cloudwright-ai 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- cloudwright_ai-0.1.0/.claude/notepad.json +5 -0
- cloudwright_ai-0.1.0/.gitignore +16 -0
- cloudwright_ai-0.1.0/CLAUDE.md +23 -0
- cloudwright_ai-0.1.0/PKG-INFO +541 -0
- cloudwright_ai-0.1.0/README.md +510 -0
- cloudwright_ai-0.1.0/cloudwright/__init__.py +100 -0
- cloudwright_ai-0.1.0/cloudwright/adapters/__init__.py +79 -0
- cloudwright_ai-0.1.0/cloudwright/adapters/aws.py +314 -0
- cloudwright_ai-0.1.0/cloudwright/adapters/azure.py +274 -0
- cloudwright_ai-0.1.0/cloudwright/adapters/gcp.py +305 -0
- cloudwright_ai-0.1.0/cloudwright/analyzer.py +180 -0
- cloudwright_ai-0.1.0/cloudwright/architect.py +603 -0
- cloudwright_ai-0.1.0/cloudwright/catalog/__init__.py +26 -0
- cloudwright_ai-0.1.0/cloudwright/catalog/formula.py +257 -0
- cloudwright_ai-0.1.0/cloudwright/catalog/refresh.py +248 -0
- cloudwright_ai-0.1.0/cloudwright/catalog/store.py +672 -0
- cloudwright_ai-0.1.0/cloudwright/cost.py +281 -0
- cloudwright_ai-0.1.0/cloudwright/data/catalog.db +0 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/analytics.yaml +32 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/cache.yaml +64 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/compute.yaml +78 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/containers.yaml +116 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/database_nosql.yaml +33 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/database_relational.yaml +96 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/messaging.yaml +47 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/ml.yaml +32 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/networking_api.yaml +31 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/networking_cdn.yaml +29 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/networking_dns.yaml +31 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/networking_lb.yaml +77 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/orchestration.yaml +32 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/security_auth.yaml +29 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/security_waf.yaml +31 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/serverless.yaml +74 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/storage_block.yaml +31 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/storage_object.yaml +71 -0
- cloudwright_ai-0.1.0/cloudwright/data/registry/streaming.yaml +32 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/_index.yaml +99 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/azure-microservices.yaml +81 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/azure-serverless-api.yaml +49 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/azure-three-tier-web.yaml +59 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/batch-processing.yaml +103 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/data-lake.yaml +91 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/event-driven.yaml +89 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/gcp-microservices.yaml +90 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/gcp-serverless-api.yaml +48 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/gcp-three-tier-web.yaml +59 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/microservices.yaml +131 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/ml_pipeline.yaml +60 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/serverless_api.yaml +60 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/static-site.yaml +92 -0
- cloudwright_ai-0.1.0/cloudwright/data/templates/three_tier_web.yaml +59 -0
- cloudwright_ai-0.1.0/cloudwright/differ.py +237 -0
- cloudwright_ai-0.1.0/cloudwright/drift.py +90 -0
- cloudwright_ai-0.1.0/cloudwright/evolution.py +63 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/__init__.py +105 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/aibom.py +104 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/cloudformation.py +218 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/compliance_report.py +161 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/d2.py +82 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/mermaid.py +69 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/sbom.py +68 -0
- cloudwright_ai-0.1.0/cloudwright/exporter/terraform.py +1003 -0
- cloudwright_ai-0.1.0/cloudwright/importer/__init__.py +78 -0
- cloudwright_ai-0.1.0/cloudwright/importer/cloudformation.py +368 -0
- cloudwright_ai-0.1.0/cloudwright/importer/terraform_state.py +320 -0
- cloudwright_ai-0.1.0/cloudwright/importer/utils.py +45 -0
- cloudwright_ai-0.1.0/cloudwright/linter.py +255 -0
- cloudwright_ai-0.1.0/cloudwright/llm/__init__.py +45 -0
- cloudwright_ai-0.1.0/cloudwright/llm/anthropic.py +42 -0
- cloudwright_ai-0.1.0/cloudwright/llm/base.py +14 -0
- cloudwright_ai-0.1.0/cloudwright/llm/openai.py +42 -0
- cloudwright_ai-0.1.0/cloudwright/plugins.py +73 -0
- cloudwright_ai-0.1.0/cloudwright/policy.py +204 -0
- cloudwright_ai-0.1.0/cloudwright/providers/__init__.py +59 -0
- cloudwright_ai-0.1.0/cloudwright/providers/aws.py +172 -0
- cloudwright_ai-0.1.0/cloudwright/providers/azure.py +151 -0
- cloudwright_ai-0.1.0/cloudwright/providers/gcp.py +151 -0
- cloudwright_ai-0.1.0/cloudwright/py.typed +0 -0
- cloudwright_ai-0.1.0/cloudwright/registry.py +223 -0
- cloudwright_ai-0.1.0/cloudwright/scorer.py +369 -0
- cloudwright_ai-0.1.0/cloudwright/spec.py +185 -0
- cloudwright_ai-0.1.0/cloudwright/validator.py +841 -0
- cloudwright_ai-0.1.0/pyproject.toml +47 -0
- cloudwright_ai-0.1.0/tests/conftest.py +63 -0
- cloudwright_ai-0.1.0/tests/fixtures/aws.tfstate +57 -0
- cloudwright_ai-0.1.0/tests/fixtures/aws_serverless.tfstate +33 -0
- cloudwright_ai-0.1.0/tests/fixtures/azure.tfstate +39 -0
- cloudwright_ai-0.1.0/tests/fixtures/cloudformation_template.json +163 -0
- cloudwright_ai-0.1.0/tests/fixtures/gcp.tfstate +39 -0
- cloudwright_ai-0.1.0/tests/fixtures/serverless_api.json +38 -0
- cloudwright_ai-0.1.0/tests/fixtures/three_tier.yaml +64 -0
- cloudwright_ai-0.1.0/tests/test_adapter_aws.py +450 -0
- cloudwright_ai-0.1.0/tests/test_adapter_azure.py +255 -0
- cloudwright_ai-0.1.0/tests/test_adapter_gcp.py +323 -0
- cloudwright_ai-0.1.0/tests/test_analyzer.py +265 -0
- cloudwright_ai-0.1.0/tests/test_architect.py +60 -0
- cloudwright_ai-0.1.0/tests/test_architect_chat.py +329 -0
- cloudwright_ai-0.1.0/tests/test_catalog.py +50 -0
- cloudwright_ai-0.1.0/tests/test_cfn_importer.py +179 -0
- cloudwright_ai-0.1.0/tests/test_constraint_propagation.py +184 -0
- cloudwright_ai-0.1.0/tests/test_cost.py +367 -0
- cloudwright_ai-0.1.0/tests/test_differ.py +251 -0
- cloudwright_ai-0.1.0/tests/test_drift.py +254 -0
- cloudwright_ai-0.1.0/tests/test_e2e.py +1055 -0
- cloudwright_ai-0.1.0/tests/test_evolution.py +201 -0
- cloudwright_ai-0.1.0/tests/test_exporter.py +449 -0
- cloudwright_ai-0.1.0/tests/test_formula.py +78 -0
- cloudwright_ai-0.1.0/tests/test_importer.py +234 -0
- cloudwright_ai-0.1.0/tests/test_importer_cfn.py +238 -0
- cloudwright_ai-0.1.0/tests/test_linter.py +407 -0
- cloudwright_ai-0.1.0/tests/test_packaging.py +267 -0
- cloudwright_ai-0.1.0/tests/test_plugins.py +100 -0
- cloudwright_ai-0.1.0/tests/test_policy.py +138 -0
- cloudwright_ai-0.1.0/tests/test_refresh.py +296 -0
- cloudwright_ai-0.1.0/tests/test_registry.py +316 -0
- cloudwright_ai-0.1.0/tests/test_scorer.py +267 -0
- cloudwright_ai-0.1.0/tests/test_spec.py +202 -0
- cloudwright_ai-0.1.0/tests/test_validator.py +103 -0
- cloudwright_ai-0.1.0/tests/test_validator_fedramp_gdpr.py +512 -0
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
__pycache__/
|
|
2
|
+
*.py[cod]
|
|
3
|
+
*.egg-info/
|
|
4
|
+
dist/
|
|
5
|
+
build/
|
|
6
|
+
.env
|
|
7
|
+
*.db
|
|
8
|
+
!packages/core/cloudwright/data/catalog.db
|
|
9
|
+
node_modules/
|
|
10
|
+
.vite/
|
|
11
|
+
.ruff_cache/
|
|
12
|
+
.pytest_cache/
|
|
13
|
+
.mypy_cache/
|
|
14
|
+
|
|
15
|
+
# Codebase intelligence (auto-generated)
|
|
16
|
+
.planning/
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# cloudwright (core)
|
|
2
|
+
|
|
3
|
+
Core library for architecture intelligence. All business logic lives here.
|
|
4
|
+
|
|
5
|
+
## Module Map
|
|
6
|
+
|
|
7
|
+
- `spec.py` — ArchSpec Pydantic models. The central data format
|
|
8
|
+
- `architect.py` — LLM-powered architecture design. Uses llm/ for AI calls
|
|
9
|
+
- `catalog.py` — SQLite service catalog. Queries instance specs and pricing
|
|
10
|
+
- `cost.py` — Cost engine. Prices ArchSpec components from catalog data
|
|
11
|
+
- `validator.py` — Compliance validation (HIPAA, PCI-DSS, SOC 2, FedRAMP, GDPR, Well-Architected)
|
|
12
|
+
- `differ.py` — ArchSpec diff engine
|
|
13
|
+
- `llm/` — Multi-provider LLM abstraction (Anthropic, OpenAI)
|
|
14
|
+
- `exporter/` — Terraform, CloudFormation, Mermaid, SBOM, AIBOM
|
|
15
|
+
- `providers/` — Service definitions and cross-cloud equivalences
|
|
16
|
+
|
|
17
|
+
## Conventions
|
|
18
|
+
|
|
19
|
+
- All public API exposed via `__init__.py` with lazy imports
|
|
20
|
+
- ArchSpec is the universal interchange format — every module consumes or produces it
|
|
21
|
+
- Catalog uses SQLite shipped as `data/catalog.db`
|
|
22
|
+
- LLM provider auto-detected from env vars
|
|
23
|
+
- No external DB dependencies — everything is local
|
|
@@ -0,0 +1,541 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: cloudwright-ai
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Architecture intelligence for cloud engineers — design, cost, compare, export
|
|
5
|
+
Project-URL: Homepage, https://github.com/xmpuspus/cloudwright
|
|
6
|
+
Project-URL: Repository, https://github.com/xmpuspus/cloudwright
|
|
7
|
+
Project-URL: Issues, https://github.com/xmpuspus/cloudwright/issues
|
|
8
|
+
Author: Xavier Puspus
|
|
9
|
+
License-Expression: MIT
|
|
10
|
+
Keywords: architecture,aws,azure,cloud,gcp,iac,infrastructure,terraform
|
|
11
|
+
Classifier: Development Status :: 3 - Alpha
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
16
|
+
Classifier: Topic :: Software Development :: Code Generators
|
|
17
|
+
Classifier: Topic :: System :: Systems Administration
|
|
18
|
+
Requires-Python: >=3.12
|
|
19
|
+
Requires-Dist: anthropic<1,>=0.58
|
|
20
|
+
Requires-Dist: openai<3,>=1.50
|
|
21
|
+
Requires-Dist: pydantic<3,>=2.11
|
|
22
|
+
Requires-Dist: pyyaml<7,>=6.0
|
|
23
|
+
Provides-Extra: cli
|
|
24
|
+
Requires-Dist: cloudwright-ai-cli; extra == 'cli'
|
|
25
|
+
Provides-Extra: pdf
|
|
26
|
+
Requires-Dist: markdown2; extra == 'pdf'
|
|
27
|
+
Requires-Dist: weasyprint; extra == 'pdf'
|
|
28
|
+
Provides-Extra: web
|
|
29
|
+
Requires-Dist: cloudwright-ai-web; extra == 'web'
|
|
30
|
+
Description-Content-Type: text/markdown
|
|
31
|
+
|
|
32
|
+
# Cloudwright
|
|
33
|
+
|
|
34
|
+
Architecture intelligence for cloud engineers.
|
|
35
|
+
|
|
36
|
+
Cloudwright bridges the gap between a whiteboard sketch and deployable infrastructure. Describe a system in natural language, and Cloudwright produces a structured architecture spec, cost estimates, compliance reports, Terraform/CloudFormation code, diagrams, and diffs — all from a single format called **ArchSpec**.
|
|
37
|
+
|
|
38
|
+
```
|
|
39
|
+
"HIPAA-compliant 3-tier app on AWS, budget $3k/month"
|
|
40
|
+
│
|
|
41
|
+
▼
|
|
42
|
+
┌────────────────────────────────────────────────┐
|
|
43
|
+
│ ArchSpec (YAML) │
|
|
44
|
+
│ ├── 8 components (ALB, ECS, RDS, S3, ...) │
|
|
45
|
+
│ ├── connections with protocols │
|
|
46
|
+
│ └── constraints: hipaa, budget: 3000 │
|
|
47
|
+
└────────┬───────────┬──────────┬────────────────┘
|
|
48
|
+
│ │ │
|
|
49
|
+
┌────▼───┐ ┌───▼────┐ ┌──▼──────────┐
|
|
50
|
+
│ Cost │ │Validate│ │ Export │
|
|
51
|
+
│$2,847 │ │ HIPAA │ │ Terraform │
|
|
52
|
+
│ /mo │ │ 5/5 │ │ CFN, Mermaid│
|
|
53
|
+
└────────┘ └────────┘ └─────────────┘
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
## Why Cloudwright
|
|
57
|
+
|
|
58
|
+
Most cloud tooling assumes you already know what to build (IaC) or already have it deployed (cost dashboards, security scanners). Cloudwright operates in the design phase — the gap where architects currently rely on tribal knowledge, ad-hoc spreadsheets, and copy-pasting last quarter's Terraform.
|
|
59
|
+
|
|
60
|
+
**One spec, many outputs.** ArchSpec is the universal interchange format. Every module — design, cost, compliance, export, diff, lint, score — reads and writes it. No glue code, no format conversion.
|
|
61
|
+
|
|
62
|
+
### How it compares
|
|
63
|
+
|
|
64
|
+
| Capability | Cloudwright | Terraform | Pulumi Neo | Brainboard | Infracost | Checkov |
|
|
65
|
+
|---|:---:|:---:|:---:|:---:|:---:|:---:|
|
|
66
|
+
| NL to architecture | Y | - | Y | Y | - | - |
|
|
67
|
+
| IaC generation | TF + CFN | HCL | Code | TF | - | - |
|
|
68
|
+
| Cost estimation | Y (design-time) | - | - | Basic | Y (code-time) | - |
|
|
69
|
+
| Compliance validation | 6 frameworks | - | OPA policies | - | - | 2500+ rules |
|
|
70
|
+
| Architecture diffing | Y | Plan diff | Preview diff | Drift | Cost diff | - |
|
|
71
|
+
| Diagram export | Mermaid + D2 | - | - | Y | - | - |
|
|
72
|
+
| SBOM / AIBOM | Y | - | - | - | - | - |
|
|
73
|
+
| Multi-cloud | AWS/GCP/Azure | All | All | AWS/GCP/Azure/OCI | AWS/GCP/Azure | All |
|
|
74
|
+
| Open source | Y | BSL / OpenTofu | Engine only | - | CLI only | Y |
|
|
75
|
+
| Runs locally | Y | Y | Y | - | Y | Y |
|
|
76
|
+
|
|
77
|
+
Terraform and Infracost are deployment/cost tools that sit *downstream* — Cloudwright generates the Terraform code and estimates costs before any code exists. Checkov and Prowler scan *after* code is written; Cloudwright validates at design time. Brainboard is the closest direct competitor (NL-to-arch + TF), but it's SaaS-only and doesn't do compliance or cost estimation.
|
|
78
|
+
|
|
79
|
+
Full competitor analysis covering 30 tools across IaC, cost, compliance, and diagramming: [competitor-landscape.md](docs/competitor-landscape.md)
|
|
80
|
+
|
|
81
|
+
## Quick Start
|
|
82
|
+
|
|
83
|
+
```bash
|
|
84
|
+
pip install cloudwright[cli]
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
Set an LLM provider key:
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
export ANTHROPIC_API_KEY=sk-ant-...
|
|
91
|
+
# or
|
|
92
|
+
export OPENAI_API_KEY=sk-...
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
```bash
|
|
96
|
+
# Design from natural language
|
|
97
|
+
cloudwright design "3-tier web app on AWS with Redis and PostgreSQL"
|
|
98
|
+
|
|
99
|
+
# Estimate cost
|
|
100
|
+
cloudwright cost spec.yaml
|
|
101
|
+
|
|
102
|
+
# Validate compliance
|
|
103
|
+
cloudwright validate spec.yaml --compliance hipaa,soc2
|
|
104
|
+
|
|
105
|
+
# Export Terraform
|
|
106
|
+
cloudwright export spec.yaml --format terraform -o ./infra
|
|
107
|
+
|
|
108
|
+
# Compare cost across clouds
|
|
109
|
+
cloudwright cost spec.yaml --compare gcp,azure
|
|
110
|
+
|
|
111
|
+
# Interactive multi-turn design
|
|
112
|
+
cloudwright chat
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
## Features
|
|
116
|
+
|
|
117
|
+
### Architecture Design
|
|
118
|
+
|
|
119
|
+
LLM-powered architecture generation from plain English. Supports multi-turn conversation, constraint-aware design, and natural language modification of existing specs.
|
|
120
|
+
|
|
121
|
+
```bash
|
|
122
|
+
cloudwright design "Serverless data pipeline on GCP with Pub/Sub, Dataflow, and BigQuery" \
|
|
123
|
+
--provider gcp --budget 2000 --compliance gdpr
|
|
124
|
+
|
|
125
|
+
cloudwright modify spec.yaml "Add a Redis cache between the API and database"
|
|
126
|
+
|
|
127
|
+
cloudwright chat # interactive mode with /save, /cost, /export commands
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
100 service keys across three clouds:
|
|
131
|
+
- **AWS** (47): EC2, ECS, EKS, Lambda, RDS, Aurora, DynamoDB, S3, SQS, SNS, Kinesis, Redshift, SageMaker, KMS, GuardDuty, CloudTrail, and more
|
|
132
|
+
- **GCP** (25): Compute Engine, GKE, Cloud Run, Cloud SQL, Spanner, BigQuery, Pub/Sub, Vertex AI, Cloud Build, and more
|
|
133
|
+
- **Azure** (28): Virtual Machines, AKS, Azure Functions, Azure SQL, Cosmos DB, Synapse, Azure ML, Azure Sentinel, and more
|
|
134
|
+
|
|
135
|
+
The architect applies safe defaults automatically: encryption on data stores, backups on databases, multi-AZ on production workloads, auto-scaling on compute.
|
|
136
|
+
|
|
137
|
+
### Cost Estimation
|
|
138
|
+
|
|
139
|
+
Per-component monthly pricing from a built-in SQLite catalog. No external API calls, no rate limits. Supports four pricing tiers.
|
|
140
|
+
|
|
141
|
+
```bash
|
|
142
|
+
cloudwright cost spec.yaml # on-demand pricing
|
|
143
|
+
cloudwright cost spec.yaml --pricing-tier reserved_1yr # 1-year reserved
|
|
144
|
+
cloudwright cost spec.yaml --compare gcp,azure # multi-cloud comparison
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
The cost engine resolves prices through three tiers: catalog database (instance-level pricing), registry formula dispatch (10 named formulas for serverless/managed services), and static fallback table (90+ service defaults). Data transfer costs are calculated separately with per-provider egress rates.
|
|
148
|
+
|
|
149
|
+
Pricing tiers: `on_demand` (1.0x), `reserved_1yr` (0.6x), `reserved_3yr` (0.4x), `spot` (0.3x).
|
|
150
|
+
|
|
151
|
+
### Compliance Validation
|
|
152
|
+
|
|
153
|
+
Six compliance frameworks with 35 individual checks:
|
|
154
|
+
|
|
155
|
+
| Framework | Checks | Key Validations |
|
|
156
|
+
|---|---|---|
|
|
157
|
+
| HIPAA | 5 | Encryption at rest/transit, audit logging, access control, BAA eligibility |
|
|
158
|
+
| PCI-DSS | 5 | WAF, network segmentation, encryption, TLS 1.2+, audit trail |
|
|
159
|
+
| SOC 2 | 5 | Logging, access controls, encryption, availability, change management |
|
|
160
|
+
| FedRAMP Moderate | 7 | FIPS 140-2, US regions, MFA, audit logging, continuous monitoring |
|
|
161
|
+
| GDPR | 6 | EU data residency, encryption, access controls, audit trail, data deletion |
|
|
162
|
+
| Well-Architected | 7 | Multi-AZ, auto-scaling, backup, monitoring, SPOF detection, cost optimization |
|
|
163
|
+
|
|
164
|
+
```bash
|
|
165
|
+
cloudwright validate spec.yaml --compliance hipaa,pci-dss,soc2
|
|
166
|
+
cloudwright validate spec.yaml --well-architected
|
|
167
|
+
cloudwright validate spec.yaml --compliance fedramp --report audit-report.md
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
Exit code 1 on failures, making it CI-friendly.
|
|
171
|
+
|
|
172
|
+
### Infrastructure Export
|
|
173
|
+
|
|
174
|
+
Seven export formats from a single ArchSpec:
|
|
175
|
+
|
|
176
|
+
| Format | Flag | Description |
|
|
177
|
+
|---|---|---|
|
|
178
|
+
| Terraform HCL | `terraform` | Provider-native resources for AWS (24 types), GCP (11), Azure (10) |
|
|
179
|
+
| CloudFormation | `cloudformation` | YAML template with Parameters and Outputs |
|
|
180
|
+
| Mermaid | `mermaid` | Tier-grouped flowchart for docs and GitHub |
|
|
181
|
+
| D2 | `d2` | D2 diagram language with provider badges |
|
|
182
|
+
| CycloneDX SBOM | `sbom` | CycloneDX 1.5 service bill of materials |
|
|
183
|
+
| OWASP AIBOM | `aibom` | AI bill of materials documenting LLM usage and risks |
|
|
184
|
+
| Compliance Report | `compliance` | Audit-ready markdown with check details and evidence |
|
|
185
|
+
|
|
186
|
+
```bash
|
|
187
|
+
cloudwright export spec.yaml --format terraform -o ./infra
|
|
188
|
+
cloudwright export spec.yaml --format mermaid
|
|
189
|
+
cloudwright export spec.yaml --format sbom -o sbom.json
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
Terraform output uses variables for sensitive values (no hardcoded passwords or ARNs), includes provider blocks with region configuration, and generates data sources for VPC/subnet discovery.
|
|
193
|
+
|
|
194
|
+
### Architecture Diffing
|
|
195
|
+
|
|
196
|
+
Structured comparison between two ArchSpec versions with component-level changes, cost delta, and compliance impact assessment.
|
|
197
|
+
|
|
198
|
+
```bash
|
|
199
|
+
cloudwright diff v1.yaml v2.yaml
|
|
200
|
+
```
|
|
201
|
+
|
|
202
|
+
Detects: added/removed components, changed configurations, connection changes (added/removed/modified), cost impact, and security implications (removal of WAF, encryption changes, auth service changes).
|
|
203
|
+
|
|
204
|
+
### Multi-Cloud Comparison
|
|
205
|
+
|
|
206
|
+
Maps equivalent services across providers using 22 cross-cloud equivalence pairs:
|
|
207
|
+
|
|
208
|
+
```
|
|
209
|
+
ec2 <-> compute_engine <-> virtual_machines
|
|
210
|
+
rds <-> cloud_sql <-> azure_sql
|
|
211
|
+
s3 <-> cloud_storage <-> blob_storage
|
|
212
|
+
eks <-> gke <-> aks
|
|
213
|
+
...
|
|
214
|
+
```
|
|
215
|
+
|
|
216
|
+
```bash
|
|
217
|
+
cloudwright compare spec.yaml --providers gcp,azure
|
|
218
|
+
```
|
|
219
|
+
|
|
220
|
+
Shows side-by-side service mapping with monthly cost totals per provider.
|
|
221
|
+
|
|
222
|
+
### Architecture Linter
|
|
223
|
+
|
|
224
|
+
10 anti-pattern checks:
|
|
225
|
+
|
|
226
|
+
```bash
|
|
227
|
+
cloudwright lint spec.yaml
|
|
228
|
+
cloudwright lint spec.yaml --strict # fail on warnings too
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
Errors: unencrypted data stores, single-AZ databases, missing load balancer, public databases, single point of failure.
|
|
232
|
+
Warnings: oversized instances (16xlarge+), missing WAF, missing monitoring, missing backups, missing auth.
|
|
233
|
+
|
|
234
|
+
### Architecture Scorer
|
|
235
|
+
|
|
236
|
+
Five-dimension quality scoring (0-100, letter grade):
|
|
237
|
+
|
|
238
|
+
```bash
|
|
239
|
+
cloudwright score spec.yaml --with-cost
|
|
240
|
+
```
|
|
241
|
+
|
|
242
|
+
- **Reliability** (30%): load balancing, multi-AZ, auto-scaling, CDN, caching
|
|
243
|
+
- **Security** (25%): WAF, auth, encryption, HTTPS, DNS management
|
|
244
|
+
- **Cost Efficiency** (20%): budget compliance, per-component ratio, free tier usage
|
|
245
|
+
- **Compliance** (15%): framework validation score
|
|
246
|
+
- **Complexity** (10%): component count, connection density, tier separation
|
|
247
|
+
|
|
248
|
+
Grades: A (90+), B (80+), C (70+), D (60+), F (<60).
|
|
249
|
+
|
|
250
|
+
### Blast Radius Analysis
|
|
251
|
+
|
|
252
|
+
Dependency graph analysis with SPOF detection and critical path identification.
|
|
253
|
+
|
|
254
|
+
```bash
|
|
255
|
+
cloudwright analyze spec.yaml
|
|
256
|
+
cloudwright analyze spec.yaml --component api_gateway # focus on one component
|
|
257
|
+
```
|
|
258
|
+
|
|
259
|
+
For each component: direct dependents, transitive dependents, blast radius, SPOF status, and tier position.
|
|
260
|
+
|
|
261
|
+
### Drift Detection
|
|
262
|
+
|
|
263
|
+
Compares architecture spec against deployed infrastructure.
|
|
264
|
+
|
|
265
|
+
```bash
|
|
266
|
+
cloudwright drift spec.yaml terraform.tfstate
|
|
267
|
+
cloudwright drift spec.yaml cloudformation-template.yaml
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
Produces a drift score (0.0-1.0) with lists of drifted, extra, and missing components.
|
|
271
|
+
|
|
272
|
+
### Policy Engine
|
|
273
|
+
|
|
274
|
+
Policy-as-code via YAML rules. Nine built-in checks: max_components, all_encrypted, require_multi_az, budget_monthly, no_banned_services, required_tags, min_redundancy, allowed_providers, allowed_regions.
|
|
275
|
+
|
|
276
|
+
```yaml
|
|
277
|
+
# policy.yaml
|
|
278
|
+
rules:
|
|
279
|
+
- name: enforce-encryption
|
|
280
|
+
check: all_encrypted
|
|
281
|
+
severity: deny
|
|
282
|
+
- name: budget-cap
|
|
283
|
+
check: budget_monthly
|
|
284
|
+
value: 10000
|
|
285
|
+
severity: deny
|
|
286
|
+
- name: no-azure
|
|
287
|
+
check: allowed_providers
|
|
288
|
+
value: [aws, gcp]
|
|
289
|
+
severity: warn
|
|
290
|
+
```
|
|
291
|
+
|
|
292
|
+
```bash
|
|
293
|
+
cloudwright policy spec.yaml --rules policy.yaml
|
|
294
|
+
```
|
|
295
|
+
|
|
296
|
+
Severity levels: `deny` (exit code 1), `warn`, `info`.
|
|
297
|
+
|
|
298
|
+
### Infrastructure Import
|
|
299
|
+
|
|
300
|
+
Import existing infrastructure into ArchSpec format:
|
|
301
|
+
|
|
302
|
+
```bash
|
|
303
|
+
cloudwright import terraform.tfstate -o spec.yaml
|
|
304
|
+
cloudwright import cloudformation-template.yaml -o spec.yaml
|
|
305
|
+
```
|
|
306
|
+
|
|
307
|
+
Auto-detects format from file extension and content. Plugin support for custom importers via the `cloudwright.importers` entry point.
|
|
308
|
+
|
|
309
|
+
### Templates
|
|
310
|
+
|
|
311
|
+
14 starter architectures across three providers:
|
|
312
|
+
|
|
313
|
+
```bash
|
|
314
|
+
cloudwright init --list # show available templates
|
|
315
|
+
cloudwright init --template serverless_api # AWS API Gateway + Lambda + DynamoDB
|
|
316
|
+
cloudwright init --template gcp_microservices -o . # GKE + service mesh
|
|
317
|
+
cloudwright init --project # create .cloudwright/ project directory
|
|
318
|
+
```
|
|
319
|
+
|
|
320
|
+
**AWS** (8): three_tier_web, serverless_api, ml_pipeline, data_lake, event_driven, static_site, microservices, batch_processing.
|
|
321
|
+
**GCP** (3): three_tier_web, serverless_api, microservices.
|
|
322
|
+
**Azure** (3): three_tier_web, serverless_api, microservices.
|
|
323
|
+
|
|
324
|
+
### Web UI
|
|
325
|
+
|
|
326
|
+
FastAPI backend + React frontend for browser-based architecture design.
|
|
327
|
+
|
|
328
|
+
```bash
|
|
329
|
+
pip install cloudwright[web]
|
|
330
|
+
cloudwright chat --web
|
|
331
|
+
```
|
|
332
|
+
|
|
333
|
+
10 API endpoints: design, modify, cost, validate, export, diff, catalog search, catalog compare, chat, health.
|
|
334
|
+
|
|
335
|
+
### Plugin System
|
|
336
|
+
|
|
337
|
+
Four extension points via Python entry points:
|
|
338
|
+
|
|
339
|
+
- `cloudwright.exporters` — custom export formats
|
|
340
|
+
- `cloudwright.validators` — custom compliance frameworks
|
|
341
|
+
- `cloudwright.policies` — custom policy checks
|
|
342
|
+
- `cloudwright.importers` — custom infrastructure importers
|
|
343
|
+
|
|
344
|
+
```bash
|
|
345
|
+
cloudwright --list-plugins # discover installed plugins
|
|
346
|
+
```
|
|
347
|
+
|
|
348
|
+
## ArchSpec Format
|
|
349
|
+
|
|
350
|
+
ArchSpec is plain YAML, human-editable, and version-controllable alongside code.
|
|
351
|
+
|
|
352
|
+
```yaml
|
|
353
|
+
name: healthcare-portal
|
|
354
|
+
version: 1
|
|
355
|
+
provider: aws
|
|
356
|
+
region: us-east-1
|
|
357
|
+
|
|
358
|
+
constraints:
|
|
359
|
+
compliance: [hipaa]
|
|
360
|
+
budget_monthly: 5000
|
|
361
|
+
availability: 99.9
|
|
362
|
+
|
|
363
|
+
components:
|
|
364
|
+
- id: alb
|
|
365
|
+
service: alb
|
|
366
|
+
provider: aws
|
|
367
|
+
label: Application Load Balancer
|
|
368
|
+
tier: 1
|
|
369
|
+
|
|
370
|
+
- id: api
|
|
371
|
+
service: ecs
|
|
372
|
+
provider: aws
|
|
373
|
+
label: API Service
|
|
374
|
+
tier: 2
|
|
375
|
+
config:
|
|
376
|
+
launch_type: FARGATE
|
|
377
|
+
cpu: 512
|
|
378
|
+
memory: 1024
|
|
379
|
+
desired_count: 2
|
|
380
|
+
|
|
381
|
+
- id: db
|
|
382
|
+
service: rds
|
|
383
|
+
provider: aws
|
|
384
|
+
label: PostgreSQL
|
|
385
|
+
tier: 3
|
|
386
|
+
config:
|
|
387
|
+
engine: postgresql
|
|
388
|
+
instance_class: db.r5.large
|
|
389
|
+
multi_az: true
|
|
390
|
+
encryption: true
|
|
391
|
+
storage_gb: 100
|
|
392
|
+
|
|
393
|
+
connections:
|
|
394
|
+
- source: alb
|
|
395
|
+
target: api
|
|
396
|
+
protocol: https
|
|
397
|
+
port: 443
|
|
398
|
+
- source: api
|
|
399
|
+
target: db
|
|
400
|
+
protocol: tcp
|
|
401
|
+
port: 5432
|
|
402
|
+
```
|
|
403
|
+
|
|
404
|
+
Components use a 5-tier system for vertical positioning: Edge (0), Ingress (1), Compute (2), Data (3), Storage/Analytics (4).
|
|
405
|
+
|
|
406
|
+
## CLI Reference
|
|
407
|
+
|
|
408
|
+
| Command | Description |
|
|
409
|
+
|---|---|
|
|
410
|
+
| `design <prompt>` | Generate ArchSpec from natural language |
|
|
411
|
+
| `modify <spec> <instruction>` | Modify existing spec with natural language |
|
|
412
|
+
| `cost <spec>` | Monthly cost breakdown with optional `--compare`, `--pricing-tier` |
|
|
413
|
+
| `compare <spec>` | Multi-cloud service mapping and cost comparison |
|
|
414
|
+
| `validate <spec>` | Compliance checks with `--compliance`, `--well-architected`, `--report` |
|
|
415
|
+
| `export <spec>` | Export to IaC/diagram/SBOM with `--format`, `--output` |
|
|
416
|
+
| `diff <spec_a> <spec_b>` | Structured diff with cost delta and compliance impact |
|
|
417
|
+
| `import <source>` | Import from Terraform state or CloudFormation |
|
|
418
|
+
| `chat` | Interactive multi-turn design session (`--web` for browser UI) |
|
|
419
|
+
| `init` | Initialize from template with `--template`, `--project` |
|
|
420
|
+
| `lint <spec>` | Anti-pattern detection (`--strict` fails on warnings) |
|
|
421
|
+
| `score <spec>` | Quality scoring across 5 dimensions (`--with-cost`) |
|
|
422
|
+
| `analyze <spec>` | Blast radius and SPOF detection (`--component` for focus) |
|
|
423
|
+
| `drift <spec> <infra>` | Compare design vs deployed infrastructure |
|
|
424
|
+
| `policy <spec>` | Evaluate policy rules from YAML (`--rules`) |
|
|
425
|
+
| `refresh` | Update catalog pricing data (`--provider`, `--dry-run`) |
|
|
426
|
+
| `catalog search <query>` | Search instance catalog by specs |
|
|
427
|
+
| `catalog compare <a> <b>` | Side-by-side instance comparison |
|
|
428
|
+
|
|
429
|
+
Global flags: `--json`, `--verbose / -v`, `--version / -V`.
|
|
430
|
+
|
|
431
|
+
## Python API
|
|
432
|
+
|
|
433
|
+
```python
|
|
434
|
+
from pathlib import Path
|
|
435
|
+
from cloudwright import ArchSpec
|
|
436
|
+
from cloudwright.cost import CostEngine
|
|
437
|
+
from cloudwright.validator import Validator
|
|
438
|
+
from cloudwright.exporter import export_spec
|
|
439
|
+
from cloudwright.differ import diff_specs
|
|
440
|
+
from cloudwright.linter import lint
|
|
441
|
+
from cloudwright.scorer import Scorer
|
|
442
|
+
|
|
443
|
+
spec = ArchSpec.from_file("spec.yaml")
|
|
444
|
+
|
|
445
|
+
# Cost
|
|
446
|
+
engine = CostEngine()
|
|
447
|
+
priced = engine.price(spec)
|
|
448
|
+
for item in priced.cost_estimate.breakdown:
|
|
449
|
+
print(f"{item.component_id}: ${item.monthly:,.2f}/mo")
|
|
450
|
+
|
|
451
|
+
# Compliance
|
|
452
|
+
validator = Validator()
|
|
453
|
+
results = validator.validate(spec, compliance=["hipaa", "pci-dss"])
|
|
454
|
+
|
|
455
|
+
# Export
|
|
456
|
+
hcl = export_spec(spec, "terraform", output_dir="./infra")
|
|
457
|
+
diagram = export_spec(spec, "mermaid")
|
|
458
|
+
|
|
459
|
+
# Diff
|
|
460
|
+
old = ArchSpec.from_file("v1.yaml")
|
|
461
|
+
new = ArchSpec.from_file("v2.yaml")
|
|
462
|
+
diff = diff_specs(old, new)
|
|
463
|
+
|
|
464
|
+
# Lint
|
|
465
|
+
findings = lint(spec)
|
|
466
|
+
|
|
467
|
+
# Score
|
|
468
|
+
scorer = Scorer()
|
|
469
|
+
report = scorer.score(spec)
|
|
470
|
+
print(f"Grade: {report.grade} ({report.overall:.0f}/100)")
|
|
471
|
+
```
|
|
472
|
+
|
|
473
|
+
## Service Catalog
|
|
474
|
+
|
|
475
|
+
Ships as a SQLite database bundled with the package. No network calls required.
|
|
476
|
+
|
|
477
|
+
- Compute, database, networking, and storage pricing for AWS, GCP, and Azure
|
|
478
|
+
- 4 pricing tiers (on-demand, reserved 1yr/3yr, spot)
|
|
479
|
+
- Cross-cloud instance equivalences with confidence scores
|
|
480
|
+
- 22 service-level equivalence pairs for multi-cloud mapping
|
|
481
|
+
- 10 named pricing formulas for managed/serverless services
|
|
482
|
+
- 90+ static fallback prices for less common services
|
|
483
|
+
|
|
484
|
+
```bash
|
|
485
|
+
cloudwright catalog search "8 vcpu 32gb memory"
|
|
486
|
+
cloudwright catalog compare m5.xlarge n2-standard-4 Standard_D4s_v5
|
|
487
|
+
```
|
|
488
|
+
|
|
489
|
+
## Benchmarks
|
|
490
|
+
|
|
491
|
+
Evaluated against raw Claude (Sonnet 4.6) across 54 use cases spanning greenfield, compliance, cost optimization, import, microservices, data pipelines, industry-specific, migration, edge computing, and cross-cloud comparison scenarios.
|
|
492
|
+
|
|
493
|
+
| Metric | Cloudwright | Claude (raw) | Delta |
|
|
494
|
+
|---|---|---|---|
|
|
495
|
+
| Structural Validity | 79.6% | 37.0% | +42.6 |
|
|
496
|
+
| Compliance Completeness | 62.9% | 38.5% | +24.3 |
|
|
497
|
+
| Export Quality (IaC) | 55.7% | 0.3% | +55.5 |
|
|
498
|
+
| Diff Capability | 100.0% | 0.0% | +100.0 |
|
|
499
|
+
| Reproducibility | 77.9% | 35.0% | +42.9 |
|
|
500
|
+
| Time to IaC | 82.5% | 0.0% | +82.5 |
|
|
501
|
+
| **Overall** | **68.1%** | **28.0%** | **+40.1** |
|
|
502
|
+
|
|
503
|
+
Cloudwright wins 6 of 8 metrics. Weakest areas (active development): cost accuracy and service correctness on import/migration use cases.
|
|
504
|
+
|
|
505
|
+
Full results: [benchmark/results/benchmark_report.md](benchmark/results/benchmark_report.md)
|
|
506
|
+
|
|
507
|
+
## Repository Structure
|
|
508
|
+
|
|
509
|
+
```
|
|
510
|
+
cloudwright/
|
|
511
|
+
packages/
|
|
512
|
+
core/ pip install cloudwright Models, architect, catalog, cost, validators, exporters
|
|
513
|
+
cli/ pip install cloudwright[cli] Typer CLI with Rich formatting
|
|
514
|
+
web/ pip install cloudwright[web] FastAPI + React web UI
|
|
515
|
+
catalog/ Service catalog JSON (compute, database, storage, networking)
|
|
516
|
+
benchmark/ 54 use cases + evaluation framework
|
|
517
|
+
```
|
|
518
|
+
|
|
519
|
+
## Development
|
|
520
|
+
|
|
521
|
+
```bash
|
|
522
|
+
git clone https://github.com/theAtticAI/cloudwright
|
|
523
|
+
pip install -e packages/core
|
|
524
|
+
pip install -e packages/cli
|
|
525
|
+
pip install -e packages/web
|
|
526
|
+
```
|
|
527
|
+
|
|
528
|
+
```bash
|
|
529
|
+
pytest packages/core/tests/ # 689 tests
|
|
530
|
+
ruff check packages/ && ruff format packages/
|
|
531
|
+
```
|
|
532
|
+
|
|
533
|
+
LLM-dependent tests (architect, chat) require an API key and are skipped by default:
|
|
534
|
+
|
|
535
|
+
```bash
|
|
536
|
+
ANTHROPIC_API_KEY=sk-ant-... pytest packages/core/tests/test_architect.py -v
|
|
537
|
+
```
|
|
538
|
+
|
|
539
|
+
## License
|
|
540
|
+
|
|
541
|
+
MIT
|