Introducing the MeshGuard Terraform Provider: Infrastructure as Code for Agent Governance

Governance Shouldn't Be a Point-and-Click Afterthought

Your infrastructure lives in version-controlled HCL files. Your Kubernetes manifests go through pull request review. Your database migrations are tested in staging before they touch production. So why is your AI agent governance still configured through a dashboard by whoever happens to be on call?

Today we are releasing the MeshGuard Terraform Provider, bringing full Infrastructure as Code support to every governance primitive MeshGuard offers: agents, policies, alert channels, compliance profiles, and RBAC assignments.

Why IaC for Governance

Manual governance configuration creates three problems that compound as your agent fleet grows.

Drift. A teammate tweaks a policy threshold in the UI during an incident. The change is never documented, never reviewed, and silently diverges from the configuration your team agreed on last quarter.

Repeatability. Spinning up a new environment means re-creating dozens of policies by hand, hoping nothing is missed. Staging and production inevitably fall out of sync.

Auditability. Compliance teams ask "who changed this policy and when?" and your best answer is a screenshot of an activity log.

Terraform solves all three. Your governance configuration becomes a Git-tracked, peer-reviewed, CI-validated artifact, just like the rest of your infrastructure.

Getting Started

Install the provider and configure your API credentials:

terraform {
  required_providers {
    meshguard = {
      source  = "meshguard/meshguard"
      version = "~> 1.0"
    }
  }
}

provider "meshguard" {
  api_key = var.meshguard_api_key
  region  = "us-east-1"
}

Defining Agents, Policies, and Alerts in HCL

Register an agent and attach a governance policy in a single plan:

resource "meshguard_agent" "order_processor" {
  name        = "order-processor-v2"
  description = "Handles e-commerce order fulfillment"
  environment = "production"

  labels = {
    team    = "commerce"
    tier    = "critical"
  }
}

resource "meshguard_policy" "rate_limit" {
  name        = "order-processor-rate-limit"
  agent_id    = meshguard_agent.order_processor.id
  policy_type = "rate_limit"

  rule {
    max_actions_per_minute = 500
    on_violation           = "throttle"
    alert_channel_id       = meshguard_alert_channel.slack_ops.id
  }
}

resource "meshguard_alert_channel" "slack_ops" {
  name     = "ops-slack-alerts"
  type     = "slack"
  endpoint = var.slack_webhook_url

  severity_filter = ["critical", "high"]
}

Run terraform plan to preview changes, get a code review from your team, then terraform apply to push the configuration live. Every change is tracked in your Git history, and rolling back is a single git revert away.

Importing Existing Configuration

Already have agents and policies configured in MeshGuard? The provider supports terraform import for every resource type, so you can adopt IaC incrementally without recreating your setup from scratch.

terraform import meshguard_agent.order_processor ag_8xK2mNpQ
terraform import meshguard_policy.rate_limit pol_3vR9wLzT

CI/CD Integration

Pair the Terraform provider with the MeshGuard GitHub Action to validate plans on every pull request. Your governance changes go through the same review and test cycle as application code, catching misconfigurations before they reach production.

What's Next

The Terraform provider is available today on the Terraform Registry. Full documentation, example modules, and a quick-start template repository are linked from our docs. We are also working on Pulumi and OpenTofu support for teams that prefer alternative IaC toolchains.

Governance is infrastructure. It is time we treated it that way.