3 min read IaC

How Terracotta AI Enhances Spacelift.io Workflows with Shift-Left Terraform Intelligence

How Terracotta AI Enhances Spacelift.io Workflows with Shift-Left Terraform Intelligence

Building AI-augmented infrastructure at Terracotta AI (YC S23) | Ex-TCS & Solutions Architects Director @ OpsRamp (acq. HPE) | AWS Solutions ArchitectMay 26, 2025

Teams use Spacelift to automate Terraform at scale, manage applications, enforce policy, and orchestrate clean CI/CD pipelines.

But what happens before the pipeline runs?

That’s where Terracotta AI comes in.

Why Shift-Left Context Matters

Even with the best automation, Terraform still breaks things due to:

  • Drift introduced by local apply runs
  • Unmerged changes that skew state vs. code
  • Security risks buried in plan diffs
  • Unexpected cloud costs from misjudged changes

These problems originate before Spacelift sees the code, in the pull request.

Terracotta AI Adds Intelligence Where It’s Needed Most: the PR

Terracotta AI connects directly to your repo, remote state, and live infrastructure, giving instant, AI-powered feedback at the PR stage:

  • 🔍 Drift detection from state + cloud
  • 🧾 Plain English summaries of what will change and why
  • 🔐 Inline security insights (e.g., IAM, open ports, logging gaps)
  • 💸 Cost delta previews per PR
  • ⚠️ Unmerged apply alerts to catch ghost infra
  • 🌐 Blast radius visualization to highlight the downstream impact

Why PR Context Complements CI/CD Enforcement

You might notice that Terracotta AI's capabilities, like drift detection or security risk visibility, also appear in tools like Spacelift. That’s true.

But what sets Terracotta AI apart isn’t what it surfaces, but when and where those insights are delivered.

Here’s why PR-stage context matters:

  • Drift Detection: Spacelift may detect drift during Terraform plan or scheduled runs, but Terracotta AI surfaces it in the pull request before merge. This means developers can understand and resolve drift early, rather than being surprised by a failed CI plan or a destructive Terraform apply.
  • Change Visibility: Spacelift displays raw plan output. Terracotta AI turns those diffs into plain-English summaries, giving reviewers instant clarity on what’s changing and why. Less deciphering, more deciding.
  • Security Awareness: Spacelift policy gates are powerful but often binary. Terracotta AI provides contextual explanations of potential misconfigs (like overly permissive IAM or disabled logging), helping teams assess and remediate risk confidently without a policy failure to raise the flag.
  • Cost Awareness: While cost tooling can be integrated into Spacelift, Terracotta AI bakes cost delta analysis directly into every PR so teams can catch expensive changes early, without additional setup.
  • Code/State Mismatch: Spacelift executes plans based on state, but doesn’t detect if a PR was applied and never merged. Terracotta AI alerts teams when infra has changed but code hasn't caught up, preventing ghost infrastructure and long-term drift.
  • Blast Radius Insights: Most pipelines don’t visualize downstream impact. Terracotta AI gives reviewers visibility into what other resources or environments may be affected, before anyone hits "merge."

A Natural Extension to Spacelift

Spacelift handles what happens after the merge.

Terracotta helps ensure that what gets merged is safe, stable, and predictable.

Here’s what Terracotta AI adds upstream of Spacelift:

  • Drift and state mismatch checks – Prevents unexpected deletes in the plan stage
  • Cost previews – Stops bill spikes before code hits production
  • Change summaries – Speeds up reviews with clarity and confidence
  • Security audits – Flags risks that static checks might miss
  • Blast radius insights – Helps reviewers understand cascading changes
  • Applied-but-unmerged detection – Catches ghost infrastructure before it drifts
  • Dynamic re-analysis – Detects when a PR’s base branch changes and revalidates the context
  • Terraform init/plan execution – Runs plans during review to ensure real-time validation
  • Module-aware analysis – Understands nested module structures and their impact
  • Terraform syntax linting – Highlights syntax and structural issues before CI fails
  • Comment-based PR interaction – Reviewers can ask questions directly in the PR using the Terracotta AI bot

Easy to Adopt, Zero Disruption

Terracotta AI works out of the box with just two clicks:

  • Connect your GitHub or GitLab
  • Add your cloud provider credentials
  • Open a pull or merge request

No new pipelines or learning curve. Just smarter reviews where you already work.

Final Thought

Terracotta AI and Spacelift serve different layers of the Terraform lifecycle. Together, they bridge the visibility gap between writing infrastructure as Code and applying it.

We’d love to collaborate with more Spacelift teams and help improve Terraform safety from the first line of code to the final Terraform apply.

Carlos Feliciano

Carlos Feliciano

Founder & CEO of Terracotta AI (YC S23), former director of solutions architecture @OpsRamp, Cloud Connoisseur.
San Francisco Bay Area