Terraform Guardrail MCP (TerraGuard)

Enterprise guardrails workspace

Scan Terraform folders, curate enterprise policies, and review rule ownership in one flow.

How to guides Learn the workflow
All guides
{% for guide in how_to_guides %} {{ guide.title }} {{ guide.description }} {% endfor %}
Next rule {{ next_rule_id }}
{% if error %}
{{ error }}
{% endif %}

v5 Autonomous Governance

Governance health dashboard

{{ governance_health.totals.evaluations }} evaluations
Findings {{ governance_health.totals.findings }}
Blocked {{ governance_health.decisions.block }}
Active waivers {{ governance_health.waiver_summary.active }}
Evidence exports {{ governance_health.evidence_summary.exports }}
Remediation plans {{ governance_health.totals.remediation_plans }}

Waiver aging

{{ governance_trends.summary.active_waivers }} active
{% for bucket in governance_trends.waiver_aging %}
{{ bucket.label }}
{{ bucket.count }}
{% endfor %}

Evidence coverage

{{ governance_trends.summary.coverage_percent }}%
{% for bucket in governance_trends.evidence_coverage %}
{{ bucket.label }}
{{ bucket.count }}
{% endfor %}

Remediation flow

{{ governance_trends.summary.pull_requests }} PRs
{% for bucket in governance_trends.remediation_activity %}
{{ bucket.label }}
{{ bucket.count }}
{% endfor %}

7-day governance activity

evaluations · evidence · remediation · PR
{% for day in governance_trends.activity_timeline %}
{{ day.label }}
{% endfor %}

Top recurring rules

{% if governance_health.top_rules %}
{% for rule in governance_health.top_rules[:5] %} {{ rule.rule_id }} {{ rule.count }} findings · high={{ rule.high }} · medium={{ rule.medium }} {% endfor %}
{% else %}

No recurring rule risk yet. Run an evaluation to build trends.

{% endif %}

Risk signals

{% for signal in governance_health.risk_signals %} {{ signal }} {% endfor %}
{% if latest_remediation_plans %}

Latest remediation plans

{% for plan in latest_remediation_plans %} {{ plan.id }} result={{ plan.result_id }} · actions={{ plan.actions | length }} · skipped={{ plan.skipped | length }} {% endfor %}
{% endif %}

Scanner

Upload Terraform workspace

.tf .tfvars .hcl

Baselines

Org-wide baseline lifecycle

{{ baselines | length }}
{% if baselines %}
{% for baseline in baselines %}
{{ baseline.name }} version={{ baseline.version }} · policies={{ baseline.policy_ids | length }} · approved={{ baseline.approved }}
{% if not baseline.approved %}
{% endif %}
{% endfor %}
{% endif %}

Authoring

Create enterprise policy

{{ next_rule_id }}
Example

Create a policy named Production S3 encryption with owner platform-security, standard SOC2, control CC6.6, and remediation Enable default SSE with KMS. The rule ID is assigned automatically as {{ next_rule_id }}.

Enforcement

Bind policies to orgs, groups, or repos

{{ bindings | length }}
{% if bindings %}
{% for binding in bindings %} {{ binding.target_type }}:{{ binding.target }} policies={{ binding.policy_ids | length }} · baselines={{ binding.baseline_ids | length }} {% if binding.parent %} · parent={{ binding.parent }}{% endif %} {% endfor %}
{% endif %}

Resolve

Preview effective policies

Exceptions

Policy waivers

{{ waivers | length }}
{% if waivers %}
{% for waiver in waivers %}
{{ waiver.rule_id }} · {{ waiver.owner }} {{ waiver.status }} · expires {{ waiver.expires_at }}

{{ waiver.reason }}

{% if waiver.path %}path={{ waiver.path }}{% endif %}
{% if waiver.status == "requested" %}
{% endif %} {% if waiver.status != "revoked" %}
{% endif %}
{% endfor %}
{% else %}

No policy waivers have been requested.

{% endif %}
{% if resolved %}

Resolved enforcement

{{ resolved.target_type }}:{{ resolved.target }}

{{ resolved.policy_ids | length }} policies
Bindings{{ resolved.binding_targets | join(", ") or "none" }}
Baselines{{ resolved.baseline_ids | join(", ") or "none" }}
Policies{{ resolved.policy_ids | length }}
Target{{ resolved.target }}
{% if resolved.policies %}
{% for policy in resolved.policies %} {{ policy.rule_id or "none" }} · {{ policy.name }} {{ policy.status }} · {{ policy.severity }} {% endfor %}
{% else %}

No policies resolved for this target.

{% endif %}
{% endif %} {% if selected_default_rule %}

Default rule detail

{{ selected_default_rule.name }}

Built-in
Rule ID{{ selected_default_rule.rule_id }}
SourceDefault catalog
StatusActive
Risk{{ selected_default_rule.risk }}

{{ selected_default_rule.name }} is enforced by the built-in scanner rule catalog. Recommended remediation: {{ selected_default_rule.remediation }}

{% elif selected_policy %}

Policy detail

{{ selected_policy.name }}

{{ selected_policy.status }}
Rule ID{{ selected_policy.rule_id or "unmapped" }}
Scope{{ selected_policy.scope }}
Severity{{ selected_policy.severity }}
Owner{{ selected_policy.metadata.owner or "unassigned" }}
Standard{{ selected_policy.metadata.standard or "none" }}
Control{{ selected_policy.metadata.control_id or "none" }}
{% if selected_policy.status != "approved" %}
{% endif %}

Preview

Validate this policy before approval

{{ selected_policy.rule_id or "none" }}
{% endif %} {% if preview %}

Policy preview

{{ preview.policy_name }}

{{ preview.rule_id or "unmapped" }}
{{ preview.summary.findings }}Total
{{ preview.summary.high }}High
{{ preview.summary.medium }}Medium
{{ preview.summary.low }}Low
{% if preview.findings %}
    {% for finding in preview.findings %}
  • {{ finding.severity }} {{ finding.rule_id }} {{ finding.message }} {{ finding.path }} {% if finding.waiver_id or (finding.detail and finding.detail.waiver) %} Waived by {{ finding.waiver_id or finding.detail.waiver.id }} until {{ finding.waiver_expires_at or finding.detail.waiver.expires_at }} {% endif %} {% if finding.suggested_fix %} {{ finding.suggested_fix }} {% endif %}
    • {% endfor %}
{% else %}

No findings matched this policy rule ID in the uploaded files.

{% endif %}
{% endif %} {% if remediation_plan %}

Remediation plan

{{ remediation_plan.id }}

{{ remediation_plan.actions | length }} actions
{{ remediation_plan.actions | length }}Actions
{{ remediation_plan.skipped | length }}Skipped
{{ remediation_plan.summary.high }}High
{{ remediation_plan.summary.medium }}Medium
{% if remediation_plan.actions %}
{% for action in remediation_plan.actions %}
{{ action.severity }}
{{ action.rule_id }} · {{ action.suggested_fix }} {{ action.path or "n/a" }} · confidence={{ action.confidence }} {% if action.patch_preview %} 
{{ action.patch_preview }}
{% endif %}
{% endfor %}
{% else %}

No remediation actions were required for this result.

{% endif %}
{% endif %} {% if report %}

Intelligent evaluation

{{ report.scanned_path }}

{% if evaluation %} {{ evaluation.decision }} {% endif %}
{% if evaluation %}
Result {{ evaluation.id }}
{% endif %} {% if report.metadata and report.metadata.intelligence %} {% set intelligence = report.metadata.intelligence %}
Risk profile {% if intelligence.profile %} {{ intelligence.profile.name }} {% else %} No profile matched {% endif %}
Context {{ intelligence.context.environment or "any" }} · {{ intelligence.context.risk_tier or "any" }}
Adjustments {{ intelligence.adjustments | length }}
Suggested fixes {{ intelligence.recommendations | length }}
{% if intelligence.adjustments %}
{% for adjustment in intelligence.adjustments %} {{ adjustment.rule_id }} raised from {{ adjustment["from"] }} to {{ adjustment.to }} {% if adjustment.path %}at {{ adjustment.path }}{% endif %} {% endfor %}
{% endif %} {% endif %}
{{ report.summary.findings }}Total
{{ report.summary.high }}High
{{ report.summary.medium }}Medium
{{ report.summary.low }}Low
    {% for finding in report.findings %}
  • {{ finding.severity }} {{ finding.rule_id }} {{ finding.message }} {{ finding.path }} {% if finding.waiver_id or (finding.detail and finding.detail.waiver) %} Waived by {{ finding.waiver_id or finding.detail.waiver.id }} until {{ finding.waiver_expires_at or finding.detail.waiver.expires_at }} {% endif %} {% if finding.suggested_fix %} {{ finding.suggested_fix }} {% endif %}
    • {% endfor %}
{% endif %}