PPreflightwith Stratus

Preflight

External proof for local AWS delivery loops.

Preflight lints, scores, diagnoses, and load-checks your stack against a local emulator before you decide it is ready for AWS.

Explore PreflightSee Examples

Examples

What each Preflight surface is for.

These are the four operator-facing surfaces that make Preflight useful in practice: static lint, readiness scores, concrete diagnoses, and generated load checks.

Lint

Catch missing readiness conditions before deployment.

Preflight lint runs against CDK synth output or Terraform HCL and flags the conditions that usually decide whether a stack is safe to scale, operate, and trust.

Command./dist/preflight lint --stack-name SmokeFixtureStack --no-ai
preflight lint

✓ cdk detected
✓ synthesized templates /tmp/preflight-synth-123456

 100 security       0 finding(s)
  76 reliability    2 finding(s)
  88 observability  1 finding(s)
  64 scalability    3 finding(s)

Readiness Score

Turn findings into a category-level signal.

Every lint run emits category scores for security, reliability, observability, and scalability, plus score-level explanations that show what is dragging each category down.

Command./dist/preflight lint --stack-name SmokeFixtureStack --output json --no-ai
{
  "summary": {
    "scores": [
      { "category": "security", "score": 100, "errors": 0, "warnings": 0 },
      { "category": "reliability", "score": 76, "errors": 0, "warnings": 2 },
      { "category": "observability", "score": 88, "errors": 0, "warnings": 1 },
      { "category": "scalability", "score": 64, "errors": 0, "warnings": 3 }
    ]
  }
}

Diagnosis

Explain why a score is low and what to change.

Preflight diagnoses each finding deterministically by default, with optional AI overlay. The point is not just to say something is wrong, but to connect the likely failure mode to the exact infrastructure setting that should change.

Command./dist/preflight lint --stack-name SmokeFixtureStack --no-ai
Diagnoses
◆ lambda-concurrency-explicit via rulebook
  This leaves scaling behavior implicit, which usually shows up as throttling, backlog growth, or unstable latency.
  fix: Set ReservedConcurrentExecutions explicitly or document why unbounded account concurrency is acceptable.

◆ api-throttling via rulebook
  This leaves scaling behavior implicit, which usually shows up as throttling, backlog growth, or unstable latency.
  fix: Set throttling burst and rate limits explicitly so traffic spikes fail predictably instead of exhausting downstream capacity.

Load

Generate a load path from behavioural assertions.

Preflight load turns the existing behavioural HTTP checks into a generated load scenario. It can use a native concurrent runner or k6, depending on what is available in the environment.

Command./dist/preflight load --stack-name SmokeFixtureStack --runner k6 --vus 8 --iterations 40
preflight load

✓ cdk detected

✓ total=40 failures=0 avg=32ms p95=71ms

✓ apigw-http:POST api-123/jobs
  metrics: total=40 failures=0 avg=32ms p95=71ms

Why it matters

Preflight is the part that turns a local stack into a trustworthy one.

Stratus gives you local AWS-shaped execution. Preflight tells you whether the stack has the conditions required to be secure, observable, reliable, and scalable, then proves the path under behavioral and load pressure.

Before deploy

Find the missing conditions early.

  • Missing alarms, DLQs, encryption, and auth posture.
  • Implicit concurrency, throttling, and autoscaling decisions.
  • Weak observability and durability defaults that would only show up later.

After deploy

Verify the path, then pressure it.

  • Structural, wiring, IAM, and behavioural assertions against the live stack.
  • Generated HTTP load scenarios from the same behavioural path.
  • Machine-readable output for CI, PR comments, and future UI surfaces.