InfraDots logo
← What's New

Drift detection — and the agent that fixes it

Periodic re-plans surface the gap between your code and your live infrastructure. With the agent enabled, the fix lands as a pull request before you've finished reading the alert.

Terraform's promise is that the code is the source of truth. The reality, on any team older than six months, is that someone clicked through the console during an incident, the change never made it back to code, and now your next apply is a surprise.

What's new

Flip the Drift Detection toggle on your organization and InfraDots periodically runs plan against each of your workspaces. If anything has changed in real infrastructure compared to what your state and code expect, you see it surfaced as drift — not at the moment of your next apply, but as soon as it appears.

Under the hood we reworked how agents are scheduled to support this. Instead of every check being a one-off, scheduled work now flows through a unified scheduler that handles drift checks, scheduled jobs, and approval reminders the same way.

Automatic remediation, when you want it

Detection is useful. Detection plus a draft fix in your inbox is better.

When a workspace has the InfraDots agent enabled with auto-implement turned on, the orchestrator picks up every drift finding and:

  1. Reads the diff between code and live state.
  2. Drafts a Terraform change that brings the code in line with reality (or the other way around, depending on which side is correct).
  3. Opens a pull request against your repo with the change and a summary of the drift it's resolving.

You review the PR like any other — diff, comments, approve, merge. Nothing is auto-merged or auto-applied, and the resulting apply still goes through your normal review gates. The agent just removes the "stare at the drift report and type the fix yourself" step.

If the agent isn't enabled, or auto-implement is off, drift findings still surface in the workspace view — you just handle the fix the old-fashioned way.

Why it matters

Drift caught early is a five-minute reconciliation. Drift caught at apply time is an outage, because the apply tries to "fix" the manual change and breaks whatever depended on it. Drift caught early and handed to you as a ready-to-review PR turns the whole loop into a one-click cleanup between other tasks.

How to use it

Settings → General → toggle Drift Detection. Off by default; opt in per organization. To get the auto-generated PRs, enable the InfraDots agent on the workspace and turn on auto-implement in the workspace's agent settings. Detected drift shows up in the workspace view alongside your job history, with a link to the PR when the agent has opened one.