{"schema_version":1,"workflow_uuid":"1cce94e4-4624-11f1-9bc6-00163e2b0d79","workflow_title":"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline","page_url":"https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","raw_url":"https://tokrepo.com/raw/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","metadata_url":"https://tokrepo.com/metadata/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4.json","install_plan_url":"https://api.tokrepo.com/api/v1/tokenboard/workflows/install-plan?uuid=1cce94e4-4624-11f1-9bc6-00163e2b0d79&target=codex","recommended_install":{"schema_version":1,"status":"stage","policy":"stage_only","install_mode":"stage_only","target":"codex","command":"npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79 --target codex","dry_run_command":"npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79 --target codex --dry-run --json","runtime_commands":{"codex":"npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79 --target codex","gemini":"npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79 --target gemini","project":"npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79"},"prompt":"Install and make this TokRepo asset usable: \"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline\".\n\nPage: https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4\nUUID: 1cce94e4-4624-11f1-9bc6-00163e2b0d79\nTarget adapter: codex\nPolicy/mode: stage_only / stage_only\n\nRead these machine-facing entry points first:\n- metadata: https://tokrepo.com/metadata/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4.json\n- install contract: https://tokrepo.com/install-contract/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4.json\n- install plan: https://api.tokrepo.com/api/v1/tokenboard/workflows/install-plan?uuid=1cce94e4-4624-11f1-9bc6-00163e2b0d79&target=codex\n- raw content: https://tokrepo.com/raw/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4\n\nCommands:\n- choose the current runtime; do not use unsupported CLI targets.\n- Codex: npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79 --target codex\n- Gemini CLI: npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79 --target gemini\n- Claude Code / project agent: run npx -y tokrepo@latest install 1cce94e4-4624-11f1-9bc6-00163e2b0d79 from the project root; add `--dry-run --json` first to inspect the plan.\n- add `--dry-run --json` to the chosen command first; after the plan allows it, run the chosen command.\n\nExecution rules:\n1. Run the install command to stage the asset safely.\n2. Read the staged README, install-plan, and entrypoint files.\n3. Activate scripts, MCP config, or global config only after user confirmation.\n4. Verify usability with the install-plan post_verify checks and the asset README.\n\nReport back with changed files, verification result, and how to use the asset next.","next_steps":["Run the install command to stage the asset safely.","Read the staged README, install-plan, and entrypoint files.","Activate scripts, MCP config, or global config only after user confirmation.","Verify usability with the install-plan post_verify checks and the asset README."],"success_check":["The asset is safely staged.","The agent can give clear activation steps from the staged content."]},"agent_metadata":{"asset_kind":"skill","target_tools":["claude_code","codex","gemini_cli"],"install_mode":"stage_only","entrypoint":"Digger IaC Orchestration","risk_profile":{"executes_code":false,"modifies_global_config":false,"requires_secrets":["GITHUB_TOKEN"],"uses_absolute_paths":false,"network_access":false},"dependencies":{"npm":[],"pip":[],"brew":[],"system":[]},"content_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","verification":{"commands":[],"expected_files":["Digger IaC Orchestration"]}},"agent_fit":{"target":"codex","score":29,"status":"stage_only","policy":"stage_only","why":["target_tools includes codex","asset_kind skill","install_mode stage_only","policy stage_only","install_mode is stage_only","risk_profile.requires_secrets is not empty","trust established"],"asset_kind":"skill","install_mode":"stage_only"},"trust":{"author_trust_level":"established","verified_publisher":false,"asset_signed_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","signature_status":"hash_only","install_count":0,"report_count":0,"dangerous_capability_badges":["requires_secrets","stage_only"],"review_status":"unreviewed","signals":["asset has usage views","author has published assets","content hash available"]},"provenance":{"owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","owner_name":"AI Open Source","source_url":"https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","content_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","visibility":1,"created_at":"2026-05-02 20:40:34","updated_at":"2026-06-14 06:52:53"},"target_adapter":{"target":"codex","adapter":"skill-directory","root":"~/.codex/skills","entrypoint":"SKILL.md","manifest_path":"~/.codex/tokrepo/install-manifest.json","staging_root":"~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79","install_modes":["single","bundle","split","stage_only"],"activates_files":true},"install_plan":{"schema_version":2,"target":"codex","asset_uuid":"1cce94e4-4624-11f1-9bc6-00163e2b0d79","asset_title":"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline","source_url":"https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","install_mode":"stage_only","entrypoint":"Digger IaC Orchestration","preconditions":[{"type":"target_supported","status":"pass","message":"codex install target is supported"},{"type":"install_root","status":"pass","message":"~/.codex/skills for activated assets; ~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79 for staged assets"},{"type":"target_tool_metadata","status":"pass","message":"metadata allows codex"},{"type":"content_hash","status":"pass","message":"asset metadata includes content_hash"},{"type":"trust_policy","status":"pass","message":"publisher trust level is established"},{"type":"policy_decision","status":"warn","message":"stage_only for 1cce94e4-4624-11f1-9bc6-00163e2b0d79 (stage_only)"}],"actions":[{"type":"stage_file","path":"~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79/Digger IaC Orchestration.md","source_name":"Digger IaC Orchestration","sha256":"eda9322ffc0f93fddd72e0be6987c4b67fa4b20d4087bac00e24c68f05efa182","bytes":3810,"risk":{"executes_code":false,"modifies_global_config":false,"requires_secrets":["GITHUB_TOKEN"],"uses_absolute_paths":false,"network_access":false},"if_exists":"overwrite"}],"policy_decision":{"decision":"stage_only","requires_confirmation":false,"reasons":["install_mode is stage_only","risk_profile.requires_secrets is not empty"]},"requires_confirmation":false,"rollback":[{"type":"remove_file","path":"~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79/Digger IaC Orchestration.md"}],"post_verify":[{"type":"file_sha256","path":"~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79/Digger IaC Orchestration.md","sha256":"eda9322ffc0f93fddd72e0be6987c4b67fa4b20d4087bac00e24c68f05efa182"},{"type":"expected_file","path":"Digger IaC Orchestration.md"}],"metadata":{"asset_kind":"skill","target_tools":["claude_code","codex","gemini_cli"],"install_mode":"stage_only","entrypoint":"Digger IaC Orchestration","risk_profile":{"executes_code":false,"modifies_global_config":false,"requires_secrets":["GITHUB_TOKEN"],"uses_absolute_paths":false,"network_access":false},"dependencies":{"npm":[],"pip":[],"brew":[],"system":[]},"content_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","verification":{"commands":[],"expected_files":["Digger IaC Orchestration"]}},"agent_fit":{"target":"codex","score":29,"status":"stage_only","policy":"stage_only","why":["target_tools includes codex","asset_kind skill","install_mode stage_only","policy stage_only","install_mode is stage_only","risk_profile.requires_secrets is not empty","trust established"],"asset_kind":"skill","install_mode":"stage_only"},"trust":{"author_trust_level":"established","verified_publisher":false,"asset_signed_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","signature_status":"hash_only","install_count":0,"report_count":0,"dangerous_capability_badges":["requires_secrets","stage_only"],"review_status":"unreviewed","signals":["asset has usage views","author has published assets","content hash available"]},"provenance":{"owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","owner_name":"AI Open Source","source_url":"https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","content_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","visibility":1,"created_at":"2026-05-02 20:40:34","updated_at":"2026-06-14 06:52:53"},"target_adapter":{"target":"codex","adapter":"skill-directory","root":"~/.codex/skills","entrypoint":"SKILL.md","manifest_path":"~/.codex/tokrepo/install-manifest.json","staging_root":"~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79","install_modes":["single","bundle","split","stage_only"],"activates_files":true},"evidence_bundle":{"acceptance_gate":{"recommended_action":"stage_or_request_confirmation","rule":"Agents should only activate an asset after evidence_bundle.integrity, policy_compatibility, rollback, and post_verify have been inspected.","status":"caution"},"asset_title":"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline","asset_uuid":"1cce94e4-4624-11f1-9bc6-00163e2b0d79","eval_evidence":["https://tokrepo.com/evals/install-safety.json","https://tokrepo.com/evals/trust-evidence-coverage.json","https://tokrepo.com/evals/handoff-quality.json"],"generated_at":"2026-06-13T22:52:54Z","integrity":{"content_hash":"58de29c570d9ff8421523325ff1f8f3887af5c46918a6886f6ad037e752281c5","declared_content_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","file_count":1,"hash_algorithm":"sha256","install_plan_hash":"daca95ab43ccda5f2bed81d9631a105fee591d1ac783a86759776abf3c276dac"},"policy_compatibility":{"permission_envelope":{"destructive":false,"executes_code":false,"file_count":1,"filesystem_write":["~/.codex/tokrepo/staged"],"global_config_write":false,"network":false,"requires_secrets":["GITHUB_TOKEN"],"uses_absolute_paths":false},"policy_decision":{"decision":"stage_only","requires_confirmation":false,"reasons":["install_mode is stage_only","risk_profile.requires_secrets is not empty"]},"requires_confirmation":false,"target":"codex","trust_score_v2":{"recommended_action":"stage_or_request_confirmation","status":"caution","trust_score":60}},"provenance":{"asset_kind":"skill","asset_title":"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline","asset_uuid":"1cce94e4-4624-11f1-9bc6-00163e2b0d79","computed_bundle_hash":"58de29c570d9ff8421523325ff1f8f3887af5c46918a6886f6ad037e752281c5","content_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","created_at":"2026-05-02 20:40:34","generated_at":"2026-06-13T22:52:54Z","install_plan_hash":"daca95ab43ccda5f2bed81d9631a105fee591d1ac783a86759776abf3c276dac","owner_name":"AI Open Source","owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","parent_uuid":"","schema_version":2,"source":"tokrepo_asset","source_url":"https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","updated_at":"2026-06-14 06:52:53","visibility":1},"sbom":{"asset_kind":"skill","asset_title":"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline","asset_uuid":"1cce94e4-4624-11f1-9bc6-00163e2b0d79","capability_flags":{"destructive":false,"executes_code":false,"modifies_global_config":false,"network_access":false,"requires_secrets":["GITHUB_TOKEN"]},"content_hash":"58de29c570d9ff8421523325ff1f8f3887af5c46918a6886f6ad037e752281c5","dependencies":{"brew":[],"mcp":[],"npm":[],"pip":[],"system":[]},"files":[{"bytes":3810,"path":"~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79/Digger IaC Orchestration.md","role":"supporting_file","sha256":"eda9322ffc0f93fddd72e0be6987c4b67fa4b20d4087bac00e24c68f05efa182","source_name":"Digger IaC Orchestration"}],"format":"SBOM-lite","install_mode":"stage_only","schema_version":1,"target":"codex"},"schema":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json","schema_version":1,"schemas":{"asset_verification":"https://tokrepo.com/schemas/asset-verification.schema.json","evidence_bundle":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json","install_plan":"https://tokrepo.com/schemas/install-plan.schema.json","provenance":"https://tokrepo.com/schemas/provenance.schema.json","sbom":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json#/properties/sbom"},"signature_evidence":{"content_hash":"58de29c570d9ff8421523325ff1f8f3887af5c46918a6886f6ad037e752281c5","hash_algorithm":"sha256","install_plan_hash":"daca95ab43ccda5f2bed81d9631a105fee591d1ac783a86759776abf3c276dac","schema_version":1,"signed_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","status":"hash_only","verification_notes":["hash_only evidence proves content integrity but not publisher identity unless an external signature verifies it"]},"source_url":"https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","target":"codex"},"sbom":{"asset_kind":"skill","asset_title":"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline","asset_uuid":"1cce94e4-4624-11f1-9bc6-00163e2b0d79","capability_flags":{"destructive":false,"executes_code":false,"modifies_global_config":false,"network_access":false,"requires_secrets":["GITHUB_TOKEN"]},"content_hash":"58de29c570d9ff8421523325ff1f8f3887af5c46918a6886f6ad037e752281c5","dependencies":{"brew":[],"mcp":[],"npm":[],"pip":[],"system":[]},"files":[{"bytes":3810,"path":"~/.codex/tokrepo/staged/1cce94e4-4624-11f1-9bc6-00163e2b0d79/Digger IaC Orchestration.md","role":"supporting_file","sha256":"eda9322ffc0f93fddd72e0be6987c4b67fa4b20d4087bac00e24c68f05efa182","source_name":"Digger IaC Orchestration"}],"format":"SBOM-lite","install_mode":"stage_only","schema_version":1,"target":"codex"},"signature_evidence":{"content_hash":"58de29c570d9ff8421523325ff1f8f3887af5c46918a6886f6ad037e752281c5","hash_algorithm":"sha256","install_plan_hash":"daca95ab43ccda5f2bed81d9631a105fee591d1ac783a86759776abf3c276dac","schema_version":1,"signed_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","status":"hash_only","verification_notes":["hash_only evidence proves content integrity but not publisher identity unless an external signature verifies it"]},"provenance_v2":{"asset_kind":"skill","asset_title":"Digger — Run Terraform and OpenTofu in Your Existing CI Pipeline","asset_uuid":"1cce94e4-4624-11f1-9bc6-00163e2b0d79","computed_bundle_hash":"58de29c570d9ff8421523325ff1f8f3887af5c46918a6886f6ad037e752281c5","content_hash":"f77e84ec607b4fa2b983ea878da8b3e5bb48b742d04b4ad373ea52485f3f965b","created_at":"2026-05-02 20:40:34","generated_at":"2026-06-13T22:52:54Z","install_plan_hash":"daca95ab43ccda5f2bed81d9631a105fee591d1ac783a86759776abf3c276dac","owner_name":"AI Open Source","owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","parent_uuid":"","schema_version":2,"source":"tokrepo_asset","source_url":"https://tokrepo.com/en/workflows/digger-run-terraform-opentofu-your-existing-ci-pipeline-1cce94e4","updated_at":"2026-06-14 06:52:53","visibility":1},"transitive_dependencies":null}}