Skip to content

Releases: srkyn/lapse

v0.1.0

06 May 02:01
@srkyn srkyn
v0.1.0
efc09fd

Choose a tag to compare

View all tags
v0.1.0 Latest
Latest

lapse v0.1.0

Initial public release.

What It Does

  • Queries Microsoft Graph API with a server-side $filter on approximateLastSignInDateTime to pull stale device candidates.
    • Cross-checks each candidate against auditLogs/signIns for actual interactive user authentication — eliminating false positives from background sync, Windows Update heartbeats, and MDM check-ins.
    • Excludes hybrid-joined devices by default.
    • --company-only excludes BYOD devices.
    • --skip-vdi excludes non-persistent VDI registrations.
    • --disable sets accountEnabled = false — reversible, no deletion.
    • --delete permanently removes stale devices (confirmation prompt unless --force).
    • --dry-run produces a full report with no changes made.
    • JSON and CSV output for review workflows.
    • Parallel sign-in log checks via concurrent.futures with Retry-After backoff.
    • Persistent token cache; supports device code flow and client credentials.

Deployment Stages

  1. Audit--dry-run for a week, look for false positives.
    1. Review--output-csv, human approves before any action.
    1. Disable--disable for two weeks, confirm nothing legitimate breaks.
    1. Purge--delete, schedule as weekly automation.

Installation

git clone https://github.com/srkyn/lapse.git
cd lapse && pip install .
lp --version

Validation

  • 37 unit tests pass.
    • CI passes on Python 3.8 and 3.12.
Assets 2
Loading