Every command. Every flag.

Installation

pip install readtheplan

Requires Python 3.10+. Signing requires the optional sign extra.

pip install "readtheplan[sign]"

readtheplan analyze

Analyze a Terraform plan JSON file and classify every change by risk tier.

readtheplan analyze [flags] plan.json

Flags

Flag	Description
--format text|json	Output format. Default: text.
--no-rules	Disable resource-aware rules. Use action-only classifier.
--rules-file PATH	Apply overlay YAML on top of built-in rules. Repeatable.
--framework soc2|iso27001|hipaa	Annotate with control IDs from named framework.
--evidence PATH	Write rtp-evidence-v1 JSON envelope. Use - for stdout.
--sign	Sign evidence envelope with sigstore keyless signing.
--agent-id ID	Agent identifier for evidence attestation.
--reviewer-id ID	Reviewer identifier for evidence output.
--reviewer-kind human|agent	Reviewer kind. Default: human.

readtheplan agent-gate

Emit a proceed/warn/block decision for CI pipelines and AI coding agents.

readtheplan agent-gate [flags] plan.json

Flags

Flag	Description
--framework soc2|iso27001|hipaa	Include required check IDs from named framework.

Output

JSON with schema, decision (proceed/warn/block), risk, required_checks, allowed_next_actions, prohibited_next_actions, pr_comment, evidence_checklist, auditor_summary, and risk_counts.

readtheplan agent-gate plan.json
# → {"schema": "rtp-agent-gate-v1", "decision": "block", "risk": "irreversible", ...}

readtheplan verify

Verify a signed rtp-evidence-v1 envelope.

readtheplan verify evidence.json

readtheplan mcp

Start the experimental local MCP stdio server for agent and IDE integrations. Requires Python 3.10+.

readtheplan mcp

Install the MCP extra if you get missing dependency errors:

pip install "readtheplan[mcp]"

readtheplan cloudformation

Emit agent-gate decision for a CloudFormation Change Set or template diff. First IaC adapter beyond Terraform.

readtheplan cloudformation change-set.json

See GitHub Action guide for CI integration.