The Artifact

IaC plan diff + drift-detector live view.

Pick a plan, see the diff. Click a resource, see its current state vs. desired state. Drift alarms are receipts.

Open the explorer Watch the scenario

Pln

Dimension

Plan diff

4.10 J · OpenTofu 1.8

per call

HCL2 plan output, resource by resource.

The planfile is the contract. 14 additions, 0 changes, 0 destroys. Each resource carries a content-addressed module source (git+sha) so the same plan re-derives byte-identically on any host. Plan output is JSON-rendered for diffing and HCL-rendered for reading.

Sample receipt

JWP ReceiptPayload

kind "eng.iac.plan"

plan_hash blake3:88ee2c47…001a

added 14

joules 4.1

cite "OpenTofu 1.8 · HCL2"

sig "ed25519:0x4f...c1a"

Anatomy — operational specs

tofu_version

1.8.4

providers

pge ~> 0.7, utility-smartmeter ~> 1.2

App

Dimension

Apply audit

11.60 J · 6m12s

per call

Per-resource creation log with timing + provider response.

Every resource creation records (timestamp, provider, http_status, latency_ms). PG&E rate-limited at 4 rps; total apply ran 6m12s end-to-end. State file encrypted AES-256-GCM and uploaded with a lock_id that any concurrent apply would have to wait on.

Sample receipt

JWP ReceiptPayload

kind "eng.iac.apply"

duration_s 372

state_lock_id 9a4c-...-c0e2

joules 11.6

cite "OpenTofu 1.8"

sig "ed25519:0x4f...c1a"

Anatomy — operational specs

backend

s3 + dynamodb-lock

encryption

AES-256-GCM

Dft

Dimension

Drift detector

0.78 J / day · 15-min loop

per call

Background loop diffing live state against the desired state.

Re-runs `tofu plan -refresh-only` 96 times per day. Any non-zero drift surfaces as a receipt and a page. Median 30-day drift: 0. When drift is intentional (e.g., utility back-office changed a rate), it's adopted via `tofu apply -target=...` with a fresh plan-sign-apply cycle.

Sample receipt

JWP ReceiptPayload

kind "eng.drift.watch"

interval_min 15

drift_count_30d 0

joules 0.78

cite "OpenTofu 1.8 -refresh-only"

sig "ed25519:0x4f...c1a"

Anatomy — operational specs

checks_per_day

alarm_channel

pagerduty:eng-iac

MCP

Dimension

MCP audit

0.18 J · 2025-11 draft

per call

Every agentic tool call gated by a Cedar predicate.

An agent that wants to run `tofu/apply` calls the MCP server with a planfile URI. A Cedar 4.0 predicate (`sre-prod-low-cost.cedar`) checks principal role + estimated cost; only admitted calls reach OpenTofu. The audit_id is the join key between agent trace and IaC apply receipt.

Sample receipt

JWP ReceiptPayload

kind "eng.mcp.tool.admitted"

tool tofu/apply

decision admit

joules 0.18

cite "MCP 2025-11 §6.2 · Cedar 4.0"

sig "ed25519:0x4f...c1a"

Anatomy — operational specs

mcp_server

engineeringos-mcp 0.9.3

policy_repo

policies/engineeringos@af12c0

Tag

Dimension

FinOps tag

0.42 J · FOCUS 1.1

per call

Cost-center + joule-budget tags on every resource.

FOCUS 1.1 schema tags get applied at apply time: cost_center, service, joule_budget_per_day. Cloud-cost API rolls dollars; Insights rolls joules. When the joule_budget threshold is crossed, a receipt fires before the dollar bill is even due.

Sample receipt

JWP ReceiptPayload

kind "eng.finops.tagged"

tags cost_center, service, joule_budget_per_day

joule_budget_per_day 240

joules 0.42

cite "FinOps FOCUS 1.1"

sig "ed25519:0x4f...c1a"

Anatomy — operational specs

spec

FOCUS 1.1 (2024-12)

rollup

daily

EngineeringOS, in one line

build, made inspectable.

Click anything. The same primitives that compose the rest of the Transaction Science family — receipts, joules, signed transport — show up here too. The family is one system.

← Watch the scenario Back to Transaction Science →