Metadata-Version: 2.4
Name: hybrisight
Version: 0.1.4
Summary: Read-only cloud and infrastructure efficiency snapshot engine
Author-email: Shawn <shawnthompson66@gmail.com>
License-Expression: Apache-2.0
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: typer>=0.12.5
Requires-Dist: pydantic>=2.8.0
Requires-Dist: PyYAML>=6.0.2
Requires-Dist: boto3>=1.35.0
Requires-Dist: azure-identity>=1.17.1
Requires-Dist: azure-mgmt-resource>=23.1.1
Requires-Dist: azure-mgmt-subscription>=3.1.1
Requires-Dist: azure-mgmt-storage>=21.2.1
Requires-Dist: azure-mgmt-compute>=33.0.0
Requires-Dist: azure-mgmt-network>=28.0.0
Requires-Dist: httpx>=0.27.0
Requires-Dist: rich>=13.7.0
Requires-Dist: alembic>=1.14.0
Provides-Extra: server
Requires-Dist: fastapi>=0.115.0; extra == "server"
Requires-Dist: uvicorn>=0.30.6; extra == "server"
Requires-Dist: sqlalchemy>=2.0.36; extra == "server"
Requires-Dist: python-multipart>=0.0.12; extra == "server"
Requires-Dist: itsdangerous>=2.2.0; extra == "server"
Requires-Dist: weasyprint>=62.3; extra == "server"
Requires-Dist: segno>=1.6.1; extra == "server"
Requires-Dist: stripe>=9.0.0; extra == "server"
Provides-Extra: dev
Requires-Dist: pytest>=8.3.2; extra == "dev"
Requires-Dist: httpx>=0.27.2; extra == "dev"
Requires-Dist: pyflakes>=3.2.0; extra == "dev"
Requires-Dist: fastapi>=0.115.0; extra == "dev"
Requires-Dist: uvicorn>=0.30.6; extra == "dev"
Requires-Dist: sqlalchemy>=2.0.36; extra == "dev"
Requires-Dist: python-multipart>=0.0.12; extra == "dev"
Requires-Dist: itsdangerous>=2.2.0; extra == "dev"
Requires-Dist: weasyprint>=62.3; extra == "dev"
Requires-Dist: segno>=1.6.1; extra == "dev"
Provides-Extra: prod
Requires-Dist: psycopg2-binary>=2.9.9; extra == "prod"
Dynamic: license-file

# HybriSight CLI

**Read-only cloud and infrastructure efficiency snapshot engine.**

`pip install hybrisight` — scan AWS and Azure environments for security,
cost, and operational risks. Non-intrusive, no agents, no write access.

[![PyPI version](https://img.shields.io/pypi/v/hybrisight.svg)](https://pypi.org/project/hybrisight/)
[![Python 3.11+](https://img.shields.io/badge/python-3.11%2B-blue.svg)](https://www.python.org/)

## Quick Start

```bash
pip install hybrisight
hybrisight --help
```

## Commands

### `hybrisight scan`

Run a read-only cloud assessment. Supports AWS and Azure.

```bash
# AWS — interactive demo (no credentials needed)
hybrisight scan aws --demo

# AWS — live scan with your credentials
hybrisight scan aws

# AWS — specific regions
hybrisight scan aws --regions us-east-1,eu-west-1

# Azure — live scan (requires az login first)
hybrisight scan azure
```

Scans produce a `hybrisight-findings.json` file containing structured findings
for every resource analysed.

### `hybrisight report`

Generate human-readable reports from scan findings.

```bash
# HTML report (default)
hybrisight report --input hybrisight-findings.json --format html

# JSON summary
hybrisight report --input hybrisight-findings.json --format json

# PDF report
hybrisight report --input hybrisight-findings.json --format pdf
```

### `hybrisight doctor`

Check your local environment is ready for scans.

```bash
hybrisight doctor
```

Verifies Python version, cloud SDK availability, credentials, and connectivity
without touching any cloud resources.

### `hybrisight upload`

Upload findings to a HybriSight web dashboard for team review and tracking.

```bash
hybrisight upload --findings hybrisight-findings.json --api-key YOUR_KEY
```

### `hybrisight merge`

Combine multiple scan results into a single consolidated findings file.

```bash
hybrisight merge findings-1.json findings-2.json --output merged.json
```

### `hybrisight auth`

Authenticate with a HybriSight deployment to obtain an API key.

```bash
hybrisight auth login
```

### `hybrisight signing`

Cryptographically sign scan artifacts for audit trail integrity.

```bash
hybrisight signing init          # Generate a signing key pair
hybrisight signing register       # Register your public key
hybrisight signing sign-artifact  # Sign a findings file
```

### `hybrisight version`

Print the installed CLI version.

```bash
hybrisight version
```

## Access Setup

HybriSight scans require read-only cloud credentials:

- **AWS**: Create an IAM role with the `SecurityAudit` and `ViewOnlyAccess`
  managed policies. Detailed setup: [AWS Read-Only Access Guide](https://hybrisight.agapii.org/docs/access-setup/aws-readonly-access)
- **Azure**: Use `az login` with a service principal assigned the `Reader` role.
  Detailed setup: [Azure Access Guide](https://hybrisight.agapii.org/docs/access-setup/azure-readonly-access)

## What HybriSight Analyses

- **Security Posture** — IAM misconfigurations, overly permissive policies,
  unencrypted resources, exposed endpoints
- **Cost Efficiency** — Idle resources, orphaned volumes, oversized instances,
  unused IPs
- **Operational Resilience** — Backup gaps, single-AZ resources, missing
  redundancy patterns
- **Infrastructure Operations** — Tagging hygiene, naming conventions,
  resource organisation

## Output

- `hybrisight-findings.json` — machine-readable structured findings
- `hybrisight-report.html` — executive-friendly HTML report
- `hybrisight-report.pdf` — printable PDF summary

## Requirements

- Python 3.11 or later
- AWS CLI or Azure CLI (only for live scans; demo mode needs neither)
- Read-only cloud credentials (see Access Setup above)

## Install Scripts

One-liner install (macOS/Linux):

```bash
curl -fsSL https://hybrisight.agapii.org/install.sh | bash
```

Windows (PowerShell):

```powershell
irm https://hybrisight.agapii.org/install.ps1 | iex
```

## Homebrew (macOS)

```bash
brew tap AGAPII-ORG/hybrisight
brew install hybrisight
```

## Docker

```bash
docker pull agapii/hybrisight:latest
docker run --rm agapii/hybrisight:latest hybrisight scan aws --demo
```

## Documentation

Full documentation: [https://hybrisight.agapii.org](https://hybrisight.agapii.org)

## License

Apache 2.0 — see [LICENSE](https://github.com/AGAPII-ORG/hybrisight/blob/main/LICENSE)
for details.
