Drift Detection — General Availability
Released: December 5, 2025
The first public release of Controlinfra. Continuous Terraform drift detection on AWS, ML-powered analysis to explain why a drift happened, and a dashboard built for teams who want to keep their cloud honest.
What shipped
- AWS Terraform drift detection. Scheduled scans compare the current state of cloud resources to your Terraform state file. Drift items are surfaced with severity (critical / high / medium / low) and the resource attributes that diverged.
- ML-powered drift analysis. Each detected drift gets an analysis pass that classifies the cause (manual change, deploy lag, deleted-out-of-band, etc.) and suggests a remediation path.
- Self-hosted runners. Optional self-hosted runner agents so customers with sensitive cloud accounts can keep credentials inside their own network. Cloud-hosted runners are the default for everyone else.
- Dashboard. Repository view, scan history, drift list with severity filters, and per-drift detail pages with attribute-level diffs.
- Repository integration. Connect any GitHub repo containing Terraform code; Controlinfra walks the directory tree and discovers
.tffiles automatically. - AWS credential helper. OIDC federation for self-hosted runners or static IAM access keys for cloud-hosted scans, encrypted at rest.
Foundation
This release laid the architectural foundation that the rest of 2026 builds on: provider-agnostic discovery contract, runner-agent protocol, severity classifier, ML analysis service. The drift detection core has remained stable since — every release since extends it (multi-cloud, real-time monitoring, guardrails) without breaking the original contract.