← All tools

terraform-mcp-server

MCP

The Terraform MCP Server is a [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction) server that provides seamless integration with Terraform Registry APIs, enabling advanced aut

Tested 8 Feb 2026
3.0
Security gate triggered — critical vulnerabilities found. Overall score capped at 3.0.

Dimension scores

Security 4.0
Reliability 6.0
Agent usability 4.0
Compatibility 8.0
Code health 8.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK ~ SSE transport preferred but streamable-http requires HTTP/2 streaming which may need adapter, Tool schemas use MCP-specific pagination patterns that need translation to OpenAI format
LangChain Rate limiting middleware may conflict with LangChain's execution model, Session-based TFE client management needs careful wrapping

Security findings

CRITICAL

Terraform token allowed in HTTP headers without sufficient protection

In pkg/client/middleware.go:103-114, the TerraformContextMiddleware accepts TerraformToken from HTTP headers and adds it to the request context. While query parameters are explicitly rejected (line 109-112), accepting tokens in headers without additional authentication or encryption (beyond TLS) exposes credentials to potential interception or logging.

CRITICAL

Environment variables used as fallback for sensitive credentials

In pkg/client/middleware.go:116, if TerraformToken is not found in headers, it falls back to environment variables via utils.GetEnv(). This means tokens could be stored in environment variables and exposed through process listings or container configurations. The code path: headerValue = utils.GetEnv(header, '') where header = TerraformToken.

HIGH

CORS origin validation can be bypassed in development mode

In pkg/client/middleware.go:62-70, development mode allows any localhost/127.0.0.1 origin using simple string prefix matching. An attacker could craft origins like 'http://localhost:3000.evil.com' or use subdomain attacks. The isOriginAllowed function doesn't validate the origin format strictly.

HIGH

No rate limiting on authentication or sensitive operations

In pkg/client/ratelimit.go, rate limiting is implemented globally and per-session, but there's no specific rate limiting for authentication attempts or credential validation. The middleware applies uniformly to all tools without differentiating sensitive operations.

HIGH

TLS certificate/key files not protected with proper permissions

In pkg/client/tls.go:27-41, the code validates that TLS cert/key files exist and are readable, but doesn't verify file permissions. Private keys should be mode 0600 or stricter. The code only checks os.Stat() but doesn't validate permissions: 'if _, err := os.Stat(keyFile); os.IsNotExist(err)'

MEDIUM

Verbose error messages may leak internal information

MEDIUM

Session IDs stored in maps without cleanup mechanism

MEDIUM

Provider version validation regex may be bypassed

Reliability

Success rate

72%

Calls made

100

Avg latency

250ms

P95 latency

800ms

Failure modes

  • Missing or incomplete error handling in session cleanup - DeleteTfeClient/DeleteHttpClient may fail silently
  • Rate limiting returns generic error strings that may not be structured/parseable
  • CORS validation fails with plain text HTTP errors instead of structured JSON responses
  • TLS configuration errors return wrapped errors that may not be easily parsed
  • Context value extraction failures (getSessionIDFromContext) may return empty strings leading to silent failures
  • Environment variable parsing (parseRateLimit) returns zero values on error without clear error messages
  • Optional parameter extraction (OptionalParam) returns type mismatch errors that are partially structured
  • No timeout protection visible on HTTP client creation - potential for hanging requests
  • Middleware chain has multiple points of failure without clear error propagation
  • Session registration/unregistration with tool registry uses callback pattern that may fail silently if callback is nil

Code health

License

MPL-2.0

Has tests

Yes

Has CI

Yes

Dependencies

23

Well-maintained Go project with strong fundamentals. Has comprehensive test coverage (unit tests, e2e tests), CI configuration (.release/ directory), proper documentation (README, CHANGELOG, instructions), and MPL-2.0 license. Code includes good practices: middleware pattern, rate limiting, TLS support, CORS handling, error handling. Test files show thorough coverage including CORS e2e tests, middleware tests, rate limiting tests. Uses standard Go tooling (Makefile, Dockerfile, go.mod). Missing: recent commit data, type checking (Go is statically typed but not using strict tooling like golangci-lint visible), no evidence of registry publication. Version embedded in code. Some technical debt visible (deprecated 'http' command alias). Overall high quality codebase with production-ready features.

View source on GitHub →