# 1Password Security Auditor Expert - Exemplo de Uso

Este notebook demonstra como usar a ferramenta de auditoria de seguran√ßa do 1Password.

## 1. Setup

Instalar depend√™ncias necess√°rias:

In [None]:
!pip install ollama huggingface_hub

## 2. Autentica√ß√£o 1Password

Verificar se 1Password CLI est√° autenticado:

In [None]:
import subprocess
import json

# Verificar autentica√ß√£o
result = subprocess.run(
    ["op", "whoami", "--format", "json"],
    capture_output=True,
    text=True
)

if result.returncode == 0:
    user = json.loads(result.stdout)
    print(f"‚úÖ Autenticado como: {user.get('email')}")
else:
    print("‚ùå N√£o autenticado. Execute: eval $(op signin)")

## 3. Listar Cofres Dispon√≠veis

In [None]:
# Listar cofres
result = subprocess.run(
    ["op", "vault", "list", "--format", "json"],
    capture_output=True,
    text=True
)

vaults = json.loads(result.stdout)
print("üì¶ Cofres dispon√≠veis:")
for vault in vaults:
    print(f"  - {vault['name']} ({vault['id']})")

## 4. Exportar Items de um Cofre

In [None]:
# Selecionar cofre
VAULT_NAME = "1p_vps"  # Altere conforme necess√°rio

# Exportar items
result = subprocess.run(
    ["op", "item", "list", "--vault", VAULT_NAME, "--format", "json"],
    capture_output=True,
    text=True
)

items = json.loads(result.stdout)
print(f"üìä Total de items em {VAULT_NAME}: {len(items)}")

# Exibir primeiros 5 items
for item in items[:5]:
    print(f"  - {item['title']} ({item['category']})")

## 5. Executar Auditoria com CLI

In [None]:
import sys
sys.path.append("../cli")

# Importar m√≥dulo de auditoria
from audit_1password_expert import export_vault, build_audit_prompt

# Exportar cofre
vault_data = export_vault(VAULT_NAME, include_secrets=False)

print(f"‚úÖ Exportado: {vault_data['total_items']} items")

## 6. Analisar Nomenclatura

In [None]:
import re

# Padr√£o SSOT v2.1
SSOT_PATTERN = r"^(PROD|DEV|SHARED|MACOS|VPS|AZURE)_[A-Z0-9_]+$"

violations = []
compliant = []

for item in vault_data["items"]:
    title = item["title"]
    if re.match(SSOT_PATTERN, title):
        compliant.append(title)
    else:
        violations.append(title)

print(f"‚úÖ Conformes: {len(compliant)} ({len(compliant)/len(vault_data['items'])*100:.1f}%)")
print(f"‚ùå Viola√ß√µes: {len(violations)}")

if violations:
    print("\nExemplos de viola√ß√µes:")
    for title in violations[:5]:
        print(f"  - {title}")

## 7. Analisar Tags

In [None]:
# Tags obrigat√≥rias
REQUIRED_SCOPE_TAGS = ["production", "development", "staging", "global"]
REQUIRED_TYPE_TAGS = ["database", "api_key", "service_account", "ssh_key", "oauth", "certificate"]

missing_tags = []

for item in vault_data["items"]:
    tags = [t.lower() for t in item.get("tags", [])]
    
    has_scope = any(t in tags for t in REQUIRED_SCOPE_TAGS)
    has_type = any(t in tags for t in REQUIRED_TYPE_TAGS)
    
    if not has_scope or not has_type:
        missing_tags.append({
            "title": item["title"],
            "tags": tags,
            "missing_scope": not has_scope,
            "missing_type": not has_type
        })

print(f"‚ùå Items sem tags obrigat√≥rias: {len(missing_tags)}")

if missing_tags:
    print("\nExemplos:")
    for item in missing_tags[:3]:
        print(f"  - {item['title']}")
        print(f"    Tags atuais: {item['tags']}")
        if item['missing_scope']:
            print(f"    Falta: tag de escopo")
        if item['missing_type']:
            print(f"    Falta: tag de tipo")

## 8. Gerar Comandos de Corre√ß√£o

In [None]:
print("üìù Comandos de corre√ß√£o:\n")

# Corre√ß√£o de nomenclatura
for title in violations[:3]:
    suggested = f"PROD_{title.upper().replace(' ', '_').replace('-', '_')}"
    item_id = next((i["id"] for i in vault_data["items"] if i["title"] == title), "ID")
    print(f"# {title}")
    print(f"op item edit {item_id} 'title={suggested}' --vault {VAULT_NAME}")
    print()

# Corre√ß√£o de tags
for item in missing_tags[:3]:
    item_id = next((i["id"] for i in vault_data["items"] if i["title"] == item["title"]), "ID")
    print(f"# {item['title']}")
    print(f"op item edit {item_id} --tags 'production,database' --vault {VAULT_NAME}")
    print()

## 9. Pr√≥ximos Passos

Para uma auditoria completa com LLM:

```bash
# Via CLI (Ollama local)
python ../cli/audit_1password_expert.py --vaults 1p_vps

# Via HuggingFace API
python ../cli/audit_1password_expert.py --vaults 1p_vps --hf

# Via Interface Web
cd ../gradio
python app.py
# Acesse: http://localhost:7860
```