Formae and PKL: Revolutionizing Infrastructure Automation

As an automation engineer and architect, I have been using IaC tools like Terraform for years. Recently, I started exploring and learning Pulumi, an Infrastructure as Code platform that lets developers and teams create, deploy, and manage cloud resources using familiar programming languages. As part of my weekend reading, I came across a new announcement about an open-source platform called Formae. In this article, let's learn about Formae and how it uses PKL, a configuration-as-code language. 

Infrastructure-as-code has transformed how we manage cloud resources, yet fundamental challenges persist: state file corruption, drift detection complexity, and the painful process of codifying existing infrastructure. Enter Formae, an open-source platform launched in October 2025 by Platform Engineering Labs, that challenges these conventions by leveraging Apple's PKL configuration language and introducing a stateless, auto-discovering approach to infrastructure management.

Understanding PKL: The Foundation

What Is PKL?

PKL (pronounced "Pickle") is a programming language for producing configuration, created by Apple and open-sourced in early 2024. Unlike static formats such as JSON or YAML, PKL combines declarative configuration with the expressivity and safety of statically typed programming languages.

Check the installation guide to set up PKL on your machine.

Basic PKL Syntax

PKL uses a simple key-value structure for basic configurations:

// Basic PKL configuration
name = "Pkl: Configure your Systems in New Ways"
attendants = 100
isInteractive = true
amountLearned = 13.37

You can generate different output formats using the -f option:

pkl eval -f json config.pkl

Output:

{
  "name": "Pkl: Configure your Systems in New Ways",
  "attendants": 100,
  "isInteractive": true,
  "amountLearned": 13.37
}

What Makes PKL Unique?

PKL combines the declarative nature of static data formats with the expressivity and safety of a statically-typed programming language. Unlike YAML or JSON, which lack expressiveness and validation, PKL provides:

Type Safety and Validation

PKL features a rich type and validation system that catches configuration errors before deployment, using type annotations with defined constraints that can encompass arbitrary expressions.

module example.AppConfig

/// The hostname for the application
host: String

/// The port to listen on (must be > 1000)
port: UInt16(this > 1000)

/// Email address
email: String = "[email protected]"

If you violate constraints, PKL catches errors immediately:

–– Pkl Error ––
Type constraint `this > 1000` violated.
Value: 80

Programmability

PKL supports classes, functions, conditionals, and loops — features you'd expect from a programming language but oriented specifically toward configuration management. PKL provides immutable objects for a hierarchical structure with properties, elements, and entries:

// Properties: named values
bird {
  name = "Common wood pigeon"
  diet = "Seeds"
  taxonomy {
    species = "Columba palumbus"
  }
}

// Listings: arrays of elements
birds {
  "Pigeon"
  "Parrot"
  "Barn owl"
  "Falcon"
}

// Mappings: key-value pairs
habitats {
  ["Pigeon"] = "Streets"
  ["Parrot"] = "Parks"
  ["Barn owl"] = "Forests"
  ["Falcon"] = "Mountains"
}

Multi-Format Output

PKL can generate output for JSON, YAML, Property Lists, and other configuration formats, making it versatile for existing toolchains.

Code Generation

PKL can automatically produce configuration code in popular programming languages, including Java, Kotlin, Swift, and Go, creating type-safe bindings for your applications.

Excellent IDE Support

Pkl offers real-time validation, documentation access, and guidance through plugins and extensions for IntelliJ, Visual Studio Code, and Neovim.

PKL's Design Philosophy

PKL is based on a key-value structure that provides a direct and intuitive method for defining configuration settings, supporting not just simple data types but also complex data structures. This makes it extremely flexible while maintaining readability.

The language was created to address a specific problem: configuration files that start simple but grow into unmaintainable complexity. Apple designed PKL to provide safety by catching validation errors before deployment, scale from simple to complex use-cases, and be a joy to write with best-in-class IDE integrations

PKL Workflow

Below is how PKL processes configurations from development to deployment:

Formae: Rethinking Infrastructure-as-Code

Formae enters the infrastructure automation space with a bold premise: eliminate state files, automatically discover and codify existing infrastructure, and maintain infrastructure code that's always in sync with reality. 

Core Architecture

Formae implements infrastructure entirely as code without requiring state files. The platform features automatic discovery and codification of existing infrastructure, mapping every running resource across cloud estates regardless of how those resources were originally created — whether through Terraform, manual console operations, or legacy scripts. Formae leverages an always-on "Agent + Metastructure" model that observes, reconciles, and codifies live environments

Core Principles

Code as the Single Source of Truth

Formae implements its infrastructure entirely in code, at any granularity, without requiring users to maintain secondary artifacts such as state files. This fundamentally differs from Terraform's approach, where state files act as a separate layer between your configuration and actual infrastructure.

Automatic Discovery and Codification

Formae differentiates itself through automatic discovery and codification of existing infrastructure, mapping every running resource across cloud estates regardless of how those resources were originally created, whether through Terraform, OpenTofu, Pulumi, manual cloud console operations, or legacy scripts.

Built for Co-Existence

It is not necessary to migrate or import anything — Formae will automatically discover and update resources and happily co-exist with other IaC and Infrastructure Management tools and even ClickOps.

The Metastructure Concept

The Metastructure concept in Formae's architecture combines infrastructure configuration with operational logic, enabling real-time monitoring, asynchronous change application, and continuous synchronization of infrastructure with code. Unlike traditional IaC tools that only store static configuration, Metastructure maintains both the what (your infrastructure) and the how (the operations needed to manage it).

Dual Operating Modes

Formae operates in two distinct, yet complementary, modes: reconcile and patch. Reconcile mode allows teams to define their desired environment as a definitive "source of truth" in PKL code, with formae ensuring the running production environment aligns. Patch mode empowers engineers to apply minimal, targeted changes, validated by formae before deployment.

This flexibility addresses different operational scenarios:

• Reconcile mode: Define desired environment as definitive "source of truth" in PKL code, with Formae ensuring production alignment.
• Patch mode: Apply minimal, targeted changes validated before deployment for surgical, low-risk updates with minimal blast radius.

Traditional vs. Modern IaC Approaches

The diagram below illustrates the fundamental difference between traditional and Formae's approach:

IaC Platform Landscape

Quick Comparison Matrix

Code Comparison: Traditional vs. Formae

Terraform (HCL) Approach

# Terraform requires explicit state configuration
terraform {
  backend "s3" {
    bucket = "my-terraform-state"
    key    = "prod/terraform.tfstate"
    region = "us-east-1"
  }
}

provider "aws" {
  region = var.region
}

# Variable definitions
variable "environment" {
  type    = string
  default = "dev"
}

variable "vpc_cidr" {
  type    = string
  default = "10.0.0.0/16"
}

# VPC Resource
resource "aws_vpc" "main" {
  cidr_block           = var.vpc_cidr
  enable_dns_hostnames = true
  enable_dns_support   = true
  
  tags = {
    Name        = "main-vpc-${var.environment}"
    Environment = var.environment
  }
}

# Subnet Resource
resource "aws_subnet" "public" {
  vpc_id                  = aws_vpc.main.id
  cidr_block              = "10.0.1.0/24"
  availability_zone       = "us-east-1a"
  map_public_ip_on_launch = true
  
  tags = {
    Name = "public-subnet-${var.environment}"
  }
}

# EC2 Instance
resource "aws_instance" "web" {
  ami           = var.ami_id
  instance_type = var.instance_type
  subnet_id     = aws_subnet.public.id
  
  tags = {
    Name = "web-server-${var.environment}"
  }
}

# Must manually import existing resources
# terraform import aws_vpc.main vpc-12345678
# terraform import aws_subnet.public subnet-abcdef12

Terraform workflow:

# Initialize and download providers
terraform init

# Plan changes (requires state file)
terraform plan

# Apply changes
terraform apply

# Detect drift manually
terraform plan -refresh-only

# If drift detected, must manually update code or force alignment

Formae (PKL) Approach

amends "@formae/forma.pkl"

// No state configuration needed - Formae is stateless
// Automatically discovers existing resources

import "@formae/formae.pkl"
import "@aws/aws.pkl"
import "@aws/ec2/vpc.pkl"
import "@aws/ec2/subnet.pkl"
import "@aws/ec2/instance.pkl"

properties {
  environment = new formae.Prop {
    flag = "env"
    default = "dev"
  }
  
  vpcCidr = new formae.Prop {
    flag = "vpc-cidr"
    default = "10.0.0.0/16"
  }
  
  instanceType = new formae.Prop {
    flag = "instance-type"
    default = "t3.micro"
  }
}

forma {
  new formae.Stack {
    label = "infrastructure"
    description = "Main infrastructure stack"
  }
  
  new formae.Target {
    label = "aws"
    config = new aws.Config {
      region = "us-east-1"
    }
  }
  
  // Resources created OR discovered automatically
  new vpc.VPC {
    label = "main-vpc"
    cidrBlock = properties.vpcCidr.value
    enableDnsHostnames = true
    enableDnsSupport = true
    tags {
      ["Name"] = "main-vpc-\(properties.environment.value)"
      ["Environment"] = properties.environment.value
    }
  }
  
  new subnet.Subnet {
    label = "public-subnet"
    vpcId = "@main-vpc.id"
    cidrBlock = "10.0.1.0/24"
    availabilityZone = "us-east-1a"
    mapPublicIpOnLaunch = true
    tags {
      ["Name"] = "public-subnet-\(properties.environment.value)"
    }
  }
  
  new instance.Instance {
    label = "web-server"
    ami = "ami-0c55b159cbfafe1f0"
    instanceType = properties.instanceType.value
    subnetId = "@public-subnet.id"
    tags {
      ["Name"] = "web-server-\(properties.environment.value)"
    }
  }
}

Formae workflow:

# Start agent (no initialization needed)
formae agent start

# Apply changes - automatically discovers existing resources
formae apply --mode reconcile infrastructure.pkl

# Drift is automatically detected and incorporated into code
# No manual intervention required

# Extract all existing infrastructure to code
formae extract --output discovered.pkl

Platform Strengths and Weaknesses

• Terraform/OpenTofu: Industry standard with a mature ecosystem. Strengths: extensive providers, community support. Weaknesses: state file complexity, manual drift detection, and a separate import process.
• Formae: Next-generation approach. Strengths: no state management, automatic discovery, co-exists with other tools, and strong validation. Weaknesses: new ecosystem, FSL licensing, requires learning PKL.
• Pulumi: Modern development approach. Strengths: familiar languages, strong IDE support. Weaknesses: still requires state management, steeper learning curve for non-developers.
• CloudFormation: AWS-native. Strengths: first-class AWS support, free, built-in drift detection. Weaknesses: AWS-only, verbose syntax, 500 resource limit per stack.
• Crossplane: Kubernetes-centric. Strengths: GitOps-friendly, declarative YAML. Weaknesses: requires a Kubernetes cluster, an additional complexity layer.

Real-World Use Cases

Brownfield Environments

A brownfield environment, in the context of Infrastructure as Code (IaC), refers to an existing, fully operational computing environment that was already deployed.

For existing infrastructure, Formae eliminates painful imports:

# Discover all existing AWS resources
formae extract --target aws --output current-infrastructure.pkl

# Review discovered infrastructure
cat current-infrastructure.pkl

# Make changes and apply
formae apply --mode patch current-infrastructure.pkl

Multi-Environment Management

Use properties for environment-specific configurations:

// environments/production.pkl
amends "../base-infrastructure.pkl"

properties {
  environment = new formae.Prop {
    flag = "env"
    default = "production"
  }
  
  instanceType = new formae.Prop {
    flag = "instance-type"
    default = "t3.large"
  }
  
  instanceCount = new formae.Prop {
    flag = "instances"
    default = "10"
  }
}

// Deploy production with overrides
// formae apply --mode reconcile environments/production.pkl

Team Workflows

Core platform engineers manage the main infrastructure code and make system-wide changes, while engineers with specific roles make small, safe changes through patch mode.

Selection Guide

Choose Terraform/OpenTofu for maximum provider coverage and industry-standard skills. OpenTofu guarantees an open-source future.

Choose Formae to eliminate state complexity, need automatic discovery, and value always-in-sync code with minimal operational overhead.

Choose Pulumi if your team prefers general-purpose languages and needs infrastructure-application integration.

Choose CloudFormation/Bicep for single-cloud scenarios with native integration.

Choose Crossplane for Kubernetes-centric organizations wanting GitOps infrastructure patterns.

Conclusion

Formae and PKL represent the first major innovation in infrastructure-as-code tooling in nearly a decade. By addressing fundamental limitations — state management complexity, drift-detection challenges, and brownfield infrastructure friction — Formae offers a fresh perspective on infrastructure automation.

The platform's success will hinge on whether its approach to automatic discovery and codification proves more valuable than the familiarity and community support surrounding existing tools. For platform engineering teams struggling with sprawling cloud estates, infrastructure drift, and fragile toolchains, Formae's approach of treating code as a single source of truth while automatically incorporating reality could be transformative.