Skip to content

vedanta/dfo

dfo Logo

License Python Tests Issues Last Commit

dfo - DevFinOps CLI

Multi-cloud FinOps from the command line.

dfo is a modular cost optimization toolkit built on a pluggable architecture: providers, analyzers, rules, and execution engines are all independent layers connected through a local DuckDB store. Today it ships with Azure idle VM detection end-to-end -- discover, analyze, report, execute. The same pipeline is designed to extend to any cloud (AWS, GCP) and any resource type (storage, databases, networking, Kubernetes).

discover → analyze → report → execute

All data stays local (DuckDB). No cloud infrastructure required.

Install

conda env create -f environment.yml
conda activate dfo
pip install -e .

Configure

cp .env.example .env
# Set: AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID
dfo db init
dfo azure test-auth

Usage

Discover and analyze

dfo azure discover vms                   # Collect VMs + 14 days of CPU metrics
dfo azure analyze idle-vms               # Flag VMs with <5% avg CPU
dfo azure analyze low-cpu                # Flag VMs for rightsizing (<20% CPU)
dfo azure analyze stopped-vms            # Flag VMs stopped 30+ days

Report

dfo azure report                         # Summary across all analyses
dfo azure report --by-rule idle-vms      # Findings for one analysis
dfo azure report --by-resource vm-name   # All findings for one VM
dfo azure report --format csv --output findings.csv

Execute (two workflows)

Direct -- quick actions on individual VMs:

dfo azure execute vm my-vm stop -g my-rg                     # Dry-run (default)
dfo azure execute vm my-vm stop -g my-rg --no-dry-run --yes  # Live

Plan-based -- batch operations with approval gates:

dfo azure plan create --from-analysis idle-vms --name "Q4 Cleanup"
dfo azure plan validate <plan-id>
dfo azure plan approve <plan-id>
dfo azure plan execute <plan-id> --force

Audit trail

dfo azure logs list                      # Recent actions
dfo azure logs list --vm-name my-vm      # Filter by VM
dfo azure logs show <action-id>          # Full details

Safety

  • All execution commands default to dry-run
  • Live execution requires explicit --no-dry-run or --force
  • Tag VMs with dfo-protected=true to block actions
  • Every action (including dry-runs) is logged to the local database

Azure Permissions

Workflow Required Role
Discover, Analyze, Report Reader
Execute (stop/start/resize) Virtual Machine Contributor

Tech Stack

  • Python 3.10+, Typer, Rich
  • DuckDB (local storage)
  • Azure SDK for Python
  • Pydantic Settings
  • pytest (700+ tests)

Project Structure

src/dfo/
  core/        Configuration, auth, models
  providers/   Azure SDK wrappers
  discovery/   VM inventory collection
  analyze/     Idle detection, rightsizing, stopped VM analysis
  report/      Console, JSON, CSV output
  execute/     Plan management, direct execution, rollback
  rules/       Optimization rules engine
  db/          DuckDB schema and queries
  cmd/         CLI command modules
  cli.py       Entry point

Development

PYTHONPATH=src pytest src/dfo/tests/ -v
PYTHONPATH=src pytest --cov=dfo src/dfo/tests/

See docs/CODE_STYLE.md for conventions and docs/CONTRIBUTING.md for contribution guidelines.

Documentation

Roadmap

Phase 1 (MVP) -- Complete. Azure idle VM detection through execution.

Phase 2 -- Multi-cloud (AWS, GCP), storage optimization, Advisor integration.

Phase 3 -- Web dashboard, REST API, scheduling, notifications.

License

This project is licensed under the GNU Lesser General Public License v3.0.

About

multi-cloud cost optimization toolkit

Topics

Resources

License

Contributing

Security policy

Stars

Watchers

Forks

Packages

No packages published