v0.1.0 — Initial Release

First public release of IdentityRiskGraph.

Includes:

• CloudTrail IAM event parser supporting single-event, list, and Records[] formats
• AWS IAM detections for risky control-plane activity: AdministratorAccess attachment, StopLogging, CreateAccessKey, AssumeRole into sensitive roles, policy broadening
• Terminal CloudTrail detector (cloudtrail_detector.py)
• Streamlit investigation dashboard with CloudTrail, identity risk, findings, graph, investigation, and export pages
• Simulated enterprise IAM data with users, groups, roles, devices, and events
• Effective permission resolver for direct roles, inherited roles, nested groups, denies, and permission boundaries
• YAML detection engine and rule loader
• Splunk-friendly JSON export
• pytest suite and GitHub Actions CI

Install:

pip install -r requirements.txt

Run dashboard:

python -m streamlit run app.py

Run terminal detector:

python cloudtrail_detector.py --file data/cloudtrail/sample_cloudtrail_iam_events.json