An interactive terminal UI for Terraform plan output β Think k9s for Terraform plans.
Transform wall-of-text terraform plan output into a navigable, filterable, searchable interface.
- π― Interactive Navigation β Browse resources with vim-style keybindings (j/k/g/G)
- π Filter & Search β Filter by action type (create/update/delete/replace), search by resource name
- π Module Grouping β Organize resources by module with expand/collapse
β οΈ Risk Analysis β Automatic risk scoring based on destructive operations and security changes- π Security Highlighting β Flags potentially dangerous changes (0.0.0.0/0 CIDR, public access, encryption disabled)
- π€ Export β Generate markdown summaries for PR comments
- β‘ Fast β Instant startup, smooth scrolling, handles 100+ resource changes
- π¨ Adaptive Colors β Works on both light and dark terminals
go install github.com/hashicorp/tf-plan-tui@latestgit clone https://github.com/hashicorp/tf-plan-tui.git
cd tf-plan-tui
make installDownload from releases.
# From a saved plan file
terraform plan -out=tfplan
tf-plan-tui --plan tfplan
# From JSON
terraform show -json tfplan > plan.json
tf-plan-tui --json plan.json
# Pipe from stdin
terraform show -json tfplan | tf-plan-tui -
# Auto-run mode (runs terraform plan for you)
tf-plan-tuitf-plan-tui [file] # Launch interactive TUI
tf-plan-tui --json plan.json # From JSON file
tf-plan-tui --plan tfplan # From binary plan file
tf-plan-tui --filter create # Pre-filter to creates only
tf-plan-tui --dir ./infra/prod # Run in specific directory| Key | Action |
|---|---|
j/k or β/β |
Navigate up/down |
g/G |
Jump to top/bottom |
Ctrl+U/D |
Half-page scroll |
Tab |
Switch between resource list and detail pane |
Enter |
Expand/collapse module (when grouped) |
f |
Cycle through filters |
0-4 |
Quick filter (0=all, 1=create, 2=update, 3=delete, 4=replace) |
/ |
Search (type to filter, Esc to cancel) |
m |
Toggle module grouping |
r |
Show risk analysis |
e |
Export as markdown |
? |
Show help |
q or Ctrl+C |
Quit |
# Generate markdown summary
tf-plan-tui --json plan.json --export-md > summary.md
# Export JSON for CI/CD
tf-plan-tui --json plan.json --export-json > plan-data.jsonExample markdown output:
## π Terraform Plan Summary
**Risk Score:** β οΈ **HIGH** 72/100
| Action | Count |
|--------|-------|
| π’ Create | 12 |
| π‘ Update | 18 |
| π΄ Delete | 5 |
| β οΈ Replace | 8 |
| **Total** | **43** |
### β οΈ Risk Factors
- Database deletion/replacement: module.db.aws_db_instance.main
- Network infrastructure change: module.vpc.aws_vpc.main
- Security-relevant change in aws_security_group.web: ingress.0.cidr_blocks# Check risk score (useful in CI pipelines)
tf-plan-tui --json plan.json --risk-only
# Output:
# Risk Score: 72/100 (high)
#
# Risk Factors:
# - Database deletion/replacement: module.db.aws_db_instance.main
# - 5 resource(s) will be deleted
# Use in CI
if tf-plan-tui --json plan.json --risk-only | grep -q "critical"; then
echo "Critical risk detected, manual approval required"
exit 1
fiThe tool automatically calculates a risk score (0-100) based on:
- Destructive operations: Deletes (10 pts each), Replaces (15 pts each)
- Critical resources: Databases (+20), Networks (+15), IAM (+10), Storage (+10)
- Security changes: CIDR to 0.0.0.0/0, publicly_accessible=true, encryption disabled
- Plan volume: Large plans (>20 changes) add risk points
| Score | Level | Indicator |
|---|---|---|
| 0-39 | Low | β |
| 40-69 | Medium | β‘ |
| 70-89 | High | |
| 90-100 | Critical | β |
The tool highlights potentially dangerous configuration changes:
β οΈ Network: CIDR blocks opening to 0.0.0.0/0β οΈ Encryption: Encrypted resources becoming unencryptedβ οΈ Access: publicly_accessible changing from false to trueβ οΈ Protection: deletion_protection disabledβ οΈ IAM: Wildcard actions in policies
These are highlighted in red in the detail pane with a "SECURITY" tag.
# 1. Make infrastructure changes
vim main.tf
# 2. Preview in TUI
tf-plan-tui
# 3. Filter to just creates and updates
# (Press 'f' to cycle filters)
# 4. Check risk score
# (Press 'r')
# 5. Export for PR
# (Press 'e')
# 6. Apply changes
terraform apply tfplan# .github/workflows/terraform.yml
- name: Terraform Plan
run: terraform plan -out=tfplan
- name: Generate Plan Summary
run: |
terraform show -json tfplan > plan.json
tf-plan-tui --json plan.json --export-md > plan-summary.md
- name: Comment on PR
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('plan-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
- name: Check Risk Score
run: |
tf-plan-tui --json plan.json --risk-only
RISK=$(tf-plan-tui --json plan.json --risk-only | grep "Risk Score" | awk '{print $3}' | cut -d'/' -f1)
if [ $RISK -gt 70 ]; then
echo "::warning::High risk score: $RISK"
fi# Working with a 200+ resource plan
tf-plan-tui --json large-plan.json
# Toggle module grouping (press 'm') to organize by module
# Search for specific resources (press '/')
# Scroll detail pane independently (Tab to switch, then j/k to scroll)NO_COLOR=1β Disable colors (same as --no-color flag)
- Go 1.21+
- Terraform (for testing auto-run mode)
make build # Build binary
make test # Run tests
make lint # Run linter
make run # Run with test data
make install # Install to $GOPATH/binmake test # All tests with race detector
make test-short # Quick tests
make coverage # Generate coverage reporttf-plan-tui/
βββ cmd/ # CLI entry point
β βββ root.go
βββ internal/
β βββ parser/ # Terraform JSON parsing
β βββ tui/ # Bubble Tea UI
β βββ plan/ # Risk analysis & export
βββ testdata/ # Test fixtures
βββ Makefile
- Mouse support
- Copy to clipboard (y key)
- Diff between two plans
- Watch mode (live updates)
- Custom risk rules via config file
- Remote state browsing
Contributions welcome! Please open an issue or PR.
Apache 2.0
Built with:
- Bubble Tea β TUI framework
- Lip Gloss β Styling
- Bubbles β Components
- Cobra β CLI
Inspired by k9s, lazydocker, and lazygit.
π€ Made with Claude Code