RV · 0A / CLOUD TOPOLOGY
BUILD 0.2 / MAC · LINUX

The diagnostic layer your cloud doesn’t have.

Scan your architecture in one pass. See every cross-service dependency as a live graph. Click any resource — know in under 30 seconds what else breaks if it fails.

Download for macOS View on GitHub
Releasev0.2 · 2026
PlatformmacOS · Linux
LicenseOpen source
CredsLocal, read-only
The problem

Your cloud console is organized by service silo.

When something breaks, you open 4 tabs to answer one question. You tab between compute, databases, queues, functions, trying to piece together what actually depends on what.

The console is a service browser. It cannot show you cross-service relationships. It cannot tell you what breaks if a queue goes down. It cannot compare your live infra to your IaC.

4 tabs · 0 answers
console.cloud/compute
console.cloud/databases
console.cloud/queues
console.cloud/functions
The answer

RiftView answers it in 30 seconds.

00 seconds · full architecture scan → blast radius visible
Five things it does

Built for the ten minutes when nothing else matters.

Not a dashboard. Not another observability tool. An incident-response surface that answers one kind of question — fast.

01  /  Blast radius

Click a node. See what breaks if it fails.

No tabs. No guessing. Click any resource — connected resources highlight, everything else dims. The subgraph you need. Nothing you don’t.

4 tabs  →  1 click How long it takes to find downstream dependents
blast-radius.demo Database · prod-users-db
02  /  Live cross-service graph

Your entire stack. One pass. Every service.

RiftView scans every service your provider exposes in a single run and holds the topology as a connected graph. Not per-service snapshots — a whole-account model that stays live.

47 services · 1 graph Cross-service edges, kept fresh between scans
account-scan.log live
scan › "prod" --regions=primary,secondary
discovering resources…
compute  142 instances 38 firewall rules
database 9 clusters   7 subnets
functions 213 handlers 54 roles
queues  31 queues   18 consumers
storage  94 buckets 116 policies
…38 more services scanned
graph assembled  8.2s · 4,807 edges · 1,613 nodes
03  /  Top risks

Not forty warnings. The three things that matter.

Most scanners hand you 40 findings sorted by nothing. RiftView surfaces the three highest-severity chain-of-failure risks — the ones that take your stack down, not the ones your compliance tool nags about.

3 ranked · 0 filler Severity ordered by blast radius, not by finding count
top-risks.panel action required
S1
Single-zone database backing 14 function consumers
prod-users-db · primary-a · no replica
S2
Queue without dead-letter feeding order-processor
order-intake · 14d retention · 0 DLQ
S3
Role spans 9 services · over-permissioned
role/fn-shared · 312 effective actions
04  /  Drift detection

Your IaC.
Your current deployment.
A clean diff.

RiftView compares your current deployment against your state file. Changes that happened outside your IaC — console clicks, one-off CLI fixes — show up as diff lines with the fix commands ready to run.

IaC ↔ Reality Drift surfaced per resource, with fix commands
drift · terraform.tfstate → live 2 resources drifted
firewall_rule.api-public region: primary
12 ingress {
13  cidr_blocks = ["10.0.0.0/8"]
13+  cidr_blocks = ["0.0.0.0/0"]
14   from_port = 443
15 }
05  /  Guided remediation

Run the provider CLI fix. From inside the app.

No copy-pasting commands into a terminal at 2am, no double-checking the region flag. RiftView generates the exact CLI command for each finding, asks you to confirm, streams the output back to you.

Copy · paste · swear  →  0 One-click confirm. Streaming output. Rollback prepared.
remediate · fw-00f2… ready to run
remediation.sh · preview
# Revert firewall ingress to match terraform state
$ cloud firewall revoke-ingress \
    --rule-id fw-00f2a1c3b4d5e6789 \
    --protocol tcp --port 443 \
    --source 0.0.0.0/0
↳ would revoke public-wide 443 ingress
$ cloud firewall authorize-ingress \
    --rule-id fw-00f2a1c3b4d5e6789 \
    --protocol tcp --port 443 \
    --source 10.0.0.0/8
↳ would restore terraform-declared range
Why not just the cloud console?

The console is a service browser. RiftView is a graph.

Cloud Console

  • Organized by service silo — compute here, databases there, functions elsewhere
  • No cross-service relationships. Dependencies live in your head
  • Per-service dashboards. No whole-account graph
  • Cannot answer “what breaks if this goes down?”
  • Cannot compare live infrastructure to your Terraform state
  • Blast radius: four tabs and ten minutes of guessing

RiftView

  • Organized by connection — a single view, every service
  • Every cross-service edge, traced and live
  • One graph. Entire account. Always current
  • Click a node — blast radius on every resource, every time
  • Terraform drift, surfaced per resource with fix commands
  • Blast radius: one click, under 30 seconds
How it works

Three steps. Real cloud. No mock data.

Select your cloud profile

RiftView reads from your provider’s local credentials file, environment variables, or an SSO session. Credentials stay local — read-only by default.

Hit Scan

RiftView enumerates every service in parallel and assembles the graph. Typical account: 4 to 12 seconds. Large accounts: up to 30.

Click any resource

Instant blast radius. Top risks panel. Drift view. Remediation commands generated inline. This is the 2am workflow.

Headless · @riftview/cli

Also ships as a CLI for CI.

Same scanner. Same analysis. Stable JSON, deterministic exit codes, no Electron runtime. Published as @riftview/cli on npm.

01  /  Headless

Single Node bundle. No desktop runtime.

Every subcommand uses the cloud SDK in read mode — write operations stay in the desktop app. Output is pinned to schemaVersion: 1; any breaking change bumps the version.

Read-onlyNo write ops
Stable JSONschemaVersion: 1
ExitsDeterministic 0/1/2/3/4
RuntimeNode 20+, no Electron
Install $ npm install -g @riftview/cli
riftview · quick-start read-only
# Full account scan, human-readable summary
$ riftview scan --profile prod
✓ 47 services · 1,613 nodes · 4,807 edges · 8.2s
 
# Fail CI on warnings or worse
$ riftview risks --profile prod --fail-on S2
 
# Compare live infra against Terraform
$ riftview drift --state terraform.tfstate \
    --fail-on-drift
✗ 2 resources drifted  exit 1
02  /  Five subcommands

Each does one thing. Pipes to jq.

Composable building blocks for CI pipelines: capture a snapshot once, gate risks and drift off it, diff against yesterday’s scan to see what changed.

  • scanFull account scan. Optional --snapshot writes JSON for later runs.
  • risksSeverity-sorted findings. --fail-on S1|S2|S3 gates CI.
  • driftCompare live infra to terraform.tfstate. --fail-on-drift trips on any change.
  • diffStructurally diff two snapshots. Added, removed, field-level changes.
  • versionBuild metadata: semver, git commit, build date, Node version.
snapshot → diff workflow 2 runs, 1 diff
# Capture today's state
$ riftview scan --snapshot scan-$(date +%F).json
✓ wrote scan-2026-05-11.json  2.1 MB
 
# Diff against yesterday
$ riftview diff scan-2026-05-10.json scan-2026-05-11.json
+ 3 nodes added  (2 lambda · 1 queue)
1 node removed  (s3 bucket)
  ~ 4 nodes modified
 
# Re-run risks against the snapshot, no AWS hit
$ riftview risks --snapshot scan-2026-05-11.json --fail-on S2
03  /  Exit codes you can set -e on

Five exits. Pinned by tests.

Every CI pipeline can branch on $? directly — the contract is enforced by tests, so a future release won’t silently reshuffle the codes.

0OKSuccessful run, no gate tripped
1FINDINGS--fail-on matched, or drift detected
2USAGEBad invocation, unreadable snapshot
3AUTHCredential failure, AccessDenied
4RUNTIMEAnything not covered above
.github/workflows/drift.yml PR gate
name: Infra drift
on:
  pull_request:
    branches: [main]
 
jobs:
  drift:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: aws-actions/configure-aws-credentials@v4
        with: { role-to-assume: ${{ secrets.AWS_ROLE }} }
      - run: npm install -g @riftview/cli
      - run: riftview drift --state terraform.tfstate --fail-on-drift
npmjs.com/package/@riftview/cli Full CLI reference ↗
Download

Stop context-switching.

Point RiftView at your cloud profile. In 30 seconds you’ll see what your infrastructure actually looks like.

Available for Download · macOS v0.2.0
macOS Linux