area:clieffort-largeenhancementhelp wantedpriority:medium
仓库指标
- Star
- (48,085 star)
- PR 合并指标
- (平均合并 11天 1小时) (30 天内合并 45 个 PR)
描述
Summary
Add first-class support for Terragrunt and Terraform command proxying within RTK AI, enabling AI agents (e.g., Claude) to safely execute, observe, and optimize IaC workflows.
Problem
RTK currently focuses on generic shell command interception (primarily Bash/PowerShell), but Infrastructure-as-Code workflows using Terraform and Terragrunt are increasingly executed directly by AI agents. This introduces specific gaps:
- RTK does not natively detect or differentiate
terraformandterragruntcommands issued by the AI agent - Command rewriting does not account for Terraform/Terragrunt-specific flags, subcommands, or execution patterns
- No structured visibility into IaC operations (
plan,apply,destroy,init, etc.) in session/discover analytics - Lack of guardrails for AI-driven execution (e.g., preventing unsafe
applyordestroywithout validation) - No support for proxying
terragrunt, which orchestrates multiple Terraform modules across environments - No context-awareness of IaC workflows across multiple sequential commands executed by the agent
Proposed solution
- Introduce a command classification layer to detect
terraformandterragruntinvocations from AI agent tool calls - Add a proxy execution mode where the AI agent runs commands via RTK (e.g.,
rtk terraform ...,rtk terragrunt ...) - Implement smart rewriting and guardrails for common IaC flows (
init,plan,apply,destroy) - Capture structured metadata from executions (workspace, backend, modules, plan summary, resource changes)
- Extend session/discover analytics to include Terraform/Terragrunt-specific insights tied to agent activity
- Add safety mechanisms (e.g., require plan before apply, detect destructive changes, configurable approvals)
- Support Terragrunt orchestration flows (multi-module execution, dependency graphs)
- Allow configurable hooks for IaC workflows (pre/post apply, plan validation, policy checks)
- Ensure compatibility with iterative AI agent workflows (multi-step reasoning and execution)
Acceptance criteria
- RTK detects and classifies
terraformandterragruntcommands issued by the AI agent - AI agents can execute Terraform and Terragrunt via RTK proxy with equivalent behavior
- RTK captures and exposes structured IaC execution data in session/discover tied to agent sessions
- Guardrails prevent unsafe operations (e.g.,
apply/destroywithout prior validation when enabled) - Rewriting rules correctly handle common Terraform/Terragrunt workflows without breaking expected behavior
- Terragrunt orchestration (multiple modules) is properly proxied and tracked
- Feature is covered by unit tests including parsing, proxy execution, guardrails, and analytics extraction