TerraShark addresses the significant issue of Large Language Models (LLMs) hallucinating when generating Terraform and OpenTofu code. It provides a specialized skill for AI assistants like Claude Code and Codex, grounding IaC generation in HashiCorp's official best practices. This results in more modular, secure, and reliable infrastructure code by eliminating common AI errors and promoting a security-first design.

How It Works

The core of TerraShark is a "failure-mode workflow" combined with "Conditional Reference Retrieval (CRR)". Instead of dumping extensive documentation, it guides the AI through diagnosing potential failure modes (e.g., identity churn, secret exposure) before loading only the most relevant, granular reference materials. This diagnostic-first approach, coupled with a structured output contract detailing assumptions and rollback plans, ensures AI-generated IaC is robust, secure, and efficient in token usage.

Quick Start & Requirements

Installation is straightforward, offering multiple options: cloning the repository directly into AI skill directories (~/.claude/skills/terrashark), using Claude Code's plugin marketplace (/plugin marketplace add LukasNiessen/terrashark), or integrating into project roots for Codex. Setup is designed to be rapid, with a claimed "2 min Quickstart." Primary environments are Claude Code and Codex. Official documentation and demos are available via links within the README.

Highlighted Details

• Failure-Mode Workflow: Prioritizes AI diagnosis of risks before code generation.
• Output Contract: Generated code includes explicit assumptions, tradeoffs, validation steps, and rollback notes.
• Token Efficiency: Achieves over 7x leaner activation (~600 tokens) compared to alternatives by loading only necessary, granular references.
• Compliance Mapping: Integrates explicit mappings for major compliance frameworks like ISO 27001, SOC 2, FedRAMP, GDPR, PCI DSS, and HIPAA.
• Trusted Module Awareness: Defaults to using mature vendor and community modules for AWS, Azure, GCP, OCI, and IBM Cloud to reduce hallucination surfaces.

Maintenance & Community

The project is actively maintained by LukasNiessen, janMagnusHeimann, and TristanKruse. Community engagement is fostered through GitHub Discussions, and the project's popularity is reflected in its GitHub stars.

Licensing & Compatibility

TerraShark is released under the MIT license, which permits broad use, including commercial applications and integration into closed-source projects, with minimal restrictions.

Limitations & Caveats

The project intentionally omits support for cloud provider ecosystems beyond AWS, Azure, GCP, Oracle Cloud, and IBM Cloud, citing their module programs as less mature. This may limit its direct applicability for users heavily invested in other cloud platforms like Alibaba Cloud or DigitalOcean.