Infrastructure-as-Code (IaC) environments suffer from configuration drift when IaC tools are used alongside cloud consoles, CLIs, or SDKs, leading to state inconsistency and operational risks. To address this, we propose NSync—a novel AI agent system that unifies API log tracing, large language model (LLM)-based intent inference, and a self-evolving knowledge base to automatically detect non-IaC configuration changes and perform semantic-level remediation. NSync identifies configuration deviations by analyzing cloud API call logs, infers high-level operational intent via LLMs, and incrementally refines repair strategies in an iterative knowledge base. It further integrates IaC code generation with automated evaluation pipelines to ensure synchronization accuracy and efficiency. Evaluated on five real-world Terraform projects, NSync achieves a pass@3 accuracy of 0.97—up from 0.71—and reduces token consumption by 47%, significantly enhancing IaC environment consistency and maintainability.

Cloud infrastructure is managed through a mix of interfaces -- traditionally, cloud consoles, command-line interfaces (CLI), and SDKs are the tools of choice. Recently, Infrastructure-as-Code/IaC frameworks (e.g., Terraform) have quickly gained popularity. Unlike conventional tools, IaC~frameworks encode the infrastructure in a "source-of-truth" configuration. They are capable of automatically carrying out modifications to the cloud -- deploying, updating, or destroying resources -- to bring the actual infrastructure into alignment with the IaC configuration. However, when IaC is used alongside consoles, CLIs, or SDKs, it loses visibility into external changes, causing infrastructure drift, where the configuration becomes outdated, and later IaC operations may undo valid updates or trigger errors. We present NSync, an automated system for IaC reconciliation that propagates out-of-band changes back into the IaC program. Our key insight is that infrastructure changes eventually all occur via cloud API invocations -- the lowest layer for cloud management operations. NSync gleans insights from API traces to detect drift (i.e., non-IaC changes) and reconcile it (i.e., update the IaC configuration to capture the changes). It employs an agentic architecture that leverages LLMs to infer high-level intents from noisy API sequences, synthesize targeted IaC updates using specialized tools, and continually improve through a self-evolving knowledge base of past reconciliations. We further introduce a novel evaluation pipeline for injecting realistic drifts into cloud infrastructure and assessing reconciliation performance. Experiments across five real-world Terraform projects and 372 drift scenarios show that NSync outperforms the baseline both in terms of accuracy (from 0.71 to 0.97 pass@3) and token efficiency (1.47$ imes$ improvement).