ArchDrift

ArchDrift is a web app (with optional CLI agent) that continuously compares your intended system architecture to what’s actually running in cloud accounts and Kubernetes clusters. You define “architecture intent” as simple rules and diagrams-as-code (services, data flows, trust boundaries, allowed dependencies). The agent pulls real topology from AWS/GCP/Azure and K8s, then flags drift: new public endpoints, unexpected service-to-service calls, missing encryption, shadow databases, or IAM privilege creep. It generates evidence packs for SOC2/ISO audits and creates actionable tickets with exact resource IDs and suggested remediations. This is not a full-blown APM replacement; it’s a focused guardrail for architecture correctness and compliance. The product lives or dies on being accurate, low-noise, and fast to deploy—otherwise teams will ignore it like every other alerting tool.