Metadata-Version: 2.4
Name: trustfix
Version: 0.1.1
Summary: OIDC trust gap scanner for AWS IAM and GitHub Actions
Home-page: https://trustfix.dev
Author: Vijaybhasker Pagidoju
Author-email: hello@trustfix.dev
License: MIT
Project-URL: Homepage, https://trustfix.dev
Project-URL: GitHub Action, https://github.com/marketplace/actions/trustfix-oidc-security-scanner
Project-URL: Source, https://github.com/trustfix/trustfix-core
Keywords: oidc,aws,iam,security,github-actions,terraform,devsecops
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Dynamic: author-email
Dynamic: home-page
Dynamic: requires-python

# TrustFix

OIDC trust gap scanner for AWS IAM and GitHub Actions.
Detects misconfigurations in OIDC trust policies and automatically fixes them via AI-generated Terraform pull requests.

## Quick Start

Free GitHub Action: https://github.com/marketplace/actions/trustfix-oidc-security-scanner

Full dashboard + AI remediation: https://trustfix.dev

## What It Detects

- Missing sub condition (any repo in org can assume your production role)
- Overly broad StringLike patterns in trust policies
- StringLike where StringEquals should be used
- Missing aud claim validation
- Wildcard Principal: "*" in IAM trust policies
- Unused IAM roles (90+ day inactivity)
- 6 types of GitHub Actions workflow misconfigurations

## How It Works

1. Install free GitHub Action → scans every PR for OIDC misconfigs
2. Connect AWS account → maps every IAM role to every workflow that can assume it
3. Click "Generate Fix PR" → Claude AI generates precise Terraform rewrite
4. Review and merge → finding closes automatically

## Pricing

Detection: Free forever
AI Fix PRs: $499/month (Pro), $799/month (Team)
