One mechanism for your application's entire lifecycle.

Whatever the starting point, you'll be up and running.

The complete decision tree.

until serving():
    if local state exists:
        engine version vs state version:
            equal:    serving()
            engine >: migrate()
            engine <: abort("downgrade")
    else:
        if fetch_backup(): restore(backup)
        else:              init()

serving(): run app, schedule backups

A design pattern for application lifecycle. The mechanism branches on what it finds, not on what operation was requested.

How many customers affected?

How fast back online?

How much data lost?

Bartl makes the answers automatic consequences of how you operate.

Not by adding something - by replacing five separate procedures with one unified mechanism.

Automate disaster recovery -> installation comes free.

Add version detection -> upgrades come free.

Run it on a different server -> migration comes free.

Keep the backup portable -> sovereignty comes free.

Disaster, cost pressure, contract end, curiosity: the reason you're moving doesn't change the operation. The timeline doesn't either - whether you have thirty seconds or thirty days, it's the same restore. That is Wechselfähigkeit.

Who this is for

You run applications in production and need recovery that rehearses itself with every deployment.
You need data isolation and separate compliance boundaries per customer.
You want to scale operations linearly - Nth stack adds work, not complexity.
You want to leave your provider on your terms, on your timeline.