TECHNICAL OVERVIEW

Terrateam: Infrastructure Automation Platform

Version 2.0•September 2025•terrateam.io

Executive Summary

Terrateam is a GitOps infrastructure automation platform that enables engineering teams to manage infrastructure through pull requests. Built on OCaml for reliability and performance, Terrateam provides unlimited parallel execution, sophisticated dependency management, and enterprise-grade security without the complexity of traditional infrastructure platforms.

This document provides a comprehensive overview of Terrateam's architecture, capabilities, and proven results from production deployments.

1. Company Background & History
2. Core Capabilities
3. Technical Architecture
4. Advanced Features
5. Open Source & Community
6. Customer Case Studies
7. User Interface
8. Pricing & Licensing
9. Getting Started

1. Company Background & History

Founded in 2021 by Malcolm Matalka and Josh Pollara, Terrateam represents the convergence of deep expertise in backend systems and operational excellence. Malcolm brings decades of experience building fast, reliable systems with functional programming languages, particularly OCaml. Josh's background spans site reliability engineering, DevOps, and platform engineering at scale.

The founders identified a critical gap in infrastructure tooling: existing solutions either lacked the sophistication needed for complex deployments or introduced unnecessary complexity and vendor lock-in. Terrateam was built to bridge this gap.

Key Milestones

• 2021: First commit - Built in OCaml for correctness and speed
• 2022: First customers - Adoption by teams with complex Terraform needs
• 2023: Competing with giants - Won evaluations against larger vendors
• 2024: Open source release - Core engine released under MPL-2.0
• 2025: GitLab support & UI refresh - Major platform expansion
• Present: Daily releases, 20,000+ tests, active community

2. Core Capabilities

2.1 Unlimited Parallel Execution

Terrateam imposes no artificial limits on parallel execution. Plans run concurrently across directories and workspaces, with intelligent locking only during apply operations. This enables teams to deploy hundreds of changes simultaneously without queuing or bottlenecks.

2.2 Intelligent Dependency Management

Layered runs automatically orchestrate complex deployments across dependencies. The system understands relationships between infrastructure components and executes changes in the correct order. For example: Network infrastructure deploys before databases, databases before applications, all without manual coordination.

2.3 Enterprise Security & Compliance

Comprehensive security features including team-based RBAC, complete audit trails, and policy enforcement through Open Policy Agent (OPA). Every action is logged and traceable. SOC 2 Type II compliance support ensures enterprise requirements are met without additional tooling.

2.4 Tag System & Queries

Terrateam's tag system provides powerful organization and targeting of infrastructure resources. Tags can be assigned dynamically based on branches, directories, or custom logic. Boolean tag queries with operators (and, or, not, in) enable precise targeting of resources for workflows, access control, and apply requirements. This allows teams to express complex infrastructure relationships simply: prod and api or(web or api) and not deprecated.

2.5 Monorepo Management

Directory spaces (dirspaces) provide revolutionary workspace management for monorepos. One configuration file can manage thousands of workspaces. Combined with tag queries, teams can target specific subsets of infrastructure across complex repository structures, making monorepo operations simple and maintainable.

3. Technical Architecture

3.1 OCaml-Powered Core

Terrateam is built from the ground up using OCaml, chosen for its type safety, performance, and ability to handle complex state machines. Our custom async framework (Abb - Asynchronous Building Blocks) provides monadic interfaces for high-performance concurrent operations.

3.2 System Architecture

The architecture consists of three primary components:

Component	Description
VCS Provider	GitHub/GitLab webhooks and API integration
Terrateam Server	Stateless, auto-scaling orchestration cluster
Execution Layer	Customer's CI/CD runners (GitHub Actions, GitLab CI)

3.3 High Availability

No single points of failure across all components
Automatic failover and recovery mechanisms
PostgreSQL with primary/replica configuration
Horizontal scaling under load
Proven reliability with thousands of daily operations

3.4 Infrastructure Sovereignty

State files remain in customer's backend (S3, Azure Blob, GCS)
Secrets never leave customer's environment
Code execution happens in customer's runners
OIDC authentication to cloud providers
Terrateam never stores sensitive data

4. Advanced Features

4.1 Dynamic Configuration

Generate Terrateam configuration at runtime using scripts. Parse directory structures to automatically create tags, environments, and dependencies.

config_builder:
  enabled: true
  script: |
    import os
    import json
    # Auto-generate tags from directory structure
    dir_name = os.path.basename(os.getcwd())
    env = dir_name.split('-')[0]  # e.g., "prod-database" -> "prod"
    print(json.dumps({"tags": [env, dir_name]}))

4.2 Security Scanning Integration

Integrate security tools directly into your workflows. Run scans, enforce policies, and require approvals when issues are detected.

workflows:
  - tag_query: "dir:production"
    plan:
      - type: init
      - type: plan
      - type: run
        cmd: tfsec . --format json
        capture_output: true
        run_on: "failure"

4.3 Drift Detection & Reconciliation

Scheduled drift detection identifies infrastructure changes made outside of Terraform. Configure automatic reconciliation or create issues for manual review.

drift:
  enabled: true
  schedules:
    default:
      tag_query: 'dir:production'
      schedule: daily
      reconcile: false

4.4 N-of-M Approval Requirements

Require any N approvals from a list of M authorized approvers. Prevents single points of failure while maintaining security.

apply_requirements:
  checks:
    - tag_query: "dir:production"
      approved:
        enabled: true
        any_of: ["team:platform", "team:security", "team:finance"]
        any_of_count: 2

4.5 Environment Promotion Workflows

Manage infrastructure across multiple environments with different approval requirements and automation levels.

dirs:
  payment-service:
    workspaces:
      dev:
        tags: [dev, payment-service]
      staging:
        tags: [staging, payment-service]
      prod:
        tags: [prod, payment-service]
workflows:
  - tag_query: "workspace:dev"
    apply:
      - type: init
      - type: apply
        extra_args: "-auto-approve"
  - tag_query: "workspace:prod"
    apply_requirements:
      approved:
        enabled: true
        all_of: ["team:platform-team"]

5. Open Source & Community

5.1 Active Development

Terrateam maintains an active GitHub repository with daily releases. The codebase is transparent with open issue tracking and a public roadmap. Community contributions are welcomed and regularly incorporated.

5.2 Community Support

An active Slack community provides peer support and best practices sharing. Users have direct access to the founding team and core developers. Feature requests are driven by community needs and feedback.

Community Resources

• GitHub Repository: github.com/terrateamio/terrateam
• Documentation: docs.terrateam.io
• Slack Community: terrateam.io/slack
• Blog & Tutorials: terrateam.io/blog

6. Customer Case Studies

Convex

Challenge: Centralized Terraform review process became a bottleneck as the team scaled.

Solution: Terrateam enabled decentralized infrastructure ownership while maintaining safety.

Result: 3x faster deployment cycles, multiple deployments per day.

"We run multiple deployment cycles every day, letting the team test many changes quickly and independently. It's really straightforward. No UI to fiddle with, no extra fluff."
— Gautam Gupta, Software Engineer at Convex

Zip

Challenge: 130+ engineers needed infrastructure access without compromising security.

Solution: Pull request workflow with self-hosted runners for speed.

Result: Lightning-fast plans, entire engineering org enabled.

"With self-hosted runners, it was just lightning fast. Instant plans. Amazing experience. We wanted to keep everything in the pull request flow. Terrateam gave us everything we needed."
— Victor Chen, Security Engineer at Zip

Haus

Challenge: Needed immediate infrastructure automation without complex setup.

Solution: Terrateam's quick setup and intuitive configuration.

Result: Deployed first infrastructure change in 10 minutes.

"I think 10 minutes later, I was actually shipping something through it. And I was thinking, man, this is exactly what we were looking for."
— Martin Delisle, Head of Infrastructure and Security at Haus

7. User Interface

While Terrateam operates primarily through GitOps workflows, a web dashboard provides visibility into infrastructure operations, drift detection status, and team activity.

The dashboard provides:

Real-time drift detection status across all infrastructure
Visual deployment history with detailed logs
Team activity tracking and audit trails
Resource state visualization
Policy violation alerts and remediation tracking

8. Pricing & Licensing

Plan	Price	Users	Features
Free	$0/month	Up to 3 users	50 monthly runs, core features, community support
Basic	$134/month (annual)	10 users included	Unlimited runs, all features, priority support
Enterprise	Custom	25+ users	Volume pricing, self-hosted option, dedicated support

Self-Hosted Edition

Available for Enterprise customers who require complete control over their infrastructure automation platform. Includes full feature parity with SaaS offering, priority support, and custom deployment assistance.

9. Getting Started

Terrateam can be deployed in minutes with no infrastructure changes required.

Install the GitHub/GitLab App
No credit card required for free tier
Add Configuration File
Start with defaults in .terrateam/config.yml
Open Pull Request
Automatic planning begins immediately
Deploy with Confidence
Review, approve, and apply changes through PR comments

Resources

• Documentation: docs.terrateam.io
• GitHub App: github.com/apps/terrateam-action
• Support: support@terrateam.io
• Sales: sales@terrateam.io

For more information, visit terrateam.io or contact info@terrateam.io

Learn

Connect