Oh right, I see - a comparison between new Terraform source files and pre-existing Terraform state. Yes, that theoretically ought to be possible without talking to the API.
Are you using the -refresh=false flag? Without that, Terraform will attempt to check its state is accurate even when just doing a plan.
Even with that, it’s possible the provider is being overly up-front in its validation and it will still fail. (I don’t use Azure, so I can’t easily check.) If that’s the case, it’s possible figuring out some dummy configuration good enough to placate the validation might be successful.
Both the plan and apply operations will typically require credentials in most providers, because this can help to ensure Terraform can produce a reliable plan that is more likely to be applyable.
A command you can use “offline” just to check if your configuration passes the validation rules that are built in to the provider is terraform validate, although I see that you are using CDK for Terraform so I’m not sure what is the equivalent cdktf command for validation.
I don’t see a command in the list that seems obviously related to validation, so if there isn’t currently such a command I think the fallback would be to run cdktf synth to generate the cdk.tf.json file and then run terraform validate in the directory which contains that file.