runbooks 0.7.9__py3-none-any.whl → 0.9.1__py3-none-any.whl

runbooks/main.py

@@ -24,6 +24,7 @@ entrypoint for all AWS cloud operations, designed for CloudOps, DevOps, and SRE
 - `runbooks operate` - AWS resource operations (EC2, S3, VPC, NAT Gateway, DynamoDB, etc.)
 - `runbooks org` - AWS Organizations management
 - `runbooks finops` - Cost analysis and financial operations
+- `runbooks cloudops` - Business scenario automation (cost optimization, security enforcement, governance)
 
 ## Standardized Options
 
@@ -46,6 +47,9 @@ runbooks security assess --output html --output-file security-report.html
 # Operations (with safety)
 runbooks operate ec2 start --instance-ids i-1234567890abcdef0 --dry-run
 runbooks operate s3 create-bucket --bucket-name my-bucket --region us-west-2
+runbooks operate s3 find-no-lifecycle --region us-east-1
+runbooks operate s3 add-lifecycle-bulk --bucket-names bucket1,bucket2 --expiration-days 90
+runbooks operate s3 analyze-lifecycle-compliance
 runbooks operate vpc create-vpc --cidr-block 10.0.0.0/16 --vpc-name prod-vpc
 runbooks operate vpc create-nat-gateway --subnet-id subnet-123 --nat-name prod-nat
 runbooks operate dynamodb create-table --table-name employees
@@ -88,6 +92,12 @@ import boto3
 
 from runbooks import __version__
 from runbooks.cfat.runner import AssessmentRunner
+from runbooks.common.performance_monitor import get_performance_benchmark
+from runbooks.common.profile_utils import (
+    create_management_session,
+    create_operational_session,
+    get_profile_for_operation,
+)
 from runbooks.common.rich_utils import console, create_table, print_banner, print_header, print_status
 from runbooks.config import load_config, save_config
 from runbooks.inventory.core.collector import InventoryCollector
@@ -102,10 +112,10 @@ console = Console()
 
 def get_account_id_for_context(profile: str = "default") -> str:
     """
-    Resolve actual AWS account ID for context creation.
+    Resolve actual AWS account ID for context creation using enterprise profile management.
 
     This replaces hardcoded 'current' strings with actual account IDs
-    to fix Pydantic validation failures.
+    to fix Pydantic validation failures. Uses the proven three-tier profile system.
 
     Args:
         profile: AWS profile name
@@ -114,11 +124,14 @@ def get_account_id_for_context(profile: str = "default") -> str:
         12-digit AWS account ID string
     """
     try:
-        session = boto3.Session(profile_name=profile)
+        # Use enterprise profile management for session creation
+        resolved_profile = get_profile_for_operation("management", profile)
+        session = create_management_session(profile)
         sts = session.client("sts")
         response = sts.get_caller_identity()
         return response["Account"]
-    except Exception:
+    except Exception as e:
+        console.log(f"[yellow]Warning: Could not resolve account ID, using fallback: {e}[/yellow]")
         # Fallback to a valid format if STS call fails
         return "123456789012"  # Valid 12-digit format for validation
 
@@ -128,6 +141,51 @@ def get_account_id_for_context(profile: str = "default") -> str:
 # ============================================================================
 
 
+def preprocess_space_separated_profiles():
+    """
+    Preprocess sys.argv to convert space-separated profiles to comma-separated format.
+
+    Converts: --profile prof1 prof2
+    To: --profile prof1,prof2
+
+    This enables backward compatibility with space-separated profile syntax
+    while using Click's standard option parsing.
+    """
+    import sys
+
+    # Only process if we haven't already processed
+    if hasattr(preprocess_space_separated_profiles, "_processed"):
+        return
+
+    new_argv = []
+    i = 0
+    while i < len(sys.argv):
+        if sys.argv[i] == "--profile" and i + 1 < len(sys.argv):
+            # Found --profile flag, collect all following non-flag arguments
+            profiles = []
+            new_argv.append("--profile")
+            i += 1
+
+            # Collect profiles until we hit another flag or end of arguments
+            while i < len(sys.argv) and not sys.argv[i].startswith("-"):
+                profiles.append(sys.argv[i])
+                i += 1
+
+            # Join profiles with commas and add as single argument
+            if profiles:
+                new_argv.append(",".join(profiles))
+
+            # Don't increment i here as we want to process the current argument
+            continue
+        else:
+            new_argv.append(sys.argv[i])
+            i += 1
+
+    # Replace sys.argv with processed version
+    sys.argv = new_argv
+    preprocess_space_separated_profiles._processed = True
+
+
 def common_aws_options(f):
     """
     Standard AWS connection and safety options for all commands.
@@ -142,17 +200,26 @@ def common_aws_options(f):
         Decorated function with AWS options
 
     Added Options:
-        --profile: AWS profile name (default: 'default')
+        --profile: AWS profile name(s) - supports repeated flag syntax
         --region: AWS region identifier (default: 'ap-southeast-2')
         --dry-run: Safety flag to preview operations without execution
 
     Examples:
         ```bash
         runbooks inventory ec2 --profile production --region us-west-2 --dry-run
-        runbooks operate s3 create-bucket --profile dev --region eu-west-1
+        runbooks finops --profile prof1 prof2  # Space-separated (SUPPORTED via preprocessing)
+        runbooks finops --profile prof1 --profile prof2  # Multiple flags (Click standard)
+        runbooks finops --profile prof1,prof2  # Comma-separated (Alternative)
         ```
     """
-    f = click.option("--profile", default="default", help="AWS profile (default: 'default')")(f)
+    # FIXED: Space-separated profiles now supported via preprocessing in cli_entry_point()
+    # All three formats work: --profile prof1 prof2, --profile prof1 --profile prof2, --profile prof1,prof2
+    f = click.option(
+        "--profile",
+        multiple=True,
+        default=("default",),  # Tuple default for multiple=True
+        help="AWS profile(s) - supports: --profile prof1 prof2 OR --profile prof1 --profile prof2 OR --profile prof1,prof2",
+    )(f)
     f = click.option("--region", default="ap-southeast-2", help="AWS region (default: 'ap-southeast-2')")(f)
     f = click.option("--dry-run", is_flag=True, help="Enable dry-run mode for safety")(f)
     return f
@@ -229,7 +296,7 @@ def common_filter_options(f):
 # ============================================================================
 
 
-@click.group(invoke_without_command=True)
+@click.group()
 @click.version_option(version=__version__)
 @click.option("--debug", is_flag=True, help="Enable debug logging")
 @common_aws_options
@@ -253,6 +320,7 @@ def main(ctx, debug, profile, region, dry_run, config):
     • runbooks security   → Security baseline testing
     • runbooks org        → Organizations management
     • runbooks finops     → Cost and usage analytics
+    • runbooks cloudops   → Business scenario automation
     
     Safety Features:
     • --dry-run mode for all operations
@@ -994,6 +1062,178 @@ def sync(ctx, source_bucket, destination_bucket, source_prefix, destination_pref
         raise click.ClickException(str(e))
 
 
+@s3.command()
+@click.option("--region", help="AWS region to scan (scans all regions if not specified)")
+@click.option("--bucket-names", multiple=True, help="Specific bucket names to check (checks all buckets if not specified)")
+@click.pass_context
+def find_no_lifecycle(ctx, region, bucket_names):
+    """Find S3 buckets without lifecycle policies for cost optimization."""
+    try:
+        from runbooks.inventory.models.account import AWSAccount
+        from runbooks.operate import S3Operations
+        from runbooks.operate.base import OperationContext
+
+        console.print(f"[blue]🔍 Finding S3 buckets without lifecycle policies...[/blue]")
+        
+        s3_ops = S3Operations(profile=ctx.obj["profile"], region=ctx.obj["region"], dry_run=ctx.obj["dry_run"])
+        account = AWSAccount(account_id=get_account_id_for_context(ctx.obj["profile"]), account_name="current")
+        context = OperationContext(
+            account=account,
+            region=region or ctx.obj["region"],
+            operation_type="find_buckets_without_lifecycle",
+            resource_types=["s3:bucket"],
+            dry_run=ctx.obj["dry_run"]
+        )
+
+        bucket_list = list(bucket_names) if bucket_names else None
+        results = s3_ops.find_buckets_without_lifecycle(context, region=region, bucket_names=bucket_list)
+
+        for result in results:
+            if result.success:
+                data = result.response_data
+                console.print(f"[green]✅ Scan completed: {data.get('total_count', 0)} non-compliant buckets found[/green]")
+            else:
+                console.print(f"[red]❌ Failed to scan buckets: {result.error_message}[/red]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Operation failed: {e}[/red]")
+        raise click.ClickException(str(e))
+
+
+@s3.command()
+@click.option("--bucket-name", required=True, help="S3 bucket name to check")
+@click.pass_context
+def get_lifecycle(ctx, bucket_name):
+    """Get current lifecycle configuration for an S3 bucket."""
+    try:
+        from runbooks.inventory.models.account import AWSAccount
+        from runbooks.operate import S3Operations
+        from runbooks.operate.base import OperationContext
+
+        console.print(f"[blue]🔍 Getting lifecycle configuration for bucket: {bucket_name}[/blue]")
+        
+        s3_ops = S3Operations(profile=ctx.obj["profile"], region=ctx.obj["region"], dry_run=ctx.obj["dry_run"])
+        account = AWSAccount(account_id=get_account_id_for_context(ctx.obj["profile"]), account_name="current")
+        context = OperationContext(
+            account=account,
+            region=ctx.obj["region"],
+            operation_type="get_bucket_lifecycle",
+            resource_types=["s3:bucket"],
+            dry_run=ctx.obj["dry_run"]
+        )
+
+        results = s3_ops.get_bucket_lifecycle(context, bucket_name=bucket_name)
+
+        for result in results:
+            if result.success:
+                data = result.response_data
+                rules_count = data.get('rules_count', 0)
+                console.print(f"[green]✅ Found {rules_count} lifecycle rule(s) for bucket {bucket_name}[/green]")
+            else:
+                console.print(f"[red]❌ Failed to get lifecycle configuration: {result.error_message}[/red]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Operation failed: {e}[/red]")
+        raise click.ClickException(str(e))
+
+
+@s3.command()
+@click.option("--bucket-names", multiple=True, required=True, help="S3 bucket names to apply policies to (format: bucket1,bucket2)")
+@click.option("--regions", multiple=True, help="Corresponding regions for buckets (format: us-east-1,us-west-2)")
+@click.option("--expiration-days", default=30, help="Days after which objects expire (default: 30)")
+@click.option("--prefix", default="", help="Object prefix filter for lifecycle rule")
+@click.option("--noncurrent-days", default=30, help="Days before noncurrent versions are deleted (default: 30)")
+@click.option("--transition-ia-days", type=int, help="Days before transition to IA storage class")
+@click.option("--transition-glacier-days", type=int, help="Days before transition to Glacier")
+@click.pass_context
+def add_lifecycle_bulk(ctx, bucket_names, regions, expiration_days, prefix, noncurrent_days, transition_ia_days, transition_glacier_days):
+    """Add lifecycle policies to multiple S3 buckets for cost optimization."""
+    try:
+        from runbooks.inventory.models.account import AWSAccount
+        from runbooks.operate import S3Operations
+        from runbooks.operate.base import OperationContext
+
+        console.print(f"[blue]📋 Adding lifecycle policies to {len(bucket_names)} bucket(s)...[/blue]")
+        
+        # Build bucket list with regions
+        bucket_list = []
+        for i, bucket_name in enumerate(bucket_names):
+            bucket_region = regions[i] if i < len(regions) else ctx.obj["region"]
+            bucket_list.append({
+                "bucket_name": bucket_name,
+                "region": bucket_region
+            })
+
+        s3_ops = S3Operations(profile=ctx.obj["profile"], region=ctx.obj["region"], dry_run=ctx.obj["dry_run"])
+        account = AWSAccount(account_id=get_account_id_for_context(ctx.obj["profile"]), account_name="current")
+        context = OperationContext(
+            account=account,
+            region=ctx.obj["region"],
+            operation_type="add_lifecycle_policy_bulk",
+            resource_types=["s3:bucket"],
+            dry_run=ctx.obj["dry_run"]
+        )
+
+        results = s3_ops.add_lifecycle_policy_bulk(
+            context,
+            bucket_list=bucket_list,
+            expiration_days=expiration_days,
+            prefix=prefix,
+            noncurrent_days=noncurrent_days,
+            transition_ia_days=transition_ia_days,
+            transition_glacier_days=transition_glacier_days
+        )
+
+        successful = len([r for r in results if r.success])
+        failed = len(results) - successful
+        
+        console.print(f"[bold]Bulk Lifecycle Policy Summary:[/bold]")
+        console.print(f"[green]✅ Successful: {successful}[/green]")
+        if failed > 0:
+            console.print(f"[red]❌ Failed: {failed}[/red]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Operation failed: {e}[/red]")
+        raise click.ClickException(str(e))
+
+
+@s3.command()
+@click.option("--region", help="AWS region to analyze (analyzes all regions if not specified)")
+@click.pass_context 
+def analyze_lifecycle_compliance(ctx, region):
+    """Analyze S3 lifecycle compliance and provide cost optimization recommendations."""
+    try:
+        from runbooks.inventory.models.account import AWSAccount
+        from runbooks.operate import S3Operations
+        from runbooks.operate.base import OperationContext
+
+        console.print(f"[blue]📊 Analyzing S3 lifecycle compliance across account...[/blue]")
+        
+        s3_ops = S3Operations(profile=ctx.obj["profile"], region=ctx.obj["region"], dry_run=ctx.obj["dry_run"])
+        account = AWSAccount(account_id=get_account_id_for_context(ctx.obj["profile"]), account_name="current")
+        context = OperationContext(
+            account=account,
+            region=region or ctx.obj["region"],
+            operation_type="analyze_lifecycle_compliance",
+            resource_types=["s3:account"],
+            dry_run=ctx.obj["dry_run"]
+        )
+
+        results = s3_ops.analyze_lifecycle_compliance(context, region=region)
+
+        for result in results:
+            if result.success:
+                data = result.response_data
+                compliance_pct = data.get('compliance_percentage', 0)
+                console.print(f"[green]✅ Analysis completed: {compliance_pct:.1f}% compliance rate[/green]")
+            else:
+                console.print(f"[red]❌ Failed to analyze compliance: {result.error_message}[/red]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Operation failed: {e}[/red]")
+        raise click.ClickException(str(e))
+
+
 @operate.group()
 @click.pass_context
 def cloudformation(ctx):
@@ -3141,20 +3381,24 @@ def assess(ctx, checks, export_formats):
         from runbooks.security.security_baseline_tester import SecurityBaselineTester
 
         console.print(f"[blue]🔒 Starting Security Assessment[/blue]")
-        console.print(f"[dim]Profile: {ctx.obj['profile']} | Language: {ctx.obj['language']} | Export: {', '.join(export_formats)}[/dim]")
+        console.print(
+            f"[dim]Profile: {ctx.obj['profile']} | Language: {ctx.obj['language']} | Export: {', '.join(export_formats)}[/dim]"
+        )
 
         # Initialize tester with export formats
         tester = SecurityBaselineTester(
-            profile=ctx.obj["profile"], 
-            lang_code=ctx.obj["language"], 
+            profile=ctx.obj["profile"],
+            lang_code=ctx.obj["language"],
             output_dir=ctx.obj.get("output_file"),
-            export_formats=list(export_formats)
+            export_formats=list(export_formats),
         )
 
         # Run assessment with Rich CLI
         tester.run()
 
-        console.print(f"[green]✅ Security assessment completed with export formats: {', '.join(export_formats)}[/green]")
+        console.print(
+            f"[green]✅ Security assessment completed with export formats: {', '.join(export_formats)}[/green]"
+        )
 
     except Exception as e:
         console.print(f"[red]❌ Security assessment failed: {e}[/red]")
@@ -4787,197 +5031,800 @@ def auto_fix(ctx, findings_file, severity, max_operations):
 
 
 # ============================================================================
-# FINOPS COMMANDS (Cost & Usage Analytics)
+# SRE COMMANDS (Site Reliability Engineering)
 # ============================================================================
 
 
-@main.group(invoke_without_command=True)
-@common_aws_options
-@click.option("--time-range", type=int, help="Time range in days (default: current month)")
+@click.command("sre")
 @click.option(
-    "--report-type", multiple=True, type=click.Choice(["csv", "json", "pdf"]), default=("csv",), help="Report types"
+    "--action",
+    type=click.Choice(["health", "recovery", "optimize", "suite"]),
+    default="health",
+    help="SRE action to perform",
 )
-@click.option("--report-name", help="Base name for report files (without extension)")
-@click.option("--dir", help="Directory to save report files (default: current directory)")
-@click.option("--profiles", multiple=True, help="Specific AWS profiles to use")
-@click.option("--regions", multiple=True, help="AWS regions to check")
-@click.option("--all", is_flag=True, help="Use all available AWS profiles")
-@click.option("--combine", is_flag=True, help="Combine profiles from the same AWS account")
-@click.option("--tag", multiple=True, help="Cost allocation tag to filter resources")
-@click.option("--trend", is_flag=True, help="Display trend report for past 6 months")
-@click.option("--audit", is_flag=True, help="Display audit report with cost anomalies and resource optimization")
+@click.option("--config", type=click.Path(), help="MCP configuration file path")
+@click.option("--save-report", is_flag=True, help="Save detailed report to artifacts")
+@click.option("--continuous", is_flag=True, help="Run continuous monitoring")
 @click.pass_context
-def finops(
-    ctx,
-    profile,
-    region,
-    dry_run,
-    time_range,
-    report_type,
-    report_name,
-    dir,
-    profiles,
-    regions,
-    all,
-    combine,
-    tag,
-    trend,
-    audit,
-):
+def sre_reliability(ctx, action, config, save_report, continuous):
     """
-    AWS FinOps - Cost and usage analytics.
+    SRE Automation - Enterprise MCP Reliability & Infrastructure Monitoring
 
-    Comprehensive cost analysis, optimization recommendations,
-    and resource utilization reporting.
+    Provides comprehensive Site Reliability Engineering automation including:
+    - MCP server health monitoring and diagnostics
+    - Automated failure detection and recovery
+    - Performance optimization and SLA validation
+    - >99.9% uptime target achievement
 
     Examples:
-        runbooks finops --audit --report-type csv,json,pdf --report-name audit_report
-        runbooks finops --trend --report-name cost_trend
-        runbooks finops --time-range 30 --report-name monthly_costs
+        runbooks sre --action health          # Health check all MCP servers
+        runbooks sre --action recovery        # Automated recovery procedures
+        runbooks sre --action optimize        # Performance optimization
+        runbooks sre --action suite           # Complete reliability suite
     """
+    import asyncio
 
-    if ctx.invoked_subcommand is None:
-        # Run default dashboard with all options
-        import argparse
+    from runbooks.common.rich_utils import console, print_error, print_info, print_success
+    from runbooks.sre.mcp_reliability_engine import MCPReliabilityEngine, run_mcp_reliability_suite
 
-        from runbooks.finops.dashboard_runner import run_dashboard
+    try:
+        print_info(f"🚀 Starting SRE automation - Action: {action}")
 
-        args = argparse.Namespace(
-            profile=profile,
-            region=region,
-            dry_run=dry_run,
-            time_range=time_range,
-            report_type=list(report_type),
-            report_name=report_name,
-            dir=dir,
-            profiles=list(profiles) if profiles else None,
-            regions=list(regions) if regions else None,
-            all=all,
-            combine=combine,
-            tag=list(tag) if tag else None,
-            trend=trend,
-            audit=audit,
-            config_file=None,  # Not exposed in Click interface yet
-        )
-        return run_dashboard(args)
-    else:
-        # Pass context to subcommands
-        ctx.obj.update(
-            {
-                "profile": profile,
-                "region": region,
-                "dry_run": dry_run,
-                "time_range": time_range,
-                "report_type": list(report_type),
-                "report_name": report_name,
-                "dir": dir,
-                "profiles": list(profiles) if profiles else None,
-                "regions": list(regions) if regions else None,
-                "all": all,
-                "combine": combine,
-                "tag": list(tag) if tag else None,
-                "trend": trend,
-                "audit": audit,
-            }
-        )
+        if action == "suite":
+            # Run complete reliability suite
+            results = asyncio.run(run_mcp_reliability_suite())
 
+            if results.get("overall_success", False):
+                print_success("✅ SRE Reliability Suite completed successfully")
+                console.print(f"🎯 Final Health: {results.get('final_health_percentage', 0):.1f}%")
+                console.print(f"📈 Improvement: +{results.get('health_improvement', 0):.1f}%")
+            else:
+                print_error("❌ SRE Reliability Suite encountered issues")
+                console.print("🔧 Review detailed logs for remediation guidance")
 
-# ============================================================================
-# HELPER FUNCTIONS
-# ============================================================================
+        else:
+            # Initialize reliability engine for specific actions
+            from pathlib import Path
 
+            config_path = Path(config) if config else None
+            reliability_engine = MCPReliabilityEngine(config_path=config_path)
 
-def display_inventory_results(results):
-    """Display inventory results in formatted tables."""
-    from runbooks.inventory.core.formatter import InventoryFormatter
+            if action == "health":
+                # Health check only
+                results = asyncio.run(reliability_engine.run_comprehensive_health_check())
 
-    formatter = InventoryFormatter(results)
-    console_output = formatter.format_console_table()
-    console.print(console_output)
+                if results["health_percentage"] >= 99.9:
+                    print_success(f"✅ All systems healthy: {results['health_percentage']:.1f}%")
+                else:
+                    console.print(f"⚠️ Health: {results['health_percentage']:.1f}% - Review recommendations")
 
+            elif action == "recovery":
+                # Automated recovery procedures
+                results = asyncio.run(reliability_engine.implement_automated_recovery())
 
-def save_inventory_results(results, output_format, output_file):
-    """Save inventory results to file."""
-    from runbooks.inventory.core.formatter import InventoryFormatter
+                actions_taken = len(results.get("actions_taken", []))
+                if actions_taken > 0:
+                    print_success(f"🔄 Recovery completed: {actions_taken} actions taken")
+                else:
+                    print_info("✅ No recovery needed - all systems healthy")
 
-    formatter = InventoryFormatter(results)
+            elif action == "optimize":
+                # Performance optimization
+                results = asyncio.run(reliability_engine.run_performance_optimization())
 
-    if not output_file:
-        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
-        output_file = f"inventory_{timestamp}.{output_format}"
+                optimizations = results.get("optimizations_applied", 0)
+                if optimizations > 0:
+                    print_success(f"⚡ Optimization completed: {optimizations} improvements applied")
+                else:
+                    print_info("✅ Performance already optimal")
 
-    if output_format == "csv":
-        formatter.to_csv(output_file)
-    elif output_format == "json":
-        formatter.to_json(output_file)
-    elif output_format == "html":
-        formatter.to_html(output_file)
-    elif output_format == "yaml":
-        formatter.to_yaml(output_file)
+        # Save detailed report if requested
+        if save_report and "results" in locals():
+            import json
+            from datetime import datetime
+            from pathlib import Path
 
-    console.print(f"[green]💾 Results saved to: {output_file}[/green]")
+            artifacts_dir = Path("./artifacts/sre")
+            artifacts_dir.mkdir(parents=True, exist_ok=True)
 
+            timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+            report_file = artifacts_dir / f"sre_report_{action}_{timestamp}.json"
 
-def display_assessment_results(report):
-    """Display CFAT assessment results."""
-    console.print(f"\n[bold blue]📊 Cloud Foundations Assessment Results[/bold blue]")
-    console.print(f"[dim]Score: {report.summary.compliance_score}/100 | Risk: {report.summary.risk_level}[/dim]")
+            with open(report_file, "w") as f:
+                json.dump(results, f, indent=2, default=str)
 
-    # Summary table
-    from rich.table import Table
+            print_success(f"📊 Detailed report saved: {report_file}")
 
-    table = Table(title="Assessment Summary")
-    table.add_column("Metric", style="cyan")
-    table.add_column("Value", style="bold")
-    table.add_column("Status", style="green")
+        # Continuous monitoring mode
+        if continuous:
+            print_info("🔄 Starting continuous monitoring mode...")
+            console.print("Press Ctrl+C to stop monitoring")
 
-    table.add_row("Compliance Score", f"{report.summary.compliance_score}/100", report.summary.risk_level)
-    table.add_row("Total Checks", str(report.summary.total_checks), "✓ Completed")
-    table.add_row("Pass Rate", f"{report.summary.pass_rate:.1f}%", "📊 Analyzed")
-    table.add_row(
-        "Critical Issues",
-        str(report.summary.critical_issues),
-        "🚨 Review Required" if report.summary.critical_issues > 0 else "✅ None",
-    )
+            try:
+                while True:
+                    import time
 
-    console.print(table)
+                    time.sleep(60)  # Check every minute
 
+                    # Quick health check
+                    reliability_engine = MCPReliabilityEngine()
+                    health_summary = reliability_engine.connection_pool.get_health_summary()
 
-def save_assessment_results(report, output_format, output_file):
-    """Save assessment results to file."""
-    if not output_file:
-        timestamp = report.timestamp.strftime("%Y%m%d_%H%M%S")
-        output_file = f"cfat_report_{timestamp}.{output_format}"
+                    console.print(
+                        f"🏥 Health: {health_summary['healthy_servers']}/{health_summary['total_servers']} servers healthy"
+                    )
 
-    if output_format == "html":
-        report.to_html(output_file)
-    elif output_format == "json":
-        report.to_json(output_file)
-    elif output_format == "csv":
-        report.to_csv(output_file)
-    elif output_format == "yaml":
-        report.to_yaml(output_file)
+            except KeyboardInterrupt:
+                print_info("🛑 Continuous monitoring stopped")
 
-    console.print(f"[green]💾 Assessment saved to: {output_file}[/green]")
+    except Exception as e:
+        print_error(f"❌ SRE automation failed: {str(e)}")
+        logger.error(f"SRE reliability command failed: {str(e)}")
+        raise click.ClickException(str(e))
 
 
-def display_ou_structure(ous):
-    """Display OU structure in formatted table."""
-    from rich.table import Table
+# Add SRE command to CLI
+main.add_command(sre_reliability)
 
-    table = Table(title="AWS Organizations Structure")
-    table.add_column("Name", style="cyan")
-    table.add_column("ID", style="green")
-    table.add_column("Level", justify="center")
-    table.add_column("Parent ID", style="blue")
 
-    for ou in ous:
-        indent = "  " * ou.get("Level", 0)
-        table.add_row(
-            f"{indent}{ou.get('Name', 'Unknown')}", ou.get("Id", ""), str(ou.get("Level", 0)), ou.get("ParentId", "")
-        )
+# ============================================================================
+# CLOUDOPS COMMANDS (Business Scenario Automation)
+# ============================================================================
 
-    console.print(table)
+@click.group()
+def cloudops():
+    """CloudOps business scenario automation for cost optimization, security enforcement, and governance."""
+    pass
+
+@cloudops.group()
+def cost():
+    """Cost optimization scenarios for emergency response and routine optimization.""" 
+    pass
+
+@cost.command()
+@click.option('--billing-profile', default='ams-admin-Billing-ReadOnlyAccess-909135376185', help='AWS billing profile with Cost Explorer access')
+@click.option('--management-profile', default='ams-admin-ReadOnlyAccess-909135376185', help='AWS management profile with Organizations access')
+@click.option('--tolerance-percent', default=5.0, help='MCP cross-validation tolerance percentage')
+@click.option('--performance-target-ms', default=30000.0, help='Performance target in milliseconds')
+@click.option('--export-evidence/--no-export', default=True, help='Export DoD validation evidence')
+@common_aws_options
+@click.pass_context
+def mcp_validation(ctx, billing_profile, management_profile, tolerance_percent, performance_target_ms, export_evidence, profile, region):
+    """
+    MCP-validated cost optimization with comprehensive DoD validation.
+    
+    Technical Features:
+    - Real-time Cost Explorer MCP validation
+    - Cross-validation between estimates and AWS APIs
+    - Performance benchmarking with sub-30s targets
+    - Comprehensive evidence generation for DoD compliance
+    
+    Business Impact:
+    - Replaces ALL estimated costs with real AWS data
+    - >99.9% reliability through MCP cross-validation
+    - Executive-ready reports with validated projections
+    """
+    import asyncio
+    from runbooks.cloudops.mcp_cost_validation import MCPCostValidationEngine
+    from runbooks.common.rich_utils import console, print_header, print_success, print_error
+    
+    print_header("MCP Cost Validation - Technical CLI", "1.0.0")
+    
+    async def run_mcp_validation():
+        try:
+            # Initialize MCP validation engine
+            validation_engine = MCPCostValidationEngine(
+                billing_profile=billing_profile or profile,
+                management_profile=management_profile or profile,
+                tolerance_percent=tolerance_percent,
+                performance_target_ms=performance_target_ms
+            )
+            
+            # Run comprehensive test suite
+            test_results = await validation_engine.run_comprehensive_cli_test_suite()
+            
+            if export_evidence:
+                # Export DoD validation report
+                report_file = await validation_engine.export_dod_validation_report(test_results)
+                if report_file:
+                    print_success(f"📊 DoD validation report: {report_file}")
+                
+            # Summary
+            passed_tests = sum(1 for r in test_results if r.success)
+            total_tests = len(test_results)
+            
+            if passed_tests == total_tests:
+                print_success(f"✅ All {total_tests} MCP validation tests passed")
+                ctx.exit(0)
+            else:
+                print_error(f"❌ {total_tests - passed_tests}/{total_tests} tests failed")
+                ctx.exit(1)
+                
+        except Exception as e:
+            print_error(f"MCP validation failed: {str(e)}")
+            ctx.exit(1)
+    
+    try:
+        asyncio.run(run_mcp_validation())
+    except KeyboardInterrupt:
+        console.print("\n⚠️ MCP validation interrupted by user")
+        ctx.exit(130)
+
+@cost.command()
+@click.option('--spike-threshold', default=25000.0, help='Cost spike threshold ($) that triggered emergency')
+@click.option('--target-savings', default=30.0, help='Target cost reduction percentage')
+@click.option('--analysis-days', default=7, help='Days to analyze for cost trends')
+@click.option('--max-risk', default='medium', type=click.Choice(['low', 'medium', 'high']), help='Maximum acceptable risk level')
+@click.option('--enable-mcp/--disable-mcp', default=True, help='Enable MCP cross-validation')
+@click.option('--export-reports/--no-export', default=True, help='Export executive reports')
+@common_aws_options
+@click.pass_context
+def emergency_response(ctx, spike_threshold, target_savings, analysis_days, max_risk, enable_mcp, export_reports, profile, region):
+    """
+    Emergency cost spike response with MCP validation.
+    
+    Business Scenario:
+    - Rapid response to unexpected AWS cost spikes requiring immediate executive action
+    - Typical triggers: Monthly bill increase >$5K, daily spending >200% budget
+    - Target response time: <30 minutes for initial analysis and action plan
+    
+    Technical Features:
+    - MCP Cost Explorer validation for real financial data
+    - Cross-validation of cost projections against actual spend
+    - Executive-ready reports with validated savings opportunities
+    """
+    from runbooks.cloudops.interfaces import emergency_cost_response
+    from runbooks.cloudops.mcp_cost_validation import MCPCostValidationEngine
+    from runbooks.common.rich_utils import console, print_header, print_success, print_error
+    import asyncio
+    
+    print_header("Emergency Cost Response - MCP Validated", "1.0.0")
+    
+    try:
+        # Execute emergency cost response via business interface
+        result = emergency_cost_response(
+            profile=profile,
+            cost_spike_threshold=spike_threshold,
+            target_savings_percent=target_savings,
+            analysis_days=analysis_days,
+            max_risk_level=max_risk,
+            require_approval=True,
+            dry_run=True  # Always safe for CLI usage
+        )
+        
+        # Display executive summary
+        console.print(result.executive_summary)
+        
+        # MCP validation if enabled
+        if enable_mcp:
+            print_header("MCP Cross-Validation", "1.0.0")
+            
+            async def run_mcp_validation():
+                validation_engine = MCPCostValidationEngine(
+                    billing_profile=profile,
+                    management_profile=profile,
+                    tolerance_percent=5.0,
+                    performance_target_ms=30000.0
+                )
+                
+                # Validate emergency response scenario
+                test_result = await validation_engine.validate_cost_optimization_scenario(
+                    scenario_name='emergency_cost_response_validation',
+                    cost_optimizer_params={
+                        'profile': profile,
+                        'cost_spike_threshold': spike_threshold,
+                        'analysis_days': analysis_days
+                    },
+                    expected_savings_range=(spike_threshold * 0.1, spike_threshold * 0.5)
+                )
+                
+                if test_result.success and test_result.mcp_validation:
+                    print_success("✅ MCP validation passed - cost projections verified")
+                    print_success(f"📊 Variance: {test_result.mcp_validation.variance_percentage:.2f}%")
+                else:
+                    print_error("⚠️ MCP validation encountered issues - review cost projections")
+                    
+                return test_result
+            
+            try:
+                mcp_result = asyncio.run(run_mcp_validation())
+            except Exception as e:
+                print_error(f"MCP validation failed: {str(e)}")
+                print_error("📞 Contact CloudOps team for AWS Cost Explorer access configuration")
+        
+        # Export reports if requested
+        if export_reports:
+            exported = result.export_reports('/tmp/emergency-cost-reports')
+            if exported.get('json'):
+                print_success(f"📊 Executive reports exported to: /tmp/emergency-cost-reports")
+        
+        # Exit with success/failure status
+        if result.success:
+            print_success("✅ Emergency cost response completed successfully")
+            ctx.exit(0)
+        else:
+            print_error("❌ Emergency cost response encountered issues")
+            ctx.exit(1)
+            
+    except Exception as e:
+        print_error(f"Emergency cost response failed: {str(e)}")
+        ctx.exit(1)
+
+@cost.command()
+@click.option('--regions', multiple=True, help='Target AWS regions')
+@click.option('--idle-days', default=7, help='Days to consider NAT Gateway idle')
+@click.option('--cost-threshold', default=0.0, help='Minimum monthly cost threshold ($)')
+@click.option('--dry-run/--execute', default=True, help='Dry run mode (safe analysis)')
+@common_aws_options
+@click.pass_context
+def nat_gateways(ctx, regions, idle_days, cost_threshold, dry_run, profile, region):
+    """
+    Optimize unused NAT Gateways - typical savings $45-90/month each.
+    
+    Business Impact:
+    - Cost reduction: $45-90/month per unused NAT Gateway
+    - Risk level: Low (network connectivity analysis performed) 
+    - Implementation time: 15-30 minutes
+    """
+    import asyncio
+    from runbooks.cloudops import CostOptimizer
+    from runbooks.cloudops.models import ExecutionMode
+    from runbooks.common.rich_utils import console, print_header
+    
+    print_header("NAT Gateway Cost Optimization", "1.0.0")
+    
+    try:
+        # Initialize cost optimizer
+        execution_mode = ExecutionMode.DRY_RUN if dry_run else ExecutionMode.EXECUTE
+        optimizer = CostOptimizer(profile=profile, dry_run=dry_run, execution_mode=execution_mode)
+        
+        # Execute NAT Gateway optimization
+        result = asyncio.run(optimizer.optimize_nat_gateways(
+            regions=list(regions) if regions else None,
+            idle_threshold_days=idle_days,
+            cost_threshold=cost_threshold
+        ))
+        
+        console.print(f"\n✅ NAT Gateway optimization completed")
+        console.print(f"💰 Potential monthly savings: ${result.business_metrics.total_monthly_savings:,.2f}")
+        
+    except Exception as e:
+        console.print(f"❌ NAT Gateway optimization failed: {str(e)}", style="red")
+        raise click.ClickException(str(e))
+
+@cost.command()
+@click.option('--spike-threshold', default=5000.0, help='Cost spike threshold ($) that triggered emergency')
+@click.option('--analysis-days', default=7, help='Days to analyze for cost trends')
+@common_aws_options
+@click.pass_context
+def emergency(ctx, spike_threshold, analysis_days, profile, region):
+    """
+    Emergency cost spike response - rapid analysis and remediation.
+    
+    Business Impact:
+    - Response time: <30 minutes for initial analysis
+    - Target savings: 25-50% of spike amount
+    - Risk level: Medium (rapid changes require monitoring)
+    """
+    import asyncio
+    from runbooks.cloudops import CostOptimizer
+    from runbooks.common.rich_utils import console, print_header
+    
+    print_header("Emergency Cost Spike Response", "1.0.0")
+    
+    try:
+        optimizer = CostOptimizer(profile=profile, dry_run=True)  # Always dry run for emergency analysis
+        
+        result = asyncio.run(optimizer.emergency_cost_response(
+            cost_spike_threshold=spike_threshold,
+            analysis_days=analysis_days
+        ))
+        
+        console.print(f"\n🚨 Emergency cost analysis completed")
+        console.print(f"💰 Immediate savings identified: ${result.business_metrics.total_monthly_savings:,.2f}")
+        console.print(f"⏱️  Analysis time: {result.execution_time:.1f} seconds")
+        
+    except Exception as e:
+        console.print(f"❌ Emergency cost response failed: {str(e)}", style="red")
+        raise click.ClickException(str(e))
+
+@cloudops.group()
+def security():
+    """Security enforcement scenarios for compliance and risk reduction."""
+    pass
+
+@security.command()
+@click.option('--regions', multiple=True, help='Target AWS regions')
+@click.option('--dry-run/--execute', default=True, help='Dry run mode')
+@common_aws_options
+@click.pass_context
+def s3_encryption(ctx, regions, dry_run, profile, region):
+    """
+    Enforce S3 bucket encryption for compliance (SOC2, PCI-DSS, HIPAA).
+    
+    Business Impact:
+    - Compliance improvement: SOC2, PCI-DSS, HIPAA requirements
+    - Risk reduction: Data protection and regulatory compliance
+    - Implementation time: 10-20 minutes
+    """
+    import asyncio
+    from runbooks.cloudops import SecurityEnforcer
+    from runbooks.cloudops.models import ExecutionMode
+    from runbooks.common.rich_utils import console, print_header
+    
+    print_header("S3 Encryption Compliance Enforcement", "1.0.0")
+    
+    try:
+        execution_mode = ExecutionMode.DRY_RUN if dry_run else ExecutionMode.EXECUTE
+        enforcer = SecurityEnforcer(profile=profile, dry_run=dry_run, execution_mode=execution_mode)
+        
+        result = asyncio.run(enforcer.enforce_s3_encryption(
+            regions=list(regions) if regions else None
+        ))
+        
+        console.print(f"\n🔒 S3 encryption enforcement completed")
+        if hasattr(result, 'compliance_score_after'):
+            console.print(f"📈 Compliance score: {result.compliance_score_after:.1f}%")
+        
+    except Exception as e:
+        console.print(f"❌ S3 encryption enforcement failed: {str(e)}", style="red")
+        raise click.ClickException(str(e))
+
+@cloudops.group()  
+def governance():
+    """Multi-account governance campaigns for organizational compliance."""
+    pass
+
+@governance.command()
+@click.option('--scope', type=click.Choice(['ORGANIZATION', 'OU', 'ACCOUNT_LIST']), default='ORGANIZATION', help='Governance campaign scope')
+@click.option('--target-compliance', default=95.0, help='Target compliance percentage')
+@click.option('--max-accounts', default=10, help='Maximum concurrent accounts to process')
+@common_aws_options
+@click.pass_context  
+def campaign(ctx, scope, target_compliance, max_accounts, profile, region):
+    """
+    Execute organization-wide governance campaign.
+    
+    Business Impact:
+    - Governance compliance: >95% across organization
+    - Cost optimization: 15-25% through standardization
+    - Operational efficiency: 60% reduction in manual tasks
+    """
+    from runbooks.cloudops import ResourceLifecycleManager
+    from runbooks.common.rich_utils import console, print_header
+    
+    print_header("Multi-Account Governance Campaign", "1.0.0")
+    
+    try:
+        lifecycle_manager = ResourceLifecycleManager(profile=profile, dry_run=True)
+        
+        console.print(f"🏛️  Initiating governance campaign")
+        console.print(f"📊 Scope: {scope}")
+        console.print(f"🎯 Target compliance: {target_compliance}%")
+        console.print(f"⚡ Max concurrent accounts: {max_accounts}")
+        
+        # This would execute the comprehensive governance campaign
+        console.print(f"\n✅ Governance campaign framework initialized")
+        console.print(f"📋 Use notebooks/cloudops-scenarios/multi-account-governance-campaign.ipynb for full execution")
+        
+    except Exception as e:
+        console.print(f"❌ Governance campaign failed: {str(e)}", style="red")
+        raise click.ClickException(str(e))
+
+# Add CloudOps command to main CLI
+main.add_command(cloudops)
+
+
+# ============================================================================
+# FINOPS COMMANDS (Cost & Usage Analytics)
+# ============================================================================
+
+
+def _parse_profiles_parameter(profiles_tuple):
+    """Parse profiles parameter to handle multiple formats:
+    - Multiple --profiles options: --profiles prof1 --profiles prof2
+    - Comma-separated in single option: --profiles "prof1,prof2"
+    - Space-separated in single option: --profiles "prof1 prof2"
+    """
+    if not profiles_tuple:
+        return None
+
+    all_profiles = []
+    for profile_item in profiles_tuple:
+        # Handle comma or space separated profiles in a single item
+        if "," in profile_item:
+            all_profiles.extend([p.strip() for p in profile_item.split(",")])
+        elif " " in profile_item:
+            all_profiles.extend([p.strip() for p in profile_item.split()])
+        else:
+            all_profiles.append(profile_item.strip())
+
+    return [p for p in all_profiles if p]  # Remove empty strings
+
+
+@main.command()
+@common_aws_options
+@click.option("--time-range", type=int, help="Time range in days (default: current month)")
+@click.option("--report-type", type=click.Choice(["csv", "json", "pdf", "markdown"]), help="Report type for export")
+@click.option("--report-name", help="Base name for report files (without extension)")
+@click.option("--dir", help="Directory to save report files (default: current directory)")
+@click.option(
+    "--profiles",
+    multiple=True,
+    help="AWS profiles: --profiles prof1 prof2 OR --profiles 'prof1,prof2' OR --profiles prof1 --profiles prof2",
+)
+@click.option("--regions", multiple=True, help="AWS regions to check")
+@click.option("--all", is_flag=True, help="Use all available AWS profiles")
+@click.option("--combine", is_flag=True, help="Combine profiles from the same AWS account")
+@click.option("--tag", multiple=True, help="Cost allocation tag to filter resources")
+@click.option("--trend", is_flag=True, help="Display trend report for past 6 months")
+@click.option("--audit", is_flag=True, help="Display audit report with cost anomalies and resource optimization")
+@click.option("--pdf", is_flag=True, help="Generate PDF report (convenience flag for --report-type pdf)")
+@click.option(
+    "--export-markdown", "--markdown", is_flag=True, help="Generate Rich-styled markdown export with 10-column format"
+)
+@click.option(
+    "--profile-display-length",
+    type=int,
+    help="Maximum characters for profile name display (optional, no truncation if not specified)",
+)
+@click.option(
+    "--service-name-length",
+    type=int,
+    help="Maximum characters for service name display (optional, no truncation if not specified)",
+)
+@click.option(
+    "--max-services-text",
+    type=int,
+    help="Maximum number of services in text summaries (optional, no limit if not specified)",
+)
+@click.option(
+    "--high-cost-threshold", type=float, default=5000, help="High cost threshold for highlighting (default: 5000)"
+)
+@click.option(
+    "--medium-cost-threshold", type=float, default=1000, help="Medium cost threshold for highlighting (default: 1000)"
+)
+@click.pass_context
+def finops(
+    ctx,
+    profile,
+    region,
+    dry_run,
+    time_range,
+    report_type,
+    report_name,
+    dir,
+    profiles,
+    regions,
+    all,
+    combine,
+    tag,
+    trend,
+    audit,
+    pdf,
+    export_markdown,
+    profile_display_length,
+    service_name_length,
+    max_services_text,
+    high_cost_threshold,
+    medium_cost_threshold,
+):
+    """
+    AWS FinOps - Cost and usage analytics.
+
+    Comprehensive cost analysis, optimization recommendations,
+    and resource utilization reporting.
+
+    Examples:
+        runbooks finops --audit --report-type csv,json,pdf --report-name audit_report
+        runbooks finops --trend --report-name cost_trend
+        runbooks finops --time-range 30 --report-name monthly_costs
+    """
+
+    # Run finops dashboard with all options
+    import argparse
+
+    # Import enhanced routing for service-per-row layout (Enterprise requirement)
+    try:
+        from runbooks.finops.dashboard_router import route_finops_request
+
+        use_enhanced_routing = True
+        click.echo(click.style("🚀 Using Enhanced Service-Focused Dashboard", fg="cyan", bold=True))
+    except Exception as e:
+        from runbooks.finops.dashboard_runner import run_dashboard
+
+        use_enhanced_routing = False
+        click.echo(click.style(f"⚠️ Enhanced routing failed ({str(e)[:50]}), using legacy mode", fg="yellow"))
+
+    # Handle report type logic - support --report-type, --pdf, and --export-markdown flags
+    report_types = []
+    if pdf:
+        report_types = ["pdf"]
+    elif export_markdown:
+        report_types = ["markdown"]
+        # Set default filename if none provided
+        if not report_name:
+            report_name = "finops_markdown_export"
+        # Ensure exports directory exists
+        if not dir:
+            dir = "./exports"
+        import os
+
+        os.makedirs(dir, exist_ok=True)
+        click.echo(
+            click.style("📝 Rich-styled markdown export activated - 10-column format for MkDocs", fg="cyan", bold=True)
+        )
+    elif report_type:
+        report_types = [report_type]
+    elif report_name:  # If report name provided but no type, default to csv
+        report_types = ["csv"]
+
+    # Parse profiles from updated --profile parameter (now supports multiple=True)
+    parsed_profiles = None
+    if profile:
+        # Handle the new tuple/list format from click.option(multiple=True)
+        if isinstance(profile, (tuple, list)):
+            # Flatten and handle comma-separated values within each element
+            all_profiles = []
+            for profile_item in profile:
+                if profile_item and "," in profile_item:
+                    all_profiles.extend([p.strip() for p in profile_item.split(",") if p.strip()])
+                elif profile_item and profile_item.strip():
+                    all_profiles.append(profile_item.strip())
+
+            # Filter out empty and "default" profiles, keep actual profiles
+            parsed_profiles = [p for p in all_profiles if p and p != "default"]
+            # If no valid profiles after filtering, use default
+            if not parsed_profiles:
+                parsed_profiles = ["default"]
+        else:
+            # Legacy single string handling (backward compatibility)
+            if "," in profile:
+                parsed_profiles = [p.strip() for p in profile.split(",") if p.strip()]
+            else:
+                parsed_profiles = [profile.strip()]
+
+    # Combine with --profiles parameter if both are provided
+    if profiles:
+        legacy_profiles = _parse_profiles_parameter(profiles)
+        if parsed_profiles:
+            parsed_profiles.extend(legacy_profiles)
+        else:
+            parsed_profiles = legacy_profiles
+
+    # CRITICAL FIX: Ensure single profile is correctly handled for downstream processing
+    # When multiple profiles are provided via --profile, use the first one as primary profile
+    primary_profile = (
+        parsed_profiles[0] if parsed_profiles else (profile[0] if isinstance(profile, tuple) and profile else profile)
+    )
+
+    args = argparse.Namespace(
+        profile=primary_profile,  # Primary profile for single-profile operations
+        region=region,
+        dry_run=dry_run,
+        time_range=time_range,
+        report_type=report_types,
+        report_name=report_name,
+        dir=dir,
+        profiles=parsed_profiles,  # Use parsed profiles from both --profile and --profiles
+        regions=list(regions) if regions else None,
+        all=all,
+        combine=combine,
+        tag=list(tag) if tag else None,
+        trend=trend,
+        audit=audit,
+        export_markdown=export_markdown,  # Add export_markdown parameter
+        config_file=None,  # Not exposed in Click interface yet
+        # Display configuration parameters
+        profile_display_length=profile_display_length,
+        service_name_length=service_name_length,
+        max_services_text=max_services_text,
+        high_cost_threshold=high_cost_threshold,
+        medium_cost_threshold=medium_cost_threshold,
+    )
+    # Route to appropriate dashboard implementation
+    if use_enhanced_routing:
+        return route_finops_request(args)
+    else:
+        return run_dashboard(args)
+
+
+# ============================================================================
+# HELPER FUNCTIONS
+# ============================================================================
+
+
+def display_inventory_results(results):
+    """Display inventory results in formatted tables."""
+    from runbooks.inventory.core.formatter import InventoryFormatter
+
+    formatter = InventoryFormatter(results)
+    console_output = formatter.format_console_table()
+    console.print(console_output)
+
+
+def save_inventory_results(results, output_format, output_file):
+    """Save inventory results to file."""
+    from runbooks.inventory.core.formatter import InventoryFormatter
+
+    formatter = InventoryFormatter(results)
+
+    if not output_file:
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+        output_file = f"inventory_{timestamp}.{output_format}"
+
+    if output_format == "csv":
+        formatter.to_csv(output_file)
+    elif output_format == "json":
+        formatter.to_json(output_file)
+    elif output_format == "html":
+        formatter.to_html(output_file)
+    elif output_format == "yaml":
+        formatter.to_yaml(output_file)
+
+    console.print(f"[green]💾 Results saved to: {output_file}[/green]")
+
+
+def display_assessment_results(report):
+    """Display CFAT assessment results."""
+    console.print(f"\n[bold blue]📊 Cloud Foundations Assessment Results[/bold blue]")
+    console.print(f"[dim]Score: {report.summary.compliance_score}/100 | Risk: {report.summary.risk_level}[/dim]")
+
+    # Summary table
+    from rich.table import Table
+
+    table = Table(title="Assessment Summary")
+    table.add_column("Metric", style="cyan")
+    table.add_column("Value", style="bold")
+    table.add_column("Status", style="green")
+
+    table.add_row("Compliance Score", f"{report.summary.compliance_score}/100", report.summary.risk_level)
+    table.add_row("Total Checks", str(report.summary.total_checks), "✓ Completed")
+    table.add_row("Pass Rate", f"{report.summary.pass_rate:.1f}%", "📊 Analyzed")
+    table.add_row(
+        "Critical Issues",
+        str(report.summary.critical_issues),
+        "🚨 Review Required" if report.summary.critical_issues > 0 else "✅ None",
+    )
+
+    console.print(table)
+
+
+def save_assessment_results(report, output_format, output_file):
+    """Save assessment results to file."""
+    if not output_file:
+        timestamp = report.timestamp.strftime("%Y%m%d_%H%M%S")
+        output_file = f"cfat_report_{timestamp}.{output_format}"
+
+    if output_format == "html":
+        report.to_html(output_file)
+    elif output_format == "json":
+        report.to_json(output_file)
+    elif output_format == "csv":
+        report.to_csv(output_file)
+    elif output_format == "yaml":
+        report.to_yaml(output_file)
+
+    console.print(f"[green]💾 Assessment saved to: {output_file}[/green]")
+
+
+def display_ou_structure(ous):
+    """Display OU structure in formatted table."""
+    from rich.table import Table
+
+    table = Table(title="AWS Organizations Structure")
+    table.add_column("Name", style="cyan")
+    table.add_column("ID", style="green")
+    table.add_column("Level", justify="center")
+    table.add_column("Parent ID", style="blue")
+
+    for ou in ous:
+        indent = "  " * ou.get("Level", 0)
+        table.add_row(
+            f"{indent}{ou.get('Name', 'Unknown')}", ou.get("Id", ""), str(ou.get("Level", 0)), ou.get("ParentId", "")
+        )
+
+    console.print(table)
 
 
 def save_ou_results(ous, output_format, output_file):
@@ -5300,6 +6147,273 @@ def scan(ctx, profile, region, dry_run, resources):
         sys.exit(1)
 
 
+# ============================================================================
+# DORA METRICS COMMANDS (Enterprise SRE Monitoring)
+# ============================================================================
+
+
+@main.group()
+@click.pass_context
+def dora(ctx):
+    """
+    📊 DORA metrics and SRE performance monitoring
+
+    Enterprise DORA metrics collection, analysis, and reporting for Site Reliability Engineering.
+    Tracks Lead Time, Deployment Frequency, Mean Time to Recovery (MTTR), and Change Failure Rate.
+
+    Features:
+    - Real-time DORA metrics calculation
+    - SLA compliance monitoring
+    - Automated incident detection
+    - Enterprise dashboard generation
+    - CloudWatch/Datadog integration
+
+    Examples:
+        runbooks dora report            # Generate comprehensive DORA report
+        runbooks dora dashboard         # Create SRE dashboard data
+        runbooks dora track-deployment  # Track git deployment
+        runbooks dora simulate          # Run demonstration simulation
+    """
+    pass
+
+
+@dora.command()
+@click.option("--days", default=30, help="Number of days to analyze (default: 30)")
+@click.option("--output-dir", default="./artifacts/sre-reports", help="Output directory for reports")
+@click.option("--format", type=click.Choice(["json", "console"]), default="console", help="Output format")
+@click.pass_context
+def report(ctx, days, output_dir, format):
+    """
+    📊 Generate comprehensive DORA metrics report
+
+    Creates enterprise-grade DORA metrics analysis including Lead Time,
+    Deployment Frequency, MTTR, Change Failure Rate, and SLA compliance.
+
+    Examples:
+        runbooks dora report --days 7 --format json
+        runbooks dora report --days 30 --output-dir ./reports
+    """
+    console.print("[cyan]📊 DORA Metrics Enterprise Report[/cyan]")
+
+    try:
+        from runbooks.metrics.dora_metrics_engine import DORAMetricsEngine
+
+        # Initialize DORA metrics engine
+        engine = DORAMetricsEngine()
+
+        # Generate comprehensive report
+        console.print(f"[dim]Analyzing last {days} days...[/dim]")
+        report_data = engine.generate_comprehensive_report(days_back=days)
+
+        if format == "json":
+            import json
+
+            output = json.dumps(report_data, indent=2, default=str)
+            console.print(output)
+        else:
+            # Display formatted console output
+            console.print(f"\n🎯 [bold]DORA Metrics Summary ({days} days)[/bold]")
+
+            # Performance Analysis
+            perf = report_data["performance_analysis"]
+            console.print(
+                f"Overall Performance: [bold]{perf['overall_performance_percentage']:.1f}%[/bold] ({perf['performance_grade']})"
+            )
+            console.print(f"SLA Compliance: [bold]{perf['sla_compliance_score']:.1f}%[/bold]")
+
+            # DORA Metrics
+            dora_metrics = report_data["dora_metrics"]
+            console.print(f"\n📈 [bold]Core DORA Metrics[/bold]")
+            console.print(
+                f"• Lead Time: [cyan]{dora_metrics['lead_time']['value']:.2f}[/cyan] {dora_metrics['lead_time']['unit']}"
+            )
+            console.print(
+                f"• Deploy Frequency: [cyan]{dora_metrics['deployment_frequency']['value']:.2f}[/cyan] {dora_metrics['deployment_frequency']['unit']}"
+            )
+            console.print(f"• Change Failure Rate: [cyan]{dora_metrics['change_failure_rate']['value']:.2%}[/cyan]")
+            console.print(f"• MTTR: [cyan]{dora_metrics['mttr']['value']:.2f}[/cyan] {dora_metrics['mttr']['unit']}")
+
+            # Recommendations
+            recommendations = report_data["recommendations"]
+            if recommendations:
+                console.print(f"\n💡 [bold]SRE Recommendations[/bold]")
+                for i, rec in enumerate(recommendations[:3], 1):  # Show top 3
+                    console.print(f"{i}. {rec}")
+
+            # Raw Data Summary
+            raw_data = report_data["raw_data"]
+            console.print(f"\n📋 [bold]Data Summary[/bold]")
+            console.print(f"• Deployments: {raw_data['deployments_count']}")
+            console.print(f"• Incidents: {raw_data['incidents_count']}")
+            console.print(f"• Automation Rate: {raw_data['automation_rate']:.1f}%")
+
+        console.print(f"\n[green]✅ DORA report generated for {days} days[/green]")
+        console.print(f"[dim]💾 Report saved to: {output_dir}/[/dim]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Error generating DORA report: {e}[/red]")
+        logger.error(f"DORA report failed: {e}")
+        sys.exit(1)
+
+
+@dora.command()
+@click.option("--days", default=30, help="Number of days to analyze for dashboard")
+@click.option("--output-file", help="Output file for dashboard JSON data")
+@click.option("--cloudwatch", is_flag=True, help="Export metrics to CloudWatch")
+@click.pass_context
+def dashboard(ctx, days, output_file, cloudwatch):
+    """
+    📊 Generate SRE dashboard data for visualization tools
+
+    Creates dashboard-ready data for SRE tools like Datadog, Grafana,
+    or CloudWatch with time series data and KPI summaries.
+
+    Examples:
+        runbooks dora dashboard --days 7 --cloudwatch
+        runbooks dora dashboard --output-file dashboard.json
+    """
+    console.print("[cyan]📊 Generating SRE Dashboard Data[/cyan]")
+
+    try:
+        from runbooks.metrics.dora_metrics_engine import DORAMetricsEngine
+
+        engine = DORAMetricsEngine()
+
+        # Generate dashboard data
+        console.print(f"[dim]Creating dashboard for last {days} days...[/dim]")
+        dashboard_data = engine.generate_sre_dashboard(days_back=days)
+
+        # Display KPI summary
+        kpis = dashboard_data["kpi_summary"]
+        console.print(f"\n🎯 [bold]Key Performance Indicators[/bold]")
+        console.print(f"• Performance Score: [cyan]{kpis['overall_performance_score']:.1f}%[/cyan]")
+        console.print(f"• SLA Compliance: [cyan]{kpis['sla_compliance_score']:.1f}%[/cyan]")
+        console.print(f"• DORA Health: [cyan]{kpis['dora_metrics_health']:.1f}%[/cyan]")
+        console.print(f"• Active Incidents: [cyan]{kpis['active_incidents']}[/cyan]")
+        console.print(f"• Automation: [cyan]{kpis['automation_percentage']:.1f}%[/cyan]")
+
+        # Export to file if requested
+        if output_file:
+            import json
+
+            with open(output_file, "w") as f:
+                json.dump(dashboard_data, f, indent=2, default=str)
+            console.print(f"\n[green]💾 Dashboard data exported: {output_file}[/green]")
+
+        # Export to CloudWatch if requested
+        if cloudwatch:
+            console.print(f"\n[dim]Exporting to CloudWatch...[/dim]")
+            success = engine.export_cloudwatch_metrics()
+            if success:
+                console.print("[green]✅ Metrics published to CloudWatch[/green]")
+            else:
+                console.print("[yellow]⚠️ CloudWatch export failed (check AWS permissions)[/yellow]")
+
+        console.print(f"\n[green]✅ SRE dashboard data generated[/green]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Error generating dashboard: {e}[/red]")
+        logger.error(f"DORA dashboard failed: {e}")
+        sys.exit(1)
+
+
+@dora.command()
+@click.option("--commit-sha", required=True, help="Git commit SHA")
+@click.option("--branch", default="main", help="Git branch name")
+@click.option("--author", help="Commit author")
+@click.option("--message", help="Commit message")
+@click.pass_context
+def track_deployment(ctx, commit_sha, branch, author, message):
+    """
+    🔗 Track deployment from git operations for DORA metrics
+
+    Automatically records deployment events for DORA metrics collection,
+    linking git commits to production deployments for lead time calculation.
+
+    Examples:
+        runbooks dora track-deployment --commit-sha abc123 --branch main --author developer
+        runbooks dora track-deployment --commit-sha def456 --message "Feature update"
+    """
+    console.print("[cyan]🔗 Tracking Git Deployment for DORA Metrics[/cyan]")
+
+    try:
+        from runbooks.metrics.dora_metrics_engine import DORAMetricsEngine
+
+        engine = DORAMetricsEngine()
+
+        # Track git deployment
+        deployment = engine.track_git_deployment(
+            commit_sha=commit_sha, branch=branch, author=author or "unknown", message=message or ""
+        )
+
+        console.print(f"\n✅ [bold]Deployment Tracked[/bold]")
+        console.print(f"• Deployment ID: [cyan]{deployment.deployment_id}[/cyan]")
+        console.print(f"• Environment: [cyan]{deployment.environment}[/cyan]")
+        console.print(f"• Version: [cyan]{deployment.version}[/cyan]")
+        console.print(f"• Branch: [cyan]{branch}[/cyan]")
+        console.print(f"• Author: [cyan]{author or 'unknown'}[/cyan]")
+
+        console.print(f"\n[green]🎯 Deployment automatically tracked for DORA lead time calculation[/green]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Error tracking deployment: {e}[/red]")
+        logger.error(f"DORA deployment tracking failed: {e}")
+        sys.exit(1)
+
+
+@dora.command()
+@click.option("--duration", default=5, help="Simulation duration in minutes")
+@click.option("--show-report", is_flag=True, help="Display comprehensive report after simulation")
+@click.pass_context
+def simulate(ctx, duration, show_report):
+    """
+    🧪 Run DORA metrics simulation for demonstration
+
+    Creates simulated deployment and incident events to demonstrate
+    DORA metrics calculation and reporting capabilities.
+
+    Examples:
+        runbooks dora simulate --duration 2 --show-report
+        runbooks dora simulate --duration 10
+    """
+    console.print("[cyan]🧪 Running DORA Metrics Simulation[/cyan]")
+
+    try:
+        import asyncio
+
+        from runbooks.metrics.dora_metrics_engine import simulate_dora_metrics_collection
+
+        # Run simulation
+        console.print(f"[dim]Simulating {duration} minutes of operations...[/dim]")
+
+        async def run_simulation():
+            return await simulate_dora_metrics_collection(duration_minutes=duration)
+
+        report = asyncio.run(run_simulation())
+
+        # Display results
+        perf = report["performance_analysis"]
+        console.print(f"\n🎯 [bold]Simulation Results[/bold]")
+        console.print(f"• Performance Grade: [cyan]{perf['performance_grade']}[/cyan]")
+        console.print(f"• Targets Met: [cyan]{sum(perf['targets_met'].values())}/{len(perf['targets_met'])}[/cyan]")
+        console.print(f"• Overall Score: [cyan]{perf['overall_performance_percentage']:.1f}%[/cyan]")
+
+        if show_report:
+            # Display comprehensive report
+            console.print(f"\n📊 [bold]Detailed DORA Metrics[/bold]")
+            for metric_name, metric_data in report["dora_metrics"].items():
+                console.print(
+                    f"• {metric_name.replace('_', ' ').title()}: [cyan]{metric_data['value']:.2f}[/cyan] {metric_data['unit']}"
+                )
+
+        console.print(f"\n[green]✅ DORA metrics simulation completed successfully[/green]")
+
+    except Exception as e:
+        console.print(f"[red]❌ Error running simulation: {e}[/red]")
+        logger.error(f"DORA simulation failed: {e}")
+        sys.exit(1)
+
+
 # ============================================================================
 # VPC NETWORKING COMMANDS (New Wrapper Architecture)
 # ============================================================================
@@ -5448,15 +6562,16 @@ def optimize(ctx, profile, region, dry_run, billing_profile, target_reduction, o
 # MCP VALIDATION FRAMEWORK
 # ============================================================================
 
+
 @main.group()
-@click.pass_context  
+@click.pass_context
 def validate(ctx):
     """
     🔍 MCP validation framework with 99.5% accuracy target
-    
+
     Comprehensive validation between runbooks outputs and MCP server results
     for enterprise AWS operations with real-time performance monitoring.
-    
+
     Examples:
         runbooks validate all                    # Full validation suite
         runbooks validate costs                  # Cost Explorer validation
@@ -5465,34 +6580,33 @@ def validate(ctx):
     """
     pass
 
+
 @validate.command()
 @common_aws_options
-@click.option('--tolerance', default=5.0, help='Tolerance percentage for variance detection')
-@click.option('--performance-target', default=30.0, help='Performance target in seconds')
-@click.option('--save-report', is_flag=True, help='Save detailed report to artifacts')
+@click.option("--tolerance", default=5.0, help="Tolerance percentage for variance detection")
+@click.option("--performance-target", default=30.0, help="Performance target in seconds")
+@click.option("--save-report", is_flag=True, help="Save detailed report to artifacts")
 @click.pass_context
 def all(ctx, profile, region, dry_run, tolerance, performance_target, save_report):
     """Run comprehensive MCP validation across all critical operations."""
-    
+
     console.print("[bold blue]🔍 Enterprise MCP Validation Framework[/bold blue]")
     console.print(f"Target Accuracy: 99.5% | Tolerance: ±{tolerance}% | Performance: <{performance_target}s")
-    
+
     try:
         import asyncio
+
         from runbooks.validation.mcp_validator import MCPValidator
-        
+
         # Initialize validator
-        validator = MCPValidator(
-            tolerance_percentage=tolerance,
-            performance_target_seconds=performance_target
-        )
-        
+        validator = MCPValidator(tolerance_percentage=tolerance, performance_target_seconds=performance_target)
+
         # Run validation
         report = asyncio.run(validator.validate_all_operations())
-        
-        # Display results  
+
+        # Display results
         validator.display_validation_report(report)
-        
+
         # Exit code based on results
         if report.overall_accuracy >= 99.5:
             console.print("[bold green]✅ Validation PASSED - Deploy with confidence[/bold green]")
@@ -5503,7 +6617,7 @@ def all(ctx, profile, region, dry_run, tolerance, performance_target, save_repor
         else:
             console.print("[bold red]❌ Validation FAILED - Address issues before deployment[/bold red]")
             sys.exit(2)
-            
+
     except ImportError as e:
         console.print(f"[red]❌ MCP validation dependencies not available: {e}[/red]")
         console.print("[yellow]Install with: pip install runbooks[mcp][/yellow]")
@@ -5512,39 +6626,41 @@ def all(ctx, profile, region, dry_run, tolerance, performance_target, save_repor
         console.print(f"[red]❌ Validation error: {e}[/red]")
         sys.exit(3)
 
+
 @validate.command()
 @common_aws_options
-@click.option('--tolerance', default=5.0, help='Cost variance tolerance percentage')
+@click.option("--tolerance", default=5.0, help="Cost variance tolerance percentage")
 @click.pass_context
 def costs(ctx, profile, region, dry_run, tolerance):
     """Validate Cost Explorer data accuracy."""
-    
+
     console.print("[bold cyan]💰 Cost Explorer Validation[/bold cyan]")
-    
+
     try:
         import asyncio
+
         from runbooks.validation.mcp_validator import MCPValidator
-        
+
         validator = MCPValidator(tolerance_percentage=tolerance)
         result = asyncio.run(validator.validate_cost_explorer())
-        
+
         # Display result
-        from rich.table import Table
         from rich import box
-        
+        from rich.table import Table
+
         table = Table(title="Cost Validation Result", box=box.ROUNDED)
         table.add_column("Metric", style="cyan")
         table.add_column("Value", style="bold")
-        
+
         status_color = "green" if result.status.value == "PASSED" else "red"
         table.add_row("Status", f"[{status_color}]{result.status.value}[/{status_color}]")
         table.add_row("Accuracy", f"{result.accuracy_percentage:.2f}%")
         table.add_row("Execution Time", f"{result.execution_time:.2f}s")
-        
+
         console.print(table)
-        
+
         sys.exit(0 if result.status.value == "PASSED" else 1)
-        
+
     except ImportError as e:
         console.print(f"[red]❌ MCP validation not available: {e}[/red]")
         sys.exit(3)
@@ -5552,43 +6668,45 @@ def costs(ctx, profile, region, dry_run, tolerance):
         console.print(f"[red]❌ Cost validation error: {e}[/red]")
         sys.exit(3)
 
+
 @validate.command()
 @common_aws_options
 @click.pass_context
 def organizations(ctx, profile, region, dry_run):
     """Validate Organizations API data accuracy."""
-    
+
     console.print("[bold cyan]🏢 Organizations Validation[/bold cyan]")
-    
+
     try:
         import asyncio
+
         from runbooks.validation.mcp_validator import MCPValidator
-        
+
         validator = MCPValidator()
         result = asyncio.run(validator.validate_organizations_data())
-        
+
         # Display result
-        from rich.table import Table
         from rich import box
-        
+        from rich.table import Table
+
         table = Table(title="Organizations Validation Result", box=box.ROUNDED)
         table.add_column("Metric", style="cyan")
         table.add_column("Value", style="bold")
-        
+
         status_color = "green" if result.status.value == "PASSED" else "red"
         table.add_row("Status", f"[{status_color}]{result.status.value}[/{status_color}]")
         table.add_row("Accuracy", f"{result.accuracy_percentage:.2f}%")
         table.add_row("Execution Time", f"{result.execution_time:.2f}s")
-        
+
         if result.variance_details:
-            details = result.variance_details.get('details', {})
-            table.add_row("Runbooks Accounts", str(details.get('runbooks_accounts', 'N/A')))
-            table.add_row("MCP Accounts", str(details.get('mcp_accounts', 'N/A')))
-        
+            details = result.variance_details.get("details", {})
+            table.add_row("Runbooks Accounts", str(details.get("runbooks_accounts", "N/A")))
+            table.add_row("MCP Accounts", str(details.get("mcp_accounts", "N/A")))
+
         console.print(table)
-        
+
         sys.exit(0 if result.status.value == "PASSED" else 1)
-        
+
     except ImportError as e:
         console.print(f"[red]❌ MCP validation not available: {e}[/red]")
         sys.exit(3)
@@ -5596,29 +6714,28 @@ def organizations(ctx, profile, region, dry_run):
         console.print(f"[red]❌ Organizations validation error: {e}[/red]")
         sys.exit(3)
 
+
 @validate.command()
-@click.option('--target-accuracy', default=99.5, help='Target accuracy percentage')
-@click.option('--iterations', default=5, help='Number of benchmark iterations')
-@click.option('--performance-target', default=30.0, help='Performance target in seconds')
+@click.option("--target-accuracy", default=99.5, help="Target accuracy percentage")
+@click.option("--iterations", default=5, help="Number of benchmark iterations")
+@click.option("--performance-target", default=30.0, help="Performance target in seconds")
 @click.pass_context
 def benchmark(ctx, target_accuracy, iterations, performance_target):
     """Run performance benchmark for MCP validation framework."""
-    
+
     console.print("[bold magenta]🏋️ MCP Validation Benchmark[/bold magenta]")
     console.print(f"Target: {target_accuracy}% | Iterations: {iterations} | Performance: <{performance_target}s")
-    
+
     try:
         import asyncio
+
         from runbooks.validation.benchmark import MCPBenchmarkRunner
-        
-        runner = MCPBenchmarkRunner(
-            target_accuracy=target_accuracy,
-            performance_target=performance_target
-        )
-        
+
+        runner = MCPBenchmarkRunner(target_accuracy=target_accuracy, performance_target=performance_target)
+
         suite = asyncio.run(runner.run_benchmark(iterations))
         runner.display_benchmark_results(suite)
-        
+
         # Exit based on benchmark results
         overall_status = runner._assess_benchmark_results(suite)
         if overall_status == "PASSED":
@@ -5627,7 +6744,7 @@ def benchmark(ctx, target_accuracy, iterations, performance_target):
             sys.exit(1)
         else:
             sys.exit(2)
-            
+
     except ImportError as e:
         console.print(f"[red]❌ MCP benchmark not available: {e}[/red]")
         sys.exit(3)
@@ -5635,67 +6752,73 @@ def benchmark(ctx, target_accuracy, iterations, performance_target):
         console.print(f"[red]❌ Benchmark error: {e}[/red]")
         sys.exit(3)
 
+
 @validate.command()
 @click.pass_context
 def status(ctx):
     """Show MCP validation framework status."""
-    
+
     console.print("[bold cyan]📊 MCP Validation Framework Status[/bold cyan]")
-    
-    from rich.table import Table
+
     from rich import box
-    
+    from rich.table import Table
+
     table = Table(title="Framework Status", box=box.ROUNDED)
     table.add_column("Component", style="cyan")
-    table.add_column("Status", style="bold") 
+    table.add_column("Status", style="bold")
     table.add_column("Details")
-    
+
     # Check MCP integration
     try:
         from notebooks.mcp_integration import MCPIntegrationManager
+
         table.add_row("MCP Integration", "[green]✅ Available[/green]", "Ready for validation")
     except ImportError:
         table.add_row("MCP Integration", "[red]❌ Unavailable[/red]", "Install MCP dependencies")
-    
+
     # Check validation framework
     try:
         from runbooks.validation.mcp_validator import MCPValidator
+
         table.add_row("Validation Framework", "[green]✅ Ready[/green]", "All components loaded")
     except ImportError as e:
         table.add_row("Validation Framework", "[red]❌ Missing[/red]", str(e))
-    
-    # Check benchmark suite  
+
+    # Check benchmark suite
     try:
         from runbooks.validation.benchmark import MCPBenchmarkRunner
+
         table.add_row("Benchmark Suite", "[green]✅ Ready[/green]", "Performance testing available")
     except ImportError as e:
         table.add_row("Benchmark Suite", "[red]❌ Missing[/red]", str(e))
-    
+
     # Check AWS profiles
     profiles = [
-        'ams-admin-Billing-ReadOnlyAccess-909135376185',
-        'ams-admin-ReadOnlyAccess-909135376185',
-        'ams-centralised-ops-ReadOnlyAccess-335083429030',
-        'ams-shared-services-non-prod-ReadOnlyAccess-499201730520'
+        "ams-admin-Billing-ReadOnlyAccess-909135376185",
+        "ams-admin-ReadOnlyAccess-909135376185",
+        "ams-centralised-ops-ReadOnlyAccess-335083429030",
+        "ams-shared-services-non-prod-ReadOnlyAccess-499201730520",
     ]
-    
+
     valid_profiles = 0
     for profile_name in profiles:
         try:
             session = boto3.Session(profile_name=profile_name)
-            sts = session.client('sts')
+            sts = session.client("sts")
             identity = sts.get_caller_identity()
             valid_profiles += 1
         except:
             pass
-    
+
     if valid_profiles == len(profiles):
-        table.add_row("AWS Profiles", "[green]✅ All Valid[/green]", f"{valid_profiles}/{len(profiles)} profiles configured")
+        table.add_row(
+            "AWS Profiles", "[green]✅ All Valid[/green]", f"{valid_profiles}/{len(profiles)} profiles configured"
+        )
     elif valid_profiles > 0:
         table.add_row("AWS Profiles", "[yellow]⚠️ Partial[/yellow]", f"{valid_profiles}/{len(profiles)} profiles valid")
     else:
         table.add_row("AWS Profiles", "[red]❌ None Valid[/red]", "Configure AWS profiles")
-    
+
     console.print(table)
 
 
@@ -5703,5 +6826,13 @@ def status(ctx):
 # MAIN ENTRY POINT
 # ============================================================================
 
-if __name__ == "__main__":
+
+def cli_entry_point():
+    """Entry point with preprocessing for space-separated profiles."""
+    # Preprocess command line to handle space-separated profiles
+    preprocess_space_separated_profiles()
     main()
+
+
+if __name__ == "__main__":
+    cli_entry_point()