Agent Sprawl Is Here. Your IaC Platform Is the Answer.
Enterprises are rapidly adopting AI agents—96% run them in production, yet only 12% have centralized management. This sprawl creates security, compliance, and audit challenges as agents proliferate across cloud accounts with unmanaged credentials. Pulumi argues that an Infrastructure‑as‑Code (IaC) platform can provide the seven essential controls—context, integrations, governed actions, policy, audit, review, and approval—to tame agent chaos. By embedding agents in the existing Pulumi workflow, organizations gain visibility, guardrails, and compliance readiness for upcoming AI regulations.
Bitbucket Cloud Meets Pulumi Cloud
Pulumi Cloud has added Bitbucket Cloud as a first‑class version‑control integration, joining GitHub, GitLab and Azure DevOps. Teams can connect a Bitbucket workspace to a Pulumi stack and trigger infrastructure deployments on every push, with path filters and secret management...
Scan AWS GovCloud and More Partitions with Pulumi Insights
Pulumi Insights has expanded its account‑scanning capability to cover every AWS partition, including GovCloud (US), ISO, ISO‑B, ISO‑F, ISO‑E, European Sovereign Cloud, and China. The service now offers the same AI‑assisted resource discovery and cross‑account search that commercial AWS accounts...
Superpowers, GSD, and GSTACK: Picking the Right Framework for Your Coding Agent
Three open‑source frameworks—Superpowers, GSD, and GSTACK—address recurring failures of AI coding agents such as context rot, missing tests, and scope drift. Superpowers enforces a strict test‑driven development cycle, GSD prevents context overload by using per‑phase orchestrators, and GSTACK introduces role‑based...
Introducing Bun as a Runtime for Pulumi
Pulumi now supports Bun as a full runtime for TypeScript projects, letting users set `runtime: bun` in Pulumi.yaml and execute programs without Node.js. Bun offers native TypeScript execution, dramatically faster package installs, and near‑complete Node.js API compatibility. The capability ships...
Introducing the Pulumi Policy Analyze Command for Existing Stacks
Pulumi has added the pulumi policy analyze command, letting users run policy packs against an existing stack’s state without executing the Pulumi program or invoking cloud providers. The tool provides instant, side‑effect‑free validation, cutting the traditional preview‑or‑up loop to a simple analysis...
Introducing Read-Only Mode for Pulumi Neo
Pulumi has added a read‑only mode to its Neo AI‑driven infrastructure assistant, allowing the tool to analyze, preview, and generate pull requests without executing any changes. Users can select this mode when creating a Neo task, capping permissions to read‑only...
Neo Plan Mode: Iterate Before You Execute
Pulumi has launched Plan Mode for its Neo AI infrastructure assistant, creating a dedicated planning workflow before any code is executed. The new mode guides users through discovery, synthesis, refinement, and approval stages, ensuring a clear, documented plan. It is...
How We Eliminated Long-Lived CI Secrets Across 70+ Repos
Pulumi eliminated long‑lived CI secrets across more than 70 repositories by swapping static GitHub secrets for short‑lived, OIDC‑driven credentials via Pulumi ESC. The new flow exchanges a GitHub‑issued JWT for a Pulumi access token, which then opens an ESC environment...
Pulumi IAM Expands: Manage Access at Scale with Tags, Roles, and Teams
Pulumi has added three major IAM capabilities—tag‑based access control, team role assignments, and user role assignments—to its existing custom‑role framework. Tag rules let permissions be granted automatically when stacks, environments, or accounts carry matching tags, eliminating manual selection. Teams can...
From Kubernetes Gatekeeper to Full-Stack Governance with OPA
Pulumi has released version 1.1.0 of its pulumi-policy-opa plugin, making OPA/Rego a stable, first‑class policy language alongside TypeScript and Python. The update introduces full feature parity, including resource‑level and stack‑level policies, configurable enforcement levels, and metadata annotations. A key addition...
Lock Down Values in Pulumi ESC with Fn::final
Pulumi introduced the fn::final built‑in function for its Environments, Secrets, and Configuration (ESC) service. The function lets users flag configuration values as final, preventing child environments from overriding them. When an override is attempted, ESC emits a warning and retains...
New: Previous Provider Version Docs in Pulumi Registry
Pulumi has added a version selector to its Registry, letting users view API documentation for previous major releases of first‑party providers. The dropdown displays the current version plus the latest releases of the two prior major versions, eliminating the need...
Pulumi Cloud Now Supports Google Sign-In
Pulumi Cloud now lets users log in with Google accounts, adding a first‑class identity provider alongside GitHub, GitLab and Atlassian. New users can click “Sign in with Google” on the signup page, while existing accounts can link a Google identity...
Now GA: Up to 20x Faster Pulumi Operations for Everyone
Pulumi has moved its journaling performance enhancement to general availability, making it the default for all Pulumi Cloud operations when using CLI version 3.225.0 or later. The change replaces full‑snapshot state saves with incremental journaling, enabling parallel updates and delivering up to...
Now in Public Beta: Store Terraform State in Pulumi Cloud
Pulumi Cloud has launched a public‑beta Terraform state backend, letting teams point their Terraform or OpenTofu CLI at Pulumi Cloud without altering HCL. The service stores state encrypted, provides automatic locking, versioned history, RBAC and audit policies, and surfaces the...
Token Efficiency vs Cognitive Efficiency: Choosing IaC for AI Agents
The Pulumi blog benchmark compares Terraform HCL and Pulumi TypeScript when generated by Claude Opus 4.6 and GPT‑5.2‑Codex. HCL consistently uses 21‑33% fewer tokens for initial resource creation, lowering raw generation cost. However, Pulumi’s TypeScript refactoring achieves higher deployable success...
Run Pulumi Insights on Your Own Infrastructure
Pulumi announced that its Insights platform can now be run on customer‑managed workflow runners, allowing enterprises to execute discovery scans and policy evaluations within their own infrastructure. The self‑hosted option supports both SaaS Pulumi Cloud and self‑hosted installations, and works...
How We Built a Distributed Work Scheduling System for Pulumi Cloud
Pulumi Cloud needed a unified scheduler to orchestrate deployments, Insights scans, and policy evaluations across both its own infrastructure and customer‑managed runners. The team built a database‑backed background activity system that treats each workflow as a typed, persistent activity with...
Introducing the Terraform State Provider for Pulumi ESC
Pulumi has launched a new Terraform State provider for its ESC platform, allowing teams to import Terraform output values directly into ESC environments. The provider reads state files from local, S3, or Terraform Cloud backends and exposes outputs as first‑class...
Passwordless PostgreSQL: IAM Authentication with Pulumi
Pulumi now offers reusable components to enable AWS IAM authentication for Aurora PostgreSQL, allowing applications to connect using short‑lived tokens instead of static passwords. The setup provisions an RDS cluster with IAM authentication, creates IAM‑enabled database users, and configures IRSA...
Schema Validation Comes to Pulumi ESC with Fn::validate
Pulumi’s Elastic Service Config (ESC) now includes a built‑in fn::validate function that checks configuration values against JSON Schema at save time. The feature instantly rejects invalid settings, preventing misconfigurations from reaching deployment pipelines or production. Users can define simple type checks...
The Claude Skills I Actually Use for DevOps
Claude Code's skill system transforms generic AI assistance into senior‑engineer‑level DevOps guidance. By encoding best‑practice patterns—Pulumi ESC, component resources, monitoring, security, debugging—skills let Claude generate reliable infrastructure code while preserving context budget. Compared with Model Context Protocol servers, skills load...