SpectreHub

Find drift before it becomes outage or spend.

SpectreHub discovers installed audit tools, runs them against your configured infrastructure, and produces one unified report with health scores, trends, and prioritized recommendations.

SpectreHub does not inspect infrastructure directly. It orchestrates specialized audit binaries and aggregates their deterministic output.

One command. All your infrastructure. Actionable results.

$ spectrehub run
Discovered 4 tool(s), 4 runnable

  vaultspectre   ✓ ready
  pgspectre      ✓ ready
  kafkaspectre   ✓ ready
  clickspectre   ✓ ready

Total Issues: 40 (↓ 9% from last week)
Health Score: GOOD (91%)

Recommendations:
  1. [CRITICAL] Fix 8 missing Vault secrets
  2. [HIGH] Clean up 7 unused Kafka topics
  3. [MEDIUM] Review 18 stale ClickHouse tables

Health score

Not a vanity number.

Health score is a weighted deduction model. Each issue is associated with a resource. The score represents the percentage of resources without active issues, weighted by severity — critical deducts more than medium. Clamped to 0-100. No ML, no heuristics — deterministic arithmetic you can reproduce from the JSON output.

How it works

Three steps. Zero config locally, minimal config in CI.

1. Discover

SpectreHub checks which tools are installed and which targets are configured via environment variables and config files. Read-only — no secret values are ever printed or uploaded. SpectreHub never transmits infrastructure metadata without explicit configuration.

2. Execute

Each detected tool runs with --format json, capturing structured output. Per-tool timeouts and partial failure handling built in.

3. Aggregate

Reports are normalized into a unified issue format, scored, compared against previous runs, and turned into prioritized action items.

Supported tools

Every tool in the Spectre family is a standalone CLI binary that follows the ANCC convention.

vaultspectre

HashiCorp Vault

s3spectre

AWS S3

kafkaspectre

Apache Kafka

clickspectre

ClickHouse

pgspectre

PostgreSQL

mongospectre

MongoDB

GitHub Action

Add infrastructure audits to any CI/CD pipeline in two lines.

- name: SpectreHub Audit
  uses: ppiankov/spectrehub-action@v1
  with:
    threshold: 50

The action installs tools, discovers targets from repository secrets, runs audits, and posts results as a PR comment. Exit code 1 if issues exceed your threshold.

What it finds

Real drift from real infrastructure.

SpectreHub found:
  8 Vault secrets referenced in code but missing from Vault
  7 Kafka topics with zero consumers for 30+ days
 18 ClickHouse tables untouched in 90 days (412 GB)
  3 PostgreSQL roles with superuser but no login in 6 months
  2 MongoDB collections with no indexes on query patterns

Estimated monthly waste: $840 (based on public pricing for idle resources)
Time to find manually: 2-3 days across 4 teams

Waste estimates use public cloud pricing for identified idle resources. Optional, transparent, and overridable in config.

Pricing

Free to audit. Paid to stop repeating work.

Free — run audits

$0 / month

Up to 3 infrastructure targets
PR comment with health score
Pass/fail threshold gate in CI
Unlimited local CLI usage

Team — stop regressions

$49 / month

5 repositories, unlimited targets
Detect regressions automatically
Know which merge introduced drift
Alert when health degrades between runs

Organization — enforce policy

$149 / month

Unlimited repositories
Policy-as-code: block merges on violations
Compliance exports — SOC2/ISO evidence
Prove you ran audits weekly

Enterprise

Custom pricing

SSO / SAML authentication
Audit logs for every action
SLA guarantees

Install

CLI

go install github.com/ppiankov/spectrehub/cmd/spectrehub@latest

Homebrew

brew install ppiankov/tap/spectrehub

Links

SpectreHub CLI · GitHub Action · API · ANCC Convention