Parent: https://github.com/WalksWithASwagger/kk-kb/issues/2453
Goal
Make the existing Varlock contract and env-check workflow dependable for local and agent-driven development.
Scope
- Work from a clean
origin/main worktree.
- Reconcile the schema from committed examples and code references only.
- Normalize the existing env-check command around agent-safe Varlock output.
- Add one documented
varlock run --inject vars -- ... command for a non-production smoke path.
- Keep public issue and documentation text free of secret inventory and local machine paths.
Acceptance Criteria
Verification
make env-check
varlock audit
varlock scan --staged
Stop Rules
- Do not read, print, reveal, copy, rotate, encrypt, or move real secret values.
- Do not open real
.env files; derive the contract from schemas, examples, code references, and platform variable names only.
- Do not update GitHub, Vercel, Codex, Claude, Cloudflare, or other provider values.
- Do not deploy.
- Stop with a concise blocker if redacted validation requires a human unlock or a missing value.
Parent: https://github.com/WalksWithASwagger/kk-kb/issues/2453
Goal
Make the existing Varlock contract and env-check workflow dependable for local and agent-driven development.
Scope
origin/mainworktree.varlock run --inject vars -- ...command for a non-production smoke path.Acceptance Criteria
Verification
Stop Rules
.envfiles; derive the contract from schemas, examples, code references, and platform variable names only.