Skip to content

title: CloudSlash - Mock Mode Reference description: No credentials needed. --mock generates a 10,000-node infrastructure graph: realistic enough to run the full engine, policy evaluation, and remediation pipel...


Mock Mode

No credentials needed. --mock generates a 10,000-node infrastructure graph: realistic enough to run the full engine, policy evaluation, and remediation pipeline against.

Enabling Mock Mode

cs scan --mock          # One-shot scan against the mock graph
cs daemon --mock        # Daemon + Web UI with mock data
cs tui                 # Terminal dashboard (connects to a running daemon — start one with --mock above)

When the daemon runs in mock mode, the Web Dashboard at localhost:8080 is fully functional: all tabs, charts, AI chat, and remediation pipelines work with simulated data.

Mock Graph

What It Contains

The chaos graph seeds 10,000 nodes across all five providers, deliberately designed to exercise every engine subsystem:

Compute Resources

  • Ghost EC2 instances: running but consuming no CPU for 60+ days
  • Stopped GCE instances left in stopped state
  • Azure VMs with deallocated status but still accruing disk costs
  • Over-provisioned K8s pods with 10x their actual resource usage
  • Linode instances created by dev environments and never terminated

Storage Resources

  • Unattached EBS volumes in available state (30+ days)
  • GCS buckets with zero object access in 90 days
  • Azure managed disks not attached to any VM
  • Orphaned K8s PVCs not mounted by any pod

Networking

  • Hollow NAT Gateways with <1GB traffic over 30 days
  • Unused Elastic IP addresses
  • Empty load balancers with no healthy targets
  • Cross-cloud CIDR overlap edges (Ghost Linker discovers AWS VPC ↔ GCP VPC connections)

Serverless

& Managed Services - Stale Lambda functions with zero invocations (90+ days) - Idle Cloud Run services with zero requests - Empty DynamoDB tables with provisioned capacity - Idle Pub/Sub subscriptions with undelivered messages

Risk Signals

  • Spot instances with high HMM-predicted termination probability
  • Publicly accessible S3 buckets
  • Security groups with 0.0.0.0/0 ingress rules
  • RDS instances with PubliclyAccessible: true
  • PII-classified resources (tagged data-classification: pii)
  • Resources with formal reachability proofs (Internet → Database paths)

Automatic Credential Fallback

No need to pass --mock explicitly in CI. When the scanner detects missing or invalid credentials, it automatically falls back to mock mode:

WARN: No cloud credentials found: falling back to mock mode for static analysis

The engine recognises 13 credential failure patterns across AWS, GCP, and Azure:

  • unable to locate credentials
  • could not find default credentials
  • AccessDenied, AuthenticationFailed
  • no such host, invalid_client
  • credential init failed

Your GitHub Actions workflow works on forks and open-source PRs where secrets aren't available: without any conditional logic.

Mock Mode

+ CEL Policies

Policies evaluate against the mock graph exactly as they would against live infrastructure:

cs scan --mock --rules my-policies.yaml

The fastest way to test a new policy: no real infrastructure needed.

Mock Mode

+ AI Chat

In cs daemon --mock, the DEVI AI chat works fully. DEVI queries the mock graph via its MCP tools:

> Which resources cost the most in the mock graph?
> What's the blast radius of the mock NAT gateway?
> Generate a CEL policy to block public S3 buckets

Mock mode is useful for demoing AI capabilities to stakeholders without sharing real infrastructure data.

Mock Mode

When to Use

Situation Use Mock Mode?
Exploring CloudSlash for the first time ✅ Yes
Demoing to stakeholders ✅ Yes
Testing new CEL policies ✅ Yes
CI pipelines without cloud secrets ✅ Yes (automatic)
Developing a new plugin ✅ Yes
Scanning a real AWS/GCP/Azure account ❌ No: use real credentials
Generating a compliance report ❌ No: mock data won't reflect real state