Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

cloudvoyant/terraform

Name: terraform
Author: cloudvoyant

skills/terraform/SKILL.md

npx skillsauth add cloudvoyant/codevoyant terraform

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

terraform

Patterns for structuring and maintaining Terraform configurations. Core conventions are cloud-agnostic; cloud-specific recipes cover GCP (nv-gcp-template) and AWS.

When to load recipes

| You are working on… | Load recipe | |---|---| | Directory structure and module layout | references/recipes/structure.md | | GCP backend (GCS) and workspace management | references/recipes/gcp-backend-workspaces.md | | GCP variable and tfvars management | references/recipes/gcp-variables.md | | AWS backend (S3) and workspace management | references/recipes/aws-backend-workspaces.md | | AWS variable and provider setup | references/recipes/aws-variables.md |

For mise task wrappers (tf-init, tf-plan, tf-apply, tf-destroy) see the mise skill — recipes terraform-gcp and terraform-aws.

Core Conventions

Infrastructure lives in infra/ at the repo root
Split into infra/shared/ (one-time shared resources) and infra/environments/ (per-workspace deployments)
Environments map to Terraform workspaces: dev, stage, prod, preview-*
Variables passed via -var flags in mise tasks — never via committed terraform.tfvars
Secrets injected at deploy time via TF_VAR_* env vars (CI) or cloud-native secret stores (runtime)
Provider pinned with required_providers in versions.tf; Terraform version pinned to major in mise.toml
Backends created via idempotent mise tasks with delete protection enabled — never created manually

Directory Structure

infra/
  shared/                    ← one-time shared resources (CDN, registry, IAM)
    main.tf
    variables.tf
    outputs.tf
    providers.tf
    backend.tf
    versions.tf
    terraform.tfvars.example ← gitignored tfvars go alongside (never committed)

  environments/              ← per-environment resources (Cloud Run, storage, secrets)
    main.tf
    variables.tf
    outputs.tf
    providers.tf
    backend.tf
    versions.tf

  modules/                   ← reusable modules
    cdn/
    storage-bucket/
    nv-fullstack-app/

Backend

GCS backend with workspace support:

# infra/environments/backend.tf
terraform {
  backend "gcs" {
    # Bucket and prefix passed via -backend-config during tf-init
    # State paths:
    #   ${GCP_PROJECT_ID}/${PROJECT}/env:/dev/default.tfstate
    #   ${GCP_PROJECT_ID}/${PROJECT}/env:/stage/default.tfstate
  }
}

Never hardcode the bucket name — it's passed by mise run tf-init.

Variables

Standard variable set for GCP environments:

variable "project"                       { type = string }
variable "gcp_project_id"               { type = string }
variable "gcp_region"                   { type = string }
variable "environment_name"             { type = string }  # dev | stage | prod | preview-*
variable "app_image"                    { type = string; default = "" }  # set via TF_VAR_app_image in CI
variable "gcp_devops_project_id"        { type = string }
variable "gcp_devops_docker_registry_name" { type = string }

app_image defaults to empty — CI sets TF_VAR_app_image to the built image tag.

Provider

# infra/environments/providers.tf
provider "google" {
  project = var.gcp_project_id
  region  = var.gcp_region

  default_labels = {
    project     = var.project
    environment = var.environment_name
    managed_by  = "terraform"
  }
}

Always set default_labels so every GCP resource carries environment and project metadata.

Common Pitfalls

Never commit terraform.tfvars — use .example files and pass vars via mise tasks
Never commit .tfstate files — state lives in GCS
Reset .terraform/environment to default before terraform init in non-TTY contexts (CI) to avoid stale workspace prompts
terraform init -reconfigure required when switching backends or prefixes
Use TF_VAR_* env vars for CI secrets, not -var flags in scripts that might end up in logs

cloudvoyant/terraform

skills/terraform/SKILL.md

Terraform authoring patterns — directory structure, backend config, workspace-per-environment, variable management, and mise task wrappers for GCP and AWS. Load when writing .tf files, configuring backends, managing workspaces, or running tf-init/tf-plan/tf-apply tasks.

development

Updated Jun 1, 2026

$ install --global

skillsauth

npx skillsauth add cloudvoyant/codevoyant terraform

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 1, 2026, 3:15 AM115.8s6 files scanned

SKILL.md

name:: terraform
description:: Terraform authoring patterns — directory structure, backend config, workspace-per-environment, variable management, and mise task wrappers for GCP and AWS. Load when writing .tf files, configuring backends, managing workspaces, or running tf-init/tf-plan/tf-apply tasks.
license:: MIT
compatibility:: Works on Claude Code, OpenCode, GitHub Copilot (VS Code), and Codex. No platform-specific features used.

terraform

Patterns for structuring and maintaining Terraform configurations. Core conventions are cloud-agnostic; cloud-specific recipes cover GCP (nv-gcp-template) and AWS.

When to load recipes

For mise task wrappers (tf-init, tf-plan, tf-apply, tf-destroy) see the mise skill — recipes terraform-gcp and terraform-aws.

Core Conventions

Infrastructure lives in infra/ at the repo root
Split into infra/shared/ (one-time shared resources) and infra/environments/ (per-workspace deployments)
Environments map to Terraform workspaces: dev, stage, prod, preview-*
Variables passed via -var flags in mise tasks — never via committed terraform.tfvars
Secrets injected at deploy time via TF_VAR_* env vars (CI) or cloud-native secret stores (runtime)
Provider pinned with required_providers in versions.tf; Terraform version pinned to major in mise.toml
Backends created via idempotent mise tasks with delete protection enabled — never created manually

Directory Structure

infra/
  shared/                    ← one-time shared resources (CDN, registry, IAM)
    main.tf
    variables.tf
    outputs.tf
    providers.tf
    backend.tf
    versions.tf
    terraform.tfvars.example ← gitignored tfvars go alongside (never committed)

  environments/              ← per-environment resources (Cloud Run, storage, secrets)
    main.tf
    variables.tf
    outputs.tf
    providers.tf
    backend.tf
    versions.tf

  modules/                   ← reusable modules
    cdn/
    storage-bucket/
    nv-fullstack-app/

Backend

GCS backend with workspace support:

# infra/environments/backend.tf
terraform {
  backend "gcs" {
    # Bucket and prefix passed via -backend-config during tf-init
    # State paths:
    #   ${GCP_PROJECT_ID}/${PROJECT}/env:/dev/default.tfstate
    #   ${GCP_PROJECT_ID}/${PROJECT}/env:/stage/default.tfstate
  }
}

Never hardcode the bucket name — it's passed by mise run tf-init.

Variables

Standard variable set for GCP environments:

variable "project"                       { type = string }
variable "gcp_project_id"               { type = string }
variable "gcp_region"                   { type = string }
variable "environment_name"             { type = string }  # dev | stage | prod | preview-*
variable "app_image"                    { type = string; default = "" }  # set via TF_VAR_app_image in CI
variable "gcp_devops_project_id"        { type = string }
variable "gcp_devops_docker_registry_name" { type = string }

app_image defaults to empty — CI sets TF_VAR_app_image to the built image tag.

Provider

# infra/environments/providers.tf
provider "google" {
  project = var.gcp_project_id
  region  = var.gcp_region

  default_labels = {
    project     = var.project
    environment = var.environment_name
    managed_by  = "terraform"
  }
}

Always set default_labels so every GCP resource carries environment and project metadata.

Common Pitfalls

Never commit terraform.tfvars — use .example files and pass vars via mise tasks
Never commit .tfstate files — state lives in GCS
Reset .terraform/environment to default before terraform init in non-TTY contexts (CI) to avoid stale workspace prompts
terraform init -reconfigure required when switching backends or prefixes
Use TF_VAR_* env vars for CI secrets, not -var flags in scripts that might end up in logs

Related Skills

cloudvoyant/react

development

VerifiedTrustedCommunity

React patterns: Zustand state management, shadcn/ui + Tailwind CSS, React Three Fiber + Drei for 3D, folder structure, data fetching, and TypeScript conventions. Load when working on React projects (*.tsx) without SvelteKit.

SKILL.mdUpdated Jun 4, 2026

cloudvoyant/qa

development

VerifiedTrustedCommunity

QA workflows: investigate and document bugs, post issues to GitHub/GitLab/Linear, and run browser-agent smoke tests. Triggers on: 'qa debug', 'qa report', 'qa smoke', 'run smoke test', 'report bug', 'investigate issue'.

SKILL.mdUpdated Jun 4, 2026

cloudvoyant/python

tools

VerifiedTrustedCommunity

Python project patterns: uv package/workspace management, MLflow experiment tracking, Ray distributed computing, Nvidia Warp GPU kernels, Pydantic validation, Click CLIs, and service architecture. Load when writing Python with pyproject.toml or uv.lock.

SKILL.mdUpdated Jun 4, 2026

cloudvoyant/pr

development

VerifiedTrustedCommunity

Code review workflows: create a draft PR/MR, generate AI-powered inline review comments, address change requests, or complete a draft review. Triggers on: "pr open", "pr new", "pr review", "pr address", "pr complete", "open a PR", "create a draft PR", "code review", "pr mr", "pr this PR", "address pr comments", "fix review comments", "complete draft review", "publish review".

SKILL.mdUpdated Jun 4, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/cloudvoyant/codevoyant.git

# Copy into Claude Code skills folder (global)
cp -r codevoyant/skills/terraform ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

cloudvoyant/codevoyant

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT