Summary

Vigilante should support Terraform repositories with a dedicated Terraform-focused implementation skill that teaches coding agents to follow Terraform's idiomatic workflow, validate changes safely, and account for current Terraform security and state-handling posture during infrastructure changes.

Problem

• Vigilante currently has no Terraform-specific implementation skill.
• That makes coding agents more likely to miss Terraform-specific workflows such as terraform fmt, terraform validate, provider/module version hygiene, and careful handling of state, secrets, and policy checks.
• Terraform changes carry infrastructure risk and should not be treated like generic config edits.

Context

• HashiCorp's current Terraform language/style documentation reflects the idiomatic structure and formatting expectations for Terraform configuration.
• HashiCorp's recommended-practices material emphasizes consistent workflows, reducing manual drift, and reproducible infrastructure changes.
• Many Terraform repositories also use tflint, tfsec, or policy tools, but Vigilante should prefer repo-defined workflows rather than forcing them.

Reference Material

• Terraform style/syntax: https://developer.hashicorp.com/terraform/language/syntax/configuration
• Terraform CLI code commands: https://developer.hashicorp.com/terraform/cli/code
• Terraform recommended practices: https://developer.hashicorp.com/terraform/cloud-docs/recommended-practices
• Terraform security model: https://developer.hashicorp.com/terraform/cloud-docs/architectural-details/security-model
• Module creation recommended pattern: https://developer.hashicorp.com/terraform/tutorials/modules/pattern-module-creation
• TFLint: https://github.com/terraform-linters/tflint
• tfsec: https://aquasecurity.github.io/tfsec/

Desired Outcome

• Vigilante can detect Terraform repositories and attach a Terraform-focused implementation skill or equivalent prompt layer.
• The guidance tells the coding agent to use idiomatic Terraform formatting and validation workflows and to account for state/security posture.
• The guidance is concise and does not broaden scope into unrelated architecture redesign.
• Existing operational policies, including vigilante commit, remain intact.

Implementation Notes

• Detect Terraform repositories using signals such as .tf files, terraform blocks, module layout, or standard Terraform directory structure.
• Distill Terraform-specific execution rules for coding agents. Required areas to cover include:
  • formatting with terraform fmt
  • validation with terraform validate
  • targeted plan/test/lint workflows where the repo defines a safe local path
  • careful handling of provider and module version constraints, state-sensitive changes, and secret-safe patterns
  • repo-standard tools such as tflint, tfsec, or policy tooling only when the repo already uses them or the issue standardizes them
  • avoiding unsafe assumptions about cloud credentials, remote state, or destructive changes
• Preserve repo-specific instructions as authoritative over generic Terraform guidance.
• Preserve commit-path constraints: use vigilante commit only.

Acceptance Criteria

• Vigilante can recognize Terraform repositories and attach Terraform-specific implementation guidance.
• A dedicated Terraform-focused implementation skill or equivalent prompt layer exists.
• The guidance covers terraform fmt, terraform validate, and current Terraform security/state posture.
• Existing issue-comment, validation-reporting, push/PR, and vigilante commit policies continue to apply.

Testing Expectations

• Add or update tests for Terraform repository detection and skill or prompt selection.
• Add or update tests for prompt content so Terraform repositories receive expected validation and security guidance and unrelated repositories do not.
• Cover regressions where the Terraform guidance is missing or incorrectly injected.

Operational / UX Considerations

• Keep the skill implementation-focused; do not require plan/apply execution unless the repository already has a safe validated local workflow.
• Prefer repo-defined lint/policy tooling over generic assumptions.