InfraFactory

{ Infrastructure factory for AI agents }

Generate infrastructure. Validate it locally. Ship it with evidence.

InfraFactory turns scenario YAML into OpenTofu, runs it through deterministic cloud mocks for AWS, GCP, and Scaleway, then feeds structured failures back into the next agent iteration.

View on GitHub Get started
infrafactory
$ make build
$ make mocks-up
$ ./bin/infrafactory run scenarios/training/gcp-full-stack.yaml

scenario       gcp-full-stack
cloud          gcp
generation     plan -> hcl -> self-review
validation     static -> fakegcp -> destroy

Status: success
terminal_reason: target_reached
3 cloud targets
4 validation layers
0 cloud credentials for mock runs
5 repair iterations by default

What you get

Scenario-driven infrastructure delivery.

Describe what should exist, define the checks that prove it works, and let the factory generate, apply, inspect, repair, and destroy the infrastructure.

Scenario YAML

Declare resources, cloud target, and acceptance criteria in one small contract.

OpenTofu generation

Agent loop plans architecture, writes HCL, and self-reviews before validation.

Cloud mocks

Run generated infrastructure against fakeaws, fakegcp, or mockway locally.

Policy gates

OPA checks run against both planned state and applied mock state.

Topology checks

Ask whether compute can reach databases, load balancers are public, and resources connect.

Structured feedback

Validation failures become machine-readable context for the next agent attempt.

Optional real deploy

Promote the same scenario to real cloud APIs with sandbox deployment enabled.

Destroy verification

Every run can prove cleanup by destroying resources and checking for orphans.

Scenario contract

Intent goes in. Provider-specific HCL comes out.

The scenario is not a replacement for Terraform. It is the contract the agent works against: resources describe intent, acceptance criteria describe evidence, and the validation loop decides whether the generated infrastructure is good enough. 

scenario: full-stack-paris
cloud: scaleway

resources:
  compute:    { purpose: web-server, size: small }
  networking: { vpc: true, private_network: true }
  database:   { engine: postgresql, size: small }
  redis:      { purpose: cache, size: small }

acceptance_criteria:
  - type: policy
    check: encryption_at_rest
    expect: pass
  - type: destruction
    expect: no_orphans

Validation

More than `tofu validate`.

01

Static

`tofu init`, `validate`, `plan`, provider schema checks, and OPA rules over plan JSON.

02

Mock deploy

Apply against a deterministic cloud twin and inspect the resulting state.

03

Real deploy

Optional sandbox apply against real AWS, GCP, or Scaleway APIs with probes.

04

Destroy

Run destroy, check for orphans, and keep the run artefacts as evidence.

Demo

CLI and UI use the same loop.

InfraFactory UI running a scenario

Get started

Run a full-stack scenario locally.

01

Clone

InfraFactory expects sibling mock repositories for local cloud validation.

git clone https://github.com/redscaresu/infrafactory.git
02

Build and start mocks

Start mockway, fakegcp, and fakeaws on local ports.

make build && make mocks-up
03

Run a scenario

No cloud credentials are required for Layer 2 mock validation.

./bin/infrafactory run scenarios/training/gcp-full-stack.yaml

Why this exists

Before and after.

Without InfraFactory

  • Prompt Terraform and manually inspect the result
  • Wait on real cloud APIs for every meaningful test
  • Debug provider errors without structured feedback
  • Trust `plan` when the real failure is post-apply state
  • Lose hard-won cloud pitfalls between runs

With InfraFactory

  • Generate infrastructure from a scenario contract
  • Run fast local validation against cloud-shaped mocks
  • Feed precise failure JSON into the next agent attempt
  • Assert policy and topology against applied state
  • Promote repeated lessons into cloud-specific pitfalls

FAQ

Frequently asked questions.

Is InfraFactory a Terraform replacement?

No. InfraFactory generates OpenTofu/Terraform-compatible HCL, executes it, validates it, and stores the evidence.

Does it require cloud credentials?

No for local mock validation. Real cloud deployment is optional and explicitly gated.

Which clouds are supported?

InfraFactory currently targets AWS, GCP, and Scaleway through fakeaws, fakegcp, and mockway.

What problem does this solve for AI agents?

It gives agents a feedback loop: apply the generated infrastructure, inspect what happened, and repair with concrete evidence instead of guesswork.

Build infrastructure with a validation loop.

Open source, scenario-driven, and designed for agentic infrastructure workflows.

View on GitHub