Docs Concepts

GitOps Workflow

How code flows from request to deployed infrastructure.

Opsitron follows a GitOps model: your infrastructure is defined as code in Git, and all changes flow through pull requests. Nothing is applied directly to AWS — every change is reviewed, version-controlled, and auditable.

The Flow

Request → AI Plans → Engineer Reviews → PR Created → CI Runs Plan → Apply → Deployed

Here’s what happens at each step:

1. Request Submitted

A user submits a request through the portal: “Deploy a new static website for our marketing site on dev1.”

2. AI Plans the Change

An AI agent (powered by Claude) analyzes the request:

  • Reads the existing infrastructure from your config repository
  • Examines available modules and their variables
  • Generates a structured implementation plan with steps, affected resources, and risks

3. Engineer Reviews

A staff engineer reviews the plan:

  • Validates the approach against best practices
  • Checks for security, cost, and reliability implications
  • Approves or sends back with feedback

4. AI Implements

The approved plan is executed by the AI agent:

  • Creates a feature branch in your config repository
  • Writes Terraform/OpenTofu files following your conventions
  • Runs tofu init, tofu validate, tofu fmt, and tofu plan
  • Opens a pull request with the changes

5. CI Pipeline

Your GitHub Actions infrastructure workflow runs automatically:

  • Plan — Shows exactly what resources will be created, changed, or destroyed
  • Cost Estimate — OpenInfraQuote calculates the monthly cost impact
  • Review — Plan output and cost estimate are posted as PR comments

6. Apply and Deploy

After review, the infrastructure is applied:

  • Terraform creates/updates AWS resources
  • Results are reported back to Opsitron
  • For app environments, changes promote through dev → staging → production
  • The PR is auto-merged after production deployment

What You Own

Everything lives in your GitHub organization:

  • Config Repository — All Terraform code for your infrastructure
  • Application Repositories — Your application code with build workflows
  • GitHub Actions — CI/CD pipelines that run in your repos
  • Terraform State — Stored in your AWS accounts (S3 + DynamoDB)

Opsitron orchestrates the workflow, but you own all the artifacts. If you ever leave, you take everything with you — it’s standard Terraform code that any engineer can maintain.

Safety Mechanisms

  • Blast Radius Detection — Plans that destroy resources require explicit approval
  • Deployment Circuit Breaker — ECS automatically rolls back failed container deployments
  • Environment Promotion — Changes must succeed in dev before reaching production
  • Cost Estimation — Every PR shows the monthly cost impact before apply
  • Audit Trail — Every request, plan, PR, and deployment is tracked with timestamps and actors
Applications AI Agents