naftiko: 1.0.0-alpha2 info: label: Terraform Infrastructure Automation description: 'Unified workflow capability for infrastructure automation with Terraform. Combines HCP Terraform workspace management and run orchestration with module discovery from the Terraform Registry. Enables platform engineers, DevOps teams, and SREs to manage the full infrastructure lifecycle: discover modules, provision workspaces, trigger runs, and manage state.' tags: - Terraform - Infrastructure As Code - DevOps - Platform Engineering - HashiCorp - Workspaces - Runs created: '2026-05-03' modified: '2026-05-06' binds: - namespace: env keys: HCP_TERRAFORM_TOKEN: HCP_TERRAFORM_TOKEN capability: consumes: - type: http namespace: hcp-terraform baseUri: https://app.terraform.io/api/v2 description: HCP Terraform REST API using JSON API spec authentication: type: bearer token: '{{HCP_TERRAFORM_TOKEN}}' resources: - name: organizations path: /organizations description: Manage HCP Terraform organizations operations: - name: list-organizations method: GET description: List all organizations accessible by the current token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-organization method: POST description: Create a new organization body: type: json data: data: type: organizations attributes: name: '{{tools.name}}' email: '{{tools.email}}' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: organization path: /organizations/{organization_name} description: Manage a specific organization operations: - name: get-organization method: GET description: Get details of a specific organization inputParameters: - name: organization_name in: path type: string required: true description: Organization name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: delete-organization method: DELETE description: Delete an organization inputParameters: - name: organization_name in: path type: string required: true description: Organization name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: workspaces path: /organizations/{organization_name}/workspaces description: Manage workspaces within an organization operations: - name: list-workspaces method: GET description: List all workspaces in an organization inputParameters: - name: organization_name in: path type: string required: true description: Organization name - name: search[name] in: query type: string required: false description: Filter workspaces by name - name: page[number] in: query type: integer required: false description: Page number - name: page[size] in: query type: integer required: false description: Page size outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-workspace method: POST description: Create a new workspace inputParameters: - name: organization_name in: path type: string required: true description: Organization name body: type: json data: data: type: workspaces attributes: name: '{{tools.name}}' description: '{{tools.description}}' auto-apply: '{{tools.auto_apply}}' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: workspace path: /workspaces/{workspace_id} description: Manage a specific workspace operations: - name: get-workspace method: GET description: Get details of a specific workspace inputParameters: - name: workspace_id in: path type: string required: true description: Workspace ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: delete-workspace method: DELETE description: Delete a workspace inputParameters: - name: workspace_id in: path type: string required: true description: Workspace ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: workspace-lock path: /workspaces/{workspace_id}/actions/lock description: Lock a workspace to prevent runs operations: - name: lock-workspace method: POST description: Lock a workspace inputParameters: - name: workspace_id in: path type: string required: true description: Workspace ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: workspace-unlock path: /workspaces/{workspace_id}/actions/unlock description: Unlock a workspace to allow runs operations: - name: unlock-workspace method: POST description: Unlock a workspace inputParameters: - name: workspace_id in: path type: string required: true description: Workspace ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: runs path: /runs description: Create Terraform runs operations: - name: create-run method: POST description: Create a new Terraform run for a workspace body: type: json data: data: type: runs attributes: message: '{{tools.message}}' is-destroy: '{{tools.is_destroy}}' relationships: workspace: data: type: workspaces id: '{{tools.workspace_id}}' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: run path: /runs/{run_id} description: Manage a specific run operations: - name: get-run method: GET description: Get details of a specific run inputParameters: - name: run_id in: path type: string required: true description: Run ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: run-apply path: /runs/{run_id}/actions/apply description: Apply a run operations: - name: apply-run method: POST description: Apply a run that is pending confirmation inputParameters: - name: run_id in: path type: string required: true description: Run ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: run-discard path: /runs/{run_id}/actions/discard description: Discard a run operations: - name: discard-run method: POST description: Discard a run that has not yet been applied inputParameters: - name: run_id in: path type: string required: true description: Run ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: workspace-runs path: /workspaces/{workspace_id}/runs description: List runs for a workspace operations: - name: list-workspace-runs method: GET description: List all runs for a given workspace inputParameters: - name: workspace_id in: path type: string required: true description: Workspace ID - name: filter[status] in: query type: string required: false description: Filter by run status outputRawFormat: json outputParameters: - name: result type: object value: $. - name: state-versions path: /workspaces/{workspace_id}/state-versions description: Manage workspace state versions operations: - name: list-state-versions method: GET description: List state versions for a workspace inputParameters: - name: workspace_id in: path type: string required: true description: Workspace ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: teams path: /organizations/{organization_name}/teams description: Manage organization teams operations: - name: list-teams method: GET description: List all teams in an organization inputParameters: - name: organization_name in: path type: string required: true description: Organization name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-team method: POST description: Create a new team inputParameters: - name: organization_name in: path type: string required: true description: Organization name body: type: json data: data: type: teams attributes: name: '{{tools.name}}' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: policies path: /organizations/{organization_name}/policies description: Manage Sentinel and OPA policies operations: - name: list-policies method: GET description: List all policies in an organization inputParameters: - name: organization_name in: path type: string required: true description: Organization name outputRawFormat: json outputParameters: - name: result type: object value: $. - type: http namespace: terraform-registry baseUri: https://registry.terraform.io description: Terraform Public Registry API (no authentication required) resources: - name: modules path: /v1/modules description: List all modules in the registry operations: - name: list-modules method: GET description: List modules with optional filtering inputParameters: - name: limit in: query type: integer required: false description: Max results to return - name: offset in: query type: integer required: false description: Pagination offset - name: provider in: query type: string required: false description: Filter by provider - name: verified in: query type: boolean required: false description: Show only verified modules outputRawFormat: json outputParameters: - name: result type: object value: $. - name: modules-search path: /v1/modules/search description: Search modules by keyword operations: - name: search-modules method: GET description: Search modules by keyword or phrase inputParameters: - name: q in: query type: string required: true description: Search query - name: provider in: query type: string required: false description: Filter by provider - name: verified in: query type: boolean required: false description: Show only verified modules - name: limit in: query type: integer required: false description: Max results outputRawFormat: json outputParameters: - name: result type: object value: $. - name: module-versions path: /v1/modules/{namespace}/{name}/{provider}/versions description: List versions of a specific module operations: - name: list-module-versions method: GET description: List all available versions of a module inputParameters: - name: namespace in: path type: string required: true description: Module namespace - name: name in: path type: string required: true description: Module name - name: provider in: path type: string required: true description: Provider name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: module-version path: /v1/modules/{namespace}/{name}/{provider}/{version} description: Get a specific module version operations: - name: get-module-version method: GET description: Get details for a specific module version inputParameters: - name: namespace in: path type: string required: true description: Module namespace - name: name in: path type: string required: true description: Module name - name: provider in: path type: string required: true description: Provider name - name: version in: path type: string required: true description: Version number outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: terraform-automation-api description: Unified REST API for Terraform infrastructure automation workflows. resources: - path: /v1/organizations name: organizations description: Manage Terraform organizations operations: - method: GET name: list-organizations description: List all accessible organizations call: hcp-terraform.list-organizations outputParameters: - type: object mapping: $. - path: /v1/workspaces name: workspaces description: List and manage workspaces operations: - method: GET name: list-workspaces description: List workspaces in an organization call: hcp-terraform.list-workspaces with: organization_name: rest.organization_name outputParameters: - type: object mapping: $. - method: POST name: create-workspace description: Create a new workspace call: hcp-terraform.create-workspace with: organization_name: rest.organization_name name: rest.name outputParameters: - type: object mapping: $. - path: /v1/workspaces/{workspace_id} name: workspace description: Single workspace operations operations: - method: GET name: get-workspace description: Get workspace details call: hcp-terraform.get-workspace with: workspace_id: rest.workspace_id outputParameters: - type: object mapping: $. - path: /v1/runs name: runs description: Terraform run management operations: - method: POST name: create-run description: Trigger a Terraform run call: hcp-terraform.create-run with: workspace_id: rest.workspace_id message: rest.message outputParameters: - type: object mapping: $. - path: /v1/workspaces/{workspace_id}/runs name: workspace-runs description: Workspace run history operations: - method: GET name: list-workspace-runs description: List runs for a workspace call: hcp-terraform.list-workspace-runs with: workspace_id: rest.workspace_id outputParameters: - type: object mapping: $. - path: /v1/workspaces/{workspace_id}/state-versions name: state-versions description: Workspace state version history operations: - method: GET name: list-state-versions description: List state versions for a workspace call: hcp-terraform.list-state-versions with: workspace_id: rest.workspace_id outputParameters: - type: object mapping: $. - path: /v1/modules name: modules description: Terraform module discovery operations: - method: GET name: list-modules description: Browse Terraform modules from the registry call: terraform-registry.list-modules with: provider: rest.provider outputParameters: - type: object mapping: $. - path: /v1/modules/search name: module-search description: Search modules operations: - method: GET name: search-modules description: Search Terraform registry modules call: terraform-registry.search-modules with: q: rest.q outputParameters: - type: object mapping: $. - path: /v1/teams name: teams description: Team management operations: - method: GET name: list-teams description: List teams in an organization call: hcp-terraform.list-teams with: organization_name: rest.organization_name outputParameters: - type: object mapping: $. - path: /v1/policies name: policies description: Policy management operations: - method: GET name: list-policies description: List governance policies call: hcp-terraform.list-policies with: organization_name: rest.organization_name outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: terraform-automation-mcp transport: http description: MCP server for AI-assisted Terraform infrastructure automation. tools: - name: list-organizations description: List all Terraform organizations accessible with the current token hints: readOnly: true openWorld: true call: hcp-terraform.list-organizations outputParameters: - type: object mapping: $. - name: list-workspaces description: List Terraform workspaces in an organization hints: readOnly: true openWorld: true call: hcp-terraform.list-workspaces with: organization_name: tools.organization_name outputParameters: - type: object mapping: $. - name: get-workspace description: Get details of a specific Terraform workspace hints: readOnly: true openWorld: false call: hcp-terraform.get-workspace with: workspace_id: tools.workspace_id outputParameters: - type: object mapping: $. - name: create-workspace description: Create a new Terraform workspace hints: readOnly: false destructive: false call: hcp-terraform.create-workspace with: organization_name: tools.organization_name name: tools.name outputParameters: - type: object mapping: $. - name: lock-workspace description: Lock a Terraform workspace to prevent runs hints: readOnly: false destructive: false idempotent: true call: hcp-terraform.lock-workspace with: workspace_id: tools.workspace_id outputParameters: - type: object mapping: $. - name: unlock-workspace description: Unlock a Terraform workspace to allow runs hints: readOnly: false destructive: false idempotent: true call: hcp-terraform.unlock-workspace with: workspace_id: tools.workspace_id outputParameters: - type: object mapping: $. - name: create-run description: Trigger a new Terraform infrastructure run hints: readOnly: false destructive: false call: hcp-terraform.create-run with: workspace_id: tools.workspace_id message: tools.message outputParameters: - type: object mapping: $. - name: get-run description: Get the status and details of a Terraform run hints: readOnly: true openWorld: false call: hcp-terraform.get-run with: run_id: tools.run_id outputParameters: - type: object mapping: $. - name: apply-run description: Apply a Terraform run that is pending approval hints: readOnly: false destructive: false call: hcp-terraform.apply-run with: run_id: tools.run_id outputParameters: - type: object mapping: $. - name: discard-run description: Discard a pending Terraform run hints: readOnly: false destructive: true idempotent: false call: hcp-terraform.discard-run with: run_id: tools.run_id outputParameters: - type: object mapping: $. - name: list-workspace-runs description: List the run history for a Terraform workspace hints: readOnly: true openWorld: true call: hcp-terraform.list-workspace-runs with: workspace_id: tools.workspace_id outputParameters: - type: object mapping: $. - name: list-state-versions description: List state versions for a Terraform workspace hints: readOnly: true openWorld: true call: hcp-terraform.list-state-versions with: workspace_id: tools.workspace_id outputParameters: - type: object mapping: $. - name: list-teams description: List teams in a Terraform organization hints: readOnly: true openWorld: true call: hcp-terraform.list-teams with: organization_name: tools.organization_name outputParameters: - type: object mapping: $. - name: list-policies description: List governance policies (Sentinel/OPA) in an organization hints: readOnly: true openWorld: true call: hcp-terraform.list-policies with: organization_name: tools.organization_name outputParameters: - type: object mapping: $. - name: search-modules description: Search Terraform Registry for reusable infrastructure modules hints: readOnly: true openWorld: true call: terraform-registry.search-modules with: q: tools.q provider: tools.provider outputParameters: - type: object mapping: $. - name: list-module-versions description: List available versions of a Terraform module hints: readOnly: true openWorld: false call: terraform-registry.list-module-versions with: namespace: tools.namespace name: tools.name provider: tools.provider outputParameters: - type: object mapping: $. - name: get-module-version description: Get details for a specific version of a Terraform module hints: readOnly: true openWorld: false call: terraform-registry.get-module-version with: namespace: tools.namespace name: tools.name provider: tools.provider version: tools.version outputParameters: - type: object mapping: $.