HN 표시: EnvSentinel – 계약 기반 .env 유효성 검사, 종속성 없음

envsentinel is a contract-driven CLI that prevents .env drift across local development, CI, and production deployments. Teams lose time and reliability when environment variables are undocumented, silently renamed, or incorrectly typed. Typical failure modes: - New teammate copies an old .env and misses required variables. - CI passes while production crashes because a value is malformed. .env.example goes stale and stops reflecting real requirements. EnvSentinel treats environment configuration as a versioned contract: - Validate one or more .env files against a JSON schema contract. - Fail fast in CI with clear, actionable diagnostics. - Generate .env.example directly from the contract to avoid drift. - Bootstrap a starter contract from an existing .env . envsentinel init : scaffold a contract from an existing.env envsentinel check : validate.env files against that contract (--json ,--junit ,--env-glob ,--env-dir ,--exclude-env-glob )envsentinel example : generate.env.example from the contract From PyPI (after first release): pipx install envsentinel Or: python -m pip install envsentinel From source: python -m pip install . For editable development: python -m pip install -e . - Create a contract from your current .env : envsentinel init --from-env .env --schema envsentinel.json - Refine envsentinel.json rules (required, type, pattern, choices, bounds). - Validate in local dev and CI: envsentinel check --schema envsentinel.json --env .env CI-friendly JUnit report: envsentinel check --schema envsentinel.json --env .env --junit reports/envsentinel.junit.xml Validate a set of env files with glob patterns: envsentinel check --schema envsentinel.json --env-glob ".env.*" --exclude-env-glob ".env.example" Recursively discover env files inside directories: envsentinel check --schema envsentinel.json --env-dir services --env-dir apps - Regenerate .env.example from the contract: envsentinel example --schema envsentinel.json --output .env.example --force Contract file is JSON: { "version": 1, "allow_unknown": false, "variables": { "APP_ENV": { "required": true, "type": "string", "choices": ["dev", "stage", "prod"], "description": "Deployment environment" }, "PORT": { "required": true, "type": "int", "min": 1, "max": 65535, "default": 8000 }, "DATABASE_URL": { "required": true, "type": "url", "sensitive": true } } } Supported field semantics: required (bool ): if missing and no default, validation fails.type (string|int|float|bool|url|email ): value type constraint.choices (list[str] ): must match one of the listed values.pattern (regex ): full-match regex constraint.min ,max (number ):- numeric bounds for int andfloat - length bounds for string (must be integer bounds forstring ) - numeric bounds for default : used for generated example output and documentation.sensitive (bool ): when true, defaults must be empty or null; generated starter contracts never persist raw secret defaults.allow_unknown (bool ): whether keys outsidevariables are allowed. Parser guarantees: - Duplicate keys in .env are rejected with file/line diagnostics. - Invalid dotenv syntax fails fast with source line context. Use the included GitHub Actions workflow (.github/workflows/ci.yml ) as a baseline. In your project, add a validation step: envsentinel check --schema envsentinel.json --env .env For monorepos or environment matrices: envsentinel check --schema envsentinel.json --env services/api/.env --env services/worker/.env Or discover files by pattern: envsentinel check --schema envsentinel.json --env-glob "services/*/.env" Or recursively scan directories for .env and .env.* files: envsentinel check --schema envsentinel.json --env-dir services EnvSentinel is most useful when it runs before bad configuration changes are committed. - Install both tools in your project environment: python -m pip install -e . python -m pip install pre-commit - Copy the example config: cp .pre-commit-config.example.yaml .pre-commit-config.yaml - Install git hooks: pre-commit install - Validate immediately: pre-commit run --all-files This repository ships a .pre-commit-hooks.yaml manifest. Once you publish tagged releases, consumers can reference it directly: repos: - repo: https://github.com//envsentinel rev: v0.1.0 hooks: - id: envsentinel-check args: ["--schema", "envsentinel.json", "--env", ".env"] - Contract changes are reviewed in pull requests. - CI runs envsentinel check against environment templates. .env.example is regenerated from contract and committed.- Deploy jobs validate runtime-loaded env files before rollout. This catches configuration regressions before runtime. Run tests: python -m unittest discover -s tests -v Install development tooling: python -m pip install -e ".[dev]" This repository includes a PyPI publish workflow at .github/workflows/publish.yml . - Create the project on PyPI. - Configure a PyPI Trusted Publisher for this GitHub repository. - Ensure your default branch CI is green. - Bump version in pyproject.toml . - Run local checks: p