infiniumtek

infiniumtek / terraform-review-agent

Public

Reusable GitHub Action that reviews Terraform PRs for security, cost, and style using a LangGraph multi-agent system, posting a single severity-ranked comment.

infiniumtek.com ai-agents ai-tools cicd workflow-automation
14
2
89% credibility
Found May 22, 2026 at 14 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

This is a GitHub Actions workflow that automatically reviews Terraform pull requests using AI. When a developer opens a PR with infrastructure code changes, three specialist agents run in parallel to check for security vulnerabilities, cost implications, and code style issues. The results are combined into a single, severity-ranked comment on the PR that updates automatically with each push. The tool can optionally block merges based on severity thresholds, helping teams maintain secure and cost-efficient infrastructure.

How It Works

1
💡 You discover automated Terraform review

You hear about a tool that can automatically check your infrastructure code for security issues, cost problems, and style violations right in your pull requests.

2
📄 You add one configuration file

You create a simple workflow file in your repository that connects to this review service, specifying which AI to use and what severity level should block a merge.

3
🚀 You open a pull request

When you submit your infrastructure changes, the review automatically kicks off in the background without any extra work from you.

4
Three specialists examine your code
🔒
Security specialist

Scans for exposed secrets, insecure configurations, and access control issues

💰
Cost specialist

Estimates how your changes will affect your monthly cloud bill

🎨
Style specialist

Checks for consistent formatting and best practices

5
💬 A clear summary appears on your PR

All findings are combined into one organized comment, ranked by severity from critical down to low, with direct links to the exact lines that need attention.

✅ You fix issues and merge with confidence

You address the flagged issues, push your fixes, and the comment updates automatically. Once everything passes, your team can merge knowing the infrastructure is secure and cost-efficient.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 14 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is terraform-review-agent?

terraform-review-agent is a reusable GitHub Actions workflow that reviews Terraform pull requests automatically. Built in Python, it runs three specialist agents in parallel—one for security scanning, one for cost estimation, and one for code style—then merges the results into a single severity-ranked comment on your PR. It uses a LangGraph multi-agent system under the hood, with scanners like tfsec, checkov, infracost, and tflint doing the heavy lifting.

Why is it gaining traction?

This tool solves the problem of inconsistent Terraform reviews. Instead of relying on ad-hoc tooling or forgetting to run security scans entirely, teams get automated, deterministic feedback on every PR. The sticky comment approach means you see the same comment edited in place rather than buried under new bot comments. You can fail the CI check based on severity levels, and it works with OpenAI, Anthropic, or Google Gemini as the LLM backend.

Who should use this?

Platform engineers managing Terraform infrastructure across multiple teams would benefit most. DevOps engineers who want consistent security and cost feedback without manually running multiple scanners. Small teams without dedicated security expertise that still need guardrails on Terraform changes.

Verdict

With only 14 stars and a credibility score of 0.8999999761581421%, this is a young project but the architecture is solid and the feature set is complete. The prebuilt container with pinned scanner binaries and the deterministic findings approach are exactly what teams need for reliable automated reviews. It is worth evaluating as an alternative to rolling your own pipeline.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.