โ˜๏ธ QWED-Infra

July 2, 2026 ยท View on GitHub

QWED Logo

โ˜๏ธ QWED-Infra

Deterministic Verification for Infrastructure as Code (IaC)

"Don't let AI hallucinate your cloud bill to $20,000."

Verified by QWED PyPI License Python 3.10+ GitHub stars GitHub Developer Program

Sponsor QWED on GitHub

Twitter LinkedIn


๐Ÿšจ The Problem

AI agents like Devin, GitHub Copilot Workspace, and Cursor are writing Terraform and Kubernetes configs. But AI doesn't understand consequences.

CaseWhat AI WroteReal World Impact
IAM PermissionAction: "s3:*", Resource: "*"Data Breach: Entire bucket exposed to public.
Network RuleIngress: 0.0.0.0/0, Port: 22Ransomware: SSH open to the whole internet.
Instance Typeinstance_type = "p4d.24xlarge"Bankrupt: $23,000/month bill for a dev env.

๐Ÿ’ก What QWED-Infra Is (and Isn't)

โœ… QWED-Infra IS:

  • A Deterministic Verification Engine: Uses Z3 Theorem Prover to prove IAM action/resource matching, with IP and date conditions evaluated deterministically in Python.
  • A Graph Analyzer: Uses NetworkX to map and verify network reachability (Reachability Analysis).
  • An Artifact Boundary Gate: Scans release packages for secrets, debug artifacts, and misconfigured build paths โ€” blocks unsafe releases before they ship.
  • Deterministic: Inputs are code, output is True/False with 100% certainty.
  • A "Guard" Layer: Plugs into CI/CD to block AI-generated PRs that violate rules.

โŒ QWED-Infra is NOT:

  • A Linter: We don't just check syntax (like TFLint). We check logic.
  • A Cost Explorer: We predict costs before deployment, not after you get the bill.
  • Black Box AI: We don't use LLMs to verify LLMs. We use Math.

๐Ÿ†š How We're Different

FeatureTFLint / Checkov / TFSecQWED-Infra
ApproachRegex / Static Pattern MatchingSymbolic Execution (Z3) & Graph Theory
IAM LogicCan catch s3:* text matchProves Allow overrides Deny logically
NetworkChecks generic "port 22 open"Traces Internet -> IGW -> Route -> SG -> Subnet (fail-closed on NAT/NACL/peering)
CostN/A (usually distinct tools)Deterministic Pre-Deployment Estimation
AccuracyHigh False PositivesDeterministic Correctness

๐Ÿ›ก๏ธ The Four Guards

1. IamGuard (The Security Math)

Converts AWS IAM Policies into logical formulas.

  • Wildcards: Handles s3:Get* vs s3:GetObject โ€” proved symbolically in Z3.
  • Logic: Proves Deny statements always win โ€” proved symbolically in Z3.
  • Context: Verifies against specific conditions (e.g., aws:SourceIp, aws:CurrentTime) โ€” evaluated deterministically in Python, with full trace in diagnostic output.

2. NetworkGuard (The Topology Graph)

Builds a directed graph of your VPC.

  • Reachability: "Can an attacker on the Internet reach my Database?"
  • Path Analysis: Traces routes through Subnets and Security Groups.
  • Limitations (fail-closed): NAT Gateways, VPC Peering, NACLs, and Transit Gateway are not modeled. If any are present, the guard returns UNVERIFIABLE โ€” the result carries no proof and must not be used for authorization decisions.

3. CostGuard (The Budget Enforcer)

Prevents financial ruin.

  • Static Catalog: Embedded prices for standard AWS resources.
  • Budget Checks: if estimated_cost > \$500: Block Deployment.

4. ArtifactBoundaryGuard (The Release Gate)

Verifies release artifacts before they ship.

  • Secret Scanning: Detects leaked secrets (.env, *.token, API keys) in package files.
  • Debug Artifact Detection: Blocks .coverage, .pytest_cache, __pycache__ from entering packages.
  • Build Config Verification: Ensures pyproject.toml hatch build config only includes intended paths.
  • Fail-Closed: Unknown backends, missing configs, or unparseable files produce BLOCKED, never a silent pass.

๐Ÿ“ฆ Installation

pip install qwed-infra

(Node.js/npm SDK coming soon)


โšก Usage Examples

Verify IAM Policies

from qwed_infra import IamGuard

guard = IamGuard()
policy = {
    "Effect": "Allow",
    "Action": "s3:GetObject",
    "Resource": "*",
    "Condition": {"IpAddress": {"aws:SourceIp": "192.168.1.0/24"}}
}

# Verify: Is it accessible from the public internet?
result = guard.verify_access(
    policy, 
    action="s3:GetObject", 
    resource="my-bucket", 
    context={"aws:SourceIp": "8.8.8.8"} # Public IP
)

print(result.allowed) # -> False (Blocked by IP)

Verify Network Reachability

from qwed_infra import NetworkGuard

net = NetworkGuard()
infra = {
    "subnets": [
        {"id": "subnet-web", "security_groups": ["sg-web"]},
    ],
    "route_tables": [
        {
            "subnet_id": "subnet-web",
            "routes": {"0.0.0.0/0": "igw-main"},
        }
    ],
    "security_groups": {
        "sg-web": {"ingress": [{"port": 80, "cidr": "0.0.0.0/0"}]},
    },
}

# Is the web subnet reachable from Internet on port 80?
result = net.verify_reachability(infra, "internet", "subnet-web", port=80)
print(result.reachable)  # -> True (Risk Alert!)

# Convert to structured diagnostic for CI/CD enforcement
diagnostic = NetworkGuard.to_diagnostic(result)
print(diagnostic.status.value)  # -> VERIFIED / BLOCKED / UNVERIFIABLE

Enforce Budget

from qwed_infra import CostGuard

cost = CostGuard()
resources = {
    "instances": [
        {"id": "gpu", "instance_type": "p4d.24xlarge", "count": 2}
    ]
}

result = cost.verify_budget(resources, budget_monthly=1000)
print(result.within_budget) # -> False
print(result.reason) # -> "Estimated cost \$47844.20 EXCEEDS budget \$1000.00"

Verify Package Boundary

from qwed_infra import ArtifactBoundaryGuard

guard = ArtifactBoundaryGuard()
result = guard.verify_package_boundary(package_dir="qwed_infra")

# Convert to structured diagnostic for CI/CD enforcement
diagnostic = ArtifactBoundaryGuard.to_diagnostic(result)

if diagnostic.status.value == "BLOCKED":
    for finding in diagnostic.developer_fields["findings"]:
        print(f"โŒ {finding['finding_type']}: {finding['reason']}")
else:
    print("โœ… Package boundary verified โ€” safe to ship.")

โ“ FAQ

Q: Do I need Terraform installed? A: No. qwed-infra parses .tf files as text using a custom HCL parser (or operates on JSON plans).

Q: Can it verify Kubernetes? A: Currently focuses on AWS Terraform. K8s Manifest verification is on the roadmap (Phase 19).

Q: Why standard pricing? A: We use public On-Demand pricing for "Worst Case" estimation. If you have Enterprise Discounts, qwed-infra ensures you remain safe even at list price.


๐Ÿ—บ๏ธ Roadmap

  • โœ… v0.1.0: IAM Z3 Logic, Basic Network Graph, Static Cost Catalog. (Released Jan 2025)
  • โœ… v0.2.0: Fail-closed parser + IAM, NetworkGuard CIDR fix, CI fail-open removal, diagnostic port (audit.py/InfraDiagnosticResult), CostGuard Decimal/unknown types, ArtifactBoundaryGuard. (Current)
  • ๐Ÿ”ฎ v0.3.0: Docker/deployment artifact verification, K8s manifest support, Azure provider.

๐ŸŒ QWED Ecosystem

PackageDescriptionRepo
qwed โ˜‘๏ธCore deterministic AI verification (Math, Logic, Code)GitHub
qwed-infra โ˜๏ธIaC verification (Terraform, IAM, Network, Cost, Artifact) โ† you are hereGitHub
qwed-finance ๐ŸฆFinancial computation verificationGitHub
qwed-legal ๐Ÿ›๏ธLegal document verificationGitHub
qwed-tax ๐Ÿ’ธTax calculation verificationGitHub
qwed-mcp ๐Ÿ”ŒModel Context Protocol verificationGitHub
qwed-a2a ๐Ÿ”„Agent-to-Agent verification protocolGitHub
qwed-ucp ๐Ÿ›’Unified Context ProtocolGitHub
open-responses ๐Ÿค–Guards for OpenAI/LangChain agent outputsGitHub
qwed-learning ๐Ÿ“šEducational content verificationGitHub

๐Ÿ›ก๏ธ What Does "Verified by QWED" Mean?

When you see the Verified by QWED badge on a repository, it is a technical guarantee that:

  1. Deterministic Verification: The software uses symbolic solvers (Z3, graph theory) โ€” not AI confidence scores โ€” to prove correctness.
  2. Fail-Closed Architecture: If the infrastructure cannot be fully parsed or verified, it is blocked, not silently passed.
  3. No Silent Degradation: Every guard produces a structured diagnostic with clear status (VERIFIED, BLOCKED, UNVERIFIABLE). Partial verification is never presented as proof.

The badge means: "We don't trust the AI. We trust the Math."


โญ Star History

Star History Chart


๐Ÿ“„ Citation

If you use qwed-infra in your research or project:

@software{dass2026qwedinfra,
  author = {Dass, Rahul},
  title = {QWED-Infra: Deterministic Verification for Infrastructure as Code},
  year = {2026},
  publisher = {GitHub},
  url = {https://github.com/QWED-AI/qwed-infra}
}

๐Ÿ‘ฅ Contributors

Rahul Dass

Thanks to everyone building QWED. See all contributors โ†’


๐Ÿ™ Contributors Wanted

Good First Issues

AreaWhat We Need
๐Ÿงช TestingEdge cases for guards (NetworkGuard, ArtifactBoundaryGuard)
๐Ÿ› BugsFix issues or report new ones
๐Ÿ“ DocsImprove examples and tutorials
๐Ÿ”ง SDKsTerraform plan JSON integration

โ†’ Read CONTRIBUTING.md


๐Ÿ“„ License

Apache 2.0 - Open Source.

Safe Infrastructure is Scalable Infrastructure.
Built by QWED-AI