PyPI - runbooks - Versions diffs - 0.9.9__py3-none-any.whl → 1.0.1__py3-none-any.whl - Mend

runbooks 0.9.9py3-none-any.whl → 1.0.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

runbooks/__init__.py +1 -1
runbooks/cfat/WEIGHT_CONFIG_README.md +368 -0
runbooks/cfat/app.ts +27 -19
runbooks/cfat/assessment/runner.py +6 -5
runbooks/cfat/cloud_foundations_assessment.py +626 -0
runbooks/cfat/tests/test_weight_configuration.ts +449 -0
runbooks/cfat/weight_config.ts +574 -0
runbooks/cloudops/cost_optimizer.py +95 -33
runbooks/common/__init__.py +26 -9
runbooks/common/aws_pricing.py +1353 -0
runbooks/common/aws_pricing_api.py +205 -0
runbooks/common/aws_utils.py +2 -2
runbooks/common/comprehensive_cost_explorer_integration.py +979 -0
runbooks/common/cross_account_manager.py +606 -0
runbooks/common/date_utils.py +115 -0
runbooks/common/enhanced_exception_handler.py +14 -7
runbooks/common/env_utils.py +96 -0
runbooks/common/mcp_cost_explorer_integration.py +5 -4
runbooks/common/mcp_integration.py +49 -2
runbooks/common/organizations_client.py +579 -0
runbooks/common/profile_utils.py +127 -72
runbooks/common/rich_utils.py +3 -3
runbooks/finops/cost_optimizer.py +2 -1
runbooks/finops/dashboard_runner.py +47 -28
runbooks/finops/ebs_optimizer.py +56 -9
runbooks/finops/elastic_ip_optimizer.py +13 -9
runbooks/finops/embedded_mcp_validator.py +31 -0
runbooks/finops/enhanced_trend_visualization.py +10 -4
runbooks/finops/finops_dashboard.py +6 -5
runbooks/finops/iam_guidance.py +6 -1
runbooks/finops/markdown_exporter.py +217 -2
runbooks/finops/nat_gateway_optimizer.py +76 -20
runbooks/finops/tests/test_integration.py +3 -1
runbooks/finops/vpc_cleanup_exporter.py +28 -26
runbooks/finops/vpc_cleanup_optimizer.py +363 -16
runbooks/inventory/__init__.py +10 -1
runbooks/inventory/cloud_foundations_integration.py +409 -0
runbooks/inventory/core/collector.py +1177 -94
runbooks/inventory/discovery.md +339 -0
runbooks/inventory/drift_detection_cli.py +327 -0
runbooks/inventory/inventory_mcp_cli.py +171 -0
runbooks/inventory/inventory_modules.py +6 -9
runbooks/inventory/list_ec2_instances.py +3 -3
runbooks/inventory/mcp_inventory_validator.py +2149 -0
runbooks/inventory/mcp_vpc_validator.py +23 -6
runbooks/inventory/organizations_discovery.py +104 -9
runbooks/inventory/rich_inventory_display.py +129 -1
runbooks/inventory/unified_validation_engine.py +1279 -0
runbooks/inventory/verify_ec2_security_groups.py +3 -1
runbooks/inventory/vpc_analyzer.py +825 -7
runbooks/inventory/vpc_flow_analyzer.py +36 -42
runbooks/main.py +708 -47
runbooks/monitoring/performance_monitor.py +11 -7
runbooks/operate/base.py +9 -6
runbooks/operate/deployment_framework.py +5 -4
runbooks/operate/deployment_validator.py +6 -5
runbooks/operate/dynamodb_operations.py +6 -5
runbooks/operate/ec2_operations.py +3 -2
runbooks/operate/mcp_integration.py +6 -5
runbooks/operate/networking_cost_heatmap.py +21 -16
runbooks/operate/s3_operations.py +13 -12
runbooks/operate/vpc_operations.py +100 -12
runbooks/remediation/base.py +4 -2
runbooks/remediation/commons.py +5 -5
runbooks/remediation/commvault_ec2_analysis.py +68 -15
runbooks/remediation/config/accounts_example.json +31 -0
runbooks/remediation/ec2_unattached_ebs_volumes.py +6 -3
runbooks/remediation/multi_account.py +120 -7
runbooks/remediation/rds_snapshot_list.py +5 -3
runbooks/remediation/remediation_cli.py +710 -0
runbooks/remediation/universal_account_discovery.py +377 -0
runbooks/security/compliance_automation_engine.py +99 -20
runbooks/security/config/__init__.py +24 -0
runbooks/security/config/compliance_config.py +255 -0
runbooks/security/config/compliance_weights_example.json +22 -0
runbooks/security/config_template_generator.py +500 -0
runbooks/security/security_cli.py +377 -0
runbooks/validation/__init__.py +21 -1
runbooks/validation/cli.py +8 -7
runbooks/validation/comprehensive_2way_validator.py +2007 -0
runbooks/validation/mcp_validator.py +965 -101
runbooks/validation/terraform_citations_validator.py +363 -0
runbooks/validation/terraform_drift_detector.py +1098 -0
runbooks/vpc/cleanup_wrapper.py +231 -10
runbooks/vpc/config.py +346 -73
runbooks/vpc/cross_account_session.py +312 -0
runbooks/vpc/heatmap_engine.py +115 -41
runbooks/vpc/manager_interface.py +9 -9
runbooks/vpc/mcp_no_eni_validator.py +1630 -0
runbooks/vpc/networking_wrapper.py +14 -8
runbooks/vpc/runbooks_adapter.py +33 -12
runbooks/vpc/tests/conftest.py +4 -2
runbooks/vpc/tests/test_cost_engine.py +4 -2
runbooks/vpc/unified_scenarios.py +73 -3
runbooks/vpc/vpc_cleanup_integration.py +512 -78
{runbooks-0.9.9.dist-info → runbooks-1.0.1.dist-info}/METADATA +94 -52
{runbooks-0.9.9.dist-info → runbooks-1.0.1.dist-info}/RECORD +101 -81
runbooks/finops/runbooks.inventory.organizations_discovery.log +0 -0
runbooks/finops/runbooks.security.report_generator.log +0 -0
runbooks/finops/runbooks.security.run_script.log +0 -0
runbooks/finops/runbooks.security.security_export.log +0 -0
runbooks/finops/tests/results_test_finops_dashboard.xml +0 -1
runbooks/inventory/artifacts/scale-optimize-status.txt +0 -12
runbooks/inventory/runbooks.inventory.organizations_discovery.log +0 -0
runbooks/inventory/runbooks.security.report_generator.log +0 -0
runbooks/inventory/runbooks.security.run_script.log +0 -0
runbooks/inventory/runbooks.security.security_export.log +0 -0
{runbooks-0.9.9.dist-info → runbooks-1.0.1.dist-info}/WHEEL +0 -0
{runbooks-0.9.9.dist-info → runbooks-1.0.1.dist-info}/entry_points.txt +0 -0
{runbooks-0.9.9.dist-info → runbooks-1.0.1.dist-info}/licenses/LICENSE +0 -0
{runbooks-0.9.9.dist-info → runbooks-1.0.1.dist-info}/top_level.txt +0 -0

runbooks/cfat/weight_config.ts ADDED Viewed

@@ -0,0 +1,574 @@
+/**
+ * Dynamic Weight Configuration System for CFAT Assessment
+ *
+ * Replaces 30+ hardcoded weight values with flexible, environment-aware
+ * configuration system supporting multiple compliance frameworks.
+ *
+ * Enterprise Features:
+ * - Framework-specific weight profiles (AWS Well-Architected, SOC2, etc.)
+ * - Environment-based weight adjustments (dev, staging, prod)
+ * - Dynamic weight calculation based on organization size
+ * - Override capabilities for specific requirements
+ */
+export interface WeightConfig {
+  // Core organizational checks
+  organization_created: number;
+  management_account_created: number;
+  // Identity and access management
+  iam_users_removed: number;
+  iam_idc_org_service_enabled: number;
+  iam_idc_configured: number;
+  // Resource management (Security best practices)
+  ec2_instances_removed: number;
+  vpc_removed: number;
+  // Logging and monitoring (Critical for compliance)
+  cloudtrail_created: number;
+  cloudtrail_org_service_enabled: number;
+  cloudtrail_org_trail_deployed: number;
+  config_recorder_management: number;
+  config_delivery_channel_management: number;
+  // Service integrations (Operational excellence)
+  cloudformation_stacksets_activated: number;
+  cloudformation_org_service_enabled: number;
+  guardduty_org_service_enabled: number;
+  ram_org_service_enabled: number;
+  securityhub_org_service_enabled: number;
+  iam_access_analyzer_org_service_enabled: number;
+  config_org_service_enabled: number;
+  backup_org_service_enabled: number;
+  // Organizational structure
+  infrastructure_ou_deployed: number;
+  security_ou_deployed: number;
+  workloads_ou_deployed: number;
+  // Governance and policies
+  scp_enabled: number;
+  tag_policy_enabled: number;
+  backup_policy_enabled: number;
+  // Control Tower (Landing Zone foundation)
+  control_tower_deployed: number;
+  control_tower_latest_version: number;
+  control_tower_not_drifted: number;
+  // Core accounts
+  log_archive_account_deployed: number;
+  audit_account_deployed: number;
+  // Legacy compliance
+  legacy_cur_setup: number;
+}
+export enum ComplianceFramework {
+  AWS_WELL_ARCHITECTED = 'aws-well-architected',
+  SOC2 = 'soc2',
+  PCI_DSS = 'pci-dss',
+  HIPAA = 'hipaa',
+  NIST = 'nist',
+  ISO_27001 = 'iso-27001',
+  CIS_BENCHMARKS = 'cis',
+  CUSTOM = 'custom'
+}
+export enum EnvironmentType {
+  DEVELOPMENT = 'development',
+  STAGING = 'staging',
+  PRODUCTION = 'production',
+  SANDBOX = 'sandbox'
+}
+export enum OrganizationSize {
+  SMALL = 'small',      // < 10 accounts
+  MEDIUM = 'medium',    // 10-100 accounts
+  LARGE = 'large',      // 100-1000 accounts
+  ENTERPRISE = 'enterprise' // > 1000 accounts
+}
+/**
+ * Default weight configurations for different compliance frameworks
+ */
+export const FRAMEWORK_WEIGHTS: Record<ComplianceFramework, WeightConfig> = {
+  [ComplianceFramework.AWS_WELL_ARCHITECTED]: {
+    // Foundational requirements (Critical - Weight 6)
+    organization_created: 6,
+    management_account_created: 6,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 6,
+    control_tower_deployed: 6,
+    control_tower_not_drifted: 6,
+    security_ou_deployed: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6,
+    // Important but not critical (Weight 5)
+    cloudformation_stacksets_activated: 5,
+    cloudformation_org_service_enabled: 5,
+    infrastructure_ou_deployed: 5,
+    workloads_ou_deployed: 5,
+    backup_policy_enabled: 5,
+    control_tower_latest_version: 5,
+    // Best practices (Weight 4)
+    iam_users_removed: 4,
+    ec2_instances_removed: 4,
+    vpc_removed: 4,
+    legacy_cur_setup: 4,
+    guardduty_org_service_enabled: 4,
+    ram_org_service_enabled: 4,
+    securityhub_org_service_enabled: 4,
+    iam_access_analyzer_org_service_enabled: 4,
+    config_org_service_enabled: 4,
+    backup_org_service_enabled: 4
+  },
+  [ComplianceFramework.SOC2]: {
+    // SOC2 emphasizes security and availability (Higher security weights)
+    organization_created: 6,
+    management_account_created: 6,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 5,
+    control_tower_deployed: 6,
+    control_tower_not_drifted: 6,
+    security_ou_deployed: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6,
+    securityhub_org_service_enabled: 6, // Higher weight for SOC2
+    iam_access_analyzer_org_service_enabled: 6, // Higher weight for SOC2
+    // Enhanced security monitoring
+    cloudformation_stacksets_activated: 5,
+    cloudformation_org_service_enabled: 5,
+    infrastructure_ou_deployed: 5,
+    workloads_ou_deployed: 5,
+    backup_policy_enabled: 6, // Higher for data protection
+    control_tower_latest_version: 5,
+    guardduty_org_service_enabled: 6, // Higher for threat detection
+    // Management account hygiene (Important for SOC2)
+    iam_users_removed: 5, // Higher weight for SOC2
+    ec2_instances_removed: 5, // Higher weight for SOC2
+    vpc_removed: 5, // Higher weight for SOC2
+    legacy_cur_setup: 4,
+    ram_org_service_enabled: 4,
+    config_org_service_enabled: 5,
+    backup_org_service_enabled: 6
+  },
+  [ComplianceFramework.PCI_DSS]: {
+    // PCI-DSS focuses on data protection and network security
+    organization_created: 6,
+    management_account_created: 6,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 6,
+    control_tower_deployed: 6,
+    control_tower_not_drifted: 6,
+    security_ou_deployed: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6,
+    // Enhanced for PCI-DSS network and data requirements
+    securityhub_org_service_enabled: 6,
+    iam_access_analyzer_org_service_enabled: 6,
+    guardduty_org_service_enabled: 6,
+    backup_policy_enabled: 6,
+    backup_org_service_enabled: 6,
+    // Network isolation requirements
+    iam_users_removed: 6, // Critical for PCI-DSS
+    ec2_instances_removed: 6, // Critical for network isolation
+    vpc_removed: 6, // Critical for network isolation
+    cloudformation_stacksets_activated: 5,
+    cloudformation_org_service_enabled: 5,
+    infrastructure_ou_deployed: 5,
+    workloads_ou_deployed: 5,
+    control_tower_latest_version: 5,
+    legacy_cur_setup: 4,
+    ram_org_service_enabled: 4,
+    config_org_service_enabled: 5
+  },
+  [ComplianceFramework.HIPAA]: {
+    // HIPAA emphasizes data protection and audit trails
+    organization_created: 6,
+    management_account_created: 6,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 6,
+    control_tower_deployed: 6,
+    control_tower_not_drifted: 6,
+    security_ou_deployed: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6,
+    // Data protection and monitoring
+    securityhub_org_service_enabled: 6,
+    iam_access_analyzer_org_service_enabled: 6,
+    backup_policy_enabled: 6,
+    backup_org_service_enabled: 6,
+    config_org_service_enabled: 6,
+    // Audit and compliance
+    cloudformation_stacksets_activated: 5,
+    cloudformation_org_service_enabled: 5,
+    infrastructure_ou_deployed: 5,
+    workloads_ou_deployed: 5,
+    control_tower_latest_version: 5,
+    guardduty_org_service_enabled: 5,
+    // Access controls
+    iam_users_removed: 5,
+    ec2_instances_removed: 4,
+    vpc_removed: 4,
+    legacy_cur_setup: 4,
+    ram_org_service_enabled: 4
+  },
+  [ComplianceFramework.NIST]: {
+    // NIST Cybersecurity Framework alignment
+    organization_created: 6,
+    management_account_created: 6,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 5,
+    control_tower_deployed: 6,
+    control_tower_not_drifted: 6,
+    security_ou_deployed: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6,
+    // Identify, Protect, Detect framework
+    securityhub_org_service_enabled: 6,
+    iam_access_analyzer_org_service_enabled: 6,
+    guardduty_org_service_enabled: 6,
+    backup_policy_enabled: 5,
+    backup_org_service_enabled: 5,
+    cloudformation_stacksets_activated: 5,
+    cloudformation_org_service_enabled: 5,
+    infrastructure_ou_deployed: 5,
+    workloads_ou_deployed: 5,
+    control_tower_latest_version: 5,
+    config_org_service_enabled: 5,
+    iam_users_removed: 4,
+    ec2_instances_removed: 4,
+    vpc_removed: 4,
+    legacy_cur_setup: 4,
+    ram_org_service_enabled: 4
+  },
+  [ComplianceFramework.ISO_27001]: {
+    // ISO 27001 Information Security Management
+    organization_created: 6,
+    management_account_created: 6,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 6,
+    control_tower_deployed: 6,
+    control_tower_not_drifted: 6,
+    security_ou_deployed: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6,
+    // Information security controls
+    securityhub_org_service_enabled: 6,
+    iam_access_analyzer_org_service_enabled: 6,
+    backup_policy_enabled: 6,
+    backup_org_service_enabled: 6,
+    config_org_service_enabled: 6,
+    guardduty_org_service_enabled: 5,
+    cloudformation_stacksets_activated: 5,
+    cloudformation_org_service_enabled: 5,
+    infrastructure_ou_deployed: 5,
+    workloads_ou_deployed: 5,
+    control_tower_latest_version: 5,
+    iam_users_removed: 5,
+    ec2_instances_removed: 4,
+    vpc_removed: 4,
+    legacy_cur_setup: 4,
+    ram_org_service_enabled: 4
+  },
+  [ComplianceFramework.CIS_BENCHMARKS]: {
+    // CIS Controls alignment
+    organization_created: 6,
+    management_account_created: 6,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 5,
+    control_tower_deployed: 6,
+    control_tower_not_drifted: 6,
+    security_ou_deployed: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6,
+    // CIS Controls emphasis
+    securityhub_org_service_enabled: 6,
+    iam_access_analyzer_org_service_enabled: 6,
+    guardduty_org_service_enabled: 6,
+    backup_policy_enabled: 5,
+    backup_org_service_enabled: 5,
+    config_org_service_enabled: 6,
+    cloudformation_stacksets_activated: 5,
+    cloudformation_org_service_enabled: 5,
+    infrastructure_ou_deployed: 5,
+    workloads_ou_deployed: 5,
+    control_tower_latest_version: 5,
+    // Asset and access management
+    iam_users_removed: 5,
+    ec2_instances_removed: 5,
+    vpc_removed: 5,
+    legacy_cur_setup: 4,
+    ram_org_service_enabled: 4
+  },
+  [ComplianceFramework.CUSTOM]: {
+    // Balanced default weights (original hardcoded values preserved)
+    organization_created: 6,
+    management_account_created: 6,
+    iam_users_removed: 4,
+    ec2_instances_removed: 4,
+    vpc_removed: 4,
+    legacy_cur_setup: 4,
+    cloudtrail_created: 6,
+    cloudtrail_org_service_enabled: 6,
+    cloudtrail_org_trail_deployed: 6,
+    config_recorder_management: 6,
+    config_delivery_channel_management: 6,
+    cloudformation_stacksets_activated: 5,
+    guardduty_org_service_enabled: 4,
+    ram_org_service_enabled: 4,
+    securityhub_org_service_enabled: 4,
+    iam_access_analyzer_org_service_enabled: 4,
+    config_org_service_enabled: 4,
+    cloudformation_org_service_enabled: 5,
+    backup_org_service_enabled: 4,
+    infrastructure_ou_deployed: 5,
+    security_ou_deployed: 6,
+    workloads_ou_deployed: 5,
+    iam_idc_org_service_enabled: 6,
+    iam_idc_configured: 6,
+    scp_enabled: 6,
+    tag_policy_enabled: 6,
+    backup_policy_enabled: 5,
+    control_tower_deployed: 6,
+    control_tower_latest_version: 5,
+    control_tower_not_drifted: 6,
+    log_archive_account_deployed: 6,
+    audit_account_deployed: 6
+  }
+};
+/**
+ * Environment-based weight modifiers
+ */
+export const ENVIRONMENT_MODIFIERS: Record<EnvironmentType, number> = {
+  [EnvironmentType.DEVELOPMENT]: 0.8,  // 20% reduction for dev environments
+  [EnvironmentType.STAGING]: 0.9,     // 10% reduction for staging
+  [EnvironmentType.PRODUCTION]: 1.0,   // Full weight for production
+  [EnvironmentType.SANDBOX]: 0.6      // 40% reduction for sandbox
+};
+/**
+ * Organization size-based weight adjustments
+ */
+export const SIZE_MODIFIERS: Record<OrganizationSize, Partial<WeightConfig>> = {
+  [OrganizationSize.SMALL]: {
+    // Small orgs might not need all enterprise features
+    infrastructure_ou_deployed: -1,
+    workloads_ou_deployed: -1,
+    backup_policy_enabled: -1
+  },
+  [OrganizationSize.MEDIUM]: {
+    // Medium orgs benefit from all features
+  },
+  [OrganizationSize.LARGE]: {
+    // Large orgs need enhanced governance
+    scp_enabled: +1,
+    tag_policy_enabled: +1,
+    backup_policy_enabled: +1
+  },
+  [OrganizationSize.ENTERPRISE]: {
+    // Enterprise requires maximum governance
+    scp_enabled: +1,
+    tag_policy_enabled: +1,
+    backup_policy_enabled: +1,
+    control_tower_deployed: +1,
+    security_ou_deployed: +1
+  }
+};
+/**
+ * Get dynamic weight configuration based on environment context
+ */
+export function getWeightConfig(
+  framework: ComplianceFramework = ComplianceFramework.AWS_WELL_ARCHITECTED,
+  environment: EnvironmentType = EnvironmentType.PRODUCTION,
+  orgSize: OrganizationSize = OrganizationSize.MEDIUM,
+  customOverrides: Partial<WeightConfig> = {}
+): WeightConfig {
+  // Start with framework-specific weights
+  const baseWeights = { ...FRAMEWORK_WEIGHTS[framework] };
+  // Apply environment modifier
+  const envModifier = ENVIRONMENT_MODIFIERS[environment];
+  // Apply size-based adjustments
+  const sizeAdjustments = SIZE_MODIFIERS[orgSize] || {};
+  // Calculate final weights
+  const finalWeights: WeightConfig = { ...baseWeights };
+  // Apply environment modifier (multiply by modifier, round to nearest integer)
+  Object.keys(finalWeights).forEach(key => {
+    const typedKey = key as keyof WeightConfig;
+    finalWeights[typedKey] = Math.round(baseWeights[typedKey] * envModifier);
+  });
+  // Apply size adjustments (add/subtract values)
+  Object.keys(sizeAdjustments).forEach(key => {
+    const typedKey = key as keyof WeightConfig;
+    if (finalWeights[typedKey] !== undefined && sizeAdjustments[typedKey] !== undefined) {
+      finalWeights[typedKey] = Math.max(1, finalWeights[typedKey] + sizeAdjustments[typedKey]!);
+    }
+  });
+  // Apply custom overrides
+  Object.keys(customOverrides).forEach(key => {
+    const typedKey = key as keyof WeightConfig;
+    if (customOverrides[typedKey] !== undefined) {
+      finalWeights[typedKey] = customOverrides[typedKey]!;
+    }
+  });
+  return finalWeights;
+}
+/**
+ * Validate weight configuration values
+ */
+export function validateWeightConfig(config: WeightConfig): { valid: boolean; errors: string[] } {
+  const errors: string[] = [];
+  Object.entries(config).forEach(([key, value]) => {
+    if (typeof value !== 'number') {
+      errors.push(`Weight for ${key} must be a number, got ${typeof value}`);
+    } else if (value < 1 || value > 10) {
+      errors.push(`Weight for ${key} must be between 1 and 10, got ${value}`);
+    } else if (!Number.isInteger(value)) {
+      errors.push(`Weight for ${key} must be an integer, got ${value}`);
+    }
+  });
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+/**
+ * Load weight configuration from environment variables or defaults
+ */
+export function loadWeightConfigFromEnv(): {
+  framework: ComplianceFramework;
+  environment: EnvironmentType;
+  orgSize: OrganizationSize;
+  customOverrides: Partial<WeightConfig>;
+} {
+  // Load from environment variables with sensible defaults
+  const framework = (process.env.CFAT_COMPLIANCE_FRAMEWORK as ComplianceFramework)
+    || ComplianceFramework.AWS_WELL_ARCHITECTED;
+  const environment = (process.env.CFAT_ENVIRONMENT_TYPE as EnvironmentType)
+    || EnvironmentType.PRODUCTION;
+  const orgSize = (process.env.CFAT_ORG_SIZE as OrganizationSize)
+    || OrganizationSize.MEDIUM;
+  // Load custom overrides from environment (JSON format)
+  let customOverrides: Partial<WeightConfig> = {};
+  const customOverridesEnv = process.env.CFAT_WEIGHT_OVERRIDES;
+  if (customOverridesEnv) {
+    try {
+      customOverrides = JSON.parse(customOverridesEnv);
+    } catch (error) {
+      console.warn('Invalid JSON in CFAT_WEIGHT_OVERRIDES, using defaults:', error);
+    }
+  }
+  return {
+    framework,
+    environment,
+    orgSize,
+    customOverrides
+  };
+}
+/**
+ * Export default configuration for easy importing
+ */
+export function getDefaultWeightConfig(): WeightConfig {
+  const envConfig = loadWeightConfigFromEnv();
+  return getWeightConfig(
+    envConfig.framework,
+    envConfig.environment,
+    envConfig.orgSize,
+    envConfig.customOverrides
+  );
+}

runbooks 0.9.9__py3-none-any.whl → 1.0.1__py3-none-any.whl

runbooks 0.9.9py3-none-any.whl → 1.0.1py3-none-any.whl