What's Changed

New Tools (3)

• search_policies — Search for Terraform policies (Sentinel/OPA) in the public registry
• get_policy_details — Get detailed information about a specific policy library
• get_provider_capabilities — Show all resources, data sources, functions, and guides available for a provider

Tool Filtering

• --toolsets flag on mcp subcommand: filter by category (terraform, registry, analysis, all)
• --tools flag: enable individual tools by name
• Example: tfmcp mcp --toolsets registry,analysis exposes only registry and analysis tools

Rich Server Instructions

• Comprehensive LLM guidance (1,800 chars) with:
  • Tool category descriptions
  • Recommended workflows (new project, code review, provider discovery, compliance check)
  • Safety notes for destructive operations

Live Documentation Resources

• Style guide and module development docs are now fetched live from GitHub (hashicorp/web-unified-docs)
• Falls back to embedded content if network is unavailable

Provider Resource Template

• New MCP resource template: terraform://providers/{namespace}/{name}/{version}/docs
• Dynamically fetches provider documentation from the Terraform Registry

Summary

• 34 tools total (31 existing + 3 new)
• 3 static resources + 1 dynamic resource template
• 202 tests passing
• 39/39 E2E tests passing (0 warnings, 0 failures)

Designed around Jobs-to-be-Done theory: these features strengthen tfmcp's core value as a local Terraform development companion — helping developers understand their code, discover providers, validate compliance, and work safely.

What's Changed

Dependency Upgrades

• rmcp 0.12 → 1.2 (MCP SDK major version upgrade)
• reqwest 0.12 → 0.13 (rustls-tls → rustls, query feature)
• clap 4.5 → 4.6, tokio 1.37 → 1.50, schemars 1.0 → 1.2
• Removed unused async-trait and once_cell dependencies

Refactoring

• Replaced once_cell::sync::Lazy with std::sync::LazyLock (Rust 1.85+ stdlib)
• Replaced .unwrap() with .expect() in static regex initializers
• Replaced 31× unwrap_or_default() with to_json() helper for proper MCP error propagation
• Fixed clippy collapsible_match and unnecessary_sort_by warnings

Bug Fixes

• list_terraform_resources / get_terraform_state: return empty result instead of error when no state file exists
• analyze_state: handle empty state from terraform state pull
• get_latest_provider_version: correctly deserialize Terraform Registry API version objects
• terraform_refresh: added to default allowed security commands

Testing

• Added 12 new E2E tests using rmcp duplex transport
  • Full MCP protocol lifecycle (initialize → tools/list → call_tool → resources)
  • Raw JSON-RPC protocol tests (initialize, ping)
  • Error handling tests (unknown tool, unknown resource)

Test Results

• 198 tests, all passing
• 39/39 E2E tool tests passing (0 warnings, 0 failures)

What's New

v0.1.9 adds 10 new local Terraform tools for complete feature parity with Terraform CLI operations.

New Tools

| Tool | Description |
|------|-------------|
| analyze_plan | Plan analysis with risk scoring and high-risk resource detection |
| analyze_state | State analysis with drift detection and resource grouping |
| workspace | Workspace management (list/show/new/select/delete) |
| import_preview | Import preview with suggested Terraform config generation |
| import_execute | Execute terraform import operations |
| fmt | Code formatting (check/write modes) |
| graph | Dependency graph visualization with DOT output parsing |
| output | Output value retrieval with sensitive value handling |
| taint | Taint/untaint operations (with Terraform 1.5+ deprecation warning) |
| refresh | State refresh via apply -refresh-only |
| providers | Provider info with lock file parsing |

Risk Scoring (analyze_plan)

• Automatic risk level calculation: Low, Medium, High, Critical
• High-risk resource detection (databases, IAM, security groups, KMS, VPC)
• Actionable warnings and recommendations

State Analysis (analyze_state)

• Resource grouping by provider and type
• Tainted resource detection
• Drift detection support

Technical Improvements

• Edition 2024 migration (rust-version = "1.85.0")
• 31 total MCP tools
• Comprehensive unit tests for all new modules

Full Changelog

https://github.com/nwiizo/tfmcp/compare/v0.1.8...v0.1.9

🔬 Module Health Analysis (Whitebox IaC Approach)

This release introduces a comprehensive module health analysis system based on software engineering principles for Infrastructure as Code.

📚 Reference

This implementation is heavily inspired by:

「なぜインフラコードのモジュール化は難しいのか - アプリケーションコードとの本質的な違いから考える」
by @gosukenern (宮下剛輔)

📎 https://speakerdeck.com/mizzy/yapc-fukuoka-2025

Key concepts adopted from this presentation:

• Whitebox vs Blackbox: Infrastructure code requires whitebox understanding - detailed visibility into internal structure is essential
• Cohesion Types: Functional, Sequential, Communicational, Procedural, Temporal, Logical, Coincidental
• Coupling Types: Data, Stamp, Control, Common, Content
• Module Anti-patterns: Excessive variables (モデル結合), Deep hierarchy (多段構成), Logical cohesion (まとめすぎ)

New MCP Tools

Module Health Analysis

• analyze_module_health: Analyze module health with metrics including:

  • Health score (0-100)
  • Cohesion analysis (Functional, Sequential, Communicational, Procedural, Temporal, Logical, Coincidental)
  • Coupling analysis (Data, Stamp, Control, Common, Content)
  • Issue detection (ExcessiveVariables, LogicalCohesion, DeepHierarchy, MissingDocumentation, PublicModuleRisk)
  • Recommendations for improvement

• get_resource_dependency_graph: Build resource dependency graph with:

  • Resource nodes (type, name, module path, file, provider)
  • Dependency edges (Explicit, Implicit, DataSource, ModuleOutput)
  • Module boundaries for visualization

• suggest_module_refactoring: Generate refactoring suggestions:

  • SplitModule / ExtractSubmodule
  • WrapPublicModule
  • AddDescriptions
  • FlattenHierarchy
  • Each with detailed migration steps

Module Registry Integration

• search_terraform_modules: Search Terraform modules in the registry
• get_module_details: Get detailed information about a module
• get_latest_module_version: Get the latest version of a module
• get_latest_provider_version: Get the latest version of a provider

MCP Resources

Built-in documentation resources:

• Terraform Style Guide
• Module Development Guide
• Best Practices

Quality Improvements

• 74+ tests including new integration tests
• All clippy warnings resolved
• Code formatted with rustfmt

Installation

cargo install tfmcp

Or build from source:

git clone https://github.com/nwiizo/tfmcp
cd tfmcp
cargo install --path .

Full Changelog

https://github.com/nwiizo/tfmcp/compare/v0.1.5...v0.1.6

Release Notes - v0.1.5

🎯 Overview

This release focuses on CI/CD reliability improvements, security enhancements, and documentation updates. All CI pipelines are now fully functional with comprehensive testing across multiple platforms.

✨ Key Improvements

CI/CD Enhancements

• Fixed CI test failures by installing Terraform in GitHub Actions check job
• Enhanced environment detection for MCP integration tests with multiple fallback mechanisms
• Improved CI reliability with environment-specific test strategies
• Documented CI/CD best practices including troubleshooting guides

Security & Code Quality

• Removed all mock code and mock frameworks for enhanced security
• Enforced strict quality standards with no dead code allowed
• Added comprehensive security rules documented in CLAUDE.md
• Temporarily disabled cargo-audit due to toolchain compatibility (requires Rust 1.85+)

Documentation Updates

• Completely reorganized CLAUDE.md for better readability and maintenance
• Added CI/CD troubleshooting section with detailed problem-solution pairs
• Documented known issues and their resolutions with timestamps
• Removed obsolete files including rules/, package.json, and unused scripts

🔧 Technical Details

Files Modified

• .github/workflows/rust.yml - Added Terraform installation and security audit workaround
• tests/mcp_integration.rs - Enhanced CI environment detection
• CLAUDE.md - Comprehensive reorganization and CI/CD documentation
• Removed multiple unused Rust modules and dependencies

Testing

• ✅ All tests passing locally and in CI
• ✅ Cross-platform testing (Ubuntu, Windows, macOS)
• ✅ Code formatting and linting checks
• ✅ Code coverage reporting

📝 Breaking Changes

None - This release maintains full backward compatibility.

🚀 Upgrading

# Using cargo
cargo install tfmcp --version 0.1.5

# From source
git clone https://github.com/nwiizo/tfmcp
cd tfmcp
cargo install --path .

🔍 Known Issues

• Security audit temporarily disabled in CI due to cargo-audit requiring Rust 1.85+ (edition2024)
• Manual security review required until toolchain compatibility is resolved

🙏 Acknowledgments

Thanks to all contributors for helping improve the reliability and security of tfmcp!