Roadmap

The original four phases, complete: prove the accuracy moat with a measured benchmark, make every finding fixable and teachable, go deep on IAM the way attackers do, and guard against the credential / bill-shock incident.

When the code author is an agent, the reviewer must be consumable by the agent. audytx is now an MCP server — the same engine the GitHub App runs, callable before the PR exists. One line of config, no CI, no token:

• claude mcp add --transport http audytx https://audytx.com/mcp
• scan_terraform — findings with file:line evidence, severity, fix snippets, and the context-suppressed findings with their rationale
• autofix_terraform — the server applies the precisely-anchored sound fixes, re-scans, loops; returns fixed files + what remains. Same soundness bar as GitHub one-click suggestions: never a corrupting edit

Turn the internal benchmark into a publishable, attack-proof artifact: label ground truth on the IAM corpus against its documented privilege-escalation paths so every tool gets a true precision/recall score (not a raw finding count), re-pull all corpora from SARIF like-for-like, and publish the harness with the write-up.

A check-run per scan so a failed or skipped scan is a visible status instead of silence, and real usage telemetry (installs → scans → outcomes). A reviewer you can't tell is working is a reviewer you stop trusting.

GitHub Marketplace listing, the published benchmark, and the MCP endpoint announced where agent builders look. Zero-setup only matters if you can find the thing to not-set-up.

Generate Terraform from frontier models against realistic infra prompts, catalog the characteristic failure modes (plausible-but-overbroad IAM, hallucinated module arguments, missing companion resources), calibrate the engine against them — and publish "what AI-generated Terraform gets wrong." The test corpus of the market that's coming, re-run per model generation.

Expand registry module calls (starting with the most-used terraform-aws-modules), resolve variable defaults / tfvars / locals, and handle count/for_each. Real repos — and AI-generated ones especially — compose modules heavily; this raises the ceiling of every reasoning axis and attack path on real-world code.

Wildcard action expansion against a real service-action table, Condition / NotAction / permission-boundary math, identity×resource-policy intersection. Attack paths become graph reachability over effective permissions instead of curated patterns — found by search, not by hand-written rules.

Every context-suppression is a potential false negative, so the suppressions get their own adversarial test suite: for each axis, real HCL where the suppression must not fire — published as a false-negative rate alongside the false-positive benchmark. Precision and recall of the reasoning itself.

Accept terraform plan JSON via an Actions artifact as a secondary, never-required input — it resolves what HCL heuristics can't (final computed values, count expansion). Mandatory plan ingestion stays off the table: it kills zero-setup.

Before/after cost delta fused with security context ("expensive AND cryptojacking-shaped"), then the org layer: merge gates on Critical findings, cross-PR baselines, compliance evidence export, multi-repo visibility. Explicitly demand-gated — individual devs and agents have to love it first.