github mattrobinsonsre/terrapod v0.48.0
on GitHub

5 hours ago

Terrapod is a free, open-source platform replacement for Terraform Enterprise — the collaboration, governance, state, and UI layer around terraform/tofu. This release adds first-class outbound-proxy + custom-CA support for restricted-network deployments, and a measurable refinement of the AI plan/failure analysis backed by a committed evaluation harness.

Highlights

  • Forward proxy + custom CA trust bundle — every component (API, web, listener, and runner Jobs) can now route outbound traffic through a corporate HTTP/HTTPS proxy and trust a private CA bundle. Off by default; enable via proxy.* (httpProxy/httpsProxy/noProxy) and caBundle.* (inline, existing ConfigMap, or existing Secret) in Helm values. Built for isolated / egress-controlled clusters. See docs/deployment-proxy.md.
  • Sharper AI risk calling — the plan-summary and failure-analysis prompts were rewritten as a senior-SRE reviewer, with a consequence-over-keyword severity rubric and an anti-over-flag calibration principle. The model now stops alarm-by-keyword on routine changes without going soft on real exposure or data loss. Measured on a held-out corpus: risk calibration more than doubled (0.29 → 0.71) while real-risk detection held flat.
  • Committed AI evaluation harnessservices/ai_eval/ is a CI-runnable suite (deterministic risk rubric + LLM description judge + train/holdout split + multi-provider corpus) so AI-analysis quality is now measured, not vibes. Offline corpus/rubric tests run in CI; the live model sweep is a manual make ai-eval.

Bug Fixes

  • AI plan summaries no longer half-read large plans — large plan JSON was head-truncated before the model saw it, which could drop a destroy near the end of resource_changes and let the model summarise a plan it had only partly read. Plan JSON is now reduced structurally: under the size cap it is sent unchanged; over it, every change keeps its address and actions (destroys → creates → updates → sampled remainder) so a destroy is never hidden — only attribute detail is trimmed.

Status

Beta — running self-hosted; APIs for terraform/tofu/tfci are stable, management surfaces continue to evolve.

Full Changelog: v0.47.1...v0.48.0

Check out latest releases or
releases around mattrobinsonsre/terrapod v0.48.0

Don't miss a new terrapod release

NewReleases is sending notifications on new releases.

Get notifications