walwarden
Explanation

What is not shipped

The honest boundary of what walwarden does today — and what is on the roadmap, explicitly labeled.

Honesty about limits is part of the product, not a footnote. This page states plainly what walwarden does not do today. For the exact, code-synced claim table, see the honest capability claims reference.

What ships today

  • Scheduled logical backups (pg_dump) to a BYO S3 bucket, for Neon and Supabase Postgres.
  • Ed25519-signed manifests and an append-only audit chain, verifiable offline.
  • Dashboard backup history and an RPO figure.
  • Operator-initiated restore via the CLI, on a machine you control.
  • Evidence bundle export.
  • Notification routes that page Slack, Discord, email, or a signed webhook when a backup fails, a restore drill cannot recover, the audit chain breaks, or the worker stops. See configure notification routes.

Not yet shipped

The following are on the roadmap and not yet available. Do not rely on them, and do not describe them as if they work today.

CapabilityStatus
Automated restore drill (cron-driven, ephemeral target)On the roadmap — not yet available. Restore is operator-initiated only.
Continuous PITR / WAL streamingOn the roadmap — not yet available. Backups are scheduled logical dumps.
Automated (unattended) restore verificationOn the roadmap — not yet available.
AWS RDS / Aurora as a connected providerOn the roadmap — not yet available. Today's shipping providers are Supabase and Neon.

Why we say this out loud

A completed backup is not the same as a proven restore, and scheduled backups are not continuous protection. Stating the boundary is how a compliance reviewer can trust the claims we do make. See Recoverability and RPO.

Roadmap items and the dates they change status live in the changelog.