Agentic Infrastructure

Why infrastructure needs an agent framework

AI agents are getting remarkably good at writing, planning, and executing code. But infrastructure isn't like application code -- a single misconfigured resource can expose data, rack up costs, or take down production. Agents need more than raw access to cloud APIs. They need structure, guardrails, and deterministic context to operate safely.

That's where Bluebricks comes in. It takes your existing Infrastructure as Code and wraps it in versioned, composable blueprints with clear inputs, outputs, and governance policies. Agents interact with these blueprints -- not raw cloud APIs -- so every change is auditable, policy-checked, and reversible.

Blueprints as the agent interface

A blueprint is the core unit that agents work with. Each blueprint is a deployable package composed of one or more artifacts wired together through defined relationships. It exposes only the inputs a deployer (human or agent) needs to provide, while hiding low-level IaC details.

This makes blueprints a natural interface for agents:

• Defined inputs and outputs -- Agents know exactly what parameters are required and what the blueprint produces. No guessing, no hallucinating resource names.

• Versioned and immutable -- Every blueprint carries a semantic version. Agents deploy a known, tested configuration rather than generating code from scratch.

• Composable -- Blueprints can nest other blueprints and artifacts, so agents can spin up complex multi-layer environments with a single action.

• Governed -- Collection policies (owner approval, cost limits, allowed blueprints) apply to agent-initiated deployments the same way they apply to human ones. Agents can't bypass organizational guardrails.

• Dependency-aware -- Bluebricks builds a DAG (directed acyclic graph) from the blueprint's package relationships and runs them in the right order, parallel where possible. Agents don't need to reason about execution ordering.

In practice, an agent doesn't write Terraform or Helm from scratch. It discovers available blueprints, picks the right one, provides input values, and triggers a deployment. The platform handles plan generation, policy enforcement, and orchestrated execution.

How agents interact with Bluebricks

Bluebricks gives agents multiple ways to manage infrastructure:

MCP (Model Context Protocol)

The Bricks MCP server connects AI coding assistants -- Claude, Cursor, VS Code, Windsurf -- directly to the Bluebricks platform. Through MCP, agents can:

• Discover available blueprints and collections

• Install blueprints into target collections

• Monitor environment status and run progress

• Approve pending infrastructure changes

Think of it as conversational access to your infrastructure workflows. An agent can take a request like "deploy a PostgreSQL database with Redis cache to staging," find the matching blueprint, review the generated plan, and execute the deployment -- all within a chat interface.

Cloud import agent

The cloud import agent works in the opposite direction: instead of deploying new infrastructure, it codifies existing unmanaged cloud resources into blueprints. You select resources from the cloud graph, and the agent:

1. Generates infrastructure code from the discovered resources

2. Validates the configuration against the live environment

3. Iterates until the plan reaches a no-changes state

4. Publishes the resulting blueprint and creates a managed environment

This bridges the gap between "infrastructure that exists" and "infrastructure that is managed." Once imported, your resources gain versioning, governance, and the ability to be replicated or evolved through the standard blueprint workflow.

REST API and CLI

Beyond MCP, agents can also interact with Bluebricks through the REST API and Bricks CLI. CI/CD pipelines, custom automation scripts, and programmatic workflows use these interfaces to publish blueprints, trigger deployments, and query environment state.

The governance layer

Agentic infrastructure only works when guardrails are built into the system -- not bolted on after the fact. Bluebricks enforces governance at the collection level:

• RBAC -- Members and owners have defined permissions. Agents authenticate with the same token system as human users and inherit the same access rules.

• Policies -- Cost limits, owner approval gates, and allowed blueprint lists apply uniformly. An agent-initiated deployment that exceeds the cost threshold still requires human approval.

• Properties and secrets -- Collection-scoped values are automatically inherited by deployed packages. Agents reference secrets through Secrets.<name> without ever handling raw credentials.

• Audit trail -- Every run records who triggered it, what changed, and what the plan contained. Agent-initiated runs are fully traceable.

llms.txt -- giving agents documentation context

Bluebricks publishes an llms.txt file that gives AI agents a structured map of the documentation. Instead of scraping HTML pages, agents can pull a curated index of concepts, guides, and references optimized for LLM context windows. This helps agents reason about Bluebricks capabilities accurately and cuts down on hallucination when answering infrastructure questions.

What this means for your team

Agentic infrastructure doesn't replace your platform or DevOps engineers -- it amplifies them:

• Faster provisioning -- Agents handle routine deployment requests using pre-approved blueprints, freeing engineers for architecture and optimization work.

• Consistent environments -- Every agent-deployed environment follows the same blueprint definitions and policy checks as manually deployed ones.

• Lower barrier to entry -- Developers who aren't IaC experts can request infrastructure through natural language. The blueprint framework ensures the result is production-grade.

• Codified existing infrastructure -- The cloud import agent turns unmanaged resources into managed blueprints, closing the gap between what's running and what's governed.