Automic VaultAutomic Vault

brew

Install kuzco with Homebrew

Reviews Terraform and OpenTofu resources and uses AI to suggest improvements. Version 1.9.1 via Homebrew; verified 2026-07-03.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install kuzco

local Homebrew formula metadata

overview

Package summary

Reviews Terraform and OpenTofu resources and uses AI to suggest improvements

Commands and aliases

  • kuzco

history

Project history and usage

Kuzco is a Go CLI from RoseSecurity for reviewing Terraform and OpenTofu resources, comparing them with provider schemas, and asking a local LLM for improvement suggestions.

Project history

The project appeared as an infrastructure-analysis tool in the Terraform/OpenTofu ecosystem. Its README frames the problem as reviewing generated or minimal IaC resources without manually digging through provider documentation, using Ollama-backed local LLMs to recommend safer and more efficient settings.

Adoption history

Kuzco is an early, niche tool in the wave of AI-assisted infrastructure-as-code utilities. The release history shows fast iteration through packaging, prompt customization, a TUI, and command-based workflows rather than long-running ecosystem adoption.

How it is used

Users run the CLI against Terraform or OpenTofu configurations. The README documents Homebrew, Go, Apt, and source installation, requires Ollama for model-backed recommendations, and exposes commands such as `recommend`, `fix`, `list`, and `version`.

Why package nerds care

Kuzco is notable as a small Homebrew-packaged example of local-LLM tooling being inserted into IaC review workflows, next to more established static analyzers such as tfsec and tflint-style tools.

Timeline

  • v0.7.0: Added publishing workflow and customizable prompts.
  • v0.9.0: Added a TUI.
  • v1.0.0: Introduced `fix` and `recommend` command workflows.

Related projects

  • Kuzco is related to Terraform, OpenTofu, Ollama, and static IaC analysis tools such as tfsec and tflint.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
kuzcocliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-07
manager version1.9.1
manager updated2026-07-03
local dataok
upstreamcurrent
latest detectedv1.9.1

https://github.com/RoseSecurity/Kuzco

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:kuzco
Version1.9.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/kuzco
Homepagehttps://github.com/RoseSecurity/Kuzco
Repositoryhttps://github.com/RoseSecurity/Kuzco
Upstream docshttps://github.com/RoseSecurity/Kuzco#readme
LicenseApache-2.0
Source archivehttps://github.com/RoseSecurity/Kuzco/archive/refs/tags/v1.9.1.tar.gz
Last updated2026-07-03T07:02:52+02:00
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namekuzco
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedyes
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment