How to add tfmcp to Windsurf
Terraform MCP server letting AI assistants read, plan, apply, analyze, and manage Terraform infrastructure. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 369★ · stdio · no auth
Windsurf config for tfmcp
cargo install tfmcp{
"mcpServers": {
"tfmcp": {
"command": "/path/to/your/tfmcp",
"args": [
"mcp"
],
"env": {
"HOME": "/Users/yourusername",
"PATH": "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
"TERRAFORM_DIR": "/path/to/your/terraform/project"
}
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the tfmcp config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5tfmcp's tools become available to Cascade.
Before you start
- Rust (edition 2021; v0.1.9 requires Rust 1.85.0+ / Edition 2024)
- Terraform CLI installed and available in PATH
- Claude Desktop (for AI assistant integration)
- Docker (optional, for containerized deployment)
What tfmcp can do in Windsurf
init_terraformInitialize Terraform working directory.
get_terraform_planGenerate and show execution plan.
analyze_planAnalyze plan with risk scoring and recommendations.
apply_terraformApply Terraform configuration.
destroy_terraformDestroy Terraform-managed infrastructure.
validate_terraformValidate configuration syntax.
validate_terraform_detailedDetailed validation with guidelines.
get_terraform_stateShow current state.
Security
Dangerous operations (apply/destroy) are disabled by default and must be explicitly enabled via TFMCP_ALLOW_DANGEROUS_OPS=true. Auto-approve is off by default (TFMCP_ALLOW_AUTO_APPROVE). Resource count is capped (TFMCP_MAX_RESOURCES, default 50). Built-in access controls block prod*, production*, and secret* file patterns. Audit logging is enabled by default and written to ~/.tfmcp/audit.log. Always review AI-generated Terraform plans before applying, and apply appropriate IAM boundaries in cloud environments.
tfmcp + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the tfmcp config there under the "mcpServers" key and restart the client.
Is tfmcp safe to use with Windsurf?
Dangerous operations (apply/destroy) are disabled by default and must be explicitly enabled via TFMCP_ALLOW_DANGEROUS_OPS=true. Auto-approve is off by default (TFMCP_ALLOW_AUTO_APPROVE). Resource count is capped (TFMCP_MAX_RESOURCES, default 50). Built-in access controls block prod*, production*, and secret* file patterns. Audit logging is enabled by default and written to ~/.tfmcp/audit.log. Always review AI-generated Terraform plans before applying, and apply appropriate IAM boundaries in cloud environments.
Is tfmcp an official Terraform/HashiCorp product?
No. It is an independent open-source project by nwiizo, licensed under MIT. The README notes it is experimental and under active development.
How do I connect tfmcp to Claude Desktop?
Install it (`cargo install tfmcp`), find the binary path with `which tfmcp`, then add an mcpServers entry to ~/Library/Application Support/Claude/claude_desktop_config.json with command set to the tfmcp path and args set to ["mcp"]. Restart Claude Desktop and enable the tool.
Are apply and destroy operations safe?
By default they are disabled. You must set TFMCP_ALLOW_DANGEROUS_OPS=true to enable them, and TFMCP_ALLOW_AUTO_APPROVE remains false unless explicitly enabled. tfmcp also caps resource counts and blocks sensitive file patterns.