Stronghold | Open-Source Disaster Recovery Intelligence

What your console shows

Backups configured
Read replicas active
All checks passing

What Stronghold finds

Reality Gap: 56 points
Claimed 56% protected
Proven 0% recoverable

What you actually need

Proof-of-Recovery: 0%
3 services not recoverable
DR debt growing for 45 days

What Stronghold does

What do we have?

Service-level mapping from CloudFormation, tags, and topology — not just resource inventory.

What breaks if this fails?

Dependency graph with blast radius analysis and SPOF detection.

Can we still recover?

Scenario coverage analysis for AZ failure, region failure, SPOF failure, data corruption.

Is the full recovery path proven?

Full-chain coverage traces every step of the recovery order and shows which links are proven, observed, or broken.

What's the proof?

Evidence maturity tracking. "Config observed" ≠ "recovery tested."

Is it getting better?

Posture history, DR debt tracking, and trend analysis across scans.

Terminal

$ stronghold status

Stronghold DR Intelligence

Reality Gap  56 pts  claimed 56% protected → 0% proven recoverable
Score  39/100 (F)       Proof-of-Recovery  0% tested · 100% observed
Services  14 detected   Scenarios  0/13 covered

Worst exposed
  ✗ database   F  19/100  no tested restore path · stale runbook
  ✗ storage    F  26/100  no cross-region replication · stale runbook
  ✗ dns        F   0/100  no failover configured · stale runbook

Next action  Enable S3 replication for "artifacts-bucket" [SAFE · +6 points]
             [SAFE · +4 points]

Terminal

$ stronghold status

Stronghold DR Intelligence

Reality Gap  56 pts  claimed 56% protected → 0% proven recoverable
Score  39/100 (F)          Recovery Chain  0/23 steps proven (0% weighted)
Services  14 detected      Scenarios  0/13 covered

See why

Terminal

$ stronghold explain database

database - F 19/100
Reality Gap: claimed 29% protected -> proven 0% recoverable -> gap 29 pts

Reasoning

1. database consists of 1 resource.
   prod-db-primary (DATABASE, datastore)

2. prod-db-primary is the most connected dependency in database.
   2 direct dependents and blast radius 8.

3. ✗ prod-db-primary No AWS Backup plan covers this resource.
   Attach the resource to an AWS Backup plan.

4. ✗ No tested recovery evidence is recorded for this service.
   No passing recovery rule has current tested evidence.

TypeScript strict 736 tests 82.6% core coverage 39 DR rules 16 AWS services AGPL-3.0 Zero telemetry