Terracotta AI × HashiCorp: New Terraform Run Tasks Help Customers Enforce Intent, Strengthen Governance, and Catch Risks Earlier

Today, we’re excited to announce a new integration between Terracotta AI and HashiCorp, an IBM Company, and HCP Terraform and Terraform Enterprise via Terraform run tasks, bringing earlier insights, clearer intent, and stronger governance into the Terraform lifecycle without disrupting the workflows teams already rely on.

HCP Terraform has long helped platform teams streamline provisioning, collaboration, and approvals for Infrastructure as Code (IaC). It has become the operational backbone for organizations that need predictable, governed infrastructure at scale. Terracotta AI now complements that foundation by helping teams understand Terraform changes, enforce architectural and module intent, and align developers around best practices before a Terraform apply ever runs.

This integration delivers context, visibility, and governance at the exact moment teams need it most: the moment a Terraform plan is created.

Why HCP Terraform Run Tasks Matter

HCP Terraform and Terraform Enterprise provide a unified model for consistent and auditable infrastructure delivery. Run tasks extend this model by allowing external tools to participate in key lifecycle stages such as post-plan and pre-apply.

Run tasks allow teams to introduce additional verification steps, including security scanning, compliance checks, cost controls, drift detection, and architectural validation. All of this is done without rewriting pipelines or rearchitecting how Terraform runs. They can be configured as advisory or mandatory, providing organizations with a flexible yet enforceable way to safeguard infrastructure changes before they proceed.

HCP Terraform run tasks create the extensible governance layer that many teams have long wanted. Terracotta AI now fits directly into that layer.

Terracotta AI’s Role in the Run Task Workflow

When HCP Terraform generates a plan, it invokes Terracotta AI through the run task callback. Terracotta inspects the plan, interprets the intent behind the infrastructure change, and posts a structured, human-readable report directly back into the HCP Terraform UI.

Instead of asking reviewers to parse raw JSON plans or relying on someone to notice subtle misconfigurations, Terracotta provides precise and contextual evaluation:

• What the change actually does
• How it affects cost, security posture, drift, resiliency, and architecture
• Whether it aligns with module intent and platform conventions
• What should be fixed before proceeding

HCP Terraform provides operational consistency. Terracotta adds clarity and enforceable understanding.

The result is more than a plan analysis. It is governance made visible directly inside the Terraform run.

Post-Plan Analysis: Terracotta AI’s First Run Task

In addition to guardrails enforcement, Terracotta AI provides a dedicated Post-Plan Analysis run task that evaluates every Terraform plan immediately after it is generated. This is the moment where HCP Terraform has assembled the complete set of proposed infrastructure changes, and Terracotta steps in to explain what those changes actually mean.

When the plan finishes, HCP Terraform sends the plan output to Terracotta. Terracotta interprets the changes with full infrastructure context, surfacing issues that would otherwise require manual review or deep Terraform expertise. The analysis includes security misconfigurations, compliance gaps, cost-impacting resources, drift-like inconsistencies, and best practice violations that commonly slip through raw plan diffs.

The results are returned directly into the HCP Terraform run interface. Each finding includes severity, a clear explanation of the issue, the affected resources, and a recommendation for how to fix it. If the workspace is configured in mandatory mode, any blocking issue halts the run. Advisory mode continues execution while still providing detailed guidance.

This Post-Plan step gives teams immediate clarity without slowing deployments and ensures that risks are surfaced before changes move forward in the Terraform workflow.

Introducing Guardrails as a Run Task: Enforcing Intent Automatically

Beyond standard plan analysis, this integration now introduces a new capability: Terracotta AI Guardrails enforced directly through HCP Terraform run tasks.

Terracotta’s Guardrails let platform teams define architectural intent, usage constraints, and best practices in natural language. These policies are expressed in plain English, not in Rego, HCL, Sentinel, or custom scripts.

With the new Guardrails run task, HCP Terraform sends the plan output to Terracotta. Terracotta evaluates it against all active guardrails. If a policy is violated, Terracotta returns contextual, human-readable reasoning within the HCP Terraform run.

Teams see:

• Which guardrail failed
• Why it failed
• Where in the configuration did the issue originate
• The real-world impact of merging
• How to remediate it correctly

Mandatory mode blocks the run while Advisory mode guides without stopping progress.

This brings policy-as-code, architectural consistency, and intent enforcement directly into HCP Terraform without requiring new languages, tooling, or workflow changes.

A More Contextual Approach to Governance

Governance is often misunderstood as a restriction. In practice, it is about clarity, predictability, and shared understanding.

Most organizations rely on a patchwork of documents, Slack threads, tribal knowledge, and manual PR reviews to communicate the intent behind infrastructure decisions. Terracotta AI helps make this guidance explicit and enforceable without increasing friction.

Instead of developers guessing why a module default exists or the platform team repeatedly explaining it during reviews, Terracotta puts the reasoning in front of them automatically. Instead of governance being reactive and surfacing late, it becomes proactive and supportive.

The Terraform workflow stays the same. The understanding around each change becomes far stronger.

How It Works for HCP Terraform Users

Configuring Terracotta as a run task takes only minutes. After adding the callback URL and signing secret provided by Terracotta, any workspace can be configured to run Terracotta immediately after the plan stage.

From that point forward, every Terraform plan is automatically analyzed by Terracotta AI, and findings appear directly in the HCP Terraform interface. Severity, affected resources, the rationale behind an issue, and step-by-step remediation guidance all surface in context. Mandatory workspaces stop the run when violations appear. Advisory workspaces provide recommendations without halting progress.

Developers do not need to change their workflow. Platform teams do not need to rebuild pipelines. HCP Terraform continues to operate as the backbone, and Terracotta adds clarity and guardrails exactly where they are required.

What This Unlocks for Teams

This integration gives organizations a way to ensure that Terraform changes are safe, compliant, cost-aware, and aligned with internal architectural intent before they reach the apply phase. It helps platform teams scale governance without slowing development. It reduces review fatigue. It clarifies module usage, resource behavior, and best practices in a way that is both automatic and accessible. And it gives developers immediate contextual feedback that helps them ship safer infrastructure with confidence.

The Terraform workflow stays the same. Understanding, safety, and predictability improve dramatically.

Getting started is super simple. These features are available today. Everything you need is outlined in the Terracotta AI docs here.

Have questions or want to see a live custom demo? We’d love to hear from you. Reach out and get a demo directly from our founders.