Automic VaultAutomic Vault

brew

Install tfcmt with Homebrew

Notify the execution result of terraform command. Version 4.14.15 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install tfcmt

local Homebrew formula metadata

overview

Package summary

Notify the execution result of terraform command

Commands and aliases

  • tfcmt

history

Project history and usage

tfcmt is a Terraform CI comment tool that posts the results of `terraform plan` and `terraform apply` to GitHub pull requests. The official documentation describes it as a fork of Mercari's `tfnotify`, expanded for Terraform 0.15 and later and for more configurable formatting.

Project history

The project grew out of the `tfnotify` lineage: the README and documentation identify `tfcmt` as a fork of `mercari/tfnotify` v0.7.0 and preserve the original Mercari MIT license notice for the inherited code. Its own documentation copyright begins in 2021, which matches its role as a post-Terraform-0.15 replacement for teams that had outgrown the original notifier.

The repository has a large commit history and a long release line, reflecting ongoing maintenance around Terraform output formatting, GitHub comment behavior, masking, Terragrunt support, GitHub Enterprise support, and related CI workflow details.

Adoption history

The README includes a public 'Who uses tfcmt?' list naming organizations such as Recruit, Cybozu, READYFOR, CADDi, ZOZO, SAKURA internet, Unipos, HMCTS, LayerX, and others. That list is an unusually direct adoption signal for a Terraform niche tool.

Homebrew packages `tfcmt` as a formula, and the repository shows hundreds of GitHub stars. In package-manager terms, it is not a general Terraform frontend; it is a specialized CI companion used by teams that review infrastructure changes through pull requests.

How it is used

Typical use is in CI: run Terraform, let `tfcmt` parse the command output, render it through Go templates, update pull request labels, and post or patch a GitHub comment. The documentation emphasizes cleaner PR comment streams, hiding stale comments with `github-comment`, filtering noisy refresh output, and separating Terraform changes from non-Terraform output.

The tool is GitHub-focused. The README explicitly points GitLab users to `tfcmt-gitlab`, a separate fork.

Why package nerds care

For package-nerd catalogs, `tfcmt` is significant because it represents a second-generation Terraform notifier: a fork maintained specifically to keep pace with Terraform CLI changes and modern pull-request automation. It sits in the small but important class of tools that make infrastructure-as-code review readable without requiring developers to open CI logs.

Its value is operational rather than architectural: teams install it with Homebrew or other release tooling, wire it into GitHub Actions or another CI runner, and get stable, templated pull-request feedback for Terraform workflows.

Timeline

  • 2018: Original `tfnotify` code carried Mercari copyright and MIT licensing.
  • 2021: Official tfcmt documentation copyright begins and documents the fork's Terraform 0.15+ motivation.
  • 2026: GitHub repository page lists v4.14.15 as the latest release and shows more than one hundred releases.

Related projects

  • `mercari/tfnotify` is the upstream project from which `tfcmt` was forked.
  • `tfcmt-gitlab` is the GitLab-oriented fork suggested by the `tfcmt` README.
  • `github-comment` is documented as a companion tool for hiding stale comments.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
tfcmt.yamltfcmt.yml.tfcmt.yaml.tfcmt.yml

executables

Installed executables

CommandKindExposureNote
tfcmtcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version4.14.15
manager updated
local dataok
upstreamcurrent
latest detectedv4.14.15

https://github.com/suzuki-shunsuke/tfcmt

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:tfcmt
Version4.14.15
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/tfcmt
Homepagehttps://suzuki-shunsuke.github.io/tfcmt/
Repositoryhttps://github.com/suzuki-shunsuke/tfcmt
Upstream docshttps://suzuki-shunsuke.github.io/tfcmt
LicenseMIT
Source archivehttps://github.com/suzuki-shunsuke/tfcmt/archive/refs/tags/v4.14.15.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nametfcmt
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment