Guides
Start typing to search…

Terracotta built-in commands

Overview

Terracotta is an AI-powered platform for reviewing and validating Infrastructure as Code (IaC), supporting both Terraform and CDK for Terraform (CDKTF). It provides:

  • Security & compliance insights
  • Best practice enforcement
  • Drift and cost analysis
  • Context-aware policy validation

All of this happens directly inside the pull request, with no need to leave your Git provider.

🚀 Built-in Commands

Each command can be invoked by commenting in a PR:

tc:help

Show available commands and usage tips directly in the PR.

tc:review

Run a static review of the IaC code in the PR.

  • Checks for security risks, misconfigurations, naming/tagging inconsistencies, hardcoded secrets, and more.
  • Supports .tf and CDKTF TypeScript.

tc:plan

If credentials are available, runs terraform init and plan to:

  • Analyze drift
  • Identify potential cost impact
  • Recommend configuration improvements

tc:guard

Validate changes against custom organization policies defined via Guardrails.

  • Applies both org-level and repo-specific rules
  • Supports rules for naming, tagging, encryption, IAM, and more

tc:conflict

Detect resource conflicts across active PRs in the same repo.

  • Surfaces overlapping changes to prevent double-apply or state contention

tc:drift

Run drift detection between the deployed infrastructure and the current IaC state.

  • Highlights deleted, modified, or externally changed resources

✅ Features Powered by Commands

  • Terraform & CDKTF Static Review: Validate code for quality, structure, and safety
  • Security Analysis: Identify IAM issues, public S3 access, unencrypted resources, open ports
  • Performance & Cost Optimization: Recommend better resource sizing, pricing models
  • Drift & State Awareness: Detect and comment on changes made outside Terraform
  • Contextual Guardrails: Enforce your internal standards through AI-aware policy enforcement

🧠 How to Use in Practice

  1. Open a PR with .tf or CDKTF code
  2. Leave a comment with the command you want to run (e.g., tc:review)
  3. Terracotta replies in the PR with a structured report and actionable feedback

Pro Tip: Use multiple commands in sequence to review code (tc:review), check for drift (tc:drift), validate policy (tc:guard), and analyze cost (tc:plan).

📫 Need Help?

Email: [email protected]
See the Getting Started Guide for detailed walkthroughs.

Updated 5 days ago