2: Validation
echo ""
echo "🔍 Validating Terraform configuration..."
if terraform validate; then
echo "✅ Terraform configuration is valid"
else
echo "❌ Terraform validation failed"
echo "💡 Fix validation errors before proceeding"
exit 1
fi
# Step 3: Initialize if needed
if [ ! -d ".terraform" ]; then
echo ""
echo "🔄 Initializing Terraform..."
if terraform init; then
echo "✅ Terraform initialized successfully"
else
echo "❌ Terraform initialization failed"
exit 1
fi
fi
# Step 4: Run terraform plan
echo ""
echo "📋 Running Terraform plan..."
PLAN_FILE=".terraform-plan-$(date +%s)"
if terraform plan -out="$PLAN_FILE" -compact-warnings; then
echo "✅ Terraform plan completed successfully"
# Analyze the plan
echo ""
echo "📊 Plan Analysis:"
# Show plan summary
if terraform show -json "$PLAN_FILE" >/dev/null 2>&1; then
PLAN_JSON=$(terraform show -json "$PLAN_FILE" 2>/dev/null)
# Count changes
RESOURCES_TO_ADD=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "create") | .address' 2>/dev/null | wc -l)
RESOURCES_TO_CHANGE=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "update") | .address' 2>/dev/null | wc -l)
RESOURCES_TO_DESTROY=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "delete") | .address' 2>/dev/null | wc -l)
echo " • Resources to add: $RESOURCES_TO_ADD"
echo " • Resources to change: $RESOURCES_TO_CHANGE"
echo " • Resources to destroy: $RESOURCES_TO_DESTROY"
# Show resource details if any changes
if [ "$RESOURCES_TO_ADD" -gt 0 ] || [ "$RESOURCES_TO_CHANGE" -gt 0 ] || [ "$RESOURCES_TO_DESTROY" -gt 0 ]; then
echo ""
echo "🔍 Detailed Changes:"
if [ "$RESOURCES_TO_ADD" -gt 0 ]; then
echo " 📦 Resources to create:"
echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "create") | " • " + .address' 2>/dev/null
fi
if [ "$RESOURCES_TO_CHANGE" -gt 0 ]; then
echo " 🔄 Resources to modify:"
echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "update") | " • " + .address' 2>/dev/null
fi
if [ "$RESOURCES_TO_DESTROY" -gt 0 ]; then
echo " 🗑️ Resources to destroy:"
echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "delete") | " • " + .address' 2>/dev/null
fi
else
echo " ℹ️ No infrastructure changes detected"
fi
fi
# Clean up plan file
rm -f "$PLAN_FILE"
else
echo "❌ Terraform plan failed"
rm -f "$PLAN_FILE"
exit 1
fi
# Additional analysis
echo ""
echo "🔍 Configuration Analysis:"
# Count resources in current file
RESOURCE_COUNT=$(grep -c '^resource ' "$TF_FILE" 2>/dev/null || echo 0)
DATA_COUNT=$(grep -c '^data ' "$TF_FILE" 2>/dev/null || echo 0)
VAR_COUNT=$(grep -c '^variable ' "$TF_FILE" 2>/dev/null || echo 0)
OUTPUT_COUNT=$(grep -c '^output ' "$TF_FILE" 2>/dev/null || echo 0)
echo " • Resources defined: $RESOURCE_COUNT"
echo " • Data sources: $DATA_COUNT"
echo " • Variables: $VAR_COUNT"
echo " • Outputs: $OUTPUT_COUNT"
# Check for common patterns
if grep -q 'provider ' "$TF_FILE" 2>/dev/null; then
echo " • 🔌 Provider configurations detected"
fi
if grep -q 'module ' "$TF_FILE" 2>/dev/null; then
echo " • 📦 Module usage detected"
fi
if grep -q 'locals ' "$TF_FILE" 2>/dev/null; then
echo " • 🏷️ Local values defined"
fi
# Security and best practices check
echo ""
echo "🔒 Security Analysis:"
if grep -i 'password\\|secret\\|key' "$TF_FILE" 2>/dev/null | grep -v 'var\.' | grep -v 'data\.' >/dev/null; then
echo " • ⚠️ Potential hardcoded secrets detected - use variables instead"
fi
if grep -q '0.0.0.0/0' "$TF_FILE" 2>/dev/null; then
echo " • ⚠️ Open security group rules detected (0.0.0.0/0)"
fi
if ! grep -q 'tags\\|Tags' "$TF_FILE" 2>/dev/null && [ "$RESOURCE_COUNT" -gt 0 ]; then
echo " • 💡 Consider adding resource tags for better management"
fi
echo ""
echo "💡 Terraform Best Practices:"
echo " • Use terraform fmt to maintain consistent formatting"
echo " • Store sensitive values in variables, not hardcoded"
echo " • Use remote state backend for team collaboration"
echo " • Implement resource tagging strategy"
echo " • Use terraform validate in CI/CD pipelines"
echo " • Review plans carefully before applying"
echo ""
echo "🎯 Terraform plan execution complete!"
else
echo "ℹ️ File is not a Terraform file: $FILE_PATH"
fi
exit 0{
"hooks": {
"postToolUse": {
"script": "./.claude/hooks/terraform-plan-executor.sh",
"matchers": [
"write",
"edit"
]
}
}
}.claude/settings.local.json~/.claude/settings.json.claude/settings.json{
"hooks": {
"postToolUse": {
"script": "./.claude/hooks/terraform-plan-executor.sh",
"matchers": ["write", "edit"]
}
}
}
#!/bin/bash
# Read the tool input from stdin
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [ -z "$FILE_PATH" ]; then
exit 0
fi
# Check if this is a Terraform file
if [[ "$FILE_PATH" == *.tf ]] || [[ "$FILE_PATH" == *.tfvars ]]; then
echo "🏗️ Terraform Plan Executor - Analyzing infrastructure changes..."
echo "📄 File: $FILE_PATH"
# Check if file exists
if [ ! -f "$FILE_PATH" ]; then
echo "⚠️ Terraform file not found: $FILE_PATH"
exit 1
fi
# Get the directory containing the Terraform file
TF_DIR=$(dirname "$FILE_PATH")
TF_FILE=$(basename "$FILE_PATH")
echo "📁 Working directory: $TF_DIR"
cd "$TF_DIR" || exit 1
# Check if Terraform is installed
if ! command -v terraform >/dev/null 2>&1; then
echo "⚠️ Terraform not found - please install Terraform"
echo "💡 Install from: https://www.terraform.io/downloads"
exit 1
fi
# Get Terraform version
TF_VERSION=$(terraform version -json 2>/dev/null | jq -r '.terraform_version' 2>/dev/null || terraform version | head -1)
echo "📦 Terraform version: $TF_VERSION"
# Step 1: Format check
echo ""
echo "🎨 Checking Terraform formatting..."
if terraform fmt -check "$TF_FILE"; then
echo "✅ Terraform formatting is correct"
else
echo "⚠️ Terraform formatting issues detected"
echo "💡 Run 'terraform fmt' to fix formatting"
# Auto-fix formatting if requested
echo "🔧 Auto-fixing formatting..."
terraform fmt "$TF_FILE"
echo "✅ Formatting applied to $TF_FILE"
fi
# Step 2: Validation
echo ""
echo "🔍 Validating Terraform configuration..."
if terraform validate; then
echo "✅ Terraform configuration is valid"
else
echo "❌ Terraform validation failed"
echo "💡 Fix validation errors before proceeding"
exit 1
fi
# Step 3: Initialize if needed
if [ ! -d ".terraform" ]; then
echo ""
echo "🔄 Initializing Terraform..."
if terraform init; then
echo "✅ Terraform initialized successfully"
else
echo "❌ Terraform initialization failed"
exit 1
fi
fi
# Step 4: Run terraform plan
echo ""
echo "📋 Running Terraform plan..."
PLAN_FILE=".terraform-plan-$(date +%s)"
if terraform plan -out="$PLAN_FILE" -compact-warnings; then
echo "✅ Terraform plan completed successfully"
# Analyze the plan
echo ""
echo "📊 Plan Analysis:"
# Show plan summary
if terraform show -json "$PLAN_FILE" >/dev/null 2>&1; then
PLAN_JSON=$(terraform show -json "$PLAN_FILE" 2>/dev/null)
# Count changes
RESOURCES_TO_ADD=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "create") | .address' 2>/dev/null | wc -l)
RESOURCES_TO_CHANGE=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "update") | .address' 2>/dev/null | wc -l)
RESOURCES_TO_DESTROY=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "delete") | .address' 2>/dev/null | wc -l)
echo " • Resources to add: $RESOURCES_TO_ADD"
echo " • Resources to change: $RESOURCES_TO_CHANGE"
echo " • Resources to destroy: $RESOURCES_TO_DESTROY"
# Show resource details if any changes
if [ "$RESOURCES_TO_ADD" -gt 0 ] || [ "$RESOURCES_TO_CHANGE" -gt 0 ] || [ "$RESOURCES_TO_DESTROY" -gt 0 ]; then
echo ""
echo "🔍 Detailed Changes:"
if [ "$RESOURCES_TO_ADD" -gt 0 ]; then
echo " 📦 Resources to create:"
echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "create") | " • " + .address' 2>/dev/null
fi
if [ "$RESOURCES_TO_CHANGE" -gt 0 ]; then
echo " 🔄 Resources to modify:"
echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "update") | " • " + .address' 2>/dev/null
fi
if [ "$RESOURCES_TO_DESTROY" -gt 0 ]; then
echo " 🗑️ Resources to destroy:"
echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "delete") | " • " + .address' 2>/dev/null
fi
else
echo " ℹ️ No infrastructure changes detected"
fi
fi
# Clean up plan file
rm -f "$PLAN_FILE"
else
echo "❌ Terraform plan failed"
rm -f "$PLAN_FILE"
exit 1
fi
# Additional analysis
echo ""
echo "🔍 Configuration Analysis:"
# Count resources in current file
RESOURCE_COUNT=$(grep -c '^resource ' "$TF_FILE" 2>/dev/null || echo 0)
DATA_COUNT=$(grep -c '^data ' "$TF_FILE" 2>/dev/null || echo 0)
VAR_COUNT=$(grep -c '^variable ' "$TF_FILE" 2>/dev/null || echo 0)
OUTPUT_COUNT=$(grep -c '^output ' "$TF_FILE" 2>/dev/null || echo 0)
echo " • Resources defined: $RESOURCE_COUNT"
echo " • Data sources: $DATA_COUNT"
echo " • Variables: $VAR_COUNT"
echo " • Outputs: $OUTPUT_COUNT"
# Check for common patterns
if grep -q 'provider ' "$TF_FILE" 2>/dev/null; then
echo " • 🔌 Provider configurations detected"
fi
if grep -q 'module ' "$TF_FILE" 2>/dev/null; then
echo " • 📦 Module usage detected"
fi
if grep -q 'locals ' "$TF_FILE" 2>/dev/null; then
echo " • 🏷️ Local values defined"
fi
# Security and best practices check
echo ""
echo "🔒 Security Analysis:"
if grep -i 'password\\|secret\\|key' "$TF_FILE" 2>/dev/null | grep -v 'var\.' | grep -v 'data\.' >/dev/null; then
echo " • ⚠️ Potential hardcoded secrets detected - use variables instead"
fi
if grep -q '0.0.0.0/0' "$TF_FILE" 2>/dev/null; then
echo " • ⚠️ Open security group rules detected (0.0.0.0/0)"
fi
if ! grep -q 'tags\\|Tags' "$TF_FILE" 2>/dev/null && [ "$RESOURCE_COUNT" -gt 0 ]; then
echo " • 💡 Consider adding resource tags for better management"
fi
echo ""
echo "💡 Terraform Best Practices:"
echo " • Use terraform fmt to maintain consistent formatting"
echo " • Store sensitive values in variables, not hardcoded"
echo " • Use remote state backend for team collaboration"
echo " • Implement resource tagging strategy"
echo " • Use terraform validate in CI/CD pipelines"
echo " • Review plans carefully before applying"
echo ""
echo "🎯 Terraform plan execution complete!"
else
echo "ℹ️ File is not a Terraform file: $FILE_PATH"
fi
exit 0
Complete hook script that runs terraform plan on Terraform file changes
#!/bin/bash
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [ -z "$FILE_PATH" ]; then
exit 0
fi
if [[ "$FILE_PATH" == *.tf ]] || [[ "$FILE_PATH" == *.tfvars ]]; then
echo "🏗️ Terraform Plan Executor - Analyzing infrastructure changes..."
echo "📄 File: $FILE_PATH"
TF_DIR=$(dirname "$FILE_PATH")
cd "$TF_DIR" || exit 1
if ! command -v terraform >/dev/null 2>&1; then
echo "⚠️ Terraform not found - please install Terraform"
exit 1
fi
echo "🎨 Checking Terraform formatting..."
if ! terraform fmt -check "$(basename "$FILE_PATH")"; then
terraform fmt "$(basename "$FILE_PATH")"
echo "✅ Formatting applied"
fi
echo "🔍 Validating Terraform configuration..."
if ! terraform validate; then
echo "❌ Terraform validation failed"
exit 1
fi
if [ ! -d ".terraform" ]; then
echo "🔄 Initializing Terraform..."
terraform init
fi
echo "📋 Running Terraform plan..."
PLAN_FILE=".terraform-plan-$(date +%s)"
if terraform plan -out="$PLAN_FILE" -compact-warnings; then
echo "✅ Terraform plan completed successfully"
if terraform show -json "$PLAN_FILE" >/dev/null 2>&1; then
PLAN_JSON=$(terraform show -json "$PLAN_FILE" 2>/dev/null)
RESOURCES_TO_ADD=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "create") | .address' 2>/dev/null | wc -l)
RESOURCES_TO_CHANGE=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "update") | .address' 2>/dev/null | wc -l)
RESOURCES_TO_DESTROY=$(echo "$PLAN_JSON" | jq -r '.resource_changes[]? | select(.change.actions[]? == "delete") | .address' 2>/dev/null | wc -l)
echo "📊 Plan Analysis:"
echo " • Resources to add: $RESOURCES_TO_ADD"
echo " • Resources to change: $RESOURCES_TO_CHANGE"
echo " • Resources to destroy: $RESOURCES_TO_DESTROY"
fi
rm -f "$PLAN_FILE"
else
echo "❌ Terraform plan failed"
rm -f "$PLAN_FILE"
exit 1
fi
echo "🎯 Terraform plan execution complete!"
fi
exit 0
Complete hook configuration for .claude/settings.json to enable Terraform plan execution
{
"hooks": {
"postToolUse": {
"script": "./.claude/hooks/terraform-plan-executor.sh",
"matchers": [
"write:**/*.tf",
"write:**/*.tfvars",
"edit:**/*.tf",
"edit:**/*.tfvars"
]
}
}
}
Enhanced hook script with proper directory management and resource change details
#!/bin/bash
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [[ "$FILE_PATH" == *.tf ]] || [[ "$FILE_PATH" == *.tfvars ]]; then
ORIG_DIR=$(pwd)
TF_DIR=$(dirname "$FILE_PATH")
cd "$TF_DIR" || exit 1
if ! command -v terraform >/dev/null 2>&1; then
exit 1
fi
terraform fmt -check "$(basename "$FILE_PATH")" || terraform fmt "$(basename "$FILE_PATH")"
terraform validate || exit 1
[ ! -d ".terraform" ] && terraform init
PLAN_FILE=".terraform-plan-$(date +%s)"
if terraform plan -out="$PLAN_FILE" -compact-warnings; then
if terraform show -json "$PLAN_FILE" >/dev/null 2>&1; then
PLAN_JSON=$(terraform show -json "$PLAN_FILE" 2>/dev/null)
echo "📊 Resource Changes:"
echo "$PLAN_JSON" | jq -r '.resource_changes[]? | " • " + .address + ": " + (.change.actions | join(", "))' 2>/dev/null
fi
rm -f "$PLAN_FILE"
fi
cd "$ORIG_DIR" || exit 1
fi
exit 0
Enhanced hook script with comprehensive security analysis and best practices checking
#!/bin/bash
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [[ "$FILE_PATH" == *.tf ]]; then
TF_FILE=$(basename "$FILE_PATH")
echo "🔒 Security Analysis:"
if grep -i 'password\|secret\|key' "$TF_FILE" 2>/dev/null | grep -v 'var\.' | grep -v 'data\.' >/dev/null; then
echo " • ⚠️ Potential hardcoded secrets detected - use variables instead"
fi
if grep -q '0.0.0.0/0' "$TF_FILE" 2>/dev/null; then
echo " • ⚠️ Open security group rules detected (0.0.0.0/0)"
fi
RESOURCE_COUNT=$(grep -c '^resource ' "$TF_FILE" 2>/dev/null || echo 0)
if ! grep -q 'tags\|Tags' "$TF_FILE" 2>/dev/null && [ "$RESOURCE_COUNT" -gt 0 ]; then
echo " • 💡 Consider adding resource tags for better management"
fi
TF_DIR=$(dirname "$FILE_PATH")
cd "$TF_DIR" || exit 1
terraform fmt -check "$TF_FILE" || terraform fmt "$TF_FILE"
terraform validate || exit 1
[ ! -d ".terraform" ] && terraform init
terraform plan -compact-warnings
fi
exit 0
Example Terraform plan executor configuration for customizing plan execution behavior
{
"terraform": {
"plan_on_save": true,
"auto_format": true,
"validate_before_plan": true,
"auto_init": true,
"security_checks": true,
"plan_options": {
"compact_warnings": true,
"out_file": ".terraform-plan-{timestamp}",
"refresh": true
},
"provider_validation": true
}
}
Run terraform init -reconfigure to update backend configuration. Use terraform init -migrate-state to migrate existing state. Check backend {} block in .tf files matches current state location. Verify backend credentials. Test backend connection.
Pass variable file explicitly: terraform plan -var-file="$TF_FILE" if .tfvars file. Add conditional: [[ "$TF_FILE" == *.tfvars ]] && PLAN_ARGS="-var-file=$TF_FILE". Ensure terraform.tfvars is in same directory. Verify variable file format.
Save original directory: ORIG_DIR=$(pwd) before cd "$TF_DIR". Always return: cd "$ORIG_DIR" || exit 1 at script end. Use pushd/popd for safer directory stack management. Verify directory changes.
Always run from root module directory. Find root: while [ ! -f .terraform.lock.hcl ] && [ $(pwd) != / ]; do cd ..; done. Run terraform init before validate when .terraform/ missing. Verify module structure.
This indicates state drift or provider version change. Run terraform refresh before plan. Check provider version constraints in required_providers block. Review .terraform.lock.hcl for version updates. Verify state file integrity.
Use terraform plan -refresh=false for faster plans when state is current. Limit plan scope with -target flags. Check provider API rate limits. Verify network connectivity. Consider using terraform plan -parallelism=1 for debugging.
Use terraform fmt -check to verify formatting without modifying files. Review formatting changes before committing. Configure terraform fmt options. Verify .terraform-version file if using tfenv.
Verify provider credentials are configured correctly. Check environment variables for provider authentication. Verify provider version compatibility. Test provider authentication separately. Review provider documentation.
Terraform Plan Executor - Hooks side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Automatically runs terraform plan when .tf files are modified to preview infrastructure changes. Open dossier | Validates AWS CloudFormation templates for syntax errors and best practices using cfn-lint v1.40.4+ and AWS CLI v2.27.54+. Open dossier | A Stop hook that syncs your changed files to cloud storage when a Claude Code session ends, using rclone to push to S3, Google Cloud Storage, or any of its 70+ supported backends. Open dossier | A PostToolUse hook that watches for edits to Docker-related files (Dockerfile, docker-compose, .dockerfile, .dockerignore). Open dossier |
|---|---|---|---|---|
| Next steps | ||||
| Trust | ||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified | Package not verified |
| Source provenance | Source-backed | Source-backed | Source-backed | Source-backed |
| Submitter | — | — | — | — |
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | |||
| Category | hooks | hooks | hooks | hooks |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | JSONbored | JSONbored | JSONbored | JSONbored |
| Added | 2025-09-19 | 2025-09-19 | 2025-09-19 | 2025-09-19 |
| Platforms | Claude Code | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | ✓Runs automatically after write or edit activity on .tf and .tfvars files. Invokes terraform fmt, validate, init, and plan in the Terraform file directory, and terraform fmt may modify the touched file. Terraform init and plan can contact configured backends and providers and may consume cloud API quota. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs automatically at session end and can create compressed archives of modified git files. Uploads backups through AWS CLI, Google Cloud SDK, or rclone when those tools and bucket variables are configured. Writes a temporary archive under /tmp when using the rclone fallback and removes it after the copy attempt. | ✓Runs automatically after write or edit activity on Dockerfile, docker-compose, dockerfile, and dockerignore paths. Invokes docker build or docker compose build and can consume CPU, disk, network, and local Docker daemon resources. Uses the Dockerfile directory or compose-file directory as the build context, so incorrect paths can include more files than expected. |
| Privacy notes | ✓Reads Terraform configuration, variables, provider settings, and plan output to summarize infrastructure changes. Plan output may reveal resource addresses, cloud account structure, regions, tags, and sensitive-looking variable names. Uses locally configured Terraform credentials, provider plugins, and backend configuration without managing those secrets. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Sends modified file contents to the configured cloud storage destination. Uses locally configured cloud credentials and bucket environment variables but does not define or manage them. Backup archives may include source code, docs, generated files, and any unignored local changes listed by git diff. | ✓Reads Docker-related files and may send build context files to the local Docker daemon during image builds. Build logs may reveal image names, service names, dependency URLs, and package-install output. Prints the first lines of .dockerignore files to local hook output when those files are edited. |
| Prerequisites | — none listed | — none listed | — none listed | — none listed |
| Install | | | | |
| Config | | | | |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.