Phase 1 shipped — Azure idle VM detection

Stop paying for
idle cloud resources.

dfo is a CLI toolkit that discovers waste across your cloud, analyzes it, and safely executes savings — all from your terminal. No SaaS. No infra. Just results.

Get Started View on GitHub
dfo — ~/projects/infra
# Discover VMs across your subscription
$ dfo azure discover vms
Discovered 47 VMs across 3 resource groups
Collected 14 days of CPU metrics
 
# Find the waste
$ dfo azure analyze idle-vms
Found 12 idle VMs — avg CPU <5% over 14 days
 
# See what you'll save
$ dfo azure report
Estimated monthly savings: $2,340.00
 
# Safe by default
$ dfo azure execute vm idle-web-03 stop -g prod-rg
[dry-run] Would stop idle-web-03
 
$
35+
CLI Commands
700+
Tests Passing
3
Analyzers
4
Report Formats
0
External Dependencies
Architecture
A pipeline that makes sense

Four stages, each independent, each writing to a local DuckDB store. No stage directly calls another — data flows through the database.

Discover

Inventory VMs, pull CPU metrics from Azure Monitor

Analyze

Flag idle, low-CPU, and stopped VMs with savings estimates

Report

Console tables, JSON, or CSV — filter by rule or resource

Execute

Stop or resize VMs with dry-run, approvals, and rollback

All data stored locally in DuckDB — zero external infrastructure
Features
Built for engineers
who hate waste.

Not another dashboard you'll forget to check. dfo lives in your terminal, runs in seconds, and shows you exactly where money is burning.

Three Analyzers, One Pipeline

Idle VM detection (<5% CPU), low-CPU rightsizing (<20% CPU), and stopped VM cleanup (30+ days). Each analyzer writes to its own table. Run one, run all — they never interfere.

$ dfo azure analyze idle-vms
$ dfo azure analyze low-cpu
$ dfo azure analyze stopped-vms

Flexible Reports

Console, JSON, CSV. Filter by rule, by resource, or see everything. Pipe to jq, export for stakeholders, or feed into your own scripts.

$ dfo azure report --format csv

100% Local

DuckDB embedded database. No cloud accounts, no SaaS subscriptions, no data leaving your machine. Install and run in under 5 minutes.

Direct or Planned

Quick-stop a single VM, or create batch plans with validation, approval gates, and one-click rollback. Your call.

Full Audit Trail

Every action — including dry-runs — is logged with timestamp, user, and result. Query the log anytime.

$ dfo azure logs list --vm-name my-vm

Real Pricing

Savings estimates use the Azure Retail Pricing API — not hardcoded guesses. See actual dollars before you act.

Safety First
Designed so you
can't break prod.

Cloud cost tools that skip safety end up costing more than the waste they find. dfo puts guardrails at every step.

  • Dry-run by default

    Every execution command is a dry-run unless you explicitly opt in.

  • Protection tags

    Tag any VM with dfo-protected=true to block all actions.

  • Approval workflows

    Batch plans require explicit validation and approval before execution.

  • Instant rollback

    Undo any action with a single command. Every change is reversible.

1
Create execution plan from analysis
safe
2
Validate — check VM state, tags, permissions
gate
3
Approve — explicit human sign-off
gate
4
Execute with full audit logging
logged
5
Rollback available at any time
safe
Roadmap
Where we're headed
Complete

MVP

Azure idle VMs, DuckDB, analysis, reports, safe execution

Next

Enhanced Azure

Resource Graph, storage, unattached disks, Advisor

Planned

Multi-Cloud

AWS EC2, CloudWatch, Cost Explorer, unified schema

Planned

Automation

YAML pipelines, scheduling, Slack & Teams alerts

Planned

Platform

Web dashboard, REST API, LLM-powered insights

Stack
Minimal. Modern. No bloat.
🐍
Python 3.10+
Typer + Rich
🦆
DuckDB
Azure SDK
Pydantic
pytest
Start saving in five minutes.

Open source. Runs on your machine. No accounts. No data leaves your environment.

$ pip install -e .

Read the Quickstart Star on GitHub