> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qwedai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# QWED Infra: AI infrastructure verification for Terraform, IAM, and Kubernetes

> QWED Infra uses formal verification for infrastructure as code. Verify Terraform, AWS IAM, and Kubernetes changes before AI agents deploy them.

**Deterministic verification for infrastructure as code (IaC).**

![Verified by QWED](https://img.shields.io/badge/Verified_by-QWED-00C853?style=flat\&logo=checkmarx)
![PyPI](https://img.shields.io/pypi/v/qwed-infra?color=blue)

`qwed-infra` is a Python library that mathematically proves the security and compliance of infrastructure definitions (Terraform, AWS IAM, Kubernetes). It uses **formal methods (Z3 solver)** and **graph theory** to do so deterministically.

It prevents AI agents (like Devin or Copilot Workspace) from deploying insecure or expensive infrastructure by verifying configuration *before* deployment.

## Architecture

```mermaid theme={null}
graph TD
    A[Terraform Code] -->|TerraformParser| B{QWED Engine}
    B -->|Mathematical Proof| C["Z3 Solver (IAM)"]
    B -->|Graph Traversal| D["NetworkX (Reachability)"]
    B -->|Arithmetic| E["Pricing Catalog (Cost)"]
    C --> F[Verification Result]
    D --> F
    E --> F
```

## Key features

### IamGuard

Verifies AWS IAM policies using the **Z3 theorem prover**. Instead of regex matching, it converts policies into logical formulas to prove reachability and specific permissions.

### NetworkGuard

Verifies network reachability using **graph theory** (NetworkX). Validates paths like `Internet -> Internet Gateway (IGW) -> Route -> Security Group -> Instance`.

### CostGuard

Deterministic cloud cost estimation before deployment. Enforce budgets and prevent expensive instance provisioning errors.

## Installation

```bash theme={null}
pip install qwed-infra
```