nuvu-scan 2.0.1__tar.gz → 2.1.2__tar.gz

nuvu_scan-2.1.2/.cursorrules

@@ -0,0 +1,103 @@
+# Nuvu Scan - AI Agent Instructions
+
+## Project Overview
+Nuvu Scan is an open-source CLI tool for cloud data governance. It scans AWS and GCP to discover, govern, and optimize cloud data assets.
+
+## Critical Rules for AI Agents
+
+### 1. ALWAYS Write Tests for New Features
+Every new feature, CLI option, or code change MUST include corresponding tests:
+
+- **CLI changes**: Add tests in `tests/test_cli.py`
+- **Formatter changes**: Add tests in `tests/test_formatters.py`
+- **Scanner/collector changes**: Add tests in `tests/test_scanners.py`
+- **API/push changes**: Add tests in `tests/test_push_payload.py`
+- **New collectors**: Create `tests/test_<collector_name>.py`
+
+Tests run automatically on every commit via pre-commit hooks. Commits will be blocked if tests fail.
+
+### 2. Code Quality Standards
+- Use `ruff` for linting and formatting (NOT black)
+- Run `uv run ruff format .` before committing
+- Run `uv run ruff check .` to check for issues
+- Pre-commit hooks will auto-run: ruff, ruff-format, bandit, pytest
+
+### 3. CLI Option Changes
+When adding/modifying CLI options:
+1. Add `@click.option()` decorator in `nuvu_scan/cli/commands/scan.py`
+2. Add corresponding function parameter
+3. Add test in `tests/test_cli.py` to verify option exists
+4. Update `README.md` with usage examples
+
+### 4. Push Payload Format (API Compatibility)
+When modifying push functionality:
+- Payload MUST match the schema expected by `/api/scans/import`
+- Required fields: `provider`, `account_id`, `scan_timestamp`, `assets`, `total_cost_estimate_usd`
+- Asset fields: `provider`, `asset_type`, `normalized_category`, `region`, `arn`, `name`
+- Add tests in `tests/test_push_payload.py` to verify format
+
+### 5. Normalized Categories
+Use only these categories from `NormalizedCategory` enum:
+- OBJECT_STORAGE, DATA_WAREHOUSE, STREAMING, COMPUTE, ML_TRAINING
+- DATA_CATALOG, DATA_INTEGRATION, DATA_PIPELINE, DATA_SHARING
+- QUERY_ENGINE, SEARCH, DATABASE, SECURITY, BILLING
+
+### 6. Adding New Collectors
+When adding a new AWS/GCP collector:
+1. Create collector in `nuvu_scan/core/providers/<provider>/collectors/<name>.py`
+2. Register in the scanner's collector list
+3. Add to `--list-collectors` output
+4. Update `README.md` with new service coverage
+5. Create tests with mocked API responses
+6. Update IAM policy if new permissions needed
+
+### 7. Dependencies
+- Use `uv` for package management (NOT pip directly)
+- Add dependencies to `pyproject.toml`
+- Run `uv sync --dev` after adding dependencies
+
+### 8. Testing Commands
+```bash
+# Run all tests
+uv run pytest
+
+# Run with coverage
+uv run pytest --cov=nuvu_scan
+
+# Run specific test file
+uv run pytest tests/test_cli.py
+
+# Run pre-commit checks (includes tests)
+uv run pre-commit run --all-files
+```
+
+### 9. File Structure
+```
+nuvu_scan/
+├── cli/
+│   ├── commands/scan.py     # CLI commands and options
+│   └── formatters/          # HTML, JSON, CSV output
+├── core/
+│   ├── base.py              # Asset, ScanResult, NormalizedCategory
+│   └── providers/
+│       ├── aws/collectors/  # S3, Glue, Redshift, etc.
+│       └── gcp/collectors/  # GCS, BigQuery, etc.
+tests/
+├── test_cli.py              # CLI option tests
+├── test_formatters.py       # Output format tests
+├── test_scanners.py         # Scanner tests
+└── test_push_payload.py     # API payload tests
+```
+
+### 10. Commit Guidelines
+- Pre-commit hooks will run automatically
+- All tests must pass before commit is accepted
+- Use conventional commit messages: `feat:`, `fix:`, `test:`, `docs:`, `chore:`
+
+## Summary
+**Before any code change is complete, ensure:**
+1. ✅ Tests are written/updated
+2. ✅ `uv run pytest` passes
+3. ✅ `uv run ruff check .` passes
+4. ✅ README.md is updated (if user-facing)
+5. ✅ Pre-commit hooks pass on commit

{nuvu_scan-2.0.1 → nuvu_scan-2.1.2}/.github/workflows/ci.yml

@@ -36,38 +36,38 @@ jobs:
     strategy:
       matrix:
         python-version: ["3.10", "3.11", "3.12", "3.13"]
-    
+
     steps:
       - uses: actions/checkout@v4
-      
+
       - name: Install uv
         uses: astral-sh/setup-uv@v4
         with:
           version: "latest"
-      
+
       - name: Set up Python ${{ matrix.python-version }}
         run: uv python install ${{ matrix.python-version }}
-      
+
       - name: Install dependencies
         run: |
           uv sync --dev
-      
+
       - name: Run linter
         run: |
           uv run ruff check .
-          uv run black --check .
-      
+          uv run ruff format --check .
+
       - name: Run type checker
         run: |
           uv run mypy nuvu_scan || true  # Allow failures for now
-      
+
       - name: Run tests
         run: |
           uv run pytest --cov=nuvu_scan --cov-report=xml
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      
+
       - name: Upload coverage
         uses: codecov/codecov-action@v3
         with:
@@ -78,22 +78,22 @@ jobs:
     runs-on: ubuntu-latest
     needs: test
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    
+
     steps:
       - uses: actions/checkout@v4
-      
+
       - name: Install uv
         uses: astral-sh/setup-uv@v4
         with:
           version: "latest"
-      
+
       - name: Set up Python
         run: uv python install 3.11
-      
+
       - name: Build package
         run: |
           uv build
-      
+
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:

{nuvu_scan-2.0.1 → nuvu_scan-2.1.2}/.pre-commit-config.yaml

@@ -34,6 +34,17 @@ repos:
         args: ["-c", "pyproject.toml"]
         additional_dependencies: ["bandit[toml]"]
 
+  # Run tests before commit (only when Python files change)
+  - repo: local
+    hooks:
+      - id: pytest
+        name: pytest
+        entry: uv run pytest tests/ -x -q --tb=no
+        language: system
+        pass_filenames: false
+        types: [python]
+        stages: [pre-commit]
+
 # Configuration
 ci:
   autofix_commit_msg: |

{nuvu_scan-2.0.1 → nuvu_scan-2.1.2}/CONTRIBUTING.md

@@ -30,14 +30,22 @@ cd nuvu-scan
 uv sync --dev  # Creates .venv automatically, no activation needed!
 ```
 
-### 2. Make Changes
+### 2. Install Pre-commit Hooks
+
+```bash
+uv run pre-commit install
+```
+
+This ensures tests and linting run automatically on every commit.
+
+### 3. Make Changes
 
 - Write clear, readable code
-- Follow existing code style (enforced by black and ruff)
-- Add tests for new functionality
+- Follow existing code style (enforced by ruff)
+- **⚠️ Add tests for new functionality** (required - commits will fail without tests)
 - Update documentation
 
-### 3. Test Your Changes
+### 4. Test Your Changes
 
 ```bash
 # Run all tests (uv automatically uses .venv)
@@ -47,23 +55,30 @@ uv run pytest
 uv run pytest --cov=nuvu_scan
 
 # Check code quality
-uv run black .
+uv run ruff format .
 uv run ruff check .
 uv run mypy nuvu_scan
+
+# Run all pre-commit checks (recommended)
+uv run pre-commit run --all-files
 ```
 
 **Note**: No need to activate `.venv` - `uv run` handles it automatically!
 
-### 4. Commit
+### 5. Commit
+
+Pre-commit hooks will automatically run ruff, bandit, and pytest. If any check fails, the commit will be blocked.
 
-Use clear, descriptive commit messages:
+Use conventional commit messages:
 
 ```bash
-git commit -m "Add GCP BigQuery collector"
-git commit -m "Fix S3 bucket size calculation"
+git commit -m "feat: add GCP BigQuery collector"
+git commit -m "fix: correct S3 bucket size calculation"
+git commit -m "test: add tests for Redshift collector"
+git commit -m "docs: update CLI options in README"
 ```
 
-### 5. Push and Create PR
+### 6. Push and Create PR
 
 ```bash
 git push origin feature/your-feature
@@ -93,11 +108,23 @@ See the detailed guide in README.md under "Adding a New Cloud Provider".
 
 ## Code Style
 
-- **Formatting**: Use `black` (line length: 100)
-- **Linting**: Use `ruff`
+- **Formatting**: Use `ruff format`
+- **Linting**: Use `ruff check`
 - **Type hints**: Add type hints where helpful
 - **Docstrings**: Add docstrings for public functions/classes
 
+## Testing Requirements
+
+**Every new feature MUST include tests.** Pre-commit hooks run `pytest` automatically.
+
+| Change Type | Test File |
+|-------------|-----------|
+| CLI options | `tests/test_cli.py` |
+| Formatters (HTML/JSON/CSV) | `tests/test_formatters.py` |
+| Scanners/Collectors | `tests/test_scanners.py` |
+| Push/API changes | `tests/test_push_payload.py` |
+| New collector | `tests/test_<collector>.py` |
+
 ## Pull Request Process
 
 1. Ensure all tests pass

{nuvu_scan-2.0.1 → nuvu_scan-2.1.2}/DEVELOPMENT_STATUS.md

@@ -56,7 +56,7 @@
 
 #### Redshift Collector (Major Enhancement in v2.0.0)
 - ✅ **Provisioned Clusters** (Enhanced)
-  - Lists all clusters with detailed metrics
+  - Lists all clusters across ALL regions (auto-discovery)
   - Node type, count, encryption status
   - CloudWatch-based activity tracking (DatabaseConnections, CPUUtilization)
   - Cluster age calculation
@@ -64,11 +64,22 @@
   - **Reservation coverage analysis** - checks if covered by reserved nodes
   - **WLM configuration analysis** - queue count, auto WLM, unlimited queues
   - Potential reservation savings calculation (40% estimate)
-  - Risk flags: `publicly_accessible`, `unencrypted`, `low_activity`, `potentially_unused`, `no_reservation_long_running`, `default_wlm_only`, `unlimited_wlm_queue`
-- ✅ **Redshift Serverless**
+  - **Performance metrics from CloudWatch** (NEW)
+    - CPU utilization max/avg (24h)
+    - Queries completed (24h)
+    - Disk space usage percentage
+    - Query duration and queue time
+    - Performance recommendations (right-sizing)
+  - Risk flags: `publicly_accessible`, `unencrypted`, `low_activity`, `potentially_unused`, `no_reservation_long_running`, `default_wlm_only`, `unlimited_wlm_queue`, `low_cpu_utilization`
+- ✅ **Redshift Serverless** (Enhanced)
   - Namespaces with encryption status
   - Workgroups with base capacity and cost estimation
-  - Risk flags: `publicly_accessible`
+  - **RPU utilization metrics from CloudWatch** (NEW)
+    - RPU max/avg (24h and 7d)
+    - Queries completed/failed (24h)
+    - Query duration metrics
+    - Utilization recommendations for capacity right-sizing
+  - Risk flags: `publicly_accessible`, `low_rpu_utilization`, `high_query_failure_rate`
 - ✅ **Redshift Datashares** (NEW)
   - Lists all datashares (inbound and outbound)
   - Consumer account identification
@@ -175,6 +186,7 @@
 - ✅ **Progress Logging** - Real-time status updates during collection
 
 ### Enhanced HTML Reports (v2.0.0)
+- ✅ **Scan Scope Section** (NEW) - Shows which collectors and regions were scanned
 - ✅ **Executive Summary** with key metrics
 - ✅ **Cost Optimization Section**
   - Snapshot cost analysis with old snapshot flagging
@@ -184,8 +196,11 @@
   - Stale/unused crawlers and ETL jobs
   - Cross-account data sharing alerts
   - WLM configuration review
+  - **Cluster Performance table** (NEW) - CPU, queries, disk, recommendations
+  - **Serverless Workgroup Utilization table** (NEW) - RPU metrics, recommendations
 - ✅ Improved styling with insight boxes (warning, alert, info)
 - ✅ Potential savings card in summary
+- ✅ **Footer with nuvu-scan attribution** and GitHub repository link
 
 ### New Asset Categories (v2.0.0)
 - ✅ `DATA_PIPELINE` - ETL jobs, crawlers, workflows
@@ -223,6 +238,9 @@
 | Redshift | `reservation_expiring_soon` | Reserved node expires within 30 days |
 | Redshift | `default_wlm_only` | Cluster using only default WLM queue |
 | Redshift | `unlimited_wlm_queue` | WLM queue with no concurrency limit |
+| Redshift | `low_cpu_utilization` | Cluster CPU never exceeds 20% (right-sizing opportunity) |
+| Redshift Serverless | `low_rpu_utilization` | RPU usage below 50% of base capacity |
+| Redshift Serverless | `high_query_failure_rate` | >10% of queries failing |
 
 ### Cost Tracking & Reporting
 - ✅ Asset-level cost estimation for all resources

{nuvu_scan-2.0.1 → nuvu_scan-2.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nuvu-scan
-Version: 2.0.1
+Version: 2.1.2
 Summary: Multi-Cloud Data Asset Control - Discover, govern, and optimize your cloud data assets across AWS and GCP
 Project-URL: Homepage, https://nuvu.dev
 Project-URL: Documentation, https://github.com/nuvudev/nuvu-scan#readme
@@ -79,28 +79,6 @@ pip install nuvu-scan
 
 ## Usage
 
-### Optional: Push results to Nuvu Cloud
-
-Nuvu Scan is fully open-source and runs standalone — no account required.
-If you want dashboards, team workflows, and long‑term history, you can optionally push results to Nuvu Cloud.
-
-```bash
-# Push results to Nuvu Cloud (optional)
-nuvu scan --provider aws --push --api-key your_nuvu_api_key
-
-# Or use environment variable
-export NUVU_API_KEY=your_nuvu_api_key
-nuvu scan --provider aws --push
-
-# Custom cloud URL (defaults to https://nuvu.dev)
-nuvu scan --provider aws --push --nuvu-cloud-url https://nuvu.dev
-```
-
-What this means for open‑source users:
-- You can keep everything local and export JSON/CSV/HTML.
-- No cloud credentials are ever sent to Nuvu Cloud — only scan results.
-- The data collected is identical whether you run locally or push.
-
 ### AWS Scanning
 
 **Prerequisites:** Create an IAM user or role with the read-only policy from `aws-iam-policy.json`. See the [AWS Setup](#aws-v1---available-now) section below for detailed instructions.
@@ -120,11 +98,14 @@ nuvu scan --provider aws \
   --access-key-id your-key \
   --secret-access-key your-secret
 
-# Output to JSON
-nuvu scan --provider aws --output-format json --output-file report.json
+# Output to HTML/JSON/CSV
+nuvu scan --provider aws --output-format html --output-file report.json
 
 # Scan specific regions
 nuvu scan --provider aws --region us-east-1 --region eu-west-1
+
+# Scan specific collector
+nuvu scan --provider aws --output-format html --collectors redshift --region us-west-1
 ```
 
 #### 2. Access Key + Secret Key + Session Token (Temporary Credentials)
@@ -203,6 +184,10 @@ You can optionally push scan results to a remote API for centralized tracking:
 ```bash
 # Push results to a remote endpoint
 nuvu scan --provider aws --push --api-key your-api-key --api-url https://your-api.example.com
+
+# Push results to NUVU Cloud for Data Goverance layer
+nuvu scan --provider aws --push --api-key your-api-key
+
 ```
 
 This is useful for integrating with your own data governance platforms or CI/CD pipelines.
@@ -364,6 +349,29 @@ Nuvu requires read-only access to your GCP project via a Service Account. The to
 ### Azure, Databricks (Coming Soon)
 Multi-cloud support is built into the architecture. Additional providers will be added in future releases.
 
+### Optional: Push results to Nuvu Cloud
+
+Nuvu Scan is fully open-source and runs standalone — no account required.
+If you want dashboards, team workflows, data estate time travel and long‑term history, you can optionally push results to Nuvu Cloud.
+
+```bash
+# Push results to Nuvu Cloud (optional)
+nuvu scan --provider aws --push --api-key your_nuvu_api_key
+
+# Or use environment variable
+export NUVU_API_KEY=your_nuvu_api_key
+nuvu scan --provider aws --push
+
+# Custom API URL (defaults to https://nuvu.dev)
+nuvu scan --provider aws --push --api-url https://your-api.example.com
+```
+
+What this means for open‑source users:
+- You can keep everything local and export JSON/CSV/HTML.
+- No cloud credentials are ever sent to Nuvu Cloud — only scan results.
+- The data collected is identical whether you run locally or push.
+
+
 ## License
 
 Apache 2.0
@@ -413,14 +421,17 @@ uv run pytest tests/test_s3_collector.py
 ### Code Quality
 
 ```bash
-# Format code with black
-uv run black .
+# Format code with ruff
+uv run ruff format .
 
 # Lint with ruff
 uv run ruff check .
 
 # Type checking with mypy
 uv run mypy nuvu_scan
+
+# Run all pre-commit checks (including tests)
+uv run pre-commit run --all-files
 ```
 
 ### Building the Package
@@ -503,11 +514,11 @@ git checkout -b fix/your-bug-description
 
 ### 3. Make Changes
 
-- Follow the existing code style (enforced by black and ruff)
-- Add tests for new features
+- Follow the existing code style (enforced by ruff)
+- **Add tests for new features** (required - pre-commit runs tests)
 - Update documentation as needed
 - Ensure all tests pass: `uv run pytest`
-- Run code quality checks: `uv run black . && uv run ruff check .`
+- Run code quality checks: `uv run ruff format . && uv run ruff check .`
 
 ### 4. Commit and Push
 

{nuvu_scan-2.0.1 → nuvu_scan-2.1.2}/README.md

@@ -31,28 +31,6 @@ pip install nuvu-scan
 
 ## Usage
 
-### Optional: Push results to Nuvu Cloud
-
-Nuvu Scan is fully open-source and runs standalone — no account required.
-If you want dashboards, team workflows, and long‑term history, you can optionally push results to Nuvu Cloud.
-
-```bash
-# Push results to Nuvu Cloud (optional)
-nuvu scan --provider aws --push --api-key your_nuvu_api_key
-
-# Or use environment variable
-export NUVU_API_KEY=your_nuvu_api_key
-nuvu scan --provider aws --push
-
-# Custom cloud URL (defaults to https://nuvu.dev)
-nuvu scan --provider aws --push --nuvu-cloud-url https://nuvu.dev
-```
-
-What this means for open‑source users:
-- You can keep everything local and export JSON/CSV/HTML.
-- No cloud credentials are ever sent to Nuvu Cloud — only scan results.
-- The data collected is identical whether you run locally or push.
-
 ### AWS Scanning
 
 **Prerequisites:** Create an IAM user or role with the read-only policy from `aws-iam-policy.json`. See the [AWS Setup](#aws-v1---available-now) section below for detailed instructions.
@@ -72,11 +50,14 @@ nuvu scan --provider aws \
   --access-key-id your-key \
   --secret-access-key your-secret
 
-# Output to JSON
-nuvu scan --provider aws --output-format json --output-file report.json
+# Output to HTML/JSON/CSV
+nuvu scan --provider aws --output-format html --output-file report.json
 
 # Scan specific regions
 nuvu scan --provider aws --region us-east-1 --region eu-west-1
+
+# Scan specific collector
+nuvu scan --provider aws --output-format html --collectors redshift --region us-west-1
 ```
 
 #### 2. Access Key + Secret Key + Session Token (Temporary Credentials)
@@ -155,6 +136,10 @@ You can optionally push scan results to a remote API for centralized tracking:
 ```bash
 # Push results to a remote endpoint
 nuvu scan --provider aws --push --api-key your-api-key --api-url https://your-api.example.com
+
+# Push results to NUVU Cloud for Data Goverance layer
+nuvu scan --provider aws --push --api-key your-api-key
+
 ```
 
 This is useful for integrating with your own data governance platforms or CI/CD pipelines.
@@ -316,6 +301,29 @@ Nuvu requires read-only access to your GCP project via a Service Account. The to
 ### Azure, Databricks (Coming Soon)
 Multi-cloud support is built into the architecture. Additional providers will be added in future releases.
 
+### Optional: Push results to Nuvu Cloud
+
+Nuvu Scan is fully open-source and runs standalone — no account required.
+If you want dashboards, team workflows, data estate time travel and long‑term history, you can optionally push results to Nuvu Cloud.
+
+```bash
+# Push results to Nuvu Cloud (optional)
+nuvu scan --provider aws --push --api-key your_nuvu_api_key
+
+# Or use environment variable
+export NUVU_API_KEY=your_nuvu_api_key
+nuvu scan --provider aws --push
+
+# Custom API URL (defaults to https://nuvu.dev)
+nuvu scan --provider aws --push --api-url https://your-api.example.com
+```
+
+What this means for open‑source users:
+- You can keep everything local and export JSON/CSV/HTML.
+- No cloud credentials are ever sent to Nuvu Cloud — only scan results.
+- The data collected is identical whether you run locally or push.
+
+
 ## License
 
 Apache 2.0
@@ -365,14 +373,17 @@ uv run pytest tests/test_s3_collector.py
 ### Code Quality
 
 ```bash
-# Format code with black
-uv run black .
+# Format code with ruff
+uv run ruff format .
 
 # Lint with ruff
 uv run ruff check .
 
 # Type checking with mypy
 uv run mypy nuvu_scan
+
+# Run all pre-commit checks (including tests)
+uv run pre-commit run --all-files
 ```
 
 ### Building the Package
@@ -455,11 +466,11 @@ git checkout -b fix/your-bug-description
 
 ### 3. Make Changes
 
-- Follow the existing code style (enforced by black and ruff)
-- Add tests for new features
+- Follow the existing code style (enforced by ruff)
+- **Add tests for new features** (required - pre-commit runs tests)
 - Update documentation as needed
 - Ensure all tests pass: `uv run pytest`
-- Run code quality checks: `uv run black . && uv run ruff check .`
+- Run code quality checks: `uv run ruff format . && uv run ruff check .`
 
 ### 4. Commit and Push
 

{nuvu_scan-2.0.1 → nuvu_scan-2.1.2}/nuvu_scan/cli/commands/scan.py

@@ -2,12 +2,9 @@
 Scan command for Nuvu CLI.
 """
 
-import json
 import os
 import sys
 from datetime import datetime
-from urllib.error import HTTPError, URLError
-from urllib.request import Request, urlopen
 
 import click
 
@@ -111,6 +108,11 @@ from ..formatters.json import JSONFormatter
     default="https://nuvu.dev",
     help="Nuvu Cloud API URL (default: https://nuvu.dev)",
 )
+@click.option(
+    "--list-collectors",
+    is_flag=True,
+    help="List available collectors for the specified provider and exit.",
+)
 def scan_command(
     provider: str,
     output_format: str,
@@ -333,8 +335,12 @@ def scan_command(
                     {
                         "provider": asset.provider,
                         "asset_type": asset.asset_type,
-                        "normalized_category": asset.normalized_category.value if asset.normalized_category else "unknown",
-                        "service": asset.service or asset.asset_type.split("_")[0] if asset.asset_type else "unknown",
+                        "normalized_category": asset.normalized_category.value
+                        if asset.normalized_category
+                        else "unknown",
+                        "service": asset.service or asset.asset_type.split("_")[0]
+                        if asset.asset_type
+                        else "unknown",
                         "region": asset.region,
                         "arn": asset.arn,
                         "name": asset.name,
@@ -343,6 +349,7 @@ def scan_command(
                         "size_bytes": asset.size_bytes,
                         "tags": asset.tags,
                         "cost_estimate_usd": asset.cost_estimate_usd,
+                        "usage_metrics": asset.usage_metrics,  # Include all usage metrics
                         "risk_flags": asset.risk_flags,
                         "ownership_confidence": asset.ownership_confidence or "unknown",
                         "suggested_owner": asset.suggested_owner,
@@ -352,7 +359,8 @@ def scan_command(
             }
 
             # Push to API using the /api/scans/import endpoint
-            with httpx.Client(timeout=60) as client:
+            # Use longer timeout for large scans (2000+ assets can take minutes)
+            with httpx.Client(timeout=300) as client:
                 response = client.post(
                     f"{api_url.rstrip('/')}/api/scans/import",
                     json=payload,
@@ -368,7 +376,10 @@ def scan_command(
                     err=True,
                 )
         except httpx.HTTPStatusError as e:
-            click.echo(f"Error pushing to Nuvu Cloud: {e.response.status_code} - {e.response.text}", err=True)
+            click.echo(
+                f"Error pushing to Nuvu Cloud: {e.response.status_code} - {e.response.text}",
+                err=True,
+            )
             sys.exit(1)
         except Exception as e:
             click.echo(f"Error pushing to Nuvu Cloud: {e}", err=True)