cloudwire 0.2.1__tar.gz → 0.2.3__tar.gz

{cloudwire-0.2.1/cloudwire.egg-info → cloudwire-0.2.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cloudwire
-Version: 0.2.1
+Version: 0.2.3
 Summary: Scan and visualize your AWS infrastructure as an interactive graph
 License-Expression: MIT
 Project-URL: Homepage, https://github.com/hisingh_gwre/cloudwire
@@ -16,6 +16,7 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Topic :: Internet :: WWW/HTTP
 Classifier: Topic :: System :: Systems Administration
 Requires-Python: >=3.9
@@ -24,20 +25,24 @@ Provides-Extra: dev
 Requires-Dist: twine; extra == "dev"
 Requires-Dist: build; extra == "dev"
 Provides-Extra: dependencies
-Requires-Dist: fastapi>=0.115; extra == "dependencies"
-Requires-Dist: uvicorn[standard]>=0.34; extra == "dependencies"
-Requires-Dist: boto3>=1.37; extra == "dependencies"
-Requires-Dist: botocore>=1.37; extra == "dependencies"
-Requires-Dist: networkx>=3.4; extra == "dependencies"
-Requires-Dist: pydantic>=2.11; extra == "dependencies"
-Requires-Dist: click>=8.1; extra == "dependencies"
+Requires-Dist: fastapi>=0.100; extra == "dependencies"
+Requires-Dist: uvicorn>=0.20; extra == "dependencies"
+Requires-Dist: boto3>=1.26; extra == "dependencies"
+Requires-Dist: botocore>=1.29; extra == "dependencies"
+Requires-Dist: networkx>=2.6; extra == "dependencies"
+Requires-Dist: pydantic>=2.0; extra == "dependencies"
+Requires-Dist: click>=8.0; extra == "dependencies"
 
-# Cloudwire
+# CloudWire
 
 Scan your AWS account and visualize resource dependencies as an interactive graph — directly in your browser, running entirely on your local machine.
 
 No data leaves your system. AWS credentials never leave your terminal. The graph is built locally using your existing credential chain (`~/.aws/credentials`, `aws sso login`, `saml2aws`, `aws-vault` — all work out of the box).
 
+<p align="center">
+  <img src="docs/cloudgraph.svg" alt="CloudWire — AWS infrastructure graph visualization" width="100%">
+</p>
+
 ---
 
 ## Install
@@ -58,7 +63,9 @@ That's it. The browser opens automatically at `http://localhost:8080`.
 - Dark hacker-aesthetic graph canvas with animated data flow
 - 24 AWS services with dedicated icons, colors, and role badges
 - Edges represent real relationships — API integrations, event triggers, IAM policy inference, env var references
-- Sequential left-to-right flow layout with START/END badges showing where data enters and exits
+- Four layout modes — Circular (default), Flow, Swimlane — switchable from the graph toolbar
+- VPC network topology with CloudMapper-style diagrams — internet anchors, SG rule edges with port labels, AZ grouping, collapsible containers
+- Tag-based scanning — discover and scan resources by AWS tags with searchable multi-select dropdowns
 - Click any node to inspect its attributes, incoming/outgoing edges, and resource-specific tooltip
 - Search, filter by service, highlight upstream/downstream blast radius, find shortest path
 - Permission errors surfaced clearly — see exactly which IAM policies are missing
@@ -91,6 +98,7 @@ That's it. The browser opens automatically at `http://localhost:8080`.
 | AppSync | Dedicated — GraphQL APIs |
 | Secrets Manager | Dedicated |
 | KMS | Dedicated |
+| VPC Network | Dedicated — VPCs, subnets, security groups, IGWs, NAT GWs, route tables; scoped to referenced VPCs |
 | ELB | Discovered via CloudFront, Route 53, ECS edges |
 | Everything else | Generic (tagged resources only) |
 
@@ -108,7 +116,15 @@ cloudwire/                        # Python package (the distributable unit)
 └── app/                        # FastAPI backend
     ├── main.py                 # App factory, API routes (/api/*), static serving
     ├── models.py               # Pydantic request/response models
-    ├── scanner.py              # boto3 AWS scanner — one function per service
+    ├── services.py             # Canonical service registry — single source of truth
+    ├── scanner.py              # Scan orchestrator, shared helpers, mixin composition
+    ├── scanners/               # Per-service scanner modules (mixin classes)
+    │   ├── _utils.py           # Shared constants (ARN pattern, env var conventions)
+    │   ├── apigateway.py       # REST + HTTP APIs, integrations, authorizers
+    │   ├── lambda_.py          # Functions, event sources, IAM policy inference
+    │   ├── vpc.py              # VPCs, subnets, SGs, IGWs, NATs, route tables
+    │   ├── glue.py             # Jobs, crawlers, triggers
+    │   └── ...                 # 16 more service scanners (one per AWS service)
     ├── scan_jobs.py            # Async job store with progress tracking
     └── graph_store.py          # networkx graph with thread-safe mutations
 
@@ -117,12 +133,17 @@ frontend/                       # React + Vite source (compiled into cloudwire/s
 │   ├── pages/CloudWirePage.jsx # Main page — orchestrates all state
 │   ├── components/
 │   │   ├── graph/              # GraphCanvas, GraphNode, GraphEdge, Minimap, Legend
-│   │   └── layout/             # TopBar, ServiceSidebar, InspectorPanel
+│   │   ├── layout/             # TopBar, ServiceSidebar, InspectorPanel, TagFilterBar
+│   │   └── ErrorBoundary.jsx   # React error boundary for graceful pane crashes
 │   ├── hooks/
 │   │   ├── useScanPolling.js   # Scan lifecycle, polling, graph data state
+│   │   ├── useTagDiscovery.js  # Tag-based resource discovery
+│   │   ├── useGraphPipeline.js # Graph filtering, clustering, layout pipeline
+│   │   ├── usePathFinder.js    # Shortest-path mode state management
+│   │   ├── useClickOutside.js  # Shared click-outside hook
 │   │   └── useGraphViewport.js # Pan/zoom viewport state
 │   ├── lib/
-│   │   ├── graphTransforms.js  # Layout algorithms (circular, flow, swimlane)
+│   │   ├── graphTransforms.js  # Layout algorithms, annotations, container collapse
 │   │   ├── serviceVisuals.jsx  # Service icon + color map
 │   │   └── awsRegions.js       # AWS region list
 │   └── styles/graph.css        # All UI styles
@@ -172,7 +193,7 @@ This starts the FastAPI backend on `:8000` (with `--reload`) and the Vite dev se
 
 | Area | Where to edit |
 |------|--------------|
-| Add a new AWS service scanner | `cloudwire/app/scanner.py` → add a `_scan_<service>` method and register it in `self.service_scanners` |
+| Add a new AWS service scanner | `cloudwire/app/scanners/` → create a mixin class, import it in `scanner.py`, add to the class bases and `service_scanners` dict |
 | Change graph layout | `frontend/src/lib/graphTransforms.js` |
 | Add a new UI component | `frontend/src/components/` |
 | Change API routes | `cloudwire/app/main.py` — all routes are under the `/api` prefix |

cloudwire-0.2.1/PKG-INFO → cloudwire-0.2.3/README.md

@@ -1,43 +1,13 @@
-Metadata-Version: 2.4
-Name: cloudwire
-Version: 0.2.1
-Summary: Scan and visualize your AWS infrastructure as an interactive graph
-License-Expression: MIT
-Project-URL: Homepage, https://github.com/hisingh_gwre/cloudwire
-Project-URL: Issues, https://github.com/hisingh_gwre/cloudwire/issues
-Keywords: aws,cloud,visualization,graph,infrastructure
-Classifier: Development Status :: 3 - Alpha
-Classifier: Environment :: Console
-Classifier: Environment :: Web Environment
-Classifier: Intended Audience :: Developers
-Classifier: Intended Audience :: System Administrators
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Topic :: Internet :: WWW/HTTP
-Classifier: Topic :: System :: Systems Administration
-Requires-Python: >=3.9
-Description-Content-Type: text/markdown
-Provides-Extra: dev
-Requires-Dist: twine; extra == "dev"
-Requires-Dist: build; extra == "dev"
-Provides-Extra: dependencies
-Requires-Dist: fastapi>=0.115; extra == "dependencies"
-Requires-Dist: uvicorn[standard]>=0.34; extra == "dependencies"
-Requires-Dist: boto3>=1.37; extra == "dependencies"
-Requires-Dist: botocore>=1.37; extra == "dependencies"
-Requires-Dist: networkx>=3.4; extra == "dependencies"
-Requires-Dist: pydantic>=2.11; extra == "dependencies"
-Requires-Dist: click>=8.1; extra == "dependencies"
-
-# Cloudwire
+# CloudWire
 
 Scan your AWS account and visualize resource dependencies as an interactive graph — directly in your browser, running entirely on your local machine.
 
 No data leaves your system. AWS credentials never leave your terminal. The graph is built locally using your existing credential chain (`~/.aws/credentials`, `aws sso login`, `saml2aws`, `aws-vault` — all work out of the box).
 
+<p align="center">
+  <img src="docs/cloudgraph.svg" alt="CloudWire — AWS infrastructure graph visualization" width="100%">
+</p>
+
 ---
 
 ## Install
@@ -58,7 +28,9 @@ That's it. The browser opens automatically at `http://localhost:8080`.
 - Dark hacker-aesthetic graph canvas with animated data flow
 - 24 AWS services with dedicated icons, colors, and role badges
 - Edges represent real relationships — API integrations, event triggers, IAM policy inference, env var references
-- Sequential left-to-right flow layout with START/END badges showing where data enters and exits
+- Four layout modes — Circular (default), Flow, Swimlane — switchable from the graph toolbar
+- VPC network topology with CloudMapper-style diagrams — internet anchors, SG rule edges with port labels, AZ grouping, collapsible containers
+- Tag-based scanning — discover and scan resources by AWS tags with searchable multi-select dropdowns
 - Click any node to inspect its attributes, incoming/outgoing edges, and resource-specific tooltip
 - Search, filter by service, highlight upstream/downstream blast radius, find shortest path
 - Permission errors surfaced clearly — see exactly which IAM policies are missing
@@ -91,6 +63,7 @@ That's it. The browser opens automatically at `http://localhost:8080`.
 | AppSync | Dedicated — GraphQL APIs |
 | Secrets Manager | Dedicated |
 | KMS | Dedicated |
+| VPC Network | Dedicated — VPCs, subnets, security groups, IGWs, NAT GWs, route tables; scoped to referenced VPCs |
 | ELB | Discovered via CloudFront, Route 53, ECS edges |
 | Everything else | Generic (tagged resources only) |
 
@@ -108,7 +81,15 @@ cloudwire/                        # Python package (the distributable unit)
 └── app/                        # FastAPI backend
     ├── main.py                 # App factory, API routes (/api/*), static serving
     ├── models.py               # Pydantic request/response models
-    ├── scanner.py              # boto3 AWS scanner — one function per service
+    ├── services.py             # Canonical service registry — single source of truth
+    ├── scanner.py              # Scan orchestrator, shared helpers, mixin composition
+    ├── scanners/               # Per-service scanner modules (mixin classes)
+    │   ├── _utils.py           # Shared constants (ARN pattern, env var conventions)
+    │   ├── apigateway.py       # REST + HTTP APIs, integrations, authorizers
+    │   ├── lambda_.py          # Functions, event sources, IAM policy inference
+    │   ├── vpc.py              # VPCs, subnets, SGs, IGWs, NATs, route tables
+    │   ├── glue.py             # Jobs, crawlers, triggers
+    │   └── ...                 # 16 more service scanners (one per AWS service)
     ├── scan_jobs.py            # Async job store with progress tracking
     └── graph_store.py          # networkx graph with thread-safe mutations
 
@@ -117,12 +98,17 @@ frontend/                       # React + Vite source (compiled into cloudwire/s
 │   ├── pages/CloudWirePage.jsx # Main page — orchestrates all state
 │   ├── components/
 │   │   ├── graph/              # GraphCanvas, GraphNode, GraphEdge, Minimap, Legend
-│   │   └── layout/             # TopBar, ServiceSidebar, InspectorPanel
+│   │   ├── layout/             # TopBar, ServiceSidebar, InspectorPanel, TagFilterBar
+│   │   └── ErrorBoundary.jsx   # React error boundary for graceful pane crashes
 │   ├── hooks/
 │   │   ├── useScanPolling.js   # Scan lifecycle, polling, graph data state
+│   │   ├── useTagDiscovery.js  # Tag-based resource discovery
+│   │   ├── useGraphPipeline.js # Graph filtering, clustering, layout pipeline
+│   │   ├── usePathFinder.js    # Shortest-path mode state management
+│   │   ├── useClickOutside.js  # Shared click-outside hook
 │   │   └── useGraphViewport.js # Pan/zoom viewport state
 │   ├── lib/
-│   │   ├── graphTransforms.js  # Layout algorithms (circular, flow, swimlane)
+│   │   ├── graphTransforms.js  # Layout algorithms, annotations, container collapse
 │   │   ├── serviceVisuals.jsx  # Service icon + color map
 │   │   └── awsRegions.js       # AWS region list
 │   └── styles/graph.css        # All UI styles
@@ -172,7 +158,7 @@ This starts the FastAPI backend on `:8000` (with `--reload`) and the Vite dev se
 
 | Area | Where to edit |
 |------|--------------|
-| Add a new AWS service scanner | `cloudwire/app/scanner.py` → add a `_scan_<service>` method and register it in `self.service_scanners` |
+| Add a new AWS service scanner | `cloudwire/app/scanners/` → create a mixin class, import it in `scanner.py`, add to the class bases and `service_scanners` dict |
 | Change graph layout | `frontend/src/lib/graphTransforms.js` |
 | Add a new UI component | `frontend/src/components/` |
 | Change API routes | `cloudwire/app/main.py` — all routes are under the `/api` prefix |

{cloudwire-0.2.1 → cloudwire-0.2.3}/cloudwire/__init__.py

@@ -1,3 +1,3 @@
 """CloudWire — scan and visualize your AWS infrastructure."""
 
-__version__ = "0.2.1"
+__version__ = "0.2.3"

{cloudwire-0.2.1 → cloudwire-0.2.3}/cloudwire/app/graph_store.py

@@ -1,11 +1,14 @@
 from __future__ import annotations
 
+import logging
 from datetime import datetime, timezone
 from threading import Lock
-from typing import Any, Dict, List, Set
+from typing import Any, Dict, List, Set, Tuple
 
 import networkx as nx
 
+logger = logging.getLogger(__name__)
+
 
 class GraphStore:
     def __init__(self) -> None:
@@ -71,6 +74,27 @@ class GraphStore:
             metadata["edge_count"] = len(edges)
             return {"nodes": nodes, "edges": edges, "metadata": metadata}
 
+    def iter_nodes_by_service(self, service: str) -> List[Tuple[str, Dict[str, Any]]]:
+        """Return a snapshot of (node_id, attrs_copy) pairs for a given service."""
+        with self._lock:
+            return [
+                (nid, dict(attrs))
+                for nid, attrs in self.graph.nodes(data=True)
+                if attrs.get("service") == service
+            ]
+
+    def snapshot_graph(self) -> "nx.DiGraph":
+        """Return a shallow copy of the graph for read-only traversal."""
+        with self._lock:
+            return self.graph.copy()
+
+    def batch_update_nodes(self, updates: List[Tuple[str, Dict[str, Any]]]) -> None:
+        """Apply attribute updates to multiple nodes atomically."""
+        with self._lock:
+            for node_id, attrs in updates:
+                if self.graph.has_node(node_id):
+                    self.graph.nodes[node_id].update(attrs)
+
     def _node_matches_arns(self, node_id: str, attrs: Dict[str, Any], allowed_arns: Set[str]) -> bool:
         """Check if a node matches any of the allowed ARNs.
 
@@ -91,39 +115,46 @@ class GraphStore:
             return True
         return False
 
-    def filter_by_arns(self, allowed_arns: Set[str]) -> int:
+    def filter_by_arns(self, allowed_arns: Set[str]) -> Dict[str, int]:
         """Remove nodes that don't match the allowed ARNs, preserving neighbors.
 
         Keeps:
           - Nodes whose ARN matches the allowed set (the "seed" nodes)
-          - Direct neighbors of seed nodes (1-hop) so connected context is visible
-          - VPC infrastructure ancestors of kept nodes (so VPC containers, IGWs,
-            route tables, and Internet anchor nodes remain for topology context)
-          - Nodes without any ARN-like attribute (synthetic/connector nodes)
-        Returns the number of nodes removed.
+          - Direct neighbors of seed nodes (1-hop), marked ``kept_by_proximity=True``
+          - VPC infrastructure ancestors of kept nodes
+        Returns dict with ``seeds``, ``neighbors``, ``removed``, ``total`` counts.
         """
         with self._lock:
+            total = self.graph.number_of_nodes()
+            logger.debug(
+                "filter_by_arns: %d graph nodes, %d allowed ARNs",
+                total, len(allowed_arns),
+            )
             # Phase 1: identify seed nodes (directly matched by ARN)
             seed_ids: Set[str] = set()
-            no_arn_ids: Set[str] = set()
             for node_id, attrs in self.graph.nodes(data=True):
                 if self._node_matches_arns(node_id, attrs, allowed_arns):
                     seed_ids.add(node_id)
-                elif not attrs.get("real_arn") and not attrs.get("arn"):
-                    no_arn_ids.add(node_id)
+                # Note: nodes without arn/real_arn that have NO edges are
+                # phantom inferred nodes — they will be removed unless they
+                # are neighbors of seeds. This avoids polluting the tag graph
+                # with Lambda env-var inferred phantom nodes.
 
             # Phase 2: expand to direct neighbors of seeds (1-hop)
-            keep_ids = set(seed_ids) | no_arn_ids
+            # Mark them so the frontend can visually distinguish proximity nodes
+            neighbor_ids: Set[str] = set()
             for seed_id in seed_ids:
                 for neighbor in self.graph.predecessors(seed_id):
-                    keep_ids.add(neighbor)
+                    if neighbor not in seed_ids:
+                        neighbor_ids.add(neighbor)
                 for neighbor in self.graph.successors(seed_id):
-                    keep_ids.add(neighbor)
+                    if neighbor not in seed_ids:
+                        neighbor_ids.add(neighbor)
+
+            keep_ids = seed_ids | neighbor_ids
 
             # Phase 3: walk VPC infrastructure ancestors so topology context
             # (VPC → subnet → resource, IGW → VPC, RTB → subnet) stays intact.
-            # For any kept VPC infra node, also keep its predecessors/successors
-            # that are VPC infra, up the containment chain.
             vpc_frontier = [
                 nid for nid in keep_ids
                 if self.graph.nodes[nid].get("service") == "vpc"
@@ -136,6 +167,7 @@ class GraphStore:
                         attrs = self.graph.nodes[neighbor]
                         if attrs.get("service") == "vpc":
                             keep_ids.add(neighbor)
+                            neighbor_ids.add(neighbor)
                             visited.add(neighbor)
                             vpc_frontier.append(neighbor)
                 for neighbor in self.graph.successors(nid):
@@ -143,17 +175,31 @@ class GraphStore:
                         attrs = self.graph.nodes[neighbor]
                         if attrs.get("service") == "vpc":
                             keep_ids.add(neighbor)
+                            neighbor_ids.add(neighbor)
                             visited.add(neighbor)
                             vpc_frontier.append(neighbor)
 
-            # Phase 4: remove everything else
+            # Phase 4: mark proximity nodes and remove everything else
+            for nid in neighbor_ids:
+                if self.graph.has_node(nid):
+                    self.graph.nodes[nid]["kept_by_proximity"] = True
+
             nodes_to_remove = [
                 node_id for node_id in self.graph.nodes()
                 if node_id not in keep_ids
             ]
             for node_id in nodes_to_remove:
                 self.graph.remove_node(node_id)
-            return len(nodes_to_remove)
+            logger.debug(
+                "filter_by_arns: seeds=%d, neighbors=%d, kept=%d, removed=%d",
+                len(seed_ids), len(neighbor_ids), len(keep_ids), len(nodes_to_remove),
+            )
+            return {
+                "seeds": len(seed_ids),
+                "neighbors": len(neighbor_ids),
+                "removed": len(nodes_to_remove),
+                "total": total,
+            }
 
     def get_resource_payload(self, resource_id: str) -> Dict[str, Any]:
         with self._lock: