Specs = Tests: Why Spec-Driven Terraform Starts With Tests, Not Documents

The Spec-Driven Development Debate Has It Backwards A colleague recently asked me whether spec-driven development applies to Terraform. The question itself reveals a gap in how our industry thinks about specs — and it's a gap that matters a lot more now that AI agents are writing our infrastructure code. The conventional wisdom goes like this: write a specification document, then write code that implements the spec. Clean. Linear. Professional. And for Terraform Infrastructure as Code, people imagine this means writing architecture documents, naming conventions, and compliance requirements in markdown files, then having GitHub Copilot generate HCL that follows them. Here's my problem with that: specs are not deterministically enforceable. A markdown document that says "all S3 buckets must have encryption enabled" is a suggestion. It's guidance. It's the same category as agent instructions — and I've written extensively about why instructions alone aren't enforcement. An AI agent will r