ppiankov
diff --git a/‎cmd/deployscope/main.go‎
Lines changed: 3 additions & 27 deletions b/‎cmd/deployscope/main.go‎
Lines changed: 3 additions & 27 deletions
diff --git a/‎go.mod‎
Lines changed: 3 additions & 0 deletions b/‎go.mod‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 9 additions & 2 deletions b/‎go.sum‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎internal/cli/doctor.go‎
Lines changed: 165 additions & 0 deletions b/‎internal/cli/doctor.go‎
Lines changed: 165 additions & 0 deletions
diff --git a/‎internal/cli/init.go‎
Lines changed: 95 additions & 0 deletions b/‎internal/cli/init.go‎
Lines changed: 95 additions & 0 deletions
@@ -1,36 +1,12 @@
 package main
 
 import (
-	"log"
-	"net/http"
-	"os"
-
-	"github.com/ppiankov/deployscope/internal/k8s"
-	"github.com/ppiankov/deployscope/internal/metrics"
-	"github.com/ppiankov/deployscope/internal/server"
+	"github.com/ppiankov/deployscope/internal/cli"
 )
 
 var version = "dev"
 
 func main() {
-	port := os.Getenv("PORT")
-	if port == "" {
-		port = "8080"
-	}
-
-	k8sClient, err := k8s.NewClient()
-	if err != nil {
-		log.Fatalf("failed to create kubernetes client: %v", err)
-	}
-
-	corsOrigin := os.Getenv("CORS_ORIGIN")
-	srv := server.New(k8sClient, corsOrigin)
-
-	mux := http.NewServeMux()
-	srv.RegisterRoutes(mux)
-
-	handler := metrics.Middleware(mux)
-
-	log.Printf("deployscope v%s starting on port %s", version, port)
-	log.Fatal(http.ListenAndServe(":"+port, handler))
+	cli.SetVersion(version)
+	cli.Execute()
 }
@@ -4,6 +4,7 @@ go 1.23.0
 
 require (
 	github.com/prometheus/client_golang v1.23.2
+	github.com/spf13/cobra v1.10.2
 	k8s.io/api v0.28.4
 	k8s.io/apimachinery v0.28.4
 	k8s.io/client-go v0.28.4
@@ -25,6 +26,7 @@ require (
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
@@ -35,6 +37,7 @@ require (
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.66.1 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/spf13/pflag v1.0.9 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	golang.org/x/net v0.43.0 // indirect
 	golang.org/x/oauth2 v0.30.0 // indirect
 
@@ -2,6 +2,7 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -38,6 +39,8 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJY
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -82,8 +85,11 @@ github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzM
 github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
+github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
+github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -99,6 +105,7 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 
@@ -0,0 +1,165 @@
+package cli
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/ppiankov/deployscope/internal/k8s"
+)
+
+type DoctorOutput struct {
+	K8sConnectivity  string             `json:"k8s_connectivity"`
+	TotalWorkloads   int                `json:"total_workloads"`
+	IgnoredWorkloads int                `json:"ignored_workloads"`
+	Coverage         AnnotationCoverage `json:"annotation_coverage"`
+	AgentReadiness   float64            `json:"agent_readiness"`
+	Warnings         []string           `json:"warnings,omitempty"`
+}
+
+type AnnotationCoverage struct {
+	Owner      float64 `json:"owner"`
+	Tier       float64 `json:"tier"`
+	GitOpsRepo float64 `json:"gitops_repo"`
+	Oncall     float64 `json:"oncall"`
+	Runbook    float64 `json:"runbook"`
+	DependsOn  float64 `json:"depends_on"`
+}
+
+func newDoctorCmd() *cobra.Command {
+	var format string
+
+	cmd := &cobra.Command{
+		Use:   "doctor",
+		Short: "Check K8s connectivity, RBAC, and annotation coverage",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			k8sClient, err := k8s.NewClient()
+			if err != nil {
+				output := DoctorOutput{
+					K8sConnectivity: fmt.Sprintf("error: %v", err),
+				}
+				if format == "json" {
+					enc := json.NewEncoder(os.Stdout)
+					enc.SetIndent("", "  ")
+					_ = enc.Encode(output)
+				} else {
+					fmt.Printf("K8s connectivity: FAIL (%v)\n", err)
+				}
+				os.Exit(1)
+				return nil
+			}
+
+			if err := k8sClient.CheckReady(cmd.Context()); err != nil {
+				output := DoctorOutput{
+					K8sConnectivity: fmt.Sprintf("error: %v", err),
+				}
+				if format == "json" {
+					enc := json.NewEncoder(os.Stdout)
+					enc.SetIndent("", "  ")
+					_ = enc.Encode(output)
+				} else {
+					fmt.Printf("K8s connectivity: FAIL (%v)\n", err)
+				}
+				os.Exit(1)
+				return nil
+			}
+
+			services, _, err := k8sClient.FetchDeployments(cmd.Context())
+			if err != nil {
+				return fmt.Errorf("failed to fetch workloads: %w", err)
+			}
+
+			total := len(services)
+			coverage := computeCoverage(services)
+			readiness := (coverage.Owner + coverage.Tier + coverage.GitOpsRepo + coverage.Oncall) / 4.0
+
+			var warnings []string
+			if coverage.Owner < 0.5 {
+				warnings = append(warnings, "less than 50% of workloads have owner annotations")
+			}
+			if coverage.Tier < 0.5 {
+				warnings = append(warnings, "less than 50% of workloads have tier annotations — routing will default to standard")
+			}
+			if coverage.GitOpsRepo < 0.3 {
+				warnings = append(warnings, "less than 30% of workloads have gitops-repo — agents cannot create PRs")
+			}
+
+			output := DoctorOutput{
+				K8sConnectivity: "ok",
+				TotalWorkloads:  total,
+				Coverage:        coverage,
+				AgentReadiness:  readiness,
+				Warnings:        warnings,
+			}
+
+			if format == "json" {
+				enc := json.NewEncoder(os.Stdout)
+				enc.SetIndent("", "  ")
+				return enc.Encode(output)
+			}
+
+			fmt.Printf("K8s connectivity: OK\n")
+			fmt.Printf("Total workloads:  %d\n", total)
+			fmt.Printf("Agent readiness:  %.0f%%\n\n", readiness*100)
+			fmt.Printf("Annotation coverage:\n")
+			fmt.Printf("  owner:       %.0f%%\n", coverage.Owner*100)
+			fmt.Printf("  tier:        %.0f%%\n", coverage.Tier*100)
+			fmt.Printf("  gitops-repo: %.0f%%\n", coverage.GitOpsRepo*100)
+			fmt.Printf("  oncall:      %.0f%%\n", coverage.Oncall*100)
+			fmt.Printf("  runbook:     %.0f%%\n", coverage.Runbook*100)
+			fmt.Printf("  depends-on:  %.0f%%\n", coverage.DependsOn*100)
+
+			if len(warnings) > 0 {
+				fmt.Println("\nWarnings:")
+				for _, w := range warnings {
+					fmt.Printf("  ⚠ %s\n", w)
+				}
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().StringVar(&format, "format", "text", "Output format: text, json")
+	return cmd
+}
+
+func computeCoverage(services []k8s.ServiceStatus) AnnotationCoverage {
+	total := float64(len(services))
+	if total == 0 {
+		return AnnotationCoverage{}
+	}
+
+	var owner, tier, gitops, oncall, runbook, depends float64
+	for _, svc := range services {
+		if svc.Owner != nil {
+			owner++
+		}
+		if svc.Tier != nil {
+			tier++
+		}
+		if svc.Integration.GitOpsRepo != nil {
+			gitops++
+		}
+		if svc.Integration.Oncall != nil {
+			oncall++
+		}
+		if svc.Integration.Runbook != nil {
+			runbook++
+		}
+		if len(svc.DependsOn) > 0 {
+			depends++
+		}
+	}
+
+	return AnnotationCoverage{
+		Owner:      owner / total,
+		Tier:       tier / total,
+		GitOpsRepo: gitops / total,
+		Oncall:     oncall / total,
+		Runbook:    runbook / total,
+		DependsOn:  depends / total,
+	}
+}
@@ -0,0 +1,95 @@
+package cli
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+const configTemplate = `# deployscope.yaml — cluster configuration
+cluster:
+  name: "my-cluster"
+  environment: "production"
+  region: "us-east-1"
+
+# Cache TTL for K8s API queries (default: 30s)
+# cache_ttl: 30s
+
+# Label selector for workloads (default: requires app.kubernetes.io/version)
+# label_selector: "app.kubernetes.io/version"
+`
+
+const annotationTemplate = `# Example deployscope.dev annotations for your Helm chart values.yaml
+#
+# Add these to your deployment/statefulset/daemonset metadata.annotations:
+#
+# deployscope:
+#   owner: "team-platform"
+#   tier: "critical"                      # critical, standard, best-effort
+#   gitopsRepo: "github.com/org/infra"
+#   gitopsPath: "clusters/prod/auth/"
+#   oncall: "#platform-oncall"
+#   runbook: "https://wiki.internal/auth-runbook"
+#   dashboard: "https://grafana.internal/d/auth"
+#   dependsOn: "postgres-platform,redis-shared"
+#   healthEndpoint: "http://localhost:8080/health"
+#
+# In your Helm chart template:
+#
+#   annotations:
+#     deployscope.dev/owner: {{ .Values.deployscope.owner | quote }}
+#     deployscope.dev/tier: {{ .Values.deployscope.tier | quote }}
+#     deployscope.dev/gitops-repo: {{ .Values.deployscope.gitopsRepo | quote }}
+#     deployscope.dev/gitops-path: {{ .Values.deployscope.gitopsPath | quote }}
+#     deployscope.dev/oncall: {{ .Values.deployscope.oncall | quote }}
+#     deployscope.dev/runbook: {{ .Values.deployscope.runbook | quote }}
+#     deployscope.dev/dashboard: {{ .Values.deployscope.dashboard | quote }}
+#     deployscope.dev/depends-on: {{ .Values.deployscope.dependsOn | quote }}
+#     deployscope.dev/health-endpoint: {{ .Values.deployscope.healthEndpoint | quote }}
+#
+# To opt out a workload from deployscope:
+#   annotations:
+#     deployscope.dev/ignore: "true"
+#
+# Kustomize patch example:
+#
+# apiVersion: apps/v1
+# kind: Deployment
+# metadata:
+#   name: my-service
+#   annotations:
+#     deployscope.dev/owner: "team-platform"
+#     deployscope.dev/tier: "critical"
+`
+
+func newInitCmd() *cobra.Command {
+	return &cobra.Command{
+		Use:   "init",
+		Short: "Generate deployscope.yaml config and example annotations",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			configFile := "deployscope.yaml"
+			if _, err := os.Stat(configFile); err == nil {
+				return fmt.Errorf("%s already exists — remove it first to regenerate", configFile)
+			}
+
+			if err := os.WriteFile(configFile, []byte(configTemplate), 0644); err != nil {
+				return fmt.Errorf("failed to write %s: %w", configFile, err)
+			}
+			fmt.Printf("Created %s\n", configFile)
+
+			annotationFile := "deployscope-annotations.example.yaml"
+			if err := os.WriteFile(annotationFile, []byte(annotationTemplate), 0644); err != nil {
+				return fmt.Errorf("failed to write %s: %w", annotationFile, err)
+			}
+			fmt.Printf("Created %s\n", annotationFile)
+
+			fmt.Println("\nNext steps:")
+			fmt.Println("  1. Edit deployscope.yaml with your cluster identity")
+			fmt.Println("  2. Add deployscope.dev/* annotations to your Helm chart values")
+			fmt.Println("  3. Run 'deployscope doctor' to check annotation coverage")
+
+			return nil
+		},
+	}
+}