Parent: https://github.com/WalksWithASwagger/kk-kb/issues/2453
Goal
Make the existing Varlock schema and provider command pattern executable without exposing or changing credentials.
Scope
- Work from a clean
origin/main worktree.
- Reconcile the schema using committed examples and code references only.
- Preserve the current Node runtime and package-manager choices.
- Add or normalize redacted validation and
varlock run --inject vars -- ... examples.
- Ensure public documentation contains no secret inventory or local machine paths.
Acceptance Criteria
Verification
varlock load --agent --show-all
varlock audit
varlock scan --staged
Use the repository's existing test command.
Stop Rules
- Do not read, print, reveal, copy, rotate, encrypt, or move real secret values.
- Do not open real
.env files; derive the contract from schemas, examples, code references, and platform variable names only.
- Do not update GitHub, Vercel, Codex, Claude, Cloudflare, or other provider values.
- Do not deploy.
- Stop with a concise blocker if redacted validation requires a human unlock or a missing value.
Parent: https://github.com/WalksWithASwagger/kk-kb/issues/2453
Goal
Make the existing Varlock schema and provider command pattern executable without exposing or changing credentials.
Scope
origin/mainworktree.varlock run --inject vars -- ...examples.Acceptance Criteria
Verification
Use the repository's existing test command.
Stop Rules
.envfiles; derive the contract from schemas, examples, code references, and platform variable names only.