Terraform Stacks
Poll HCP Terraform Stack deployment and configuration state via the API when CLI watch commands block in CI or agent runs.
Overview
Terraform Stacks is an agent skill most often used in Operate (also Ship) that documents HCP Terraform API monitoring for Stack deployments in non-interactive CI and agent workflows.
Install
npx skills add https://github.com/hashicorp/agent-skills --skill terraform-stacksWhat is this skill?
- Documents HCP Terraform API workflows instead of blocking `terraform stacks * watch` CLI streams
- Covers authentication from `~/.terraform.d/credentials.tfrc.json` or `TFC_TOKEN`
- Targets CI/CD, automation scripts, and non-interactive AI agent environments
- Includes detailed endpoint reference for deployment runs, groups, and configuration
- Notes for AI agents on polling, retries, and parallel multi-Stack monitoring
- 3 CLI watch commands called out as unsuitable for automation
Adoption & trust: 2.5k installs on skills.sh; 654 GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
What problem does it solve?
You need Stack deployment status in CI or an agent but `terraform stacks deployment-run watch` streams forever and never returns.
Who is it for?
Solo builders automating Terraform Stacks in GitHub Actions, agents, or internal tools that cannot use interactive CLI watch.
Skip if: Teams only authoring local `.tf` modules with no HCP Terraform Stacks or who are fine with manual interactive CLI sessions only.
When should I use this skill?
Running in CI/CD or automation where Terraform Stacks CLI watch commands block or stream indefinitely.
What do I get? / Deliverables
You can authenticate to the HCP Terraform API, poll deployment and configuration endpoints, and automate monitoring without blocking watch commands.
- API polling workflow
- Authenticated request patterns
- Automation-safe monitoring steps
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Stack deployment monitoring is a production and pipeline concern once infrastructure is defined and releases are automated. Canonical shelf is operate/monitoring because the skill documents programmatic status checks rather than authoring Terraform modules.
Where it fits
Gate a release job until the Stack deployment run API reports success before promoting artifacts.
Poll deployment-group endpoints on a schedule to alert when a production Stack apply fails.
Track configuration watch state via API while an agent applies stack changes overnight.
Prototype a small status dashboard that lists multiple Stacks for your side project.
How it compares
Use this API reference instead of assuming Terraform CLI watch commands work in headless automation.
Common Questions / FAQ
Who is terraform-stacks for?
Indie builders and small teams using HCP Terraform Stacks who need programmatic deployment monitoring in CI/CD or AI coding agents.
When should I use terraform-stacks?
Use it in Ship when wiring release pipelines to verify Stack runs, and in Operate when monitoring ongoing deployments, configuration applies, or multiple Stacks without CLI watch.
Is terraform-stacks safe to install?
Review the Security Audits panel on this Prism page; the skill involves API tokens and cloud control-plane access, so treat credentials as secrets and scope tokens minimally.
SKILL.md
READMESKILL.md - Terraform Stacks
# API Monitoring Reference Complete guide for monitoring Terraform Stack deployments using the HCP Terraform API. Use this approach for automation, CI/CD pipelines, and non-interactive environments like AI agents. ## Table of Contents 1. [When to Use the API](#when-to-use-the-api) 2. [Authentication](#authentication) 3. [API Monitoring Workflow](#api-monitoring-workflow) 4. [Detailed Endpoint Reference](#detailed-endpoint-reference) 5. [Notes for AI Agents and Automation](#notes-for-ai-agents-and-automation) ## When to Use the API Use the HCP Terraform API instead of CLI commands when: - Running in non-interactive environments (CI/CD, automation scripts) - Building tools or integrations that need programmatic access - Monitoring multiple Stacks simultaneously - Implementing custom retry logic or error handling - Working in environments where streaming CLI commands don't work **CLI commands that don't work in automation:** - `terraform stacks deployment-run watch` - Streams output, blocks indefinitely - `terraform stacks deployment-group watch` - Streams output, blocks indefinitely - `terraform stacks configuration watch` - Streams output, blocks indefinitely ## Authentication ### Extract API Token from Credentials File ```bash TOKEN=$(jq -r '.credentials["app.terraform.io"].token' ~/.terraform.d/credentials.tfrc.json) ``` ### Alternative: Use Environment Variable ```bash export TFC_TOKEN="your-token-here" TOKEN=$TFC_TOKEN ``` ### API Request Headers All API requests require these headers: ```bash -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/vnd.api+json" ``` ## API Monitoring Workflow After uploading a configuration with `terraform stacks configuration upload`, follow this sequence to monitor deployment progress: ### Step 1: Get Configuration Status **Endpoint:** `GET /api/v2/stack-configurations/{configuration-id}` **Purpose:** Verify configuration upload completed successfully and get the configuration details. **Request:** ```bash curl -s -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/vnd.api+json" \ "https://app.terraform.io/api/v2/stack-configurations/{configuration-id}" | jq '.' ``` **Response Fields:** - `attributes.status` - Configuration processing status (pending/completed) - `attributes.sequence-number` - Version number of this configuration - `attributes.components-detected` - Number of components found - `attributes.deployments-detected` - Number of deployments found **Example Response:** ```json { "data": { "id": "stc-ABC123", "type": "stack-configurations", "attributes": { "status": "completed", "sequence-number": 5, "components-detected": 3, "deployments-detected": 2, "created-at": "2024-01-15T10:30:00.000Z", "updated-at": "2024-01-15T10:30:45.000Z" } } } ``` ### Step 2: Get Deployment Group Summaries **Endpoint:** `GET /api/v2/stack-configurations/{configuration-id}/stack-deployment-group-summaries` **Purpose:** Get list of deployment groups, their IDs, and current status summary. **Request:** ```bash curl -s -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/vnd.api+json" \ "https://app.terraform.io/api/v2/stack-configurations/{configuration-id}/stack-deployment-group-summaries" | jq '.' ``` **Response Fields:** - `id` - Deployment group ID (needed for next step) - `attributes.name` - Deployment group name (e.g., `dev_default`) - `attributes.status` - Overall status (running/succeeded/failed) - `attributes.status-counts` - Breakdown of deployment statuses **Example Response:** ```json { "data": [ { "id": "sdg-XYZ789", "type": "stack-deployment-group-summaries", "attributes": { "name": "dev_default", "status": "running", "status-counts": { "pending": 0, "running": 1, "succeeded": 1, "failed": 0 } } } ] } ``` ### Step 3: Get Deployment Runs **Endpoint:** `G