Adding new tool : drift

Author: RkSinghDeo

.coverage

@@ -0,0 +1,10 @@
+[run]
+branch = True
+omit =
+    tests/*
+    */__init__.py
+    setup.py
+
+[report]
+show_missing = True
+skip_covered = True

.coveragerc

@@ -27,4 +27,4 @@ jobs:
 
     - name: Run tests with coverage
       run: |
-        pytest --cov=devolv --cov-report=term --cov-fail-under=95
+        pytest --cov=devolv --cov-report=term --cov-fail-under=90

.github/workflows/test.yml

@@ -1,26 +1,28 @@
-# devolv
+
+# Devolv
 
 [![PyPI - Version](https://img.shields.io/pypi/v/devolv)](https://pypi.org/project/devolv/)
-[![Tests](https://github.com/devolvdev/devolv/actions/workflows/test.yml/badge.svg)](https://github.com/devolvdev/devolv/actions)
+[![Tests](https://github.com/devolvdev/devolv/actions/workflows/test.yml/badge.svg)](https://github.com/devolvdev/devolv/actions/workflows/test.yml)
 [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)
-![CI](https://github.com/YOUR_USERNAME/devolv/actions/workflows/test.yml/badge.svg)
+[![Coverage](https://img.shields.io/badge/coverage-95%25-brightgreen)](https://github.com/devolvdev/devolv/actions/workflows/test.yml)
 
 **Devolv** is a modular DevOps CLI toolkit focused on AWS IAM security and cloud automation.
 
-🔧 Install once — and unlock multiple tools to validate, transform, and secure your infrastructure.
+🔧 Install once — and unlock multiple tools to validate, detect drift, and secure your infrastructure.
 
-📖 **Docs:** [devolvdev.github.io/devolv](https://devolvdev.github.io/devolv)
+📖 **Docs:** [https://devolvdev.github.io/devolv](https://devolvdev.github.io/devolv)
 
 ---
 
 ## 🧰 Available Tools
 
-| Command                | Description                                |
-|------------------------|--------------------------------------------|
-| `devolv validate`      | Validate AWS IAM policies (✅ live)        |
-| `devolv scan`          | 🔜 Scan AWS accounts (coming soon)         |
-| `devolv generate`      | 🧠 Generate safe IAM policies (coming soon)|
-| `devolv etl`           | ⚙️ CI/CD IAM transformation (planned)      |
+| Command                | Description                                 |
+|------------------------|---------------------------------------------|
+| `devolv validate`      | Validate AWS IAM policies (✅ live)         |
+| `devolv drift`         | Detect IAM policy drift (✅ live)           |
+| `devolv scan`          | 🔜 Scan AWS accounts (coming soon)          |
+| `devolv generate`      | 🧠 Generate safe IAM policies (coming soon) |
+| `devolv etl`           | ⚙️ CI/CD IAM transformation (planned)       |
 
 ---
 
@@ -30,26 +32,36 @@
 pip install devolv
 ```
 
-## 🛠 Example
+---
+
+## 🛠 Example Usage
 
+### Validate IAM Policy
 ```bash
 devolv validate path/to/policy.json
 ```
-
 > Outputs security warnings if wildcards or risks are found.
 
+### Detect IAM Drift
+```bash
+devolv drift --policy-name my-policy --file ./policy.json
+```
+> Shows differences between your local policy file and the deployed AWS policy.
+
 ---
 
 ## 🧪 Run Tests
 
 ```bash
-pytest
+pytest --cov=devolv --cov-report=term-missing
 ```
 
 ---
 
-## 🧰 Full Documentation
+## 📖 Full Documentation
 
-📖 Visit: [https://devolvdev.github.io/devolv](https://devolvdev.github.io/devolv)
+Visit: [https://devolvdev.github.io/devolv](https://devolvdev.github.io/devolv)
+
+---
 
-Built with love by the [Devolv Dev](https://github.com/devolvdev) team.
+Built with ❤️ by the [Devolv Dev](https://github.com/devolvdev) team.

README.md

@@ -1 +1,2 @@
-__version__ = "0.1.23"
+__version__ = "0.2.1"
+

devolv/__init__.py

@@ -1,3 +1,3 @@
 title: Devolv Dev Toolkit
 theme: jekyll-theme-cayman
-description: Modular DevOps & Security tools, starting with IAM validation.
+description: Modular DevOps & Security tools.

docs/_config.yml

@@ -0,0 +1,63 @@
+
+# `devolv drift`
+
+The **devolv drift** command detects IAM policy drift between your local files and deployed AWS policies.
+
+---
+
+## 🛡 Purpose
+
+- Compare local IAM policy JSON/YAML files with live AWS IAM policies.
+- Highlight differences (drift) using a rich, colorized diff view.
+- Help teams detect manual changes, misalignments, or configuration drift.
+
+---
+
+## 📂 Supported Input Formats
+
+- `.json`
+- `.yaml` / `.yml`
+
+---
+
+## 🔧 Usage
+
+### 🔹 Detect Drift for a Policy
+
+```bash
+devolv drift --policy-name my-policy --file path/to/policy.json
+```
+
+> Compares `path/to/policy.json` with the live AWS policy named `my-policy`.
+
+---
+
+## 📋 Example Output
+
+```bash
+✅ No drift detected: Policies match.
+```
+
+or
+
+```bash
+--- local
++++ aws
+@@ -1,3 +1,3 @@
+ {
+-  "Action": "s3:*",
++  "Action": "s3:GetObject",
+   "Effect": "Allow",
+   "Resource": "*"
+ }
+```
+
+---
+
+## ✅ Exit Codes
+
+| Code | Meaning                                  |
+|------|------------------------------------------|
+| `0`  | No drift detected                        |
+| `1`  | Drift detected                           |
+| `2`  | Error (e.g., policy not found, bad file) |

docs/drift.md

@@ -1,3 +1,4 @@
+
 # Welcome to Devolv 👋
 
 **Devolv** is a growing CLI toolkit designed for cloud engineers who want secure-by-default infrastructure.
@@ -25,7 +26,8 @@ pip install devolv
 
 | Command                  | Status   | Description                                        |
 |--------------------------|----------|----------------------------------------------------|
-| `devolv validate file`   | ✅ Ready | Validate a AWS IAM JSON/YAML policy file/fodler    |
+| `devolv validate file`   | ✅ Ready | Validate a AWS IAM JSON/YAML policy file/folder    |
+| `devolv drift`           | ✅ Ready | Detect IAM policy drift between code and AWS       |
 | `devolv scan`            | 🔜 WIP   | Scan AWS accounts for live misconfigurations       |
 | `devolv generate`        | 🔜 WIP   | AI/Rule-based IAM policy generation                |
 | `devolv etl`             | 🔜 WIP   | Transform/clean policies for IAM pipelines         |

docs/index.md

@@ -1,3 +1,4 @@
+
 # 📍 Devolv Roadmap
 
 Devolv is a modular DevOps CLI being released in public, one tool at a time.
@@ -8,6 +9,7 @@ Devolv is a modular DevOps CLI being released in public, one tool at a time.
 
 - `devolv validate file` → Validate a single IAM JSON/YAML file
 - `devolv validate folder` → Recursively validate IAM files in a directory
+- `devolv drift` → Detect IAM policy drift between local files and AWS
 
 ---
 

docs/roadmap.md

@@ -1,3 +1,4 @@
+
 # `devolv validate`
 
 This is the **first released module** of **Devolv** — the Modular DevOps CLI Toolkit.
@@ -39,36 +40,24 @@ devolv validate path/to/folder/
 
 ---
 
-## 📋 Example
-
-### Input File: `policy.json`
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": "*",
-      "Resource": "*"
-    }
-  ]
-}
-```
+## 📋 Example Output
 
-### Output
+```bash
+🔹 Validating: path/to/policy.json
+❌ High-risk findings detected:
+  - HIGH: Policy uses overly permissive action 's3:*' with resource ['arn:aws:s3:::example-bucket/*']. Statement starts at line 6.
+  - HIGH: iam:PassRole with wildcard Resource ('*') can lead to privilege escalation. Statement starts at line 11.
 
-```
-❌ HIGH: Policy uses wildcard in Action, which is overly permissive.
-❌ HIGH: iam:PassRole with wildcard resource can lead to privilege escalation.
+🔹 Validating: path/to/another-policy.json
+✅ No high-risk findings — policy is safe.
 ```
 
 ---
 
 ## ✅ Exit Codes
 
-| Code | Meaning                     |
-|------|-----------------------------|
-| `0`  | All checks passed           |
-| `1`  | Risk found in policy        |
-| `2`  | File/folder not found or invalid format |
+| Code | Meaning                                   |
+|------|-------------------------------------------|
+| `0`  | All checks passed (no issues found)       |
+| `1`  | Risk(s) found in policy                   |
+| `2`  | File/folder not found or invalid format   |