How does an agent know what it can do with the Spacelift server?

Through discover, which browses the GraphQL schema and lists available queries and mutations. Because the server fronts the whole Spacelift GraphQL API, the agent inspects types and fields first, then uses query for read-only data and mutate to change resources.

Can an agent inspect a pending infrastructure change before it applies?

Yes. query reads stacks, runs, and policies read-only, and provider inspects Terraform and OpenTofu provider schemas, so the agent can reason about what a run will do. mutate and intent are the write paths when it should act.

Spacelift for infrastructure as code

Our top pick for infrastructure as codeOfficialSpacelift

Spacelift is our top pick for infrastructure as code, and it earns first place because it sits at the control point of an IaC workflow: the platform that gates and applies changes to Terraform, OpenTofu, and other definitions. Its official hosted server exposes the entire Spacelift GraphQL API, so an agent can read the live picture and reason about a pending change before anything applies.

Argo CD, Kubernetes, and Docker cover the layers underneath, the GitOps controller and the container and cluster tooling. Spacelift leads here because IaC management, stacks, runs, and policies, is exactly the stage where an agent diffing a plan before apply adds the most value.

How Spacelift fits

The tools are deliberately general because they front a GraphQL API. discover browses the schema, listing available queries and mutations and inspecting types and their fields, so the agent learns what it can ask before it asks. query runs read-only GraphQL with chosen return fields, which is how the agent pulls stacks, runs, and policies to understand current state and what a pending run will do. provider inspects Terraform and OpenTofu provider schemas and resources read-only, useful for reasoning about a resource change. mutate executes GraphQL mutations to modify Spacelift resources when the agent should act, and intent manages Intent-controlled cloud resources with create, update, delete, refresh, and import.

The honest tradeoff: the GraphQL-fronting design is broad but means the agent works through schema discovery and query construction rather than a fixed set of named IaC verbs, so discover and query matter before any real work. Among siblings, Argo CD is the GitOps controller for continuous reconciliation in Kubernetes, Kubernetes covers the cluster directly, and Docker handles containers and images. Spacelift wins when the question is what a Terraform or OpenTofu change will do once Spacelift applies it, and an agent needs to inspect stacks, runs, and policies first.

Tools you would use

Tool	What it does
discover	Browses the Spacelift GraphQL API schema: lists available queries and mutations and inspects types and their fields.
query	Executes read-only GraphQL queries against Spacelift with the specified return fields.
mutate	Executes GraphQL mutations to modify Spacelift resources.
provider	Inspects Terraform and OpenTofu provider schemas and resources (read-only).
intent	Manages Intent-controlled cloud resources with create, update, delete, refresh, and import operations.

Full Spacelift setup and config →

FAQ

How does an agent know what it can do with the Spacelift server?: Through discover, which browses the GraphQL schema and lists available queries and mutations. Because the server fronts the whole Spacelift GraphQL API, the agent inspects types and fields first, then uses query for read-only data and mutate to change resources.
Can an agent inspect a pending infrastructure change before it applies?: Yes. query reads stacks, runs, and policies read-only, and provider inspects Terraform and OpenTofu provider schemas, so the agent can reason about what a run will do. mutate and intent are the write paths when it should act.