Technical Architecture

A deep dive into Terrateam's OCaml-powered infrastructure automation

OCaml 5.3.0
PostgreSQL
Custom Async Framework
GitOps Engine

Type safety meets performance

Terrateam is built from the ground up using OCaml, a language chosen for its type safety, performance, and ability to handle complex state machines. Our engineering team has created custom frameworks and tools to deliver a GitOps platform that scales with your infrastructure needs.

Custom async framework

We built Abb (Asynchronous Building Blocks), our own async/futures library providing monadic interfaces for high-performance concurrent operations. This allows us to handle thousands of concurrent GitOps workflows without breaking a sweat.

Type-safe SQL

Every database query is type-checked at compile time. We use OCaml's powerful type system to ensure SQL queries are correct before they ever hit production.

Core architecture components

System architecture overview

GitHub/GitLab
Webhooks
• Pull Request Events
• Push Events
• Comment Events
Terrateam Core
Workflow Engine
Security Layer
API Gateway
Your Runners
GitHub Actions/GitLab CI
• Executes plans
• Applies changes
• Posts results back
Events
Instructions

Built for high availability and reliability

Every component is designed for resilience. No single points of failure, automatic failover, and battle-tested at scale.

VCS ProviderGitHub / GitLabWebhooksAPIHA CLUSTERTerrateam ServerStatelessAuto-scaling1..N instancesPostgreSQLPrimaryRead ReplicasHAYour InfrastructureCI/CD RunnersTerraform Executioneventsstatejobs

No Single Points of Failure

Multiple active servers, database replicas, and automatic failover ensure continuous operation.

Auto-scaling Under Load

Horizontal scaling handles traffic spikes automatically. Add servers as your team grows.

Battle-tested Reliability

Proven in production with thousands of daily deployments across hundreds of teams.

1. GitOps workflow engine

At the heart of Terrateam is a sophisticated state machine that orchestrates your entire Infrastructure as Code workflow. From webhook ingestion to plan execution, every step is carefully managed and tracked.

Workflow pipeline flow

1
Webhook Processing
GitHub/GitLab events trigger workflows
2
Work Manifest
QueuedRunningCompleted
3
Lock & Validate
Directory locks + pre-workflow hooks
4
Plan & Review
Generate plan with cost estimation
5
Apply & Complete
Execute changes + post-workflow hooks

2. Security through isolation

Security isn't an afterthought, it's our architecture. By never storing your state, secrets, or code, we eliminate entire categories of security risks. Your sensitive data never enters our systems.

Security boundaries

What Terrateam Sees
PR Metadata
Branch names, PR titles, comments
Workflow Results
Plan outputs, apply status
User Permissions
From GitHub/GitLab teams
Security Boundary
What Stays With You
Terraform State
In your S3/GCS/Azure
Cloud Credentials
AWS/GCP/Azure keys
Source Code
Never cloned or accessed
GitHub/GitLab authentication • TLS encryption • Audit logs for all actions

3. Scalable database architecture

Our PostgreSQL-backed architecture is designed for horizontal scaling. Connection pooling, prepared statements, and careful query optimization ensure consistent performance even under load.

High-performance database stack

Application Tier
Terrateam Services
OCaml Workers
Type-Safe Queries
Compile-time SQL validation
Connection Layer
PgBouncer
Connection Pooling
Transaction Mode
Pool Size: 100
Statement Cache
Storage Tier
PostgreSQL
Primary + Replicas
MVCC
WAL
Indexes
Backups
Persistent Connections
Pooled Connections
Optimized Queries

4. Advanced configuration system

Terrateam's configuration system provides unparalleled flexibility while maintaining simplicity. Define workflows, access controls, and automation rules using our intuitive YAML configuration.

# .terrateam/config.yml
workflows:
  - tag_query: "dir:production"
    plan:
      - type: init
      - type: plan
    apply:
      - type: init
      - type: apply
  
  - tag_query: "dir:staging env:staging"
    plan:
      - type: init
        extra_args: ["-backend-config=backend-staging.conf"]
      - type: plan
        extra_args: ["-var-file=staging.tfvars"]

apply_requirements:
  checks:
    - tag_query: "dir:production"
      approved:
        enabled: true
        any_of:
          - "team:sre"
      merge_conflicts:
        enabled: false

automerge:
  enabled: true
  delete_branch: true
  
autoplan:
  enabled: true

Technical differentiators

OCaml performance

Native compilation, minimal runtime overhead, and efficient memory management make Terrateam blazingly fast. Handle thousands of concurrent operations without compromise.

Type safety

Catch errors at compile time, not runtime. Our type system ensures correctness across the entire codebase, from API endpoints to database queries.

Stateless architecture

Horizontally scale your Terrateam deployment without limits. Our stateless design ensures consistent performance and reliability at any scale.

Integration ecosystem

Terrateam integrates directly with your existing tools and workflows. No migrations, no vendor lock-in.

Version Control

GitHub & GitHub Enterprise
GitLab SaaS & Self-hosted
Native CI/CD runners

Infrastructure as Code

Terraform
OpenTofu
Terragrunt

Cloud Providers

AWS
Google Cloud
Azure

Operational excellence

Observability

Prometheus metrics, structured logging, and comprehensive audit trails. Export to your monitoring stack.

Zero downtime

Rolling updates and stateless architecture ensure your workflows continue uninterrupted during deployments.

Reliability

Multi-AZ deployment, automated failover, and comprehensive backup strategies protect your operations.

Built by engineers, for engineers

We believe in solving hard technical problems the right way. Our team brings decades of experience building distributed systems, and we've poured that expertise into every line of code.

View on GitHubRead the Docs