We Let AI Write Our Terraform. Then We Gave It a Security Conscience

Designing cloud infrastructure usually takes three meetings. One with the architect to decide which services to use. One with the DevOps engineer to actually write the Terraform. One with the security team to explain, again, why 0.0.0.0/0 is not an acceptable production CIDR. By the time all three conversations happen, the architecture diagram is already out of date. So we asked a different question: what if all four roles ran as AI agents in a single automated pipeline? You type your requirements in plain English. You get back deployable Terraform HCL, a security audit with specific remediation guidance, and a rendered architecture diagram. In one shot, without the meetings. That's InfraSquad. This post is about what we learned building it, what broke badly, and what we would tell ourselves at the start. TL;DR: InfraSquad is a multi-agent system built on LangGraph. Four agents collaborate in a cyclic state machine. Security findings loop back to the DevOps agent for fixes, capped at t