Metadata-Version: 2.4
Name: autoai-driftguard
Version: 0.1.0
Summary: Infrastructure Drift Detection & Self-Healing — Multi-cloud drift scanner with IaC remediation
Project-URL: Homepage, https://autoailabs.co.uk/products/driftguard
Project-URL: Repository, https://github.com/autoailabadmin/driftguard
Author-email: AutoAI Labs <info@autoailabs.co.uk>
License-Expression: Apache-2.0
License-File: LICENSE
Keywords: devops,drift-detection,iac,infrastructure,mcp,pulumi,terraform
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: System :: Systems Administration
Requires-Python: >=3.10
Requires-Dist: click>=8.0
Requires-Dist: httpx>=0.25
Requires-Dist: mcp>=1.0
Requires-Dist: pydantic>=2.0
Requires-Dist: rich>=13.0
Provides-Extra: all
Requires-Dist: azure-identity>=1.15; extra == 'all'
Requires-Dist: azure-mgmt-compute>=30.0; extra == 'all'
Requires-Dist: azure-mgmt-network>=25.0; extra == 'all'
Requires-Dist: azure-mgmt-resource>=23.0; extra == 'all'
Requires-Dist: azure-mgmt-storage>=21.0; extra == 'all'
Requires-Dist: boto3>=1.34; extra == 'all'
Requires-Dist: google-cloud-compute>=1.17; extra == 'all'
Requires-Dist: google-cloud-resource-manager>=1.12; extra == 'all'
Provides-Extra: aws
Requires-Dist: boto3>=1.34; extra == 'aws'
Provides-Extra: azure
Requires-Dist: azure-identity>=1.15; extra == 'azure'
Requires-Dist: azure-mgmt-compute>=30.0; extra == 'azure'
Requires-Dist: azure-mgmt-network>=25.0; extra == 'azure'
Requires-Dist: azure-mgmt-resource>=23.0; extra == 'azure'
Requires-Dist: azure-mgmt-storage>=21.0; extra == 'azure'
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
Requires-Dist: pytest>=8.0; extra == 'dev'
Requires-Dist: ruff>=0.3; extra == 'dev'
Provides-Extra: gcp
Requires-Dist: google-cloud-compute>=1.17; extra == 'gcp'
Requires-Dist: google-cloud-resource-manager>=1.12; extra == 'gcp'
Description-Content-Type: text/markdown

# DriftGuard

Infrastructure Drift Detection & Self-Healing for multi-cloud environments.

DriftGuard compares your Infrastructure-as-Code (Terraform, Pulumi, CloudFormation) desired state against live cloud resources to detect unauthorized changes, security misconfigurations, and cost anomalies.

## Features

- **Multi-cloud drift detection** — Azure, AWS, and GCP resource state readers
- **IaC state parsing** — Terraform (.tfstate v3/v4), Pulumi exports, CloudFormation templates
- **32 security rules** — Open ports, public storage, missing encryption, IAM wildcards, weak TLS, and more
- **8 cost rules** — Oversized instances, unattached volumes, missing tags, premium storage
- **8 compliance rules** — Data residency, encryption at rest, audit logging, retention periods
- **Drift classification** — Automated categorization as unauthorized/intentional/emergency
- **IaC remediation** — Auto-generate Terraform HCL or Pulumi Python to fix drift
- **GitHub PR generation** — Create PRs with remediation code
- **Historical tracking** — SQLite-backed drift history with trend analysis
- **Baseline management** — Accept known deviations with optional TTL
- **MCP server** — 7 tools for Claude/AI integration
- **CLI** — `scan`, `watch`, `fix`, `history`, `report`, `baseline`, `policy` commands

## Quick Start

```bash
pip install autoai-driftguard

# Scan a Terraform state file
driftguard scan --state terraform.tfstate --provider azure

# Continuous monitoring
driftguard watch --state terraform.tfstate --interval 300

# View drift history
driftguard history --severity critical

# Generate remediation code
driftguard fix --scan-id scan-abc123 --format terraform

# List security policies
driftguard policy list --category security

# Generate posture report
driftguard report --days 30
```

## Quick Start -- MCP Server

Add to your Claude Code or Cursor MCP config:

```json
{
  "mcpServers": {
    "driftguard": {
      "command": "uvx",
      "args": ["autoai-driftguard-mcp"],
      "description": "DriftGuard — Detect infrastructure drift across Azure, AWS, and GCP"
    }
  }
}
```

That's it. No signup. No API key. No data leaves your machine.

### Available Tools

| Tool | Description |
|------|-------------|
| `drift_scan` | Scan for drift across cloud providers |
| `drift_history` | View drift detection history |
| `drift_classify` | Classify drift as unauthorized/intentional/emergency |
| `drift_fix` | Generate IaC remediation code |
| `drift_policy` | Manage security/cost/compliance policies |
| `drift_baseline` | Manage accepted deviations |
| `drift_report` | Generate drift posture report |

## Cloud Provider Setup

### Azure
```bash
export ARM_CLIENT_ID="..."
export ARM_CLIENT_SECRET="..."
export ARM_TENANT_ID="..."
export ARM_SUBSCRIPTION_ID="..."
```

### AWS
```bash
export AWS_ACCESS_KEY_ID="..."
export AWS_SECRET_ACCESS_KEY="..."
export AWS_DEFAULT_REGION="us-east-1"
```

### GCP
```bash
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/key.json"
export GOOGLE_CLOUD_PROJECT="my-project"
```

## Configuration

| Environment Variable | Description | Default |
|---------------------|-------------|---------|
| `DRIFTGUARD_DB` | SQLite database path | `driftguard.db` |
| `GITHUB_TOKEN` | GitHub token for PR creation | — |

## Development

```bash
git clone https://github.com/autoailabadmin/driftguard.git
cd driftguard
pip install -e ".[dev]"
pytest
```

## License

Apache 2.0 — see [LICENSE](LICENSE).

Built by [AutoAI Labs](https://autoailabs.co.uk).
