terraform-cloud-mcp

lock_workspace

Prevent infrastructure changes by locking a Terraform Cloud workspace during maintenance or manual adjustments. This stops new runs from queuing while allowing current operations to complete.

Instructions

Lock a workspace.

Locks a workspace to prevent runs from being queued. This is useful when you want to prevent changes to infrastructure while performing maintenance or making manual adjustments. Locking a workspace does not affect currently running plans or applies.

API endpoint: POST /workspaces/{workspace_id}/actions/lock

Args: workspace_id: The ID of the workspace to lock (format: "ws-xxxxxxxx") reason: Optional reason for locking

Returns: The workspace with updated lock status and related metadata

See: docs/tools/workspace.md for reference documentation

Input Schema

TableJSON Schema

Name	Required	Description	Default
`workspace_id`	Yes
`reason`	No

Implementation Reference

terraform_cloud_mcp/tools/workspaces.py:248-273 (handler)

The core handler function decorated with error handling that implements the lock_workspace tool. It constructs a payload with an optional reason and performs a POST request to the Terraform Cloud API endpoint /workspaces/{workspace_id}/actions/lock to lock the workspace.

@handle_api_errors
async def lock_workspace(workspace_id: str, reason: str = "") -> APIResponse:
    """Lock a workspace.

    Locks a workspace to prevent runs from being queued. This is useful when you want
    to prevent changes to infrastructure while performing maintenance or making manual
    adjustments. Locking a workspace does not affect currently running plans or applies.

    API endpoint: POST /workspaces/{workspace_id}/actions/lock

    Args:
        workspace_id: The ID of the workspace to lock (format: "ws-xxxxxxxx")
        reason: Optional reason for locking

    Returns:
        The workspace with updated lock status and related metadata

    See:
        docs/tools/workspace.md for reference documentation
    """
    payload = {}
    if reason:
        payload = {"reason": reason}
    return await api_request(
        f"workspaces/{workspace_id}/actions/lock", method="POST", data=payload
    )

terraform_cloud_mcp/server.py:59-59 (registration)
Registers the lock_workspace function as an MCP tool using the FastMCP server instance with write_tool_config (enabling it unless in read-only mode).
```
mcp.tool(**write_tool_config)(workspaces.lock_workspace)
```
terraform_cloud_mcp/server.py:39-42 (helper)
Configuration dictionary used in the registration of write-enabled tools like lock_workspace, controlling enablement based on read-only mode and adding annotations.
```
write_tool_config = {
    "enabled": not read_only_mode,
    "annotations": {"readOnlyHint": False}
}
```
terraform_cloud_mcp/server.py:14-14 (registration)
Imports the workspaces module containing the lock_workspace handler function for use in tool registration.
```
from terraform_cloud_mcp.tools import workspaces
```

Tool Definition Quality

A4.6/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The annotations only indicate readOnlyHint=false, leaving behavioral details unspecified. The description adds valuable context beyond annotations: it explains the tool's effect (prevents queuing runs), clarifies what is unaffected (current plans/applies), mentions the API endpoint, and notes the return format. However, it lacks details on permissions, rate limits, or error conditions, which would be helpful for a mutation tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded: the first sentence states the core purpose, followed by context, API details, parameter explanations, and return information. Every sentence adds value without redundancy, and the structure is clear with labeled sections (Args, Returns, See).

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (mutation with 2 parameters) and lack of output schema, the description is mostly complete: it covers purpose, usage, parameters, and return format. However, it could improve by mentioning authentication requirements, error handling, or linking to sibling tools like 'unlock_workspace' for better contextual awareness.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage, the description compensates well by explaining both parameters: 'workspace_id' (ID format: 'ws-xxxxxxxx') and 'reason' (optional reason for locking). This adds meaningful semantics beyond the bare schema, though it doesn't detail constraints like length limits or validation rules for the reason parameter.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Lock a workspace') and resource ('workspace'), distinguishing it from sibling tools like 'unlock_workspace' and 'force_unlock_workspace'. It explains the effect ('prevent runs from being queued') and provides context about what is not affected ('currently running plans or applies'), making the purpose highly specific and well-differentiated.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states when to use this tool ('useful when you want to prevent changes to infrastructure while performing maintenance or making manual adjustments') and distinguishes it from alternatives by noting what it does not affect. It provides clear context for usage without exclusions, helping the agent understand appropriate scenarios for invocation.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/severity1/terraform-cloud-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server