MCP · AI agents · Terraform security

Secure AI-generated Terraform — the MCP server for coding agents

AI coding agents write Terraform in seconds and open a verification gap that most teams don't review before the PR is merged. audytx closes that gap: the same engine that powers the GitHub App runs as a stateless MCP server at https://audytx.com/mcp, callable from Claude Code, Cursor, and any MCP-compatible agent — with the same cross-resource reasoning, the same 247 rules, and a sound autofix loop.

The AI-Terraform verification gap

AI agents generate valid-looking Terraform fast — but "valid" and "secure" are not the same thing.

Research — ICSE 2026 · IaC-Eval benchmark
LLMs score below 35% on the IaC-Eval benchmark for infrastructure-as-code correctness, with security misconfigurations among the most common failure modes.
IaC-Eval: A Multi-Dimensional Evaluation Framework for Infrastructure-as-Code Generation — ICSE 2026
Real-world incident · Sysdig threat research
An AI-generated Terraform configuration granted IAMFullAccess to a publicly-accessible, unauthenticated Lambda function — leading to admin access within 8 minutes of deployment.
Sysdig Threat Research Team — documented incident, 2024

The gap

An agent writes a .tf file, the developer reviews the diff, it looks fine, the PR merges. The IAM PassRole chain that creates a privesc path isn't obvious from reading the file — it requires reasoning across three resources the agent touched.

The fix

The agent that wrote the Terraform calls scan_terraform before submitting the PR. It gets file/line anchors, severity, and rationale for every finding — plus the suppressed false positives with their reasoning — and fixes them in the same session.

Adding audytx to your AI coding agent

No API key, no token, no install — just point your agent at the endpoint.

01

Add the MCP server

# Claude Code
claude mcp add --transport http audytx https://audytx.com/mcp

# Or in your claude_desktop_config.json / .cursor/mcp.json:
{
  "audytx": {
    "command": "npx",
    "args": ["-y", "@modelcontextprotocol/client-http", "https://audytx.com/mcp"]
  }
}

The server is stateless — no session, no auth, no persistent connection. Each call is a single HTTP POST with JSON-RPC.

02

Scan Terraform files

# The agent calls scan_terraform with your .tf content
{
  "tool": "scan_terraform",
  "files": {
    "main.tf": "resource \"aws_iam_role\" ...",
    "lambda.tf": "resource \"aws_lambda_function\" ..."
  }
}

Pass any number of .tf files. Cross-resource reasoning works across all files in the call — same as the GitHub App which reads the whole-repo tree.

03

Get findings + suppressed false positives

Each finding includes: resource name, file path, line number, severity, rule ID, human-readable description, and a sound fix suggestion. Suppressed findings include the suppression axis and rationale — the agent can see what was reasoned away and why.

MCP tools

scan_terraform

Runs the full audytx engine on the provided Terraform files and returns structured findings.

  • Findings with file path + line number — not just a resource name
  • Severity: CRITICAL, HIGH, MEDIUM, LOW
  • Sound fix suggestion for applicable findings
  • Context-suppressed false positives with their rationale — each suppression axis named
  • Optional: pass plan_json from terraform plan -out plan.json for resolved-value precision (variables, count, module internals)
autofix_terraform

Applies sound, precisely-anchored fixes to the Terraform files, then re-scans. Loops until clean or no further sound fixes remain (max 3 passes).

  • Only applies sound fixes — never a corrupting or partial edit
  • Re-scans after each pass — a fix that introduces a new finding is caught
  • Returns the fixed files + the final findings set
  • Fixes are anchored to exact attribute lines — no reformatting, no structural rewrites
The autofix soundness gates are the same gates the GitHub App uses for one-click suggestions in PR comments. Only fixes that are provably safe at the attribute level are applied — no regex substitutions, no AI-generated content, no speculative changes.

Optional: plan-enhanced scans

Terraform variables, count, and module outputs are opaque to static analysis — var.environment in a tag condition can't be resolved without a plan. If you run terraform plan, feed the output to audytx for resolved-value precision. 

# 1. Generate the plan JSON
terraform init && terraform plan -out plan.tfplan
terraform show -json plan.tfplan > plan.json

# 2. Pass it to scan_terraform
{
  "tool": "scan_terraform",
  "files": { "main.tf": "..." },
  "plan_json": "{ ... contents of plan.json ... }"
}

Without a plan, audytx marks findings that depend on unresolved values as Incomplete — it flags what it can prove, not what it guesses. With the plan, those findings become precise.

What the GitHub App adds

The MCP path and the GitHub App path use the exact same engine. The difference is context, not capability.

MCP path (agent use)

No repo identity, no diff. The agent passes files directly. No baseline suppressions (no repo to load them from). Best for: catching issues before the PR, in-agent autofix loops, CI-independent checks.

GitHub App (PR review)

Whole-repo tree fetched at PR time. Diff-scoped findings (only changed files surface). Baseline suppressions from .audytx-baseline.yaml. SARIF to Code Scanning. One PR comment per scan.

For full coverage: use the MCP server during development (agent writes + checks), then the GitHub App catches anything the agent missed before merge.

Add audytx to your agent today

The MCP server is live, free, and requires no setup. Your agent is one command away from full Terraform security analysis.

Install GitHub App free MCP documentation →

claude mcp add --transport http audytx https://audytx.com/mcp