PyPI - iam-policy-validator - Versions diffs - 1.14.7__tar.gz → 1.15.0__tar.gz - Mend

iam-policy-validator 1.14.7tar.gz → 1.15.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (390) hide show

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/.github/workflows/ci.yml RENAMED Viewed

@@ -26,7 +26,7 @@ jobs:
           python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
         with:
           enable-cache: true
@@ -56,7 +56,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
         with:
           enable-cache: true
@@ -80,7 +80,7 @@ jobs:
           python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
         with:
           enable-cache: true
@@ -104,7 +104,7 @@ jobs:
           python-version: "${{ env.DEFAULT_PYTHON_VERSION }}"
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
         with:
           enable-cache: true

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/.github/workflows/codeql.yml RENAMED Viewed

@@ -29,15 +29,15 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
         with:
           languages: ${{ matrix.language }}
           queries: security-extended,security-and-quality
       - name: Autobuild
-        uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
         with:
           category: "/language:${{matrix.language}}"

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/.github/workflows/docs.yml RENAMED Viewed

@@ -63,7 +63,7 @@ jobs:
       # actions/upload-pages-artifact v3.0.1
       - name: Upload artifact
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
+        uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
         with:
           path: ./site

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/.github/workflows/pre-release.yml RENAMED Viewed

@@ -80,7 +80,7 @@ jobs:
           python-version: ${{ inputs.python_version }}
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
         with:
           enable-cache: true

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/.github/workflows/release.yml RENAMED Viewed

@@ -31,7 +31,7 @@ jobs:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: Install uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
         with:
           enable-cache: true

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/.github/workflows/scorecard.yml RENAMED Viewed

@@ -57,6 +57,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
         with:
           sarif_file: results.sarif

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/.gitignore RENAMED Viewed

@@ -84,3 +84,6 @@ coverage.xml
 # AWS service definitions (download with: iam-validator download-services)
 aws_services/
+.mcp.json
+.serena

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/CHANGELOG.md RENAMED Viewed

@@ -13,6 +13,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ---
+## [1.14.7] - 2025-12-17
+### Added
+- MkDocs documentation site deployed to GitHub Pages
+- Comprehensive SDK API reference documentation
+### Fixed
+- Correct repository name in all documentation links (iam-policy-auditor → iam-policy-validator)
+- Fix SDK docstring formatting for proper mkdocstrings rendering
+- Update PyPI metadata with correct documentation and changelog URLs
+---
 ## [1.14.6] - 2025-12-15
 ### Fixed

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/Makefile RENAMED Viewed

@@ -1,4 +1,4 @@
-.PHONY: help install dev clean test lint format ruff type-check build publish publish-test version sync-defaults
+.PHONY: help install dev clean test lint format ruff type-check build publish publish-test version sync-defaults docs docs-serve mcp-inspector
 # Default target
 help:
@@ -27,6 +27,13 @@ help:
 	@echo "Examples:"
 	@echo "  make validate-example Run validator on example policies"
 	@echo ""
+	@echo "Documentation:"
+	@echo "  make docs             Build documentation"
+	@echo "  make docs-serve       Serve documentation locally (http://localhost:8000)"
+	@echo ""
+	@echo "MCP Server:"
+	@echo "  make mcp-inspector    Start MCP Inspector for debugging"
+	@echo ""
 	@echo "AWS Services Backup:"
 	@echo "  make download-aws-services Download all AWS service definitions"
@@ -121,3 +128,14 @@ download-aws-services:
 # CI/CD simulation
 ci: check build
 	@echo "✓ CI checks complete!"
+# Documentation
+docs:
+	@uv run --extra docs mkdocs build
+docs-serve:
+	@uv run --extra docs mkdocs serve -w docs/
+# MCP Server debugging
+mcp-inspector:
+	@npx @modelcontextprotocol/inspector uv run --directory $(CURDIR) --extra mcp iam-validator-mcp

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: iam-policy-validator
-Version: 1.14.7
+Version: 1.15.0
 Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
 Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
 Project-URL: Documentation, https://boogy.github.io/iam-policy-validator
@@ -11,7 +11,7 @@ Author-email: boogy <0xboogy@gmail.com>
 License: MIT
 License-File: LICENSE
 Keywords: aws,github-action,iam,policy,security,validation
-Classifier: Development Status :: 4 - Beta
+Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: Intended Audience :: System Administrators
 Classifier: License :: OSI Approved :: MIT License
@@ -19,6 +19,8 @@ Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Security
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: System :: Systems Administration
@@ -44,6 +46,8 @@ Requires-Dist: mkdocs-literate-nav>=0.6.0; extra == 'docs'
 Requires-Dist: mkdocs-material>=9.5.0; extra == 'docs'
 Requires-Dist: mkdocs>=1.6.0; extra == 'docs'
 Requires-Dist: mkdocstrings[python]>=0.24.0; extra == 'docs'
+Provides-Extra: mcp
+Requires-Dist: fastmcp>=2.14.1; extra == 'mcp'
 Description-Content-Type: text/markdown
 # IAM Policy Validator
@@ -55,6 +59,8 @@ Description-Content-Type: text/markdown
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/boogy/iam-policy-validator/badge)](https://scorecard.dev/viewer/?uri=github.com/boogy/iam-policy-validator)
+**[📖 Full Documentation](https://boogy.github.io/iam-policy-validator/)**
 ---
 ## Why This Tool Exists
@@ -434,15 +440,14 @@ Validates against official AWS IAM requirements:
 Identifies overly permissive configurations:
-| Check                                 | What It Catches                                        |
-| ------------------------------------- | ------------------------------------------------------ |
-| **Wildcard Action**                   | `Action: "*"` grants all AWS permissions               |
-| **Wildcard Resource**                 | `Resource: "*"` applies to all resources               |
-| **Full Wildcard**                     | Both `Action: "*"` AND `Resource: "*"` (admin access)  |
-| **Service Wildcards**                 | `s3:*`, `iam:*`, `ec2:*` (overly broad)                |
-| **Sensitive Actions (Policy-Wide)**   | **Cross-statement** privilege escalation patterns      |
-| **Sensitive Actions (Per-Statement)** | Dangerous actions in single statement                  |
-| **Condition Enforcement**             | Organization-specific requirements (your custom rules) |
+| Check                     | What It Catches                                        |
+| ------------------------- | ------------------------------------------------------ |
+| **Wildcard Action**       | `Action: "*"` grants all AWS permissions               |
+| **Wildcard Resource**     | `Resource: "*"` applies to all resources               |
+| **Full Wildcard**         | Both `Action: "*"` AND `Resource: "*"` (admin access)  |
+| **Service Wildcards**     | `s3:*`, `iam:*`, `ec2:*` (overly broad)                |
+| **Sensitive Actions**     | 490+ privilege escalation patterns and dangerous actions |
+| **Condition Enforcement** | Organization-specific condition requirements           |
 **Note on Sensitive Actions:** This check has two modes:

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/README.md RENAMED Viewed

@@ -7,6 +7,8 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/boogy/iam-policy-validator/badge)](https://scorecard.dev/viewer/?uri=github.com/boogy/iam-policy-validator)
+**[📖 Full Documentation](https://boogy.github.io/iam-policy-validator/)**
 ---
 ## Why This Tool Exists
@@ -386,15 +388,14 @@ Validates against official AWS IAM requirements:
 Identifies overly permissive configurations:
-| Check                                 | What It Catches                                        |
-| ------------------------------------- | ------------------------------------------------------ |
-| **Wildcard Action**                   | `Action: "*"` grants all AWS permissions               |
-| **Wildcard Resource**                 | `Resource: "*"` applies to all resources               |
-| **Full Wildcard**                     | Both `Action: "*"` AND `Resource: "*"` (admin access)  |
-| **Service Wildcards**                 | `s3:*`, `iam:*`, `ec2:*` (overly broad)                |
-| **Sensitive Actions (Policy-Wide)**   | **Cross-statement** privilege escalation patterns      |
-| **Sensitive Actions (Per-Statement)** | Dangerous actions in single statement                  |
-| **Condition Enforcement**             | Organization-specific requirements (your custom rules) |
+| Check                     | What It Catches                                        |
+| ------------------------- | ------------------------------------------------------ |
+| **Wildcard Action**       | `Action: "*"` grants all AWS permissions               |
+| **Wildcard Resource**     | `Resource: "*"` applies to all resources               |
+| **Full Wildcard**         | Both `Action: "*"` AND `Resource: "*"` (admin access)  |
+| **Service Wildcards**     | `s3:*`, `iam:*`, `ec2:*` (overly broad)                |
+| **Sensitive Actions**     | 490+ privilege escalation patterns and dangerous actions |
+| **Condition Enforcement** | Organization-specific condition requirements           |
 **Note on Sensitive Actions:** This check has two modes:

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/SECURITY.md RENAMED Viewed

@@ -182,7 +182,7 @@ When contributing to the project:
 The validator includes security features to help users:
-1. **18 Built-in Security Checks**: Detect overly permissive policies, privilege escalation paths, and security anti-patterns
+1. **19 Built-in Security Checks**: Detect overly permissive policies, privilege escalation paths, and security anti-patterns
 2. **AWS Access Analyzer Integration**: Leverage AWS's official policy validation service
 3. **Privilege Escalation Detection**: Identify dangerous action combinations
 4. **Public Access Detection**: Check 29+ AWS resource types for public exposure
@@ -190,31 +190,6 @@ The validator includes security features to help users:
 6. **Policy Comparison**: Detect new permissions vs baseline to prevent scope creep
 7. **Wildcard Detection**: Flag overly permissive wildcards in actions and resources
-## Vulnerability Disclosure Policy
-### Scope
-Security vulnerabilities within scope:
-- **In Scope**:
-  - Authentication and authorization bypass
-  - Code injection vulnerabilities
-  - Sensitive data exposure
-  - Denial of service (DoS)
-  - AWS credential leakage
-  - GitHub token leakage
-  - Path traversal vulnerabilities
-  - Dependency vulnerabilities with active exploits
-  - Logic errors in security checks that could miss vulnerabilities
-- **Out of Scope**:
-  - Social engineering attacks
-  - Physical attacks
-  - Attacks requiring physical access to infrastructure
-  - Issues in third-party dependencies without active exploits
-  - Issues already reported and known
-  - Self-XSS or CSP bypasses without security impact
 ### Safe Harbor
 We support safe harbor for security researchers who:
@@ -224,26 +199,6 @@ We support safe harbor for security researchers who:
 - Do not exploit vulnerabilities for malicious purposes
 - Follow responsible disclosure practices
-## Security Audit History
-We welcome third-party security audits and will list notable audits here:
-- No formal audits completed yet (as of v1.7.0)
-## Security-Related Configuration
-### Logging Levels
-Be cautious with logging levels in production:
-```bash
-# ⚠️ WARNING: Debug logging may expose sensitive policy content
---log-level debug  # Only use for troubleshooting
-# ✅ RECOMMENDED: Use warning or error in production
---log-level warning
-```
 ### GitHub Integration
 Configure minimal permissions for GitHub Actions:
@@ -286,5 +241,5 @@ _Thank you to the following researchers who have helped improve the security of
 ---
-**Last Updated**: 2025-11-10
-**Policy Version**: 1.0
+**Last Updated**: 2026-01-19
+**Policy Version**: 1.1

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/action.yaml RENAMED Viewed

@@ -158,7 +158,7 @@ runs:
         python-version-file: "${{ github.action_path }}/.python-version"
     - name: Install uv
-      uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+      uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
       with:
         enable-cache: true
         cache-suffix: ci # Prune cache in CI to reduce bloat
@@ -186,7 +186,7 @@ runs:
     - name: Restore AWS service definitions cache
       id: cache-aws-services
-      uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
       with:
         path: ~/.cache/iam-validator/aws_services
         # Cache key refreshes weekly to get latest AWS service updates
@@ -514,7 +514,7 @@ runs:
       # Attempting to save with an existing key will silently do nothing
       # Use always() to ensure cache is saved even if validation fails
       if: always() && steps.cache-aws-services.outputs.cache-hit != 'true'
-      uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      uses: actions/cache/save@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
       with:
         path: ~/.cache/iam-validator/aws_services
         key: aws-services-${{ runner.os }}-${{ steps.week.outputs.week }}

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/docs/api-reference/sdk.md RENAMED Viewed

@@ -23,11 +23,11 @@ async def validate_file(
 **Parameters:**
-| Name | Type | Description |
-|------|------|-------------|
-| `file_path` | `str \| Path` | Path to the policy file (JSON or YAML) |
-| `config_path` | `str \| None` | Optional path to configuration file |
-| `config` | `ValidatorConfig \| None` | Optional config object (overrides config_path) |
+| Name          | Type                      | Description                                    |
+| ------------- | ------------------------- | ---------------------------------------------- |
+| `file_path`   | `str \| Path`             | Path to the policy file (JSON or YAML)         |
+| `config_path` | `str \| None`             | Optional path to configuration file            |
+| `config`      | `ValidatorConfig \| None` | Optional config object (overrides config_path) |
 **Returns:** `PolicyValidationResult`
@@ -61,12 +61,12 @@ async def validate_directory(
 **Parameters:**
-| Name | Type | Description |
-|------|------|-------------|
-| `dir_path` | `str \| Path` | Path to directory containing policy files |
-| `config_path` | `str \| None` | Optional path to configuration file |
-| `config` | `ValidatorConfig \| None` | Optional config object |
-| `recursive` | `bool` | Search subdirectories (default: `True`) |
+| Name          | Type                      | Description                               |
+| ------------- | ------------------------- | ----------------------------------------- |
+| `dir_path`    | `str \| Path`             | Path to directory containing policy files |
+| `config_path` | `str \| None`             | Optional path to configuration file       |
+| `config`      | `ValidatorConfig \| None` | Optional config object                    |
+| `recursive`   | `bool`                    | Search subdirectories (default: `True`)   |
 **Returns:** `list[PolicyValidationResult]`
@@ -97,12 +97,12 @@ async def validate_json(
 **Parameters:**
-| Name | Type | Description |
-|------|------|-------------|
-| `policy_json` | `dict` | IAM policy as a Python dict |
-| `policy_name` | `str` | Name to identify this policy in results |
-| `config_path` | `str \| None` | Optional path to configuration file |
-| `config` | `ValidatorConfig \| None` | Optional config object |
+| Name          | Type                      | Description                             |
+| ------------- | ------------------------- | --------------------------------------- |
+| `policy_json` | `dict`                    | IAM policy as a Python dict             |
+| `policy_name` | `str`                     | Name to identify this policy in results |
+| `config_path` | `str \| None`             | Optional path to configuration file     |
+| `config`      | `ValidatorConfig \| None` | Optional config object                  |
 **Returns:** `PolicyValidationResult`
@@ -139,11 +139,11 @@ async def quick_validate(
 **Parameters:**
-| Name | Type | Description |
-|------|------|-------------|
-| `policy` | `str \| Path \| dict` | File path, directory path, or policy dict |
-| `config_path` | `str \| None` | Optional path to configuration file |
-| `config` | `ValidatorConfig \| None` | Optional config object |
+| Name          | Type                      | Description                               |
+| ------------- | ------------------------- | ----------------------------------------- |
+| `policy`      | `str \| Path \| dict`     | File path, directory path, or policy dict |
+| `config_path` | `str \| None`             | Optional path to configuration file       |
+| `config`      | `ValidatorConfig \| None` | Optional config object                    |
 **Returns:** `bool` — `True` if all policies are valid
@@ -183,12 +183,12 @@ async def get_issues(
 **Parameters:**
-| Name | Type | Description |
-|------|------|-------------|
-| `policy` | `str \| Path \| dict` | File path, directory path, or policy dict |
-| `min_severity` | `str` | Minimum severity: `critical`, `high`, `medium`, `low`, `info` |
-| `config_path` | `str \| None` | Optional path to configuration file |
-| `config` | `ValidatorConfig \| None` | Optional config object |
+| Name           | Type                      | Description                                                   |
+| -------------- | ------------------------- | ------------------------------------------------------------- |
+| `policy`       | `str \| Path \| dict`     | File path, directory path, or policy dict                     |
+| `min_severity` | `str`                     | Minimum severity: `critical`, `high`, `medium`, `low`, `info` |
+| `config_path`  | `str \| None`             | Optional path to configuration file                           |
+| `config`       | `ValidatorConfig \| None` | Optional config object                                        |
 **Returns:** `list[ValidationIssue]`
@@ -263,11 +263,11 @@ async with validator() as v:
 The context object provides these methods:
-| Method | Description |
-|--------|-------------|
-| `validate_file(path)` | Validate a single policy file |
+| Method                     | Description                          |
+| -------------------------- | ------------------------------------ |
+| `validate_file(path)`      | Validate a single policy file        |
 | `validate_directory(path)` | Validate all policies in a directory |
-| `generate_report(results)` | Print a formatted report |
+| `generate_report(results)` | Print a formatted report             |
 ---
@@ -334,6 +334,46 @@ print(f"Resources: {resources}")
 ---
+### extract_condition_keys_from_statement
+Extract all condition keys from a single statement.
+```python
+def extract_condition_keys_from_statement(statement: Statement) -> set[str]
+```
+**Parameters:**
+| Name        | Type        | Description                                  |
+| ----------- | ----------- | -------------------------------------------- |
+| `statement` | `Statement` | The statement to extract condition keys from |
+**Returns:** `set[str]` — Set of condition key names
+**Example:**
+```python
+from iam_validator.sdk import extract_condition_keys_from_statement
+from iam_validator.core.models import Statement
+statement = Statement(
+    Effect="Allow",
+    Action=["s3:GetObject"],
+    Resource=["*"],
+    Condition={
+        "StringEquals": {
+            "aws:ResourceAccount": "123456789012",
+            "aws:ResourceTag/Environment": "production"
+        }
+    }
+)
+keys = extract_condition_keys_from_statement(statement)
+# {'aws:ResourceAccount', 'aws:ResourceTag/Environment'}
+```
+---
 ### get_policy_summary
 Get a summary of policy contents.
@@ -404,11 +444,11 @@ async def query_actions(
 **Parameters:**
-| Name | Type | Description |
-|------|------|-------------|
-| `fetcher` | `AWSServiceFetcher` | AWS service fetcher instance |
-| `service` | `str` | Service name (e.g., `s3`, `ec2`) |
-| `access_level` | `str \| None` | Filter: `read`, `write`, `list`, `tagging`, `permissions-management` |
+| Name           | Type                | Description                                                          |
+| -------------- | ------------------- | -------------------------------------------------------------------- |
+| `fetcher`      | `AWSServiceFetcher` | AWS service fetcher instance                                         |
+| `service`      | `str`               | Service name (e.g., `s3`, `ec2`)                                     |
+| `access_level` | `str \| None`       | Filter: `read`, `write`, `list`, `tagging`, `permissions-management` |
 **Example:**

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/docs/contributing/testing.md RENAMED Viewed

@@ -146,11 +146,11 @@ async def test_with_real_policy():
 ## Test Markers
-| Marker | Usage |
-|--------|-------|
-| `@pytest.mark.asyncio` | Async tests |
-| `@pytest.mark.slow` | Long-running tests |
-| `@pytest.mark.benchmark` | Performance tests |
+| Marker                     | Usage                   |
+| -------------------------- | ----------------------- |
+| `@pytest.mark.asyncio`     | Async tests             |
+| `@pytest.mark.slow`        | Long-running tests      |
+| `@pytest.mark.benchmark`   | Performance tests       |
 | `@pytest.mark.integration` | External resource tests |
 ```python

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/docs/developer-guide/architecture.md RENAMED Viewed

@@ -20,7 +20,7 @@ Overview of IAM Policy Validator's architecture and design.
 │         (CheckRegistry → Parallel Execution)            │
 ├───────────────────────┬─────────────────────────────────┤
 │   Built-in Checks     │     Custom Checks               │
-│   (18 checks)         │     (User-defined)              │
+│   (19 checks)         │     (User-defined)              │
 ├───────────────────────┴─────────────────────────────────┤
 │              AWS Service Fetcher                        │
 │         (Service definitions, caching)                  │
@@ -182,8 +182,8 @@ config = ConfigLoader.load("./iam-validator.yaml")
 ### Cache Locations
-| Platform | Location |
-|----------|----------|
-| Linux | `~/.cache/iam-validator/` |
-| macOS | `~/Library/Caches/iam-validator/` |
-| Windows | `%LOCALAPPDATA%\iam-validator\Cache\` |
+| Platform | Location                              |
+| -------- | ------------------------------------- |
+| Linux    | `~/.cache/iam-validator/`             |
+| macOS    | `~/Library/Caches/iam-validator/`     |
+| Windows  | `%LOCALAPPDATA%\iam-validator\Cache\` |

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/docs/developer-guide/custom-checks/examples.md RENAMED Viewed

@@ -194,9 +194,9 @@ checks:
 See the [examples/custom_checks/](https://github.com/boogy/iam-policy-validator/tree/main/examples/custom_checks) directory for additional examples:
-| Check | Description |
-|-------|-------------|
-| `domain_restriction_check.py` | Restrict S3 access to domains |
-| `tag_enforcement_check.py` | Enforce resource tagging |
-| `time_based_access_check.py` | Business hours restrictions |
-| `cross_account_external_id_check.py` | Confused deputy prevention |
+| Check                                | Description                   |
+| ------------------------------------ | ----------------------------- |
+| `domain_restriction_check.py`        | Restrict S3 access to domains |
+| `tag_enforcement_check.py`           | Enforce resource tagging      |
+| `time_based_access_check.py`         | Business hours restrictions   |
+| `cross_account_external_id_check.py` | Confused deputy prevention    |

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/docs/developer-guide/sdk/policy-utilities.md RENAMED Viewed

@@ -60,6 +60,20 @@ keys = extract_condition_keys(policy)
 # ['aws:SourceAccount', 's3:prefix']
 ```
+### extract_condition_keys_from_statement
+Get all condition keys from a single statement.
+```python
+from iam_validator.sdk import extract_condition_keys_from_statement
+# Extract keys from a specific statement
+keys = extract_condition_keys_from_statement(statement)
+# {'aws:ResourceAccount', 'aws:ResourceTag/Environment'}
+```
+This is useful when you need to analyze conditions at the statement level rather than the entire policy.
 ## Analysis
 ### get_policy_summary

{iam_policy_validator-1.14.7 → iam_policy_validator-1.15.0}/docs/getting-started/first-validation.md RENAMED Viewed

@@ -257,14 +257,14 @@ iam-validator validate --path user-policy.json --format json
 ## Understanding Severity Levels
-| Severity | Meaning | Action |
-|----------|---------|--------|
-| **Critical** | Severe security risk | Block deployment |
-| **High** | Security concern | Fix before merge |
-| **Medium** | Best practice violation | Address soon |
-| **Low** | Minor improvement | Optional fix |
-| **Error** | AWS will reject | Must fix |
-| **Warning** | Potential issue | Review |
+| Severity     | Meaning                 | Action           |
+| ------------ | ----------------------- | ---------------- |
+| **Critical** | Severe security risk    | Block deployment |
+| **High**     | Security concern        | Fix before merge |
+| **Medium**   | Best practice violation | Address soon     |
+| **Low**      | Minor improvement       | Optional fix     |
+| **Error**    | AWS will reject         | Must fix         |
+| **Warning**  | Potential issue         | Review           |
 ## What's Next?

iam-policy-validator 1.14.7__tar.gz → 1.15.0__tar.gz

iam-policy-validator 1.14.7tar.gz → 1.15.0tar.gz