/plugin marketplace add zircote/terraform-lsp/plugin install zircote-terraform-lsp@zircote/terraform-lspDefined in hooks/hooks.json
{
"PostToolUse": [
{
"hooks": [
{
"type": "command",
"command": "terraform fmt \"$CLAUDE_FILE_PATH\" 2>/dev/null || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "cd \"$(dirname \"$CLAUDE_FILE_PATH\")\" && terraform validate 2>&1 | head -20 || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "cd \"$(dirname \"$CLAUDE_FILE_PATH\")\" && [ ! -d .terraform ] && echo ' terraform init required - run: terraform init' || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v tflint >/dev/null && cd \"$(dirname \"$CLAUDE_FILE_PATH\")\" && tflint --format compact 2>&1 | head -30 || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v trivy >/dev/null && cd \"$(dirname \"$CLAUDE_FILE_PATH\")\" && trivy config --severity HIGH,CRITICAL --exit-code 0 . 2>&1 | head -30 || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v checkov >/dev/null && checkov -f \"$CLAUDE_FILE_PATH\" --compact --quiet 2>&1 | head -30 || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "grep -nE '(TODO|FIXME|XXX|HACK):?' \"$CLAUDE_FILE_PATH\" 2>/dev/null | head -10 || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "grep -inE '(password|secret|api_key|access_key|private_key)\\s*=' \"$CLAUDE_FILE_PATH\" 2>/dev/null && echo ' Sensitive data detected - ensure using sensitive = true or secrets manager' || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "terraform fmt \"$CLAUDE_FILE_PATH\" 2>/dev/null || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tfvars"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "grep -inE '(password|secret|api_key|access_key|private_key)\\s*=' \"$CLAUDE_FILE_PATH\" 2>/dev/null && echo ' Sensitive values detected - ensure this file is in .gitignore' || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".tfvars"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v terragrunt >/dev/null && terragrunt hclfmt \"$CLAUDE_FILE_PATH\" 2>/dev/null || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"pathPatterns": [
"**/terragrunt.hcl"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v terragrunt >/dev/null && cd \"$(dirname \"$CLAUDE_FILE_PATH\")\" && terragrunt validate 2>&1 | head -20 || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"pathPatterns": [
"**/terragrunt.hcl"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v terraform-docs >/dev/null && [ -f \"$(dirname \"$CLAUDE_FILE_PATH\")/README.md\" ] && echo \" Update docs: terraform-docs markdown . --output-file README.md\" || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"pathPatterns": [
"**/variables.tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "echo \" Preview changes: terraform plan\" || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"pathPatterns": [
"**/main.tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v infracost >/dev/null && echo \" Cost estimate: infracost breakdown --path .\" || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"pathPatterns": [
"**/main.tf"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "echo \" Update providers: terraform init -upgrade\" || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"pathPatterns": [
"**/.terraform.lock.hcl"
]
}
},
{
"hooks": [
{
"type": "command",
"command": "command -v markdownlint >/dev/null && markdownlint \"$CLAUDE_FILE_PATH\" 2>&1 | head -20 || true"
}
],
"matcher": "Write|Edit",
"conditions": {
"fileExtensions": [
".md"
]
}
}
]
}{
"riskFlags": {
"touchesBash": false,
"matchAllTools": false,
"touchesFileWrites": true
},
"typeStats": {
"command": 17
},
"eventStats": {
"PostToolUse": 17
},
"originCounts": {
"absolutePaths": 0,
"pluginScripts": 0,
"projectScripts": 0
},
"timeoutStats": {
"commandsWithoutTimeout": 17
}
}