Skip to content

varlock: verify the provider schema and safe agent command pattern #310

Description

@WalksWithASwagger

Parent: https://github.com/WalksWithASwagger/kk-kb/issues/2453

Goal

Make the existing Varlock schema and provider command pattern executable without exposing or changing credentials.

Scope

  • Work from a clean origin/main worktree.
  • Reconcile the schema using committed examples and code references only.
  • Preserve the current Node runtime and package-manager choices.
  • Add or normalize redacted validation and varlock run --inject vars -- ... examples.
  • Ensure public documentation contains no secret inventory or local machine paths.

Acceptance Criteria

  • Schema coverage matches the active provider-facing code surface.
  • Agent instructions prohibit reading env files and printing process environments.
  • One non-secret smoke command proves Varlock injection reaches the child process.
  • Existing tests pass.
  • No real value, local path, ignored env file, or provider setting is exposed or changed.

Verification

varlock load --agent --show-all
varlock audit
varlock scan --staged

Use the repository's existing test command.

Stop Rules

  • Do not read, print, reveal, copy, rotate, encrypt, or move real secret values.
  • Do not open real .env files; derive the contract from schemas, examples, code references, and platform variable names only.
  • Do not update GitHub, Vercel, Codex, Claude, Cloudflare, or other provider values.
  • Do not deploy.
  • Stop with a concise blocker if redacted validation requires a human unlock or a missing value.

Metadata

Metadata

Assignees

No one assigned

    Labels

    configurationConfiguration and environment setupdev-experienceDeveloper experience and toolingin-progressAgentic runner is currently attempting the issue.securitySecurity and secrets managementtype:taskImplementation task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions