Intro to tc Cloud Functors: Graph-First Serverless Infrastructure

Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud

Robert J. Berger developed tc Cloud Functors to manage 107 topologies and 340 Lambdas after manual wiring consumed 80% of development time at Informed. The system successfully transitioned a massive Ruby on Rails monolith into a modular, event-driven architecture within nine months.

Why This Matters

Traditional Infrastructure as Code (IaC) tools like CloudFormation and Terraform utilize a resource-first model, requiring engineers to manually manage low-level primitives and brittle ‘magic spells.’ This results in significant technical debt where adding features feels like moving mountains due to the manual overhead of wiring IAM roles, event rules, and subscriptions. By shifting to a graph-first mental model, infrastructure is derived algorithmically from logical connections. This inversion of control allows teams to treat the cloud as a single computer rather than a collection of disjointed resources, eliminating the ‘confused deputy’ security problem and enabling high-velocity development for complex serverless systems.

Key Insights

• Resource-First vs. Graph-First: Traditional tools focus on ‘how’ (implementation), whereas tc Cloud Functors focus on ‘what’ (intent), deriving relationships algorithmically.
• The 8 Atoms of the Cloud: The system identifies eight core entities—Functions, States, Events, Routes, Mutations, Queues, Channels, and Pages—as sufficient building blocks for any serverless topology.
• Algorithmic Security: The tc composer uses pre-validated templates to automatically inject SourceArn condition keys into trust policies, enforcing least privilege by default.
• Bones and Muscles Hybrid: The architecture uses Terraform for static ‘bones’ (VPCs, RDS) and tc for high-velocity ‘muscles’ (Lambdas, Step Functions), connected via a dynamic Resolver.
• Sub-Tree Autonomy: Developers can ‘zoom’ into a specific subdirectory to deploy a single functor as the ‘root of the universe,’ ignoring the rest of the 340-Lambda monolith.

Working Examples

Standard developer workflow commands for managing Cloud Functors.

tc build   # Package logic and ML models (Docker multi-arch)
tc publish # Push assets like Layers and EFS models to S3
tc create  # Provision the isolated, namespaced sandbox
tc invoke  # Test logic directly in the cloud via a REPL

Practical Applications

• Use case: Informed transitioned a Ruby on Rails monolith processing 8% of US car loans into a system of 107 topologies using namespaced and sandboxed functors.
• Pitfall: Manual IAM configuration often leads to developers stripping SourceArn conditions to ‘just get it working,’ resulting in vulnerable ‘confused deputy’ security flaws.

References:

• https://github.com/tc-functors
• https://tc-functors.org/