Terry-Form MCP
Secure Terraform automation through Model Context Protocol
Security First
Destructive operations blocked by default. Input validation, path traversal protection, and sandboxed execution in Docker containers.
AI-Powered
Native MCP protocol integration for seamless AI assistant workflows. 25 tools for comprehensive Terraform automation.
Multi-Cloud
Support for AWS, Azure, GCP credential passthrough. Terraform Cloud workspace monitoring and state output retrieval.
Developer Friendly
LSP integration via terraform-ls 0.38.5, GitHub App support, and comprehensive tool discovery.
Code Intelligence
LSP-powered validation, hover docs, completions, formatting, security scanning, and best practice recommendations.
Production Ready
Docker containerization on hashicorp/terraform:1.12. Non-root execution (UID 1001), rate limiting, and forced automation flags.
What is Terry-Form MCP?
Terry-Form MCP is a secure, production-ready Terraform automation server that integrates with AI assistants through the Model Context Protocol (MCP). It provides a controlled environment for infrastructure-as-code operations with comprehensive LSP integration for intelligent development.
graph LR
A[AI Assistant] -->|MCP stdio| B[Terry-Form Server]
B --> C[Terraform 1.12]
B --> D[Security Layer]
B --> E[terraform-ls]
C --> F[Cloud Providers]
D --> G[Input Validation]
D --> H[Path Protection]
Key Features
Security Hardened
- Destructive ops blocked:
applyanddestroyare never allowed - Input Validation: Comprehensive request validation and sanitization
- Path Traversal Protection: All operations restricted to
/mnt/workspace - Sandboxed Execution: Docker container with dropped capabilities
MCP Protocol Integration
- Native MCP Support: Built with FastMCP 3.0+ for async tool handling
- 25 Tools: Core Terraform, LSP intelligence, GitHub, Terraform Cloud
- Streaming Responses: Real-time operation feedback
- Error Handling: Graceful error reporting with structured responses
Infrastructure Management
- Multi-Workspace: Manage multiple Terraform workspaces in
/mnt/workspace - Plan Analysis: Execute
init,validate,fmt, andplan - LSP Integration: terraform-ls for hover docs, completions, diagnostics, and formatting
- Security Scanning: Built-in vulnerability detection and best practice analysis
Integrations
- GitHub App: Clone repos, list Terraform files, prepare workspaces via OAuth
- Terraform Cloud: List workspaces, view runs, get state outputs
- LSP Support: Full Language Server Protocol via terraform-ls 0.38.5
- Cloud Providers: AWS, Azure, GCP credential passthrough
Quick Start
Configure your MCP client (e.g., Claude Desktop) to use Terry-Form:
{
"mcpServers": {
"terry-form": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "./workspace:/mnt/workspace",
"terry-form-mcp:latest"
]
}
}
}
Build and verify:
# Build the Docker image
docker build -t terry-form-mcp .
# Run verification suite (8 checks)
scripts/verify.sh
Use Cases
Enterprise Infrastructure
Manage complex multi-cloud environments with security controls and compliance
CI/CD Integration
Automate Terraform validation and planning in your deployment pipelines
Team Collaboration
Enable safe infrastructure changes through AI-assisted workflows
Learning Platform
Safe environment for learning Terraform with destructive ops blocked
Architecture Overview
graph TB
subgraph "Client Layer"
A[Claude / AI Assistant]
D[CI/CD Systems]
end
subgraph "Terry-Form MCP"
E[FastMCP Server]
F[Security & Validation]
G[Terraform Executor]
H[LSP Client]
I[GitHub Handler]
J[TF Cloud Client]
end
subgraph "Infrastructure"
K[AWS / Azure / GCP]
L[Terraform Cloud]
M[GitHub Repos]
end
A -->|MCP stdio| E
D -->|MCP stdio| E
E --> F
F --> G
F --> H
F --> I
F --> J
G --> K
J --> L
I --> M