@danielszlaski/envguard 0.1.0

package/.envguardrc.example.json

@@ -0,0 +1,17 @@
+{
+  "$schema": "https://json-schema.org/draft-07/schema",
+  "title": "EnvGuard Configuration",
+  "description": "Configuration file for EnvGuard - keep your environment variables in sync",
+  "ignoreVars": [
+    "MY_COMPANY_VAR",
+    "PLATFORM_PROVIDED_VAR"
+  ],
+  "strict": false,
+  "exclude": [
+    "**/tmp/**",
+    "**/cache/**",
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/test/**"
+  ]
+}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Daniel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,320 @@
+# EnvGuard 🔐
+
+Keep your environment variables in sync with your codebase.
+
+## The Problem
+
+- `.env.example` is always out of sync with actual `.env`
+- New developers don't know what environment variables they need
+- Production secrets accidentally committed
+- Dead environment variables cluttering your config
+
+## The Solution
+
+EnvGuard automatically:
+- Scans your codebase for `process.env.*` usage
+- Compares with your `.env` and `.env.example` files
+- **Supports Serverless Framework** - scans `serverless.yml` environment configurations
+- Alerts you to missing, unused, or undocumented variables
+- Auto-generates `.env.example` with helpful comments
+- **Supports multiple `.env` files** in subdirectories (monorepo-friendly!)
+
+## Installation
+
+```bash
+npm install -g envguard
+```
+
+Or use with npx:
+
+```bash
+npx envguard scan
+```
+
+## Usage
+
+### Scan for issues
+
+```bash
+envguard scan
+```
+
+Example output:
+
+```
+🔍 Scanning codebase for environment variables...
+
+✓ Found 12 unique environment variables in code
+✓ Found 10 variables in .env
+✓ Found 8 variables in .env.example
+
+⚠️  Found 5 issue(s):
+
+🚨 Missing from .env:
+  1. STRIPE_SECRET_KEY
+     Used in: src/payment.js, src/checkout.ts
+  2. API_KEY
+     Used in: src/api/client.ts
+
+⚠️  Unused variables (consider removing):
+  1. OLD_API_URL
+     Defined in .env but never used in code
+
+📝 Missing from .env.example:
+  1. DATABASE_URL
+     Used in: src/db/connection.ts
+  2. JWT_SECRET
+     Used in: src/auth/jwt.ts
+
+💡 Run `envguard fix` to auto-generate .env.example
+```
+
+### Auto-generate .env.example
+
+```bash
+envguard fix
+```
+
+This will create/update `.env.example` files with:
+- All environment variables used in your code
+- Comments showing where each variable is used
+- Format hints for common variable types (URLs, ports, etc.)
+- **Creates `.env.example` next to each `.env` file** (great for monorepos!)
+
+Example generated `.env.example`:
+
+```bash
+# Auto-generated by envguard
+# Do not put actual secrets in this file - use .env instead
+
+# Used in: src/db/connection.ts:12, src/models/user.ts:5
+# Format: postgresql://user:pass@host:5432/db
+DATABASE_URL=
+
+# Used in: src/payment.js:23
+# Format: sk_test_...
+STRIPE_SECRET_KEY=
+
+# Used in: src/server.ts:8
+# Format: 3000
+PORT=
+```
+
+### CI/CD Integration
+
+Use the `check` command in your CI pipeline to fail builds if environment variables are out of sync:
+
+```bash
+envguard check
+```
+
+This is equivalent to `envguard scan --ci` and will exit with code 1 if issues are found.
+
+#### GitHub Actions Example
+
+```yaml
+name: Check Env Sync
+on: [pull_request]
+
+jobs:
+  envguard:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+      - run: npx envguard check
+```
+
+## Supported Languages & Frameworks
+
+### JavaScript/TypeScript
+- JavaScript (`.js`, `.mjs`, `.cjs`)
+- TypeScript (`.ts`, `.tsx`)
+- JSX (`.jsx`)
+
+Detects:
+- `process.env.VAR_NAME`
+- `process.env['VAR_NAME']`
+- `const { VAR_NAME } = process.env`
+
+### Serverless Framework
+- Automatically detects `serverless.yml` and `serverless.yaml` files
+- Scans `provider.environment` section
+- Scans function-level `environment` sections
+- Detects references to external sources (SSM, Secrets Manager, etc.)
+- Validates that all defined variables are used in code
+- Reports variables used in code but not defined in serverless.yml
+
+## Configuration
+
+EnvGuard works out of the box with sensible defaults. It automatically excludes:
+- `node_modules`
+- `dist`
+- `build`
+- `.git`
+
+### Custom Configuration
+
+Create a `.envguardrc.json` file in your project root to customize behavior:
+
+```json
+{
+  "ignoreVars": [
+    "MY_CUSTOM_VAR",
+    "ANOTHER_VAR",
+    "COMPANY_INTERNAL_VAR"
+  ],
+  "strict": false,
+  "exclude": [
+    "**/build/**",
+    "**/tmp/**"
+  ]
+}
+```
+
+**Configuration options:**
+
+- `ignoreVars` (string[]): Custom environment variables to ignore in non-strict mode. These will be treated like AWS_REGION and won't trigger warnings.
+- `strict` (boolean): Enable strict mode by default (can be overridden with CLI flag)
+- `exclude` (string[]): Additional file patterns to exclude from scanning
+
+**Alternative: package.json**
+
+You can also add configuration to your `package.json`:
+
+```json
+{
+  "envguard": {
+    "ignoreVars": ["MY_CUSTOM_VAR"],
+    "strict": false
+  }
+}
+```
+
+**Use case for ignoreVars:**
+- Company-wide variables that are always available (injected by infrastructure)
+- Framework-specific variables you don't need to track
+- Variables provided by your deployment platform (Vercel, Netlify, etc.)
+- Custom variables for GitHub Apps or CI/CD integrations
+
+**Priority:** CLI flags > `.envguardrc.json` > `package.json` > defaults
+
+**GitHub Apps & CI/CD:**
+When using EnvGuard as a GitHub App or in CI/CD pipelines, commit your `.envguardrc.json` to the repository. This ensures consistent behavior across all environments and team members.
+
+### Monorepo Support
+
+EnvGuard automatically detects all `.env` files in your project, including subdirectories. When you run `envguard fix`, it creates a `.env.example` file next to each `.env` file it finds.
+
+Example structure:
+```
+project/
+├── .env              → generates .env.example
+├── src/
+│   └── lambda1/
+│       ├── .env      → generates lambda1/.env.example
+│       └── handler.js
+└── services/
+    └── api/
+        ├── .env      → generates api/.env.example
+        └── server.js
+```
+
+Each `.env.example` only includes variables used in that directory and its subdirectories.
+
+## Serverless Framework Support
+
+EnvGuard can scan `serverless.yml` files as a standalone source of environment variable definitions. This is useful for AWS Lambda projects where environment variables are defined in the serverless configuration rather than `.env` files.
+
+### How it works
+
+1. **Detects** `serverless.yml` files in your project
+2. **Extracts** environment variables from `provider.environment` and function-level `environment` sections
+3. **Validates** that all defined variables are actually used in your Lambda code
+4. **Reports** unused variables and missing definitions
+
+### Example serverless.yml
+
+```yaml
+provider:
+  name: aws
+  runtime: nodejs20.x
+  environment:
+    NODE_ENV: ${opt:stage}
+    API_KEY: ${ssm:/my-app/api-key}
+    DATABASE_URL: ${self:custom.dbUrl}
+```
+
+### Scan output for serverless.yml
+
+```
+📂 Checking src/lambda/serverless.yml
+
+   Found 3 variable(s) in serverless.yml
+   Found 2 variable(s) used in code
+
+   ⚠️  Unused variables in serverless.yml:
+      1. DATABASE_URL
+
+   🚨 Missing from serverless.yml:
+      1. LOG_LEVEL
+         Used in: src/lambda/handler.js
+```
+
+### Key Features
+
+- **No .env required** - serverless.yml is treated as a standalone configuration source
+- **CloudFormation intrinsic functions** - Supports `!Ref`, `!GetAtt`, `!Sub`, `!ImportValue`, and all CF functions
+- **External references** - Detects SSM parameters, Secrets Manager, CloudFormation outputs
+- **Function-level variables** - Scans both provider-level and function-specific environment vars
+- **Smart filtering** - Automatically skips AWS/runtime variables (disable with `--strict`)
+- **CI/CD validation** - Use `envguard check` to enforce serverless config completeness
+
+## Commands
+
+- `envguard scan` - Scan for issues and display report
+- `envguard scan --ci` - Scan and exit with error code if issues found
+- `envguard scan --strict` - Report all variables including known runtime variables
+- `envguard fix` - Auto-generate `.env.example`
+- `envguard check` - Alias for `scan --ci`
+- `envguard check --strict` - Check with strict mode enabled
+
+### Strict Mode
+
+By default, EnvGuard filters out well-known runtime variables that don't need to be explicitly defined:
+
+**AWS Lambda variables**: `AWS_REGION`, `AWS_LAMBDA_FUNCTION_NAME`, etc.
+**Node.js runtime**: `NODE_ENV`, `PATH`, etc.
+**CI/CD environments**: `CI`, `GITHUB_ACTIONS`, etc.
+**Serverless Framework**: `IS_OFFLINE`, `SLS_OFFLINE`, etc.
+
+Use `--strict` mode to report ALL variables including these runtime-provided ones:
+
+```bash
+envguard scan --strict
+```
+
+Example output (non-strict):
+```
+ℹ️  Skipped known runtime variables (use --strict to show):
+   Serverless Framework: IS_OFFLINE, SLS_OFFLINE
+   CI/CD: CI
+   AWS Lambda: AWS_REGION
+```
+
+## Development
+
+```bash
+# Install dependencies
+npm install
+
+# Build
+npm run build
+
+# Run locally
+npm start scan
+```
+
+## License
+
+MIT

package/dist/analyzer/envAnalyzer.d.ts

@@ -0,0 +1,8 @@
+import { ScanResult } from '../types';
+import { EnvEntry } from '../parser/envParser';
+export declare class EnvAnalyzer {
+    analyze(usedVars: Map<string, string[]>, definedVars: Map<string, EnvEntry>, exampleVars: Set<string>): ScanResult;
+    generateExampleContent(usedVars: Map<string, string[]>, existingEntries: Map<string, EnvEntry>): string;
+    private getFormatHint;
+}
+//# sourceMappingURL=envAnalyzer.d.ts.map

package/dist/analyzer/envAnalyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"envAnalyzer.d.ts","sourceRoot":"","sources":["../../src/analyzer/envAnalyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,UAAU,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAE/C,qBAAa,WAAW;IACtB,OAAO,CACL,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EAC/B,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,EAClC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,GACvB,UAAU;IA8Cb,sBAAsB,CACpB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EAC/B,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,GACrC,MAAM;IAyCT,OAAO,CAAC,aAAa;CAkCtB"}

package/dist/analyzer/envAnalyzer.js

@@ -0,0 +1,112 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnvAnalyzer = void 0;
+class EnvAnalyzer {
+    analyze(usedVars, definedVars, exampleVars) {
+        const issues = [];
+        // Issue 1: Variables used in code but missing from .env
+        for (const [varName, locations] of usedVars.entries()) {
+            if (!definedVars.has(varName)) {
+                issues.push({
+                    type: 'missing',
+                    varName,
+                    details: `Used in code but not defined in .env`,
+                    locations,
+                });
+            }
+        }
+        // Issue 2: Variables defined in .env but never used
+        for (const [varName] of definedVars.entries()) {
+            if (!usedVars.has(varName)) {
+                issues.push({
+                    type: 'unused',
+                    varName,
+                    details: `Defined in .env but never used in code`,
+                });
+            }
+        }
+        // Issue 3: Variables used in code but not in .env.example
+        for (const [varName, locations] of usedVars.entries()) {
+            if (!exampleVars.has(varName)) {
+                issues.push({
+                    type: 'undocumented',
+                    varName,
+                    details: `Used in code but missing from .env.example`,
+                    locations,
+                });
+            }
+        }
+        return {
+            issues,
+            usedVars,
+            definedVars: new Set(definedVars.keys()),
+            exampleVars,
+        };
+    }
+    generateExampleContent(usedVars, existingEntries) {
+        let content = '# Auto-generated by envguard\n';
+        content += '# Do not put actual secrets in this file - use .env instead\n\n';
+        const sortedVars = Array.from(usedVars.keys()).sort();
+        for (const varName of sortedVars) {
+            const locations = usedVars.get(varName);
+            const existingEntry = existingEntries.get(varName);
+            // Add location comments
+            content += `# Used in: ${locations.slice(0, 3).join(', ')}`;
+            if (locations.length > 3) {
+                content += ` (+${locations.length - 3} more)`;
+            }
+            content += '\n';
+            // Add existing comment if available
+            if (existingEntry?.comment) {
+                content += `# ${existingEntry.comment}\n`;
+            }
+            else {
+                // Add a format hint based on common patterns
+                const hint = this.getFormatHint(varName);
+                if (hint) {
+                    content += `# Format: ${hint}\n`;
+                }
+            }
+            // Add the variable with empty value or existing value
+            if (existingEntry) {
+                content += `${varName}=${existingEntry.value}\n`;
+            }
+            else {
+                content += `${varName}=\n`;
+            }
+            content += '\n';
+        }
+        return content;
+    }
+    getFormatHint(varName) {
+        const patterns = {
+            'DATABASE_URL': 'postgresql://user:pass@host:5432/db',
+            'MONGODB_URI': 'mongodb://localhost:27017/dbname',
+            'REDIS_URL': 'redis://localhost:6379',
+            'PORT': '3000',
+            'NODE_ENV': 'development|production|test',
+            'API_KEY': 'your-api-key-here',
+            'SECRET': 'your-secret-here',
+            'JWT_SECRET': 'your-jwt-secret',
+            'STRIPE_': 'sk_test_...',
+            'AWS_': 'aws-credentials',
+        };
+        for (const [pattern, hint] of Object.entries(patterns)) {
+            if (varName.includes(pattern)) {
+                return hint;
+            }
+        }
+        if (varName.endsWith('_URL') || varName.endsWith('_URI')) {
+            return 'https://example.com';
+        }
+        if (varName.endsWith('_PORT')) {
+            return '8080';
+        }
+        if (varName.endsWith('_KEY') || varName.endsWith('_SECRET') || varName.endsWith('_TOKEN')) {
+            return 'your-secret-here';
+        }
+        return null;
+    }
+}
+exports.EnvAnalyzer = EnvAnalyzer;
+//# sourceMappingURL=envAnalyzer.js.map

package/dist/analyzer/envAnalyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envAnalyzer.js","sourceRoot":"","sources":["../../src/analyzer/envAnalyzer.ts"],"names":[],"mappings":";;;AAGA,MAAa,WAAW;IACtB,OAAO,CACL,QAA+B,EAC/B,WAAkC,EAClC,WAAwB;QAExB,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,wDAAwD;QACxD,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACtD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,SAAS;oBACf,OAAO;oBACP,OAAO,EAAE,sCAAsC;oBAC/C,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,OAAO;oBACP,OAAO,EAAE,wCAAwC;iBAClD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,0DAA0D;QAC1D,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACtD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,cAAc;oBACpB,OAAO;oBACP,OAAO,EAAE,4CAA4C;oBACrD,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM;YACN,QAAQ;YACR,WAAW,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACxC,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,sBAAsB,CACpB,QAA+B,EAC/B,eAAsC;QAEtC,IAAI,OAAO,GAAG,gCAAgC,CAAC;QAC/C,OAAO,IAAI,iEAAiE,CAAC;QAE7E,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAEtD,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;YACjC,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC;YACzC,MAAM,aAAa,GAAG,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAEnD,wBAAwB;YACxB,OAAO,IAAI,cAAc,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5D,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,OAAO,IAAI,MAAM,SAAS,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC;YAChD,CAAC;YACD,OAAO,IAAI,IAAI,CAAC;YAEhB,oCAAoC;YACpC,IAAI,aAAa,EAAE,OAAO,EAAE,CAAC;gBAC3B,OAAO,IAAI,KAAK,aAAa,CAAC,OAAO,IAAI,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,6CAA6C;gBAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBACzC,IAAI,IAAI,EAAE,CAAC;oBACT,OAAO,IAAI,aAAa,IAAI,IAAI,CAAC;gBACnC,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,IAAI,GAAG,OAAO,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC;YACnD,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,GAAG,OAAO,KAAK,CAAC;YAC7B,CAAC;YAED,OAAO,IAAI,IAAI,CAAC;QAClB,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,aAAa,CAAC,OAAe;QACnC,MAAM,QAAQ,GAA8B;YAC1C,cAAc,EAAE,qCAAqC;YACrD,aAAa,EAAE,kCAAkC;YACjD,WAAW,EAAE,wBAAwB;YACrC,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,6BAA6B;YACzC,SAAS,EAAE,mBAAmB;YAC9B,QAAQ,EAAE,kBAAkB;YAC5B,YAAY,EAAE,iBAAiB;YAC/B,SAAS,EAAE,aAAa;YACxB,MAAM,EAAE,iBAAiB;SAC1B,CAAC;QAEF,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvD,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1F,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAjID,kCAiIC"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,52 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const scan_1 = require("./commands/scan");
+const fix_1 = require("./commands/fix");
+const program = new commander_1.Command();
+program
+    .name('envguard')
+    .description('Keep your environment variables in sync with your codebase')
+    .version('0.1.0');
+program
+    .command('scan')
+    .description('Scan codebase and compare with .env files')
+    .option('--ci', 'Exit with error code if issues found (for CI/CD)')
+    .option('--strict', 'Report all variables including known runtime variables (AWS_REGION, NODE_ENV, etc.)')
+    .action(async (options) => {
+    try {
+        await (0, scan_1.scanCommand)(options);
+    }
+    catch (error) {
+        console.error('Error:', error);
+        process.exit(1);
+    }
+});
+program
+    .command('fix')
+    .description('Auto-generate .env.example from codebase')
+    .action(async () => {
+    try {
+        await (0, fix_1.fixCommand)();
+    }
+    catch (error) {
+        console.error('Error:', error);
+        process.exit(1);
+    }
+});
+program
+    .command('check')
+    .description('Check for issues (alias for scan --ci)')
+    .option('--strict', 'Report all variables including known runtime variables (AWS_REGION, NODE_ENV, etc.)')
+    .action(async (options) => {
+    try {
+        await (0, scan_1.scanCommand)({ ci: true, strict: options.strict });
+    }
+    catch (error) {
+        console.error('Error:', error);
+        process.exit(1);
+    }
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,0CAA8C;AAC9C,wCAA4C;AAG5C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,4DAA4D,CAAC;KACzE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2CAA2C,CAAC;KACxD,MAAM,CAAC,MAAM,EAAE,kDAAkD,CAAC;KAClE,MAAM,CAAC,UAAU,EAAE,qFAAqF,CAAC;KACzG,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC;QACH,MAAM,IAAA,kBAAW,EAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,0CAA0C,CAAC;KACvD,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,IAAI,CAAC;QACH,MAAM,IAAA,gBAAU,GAAE,CAAC;IACrB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,wCAAwC,CAAC;KACrD,MAAM,CAAC,UAAU,EAAE,qFAAqF,CAAC;KACzG,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC;QACH,MAAM,IAAA,kBAAW,EAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/commands/check.d.ts

@@ -0,0 +1,5 @@
+export declare function checkCommand(): Promise<{
+    success: boolean;
+    issues: import("..").Issue[];
+}>;
+//# sourceMappingURL=check.d.ts.map

package/dist/commands/check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAEA,wBAAsB,YAAY;;;GAGjC"}

package/dist/commands/check.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkCommand = checkCommand;
+const scan_1 = require("./scan");
+async function checkCommand() {
+    // Check command is the same as scan but with --ci flag
+    return (0, scan_1.scanCommand)({ ci: true });
+}
+//# sourceMappingURL=check.js.map

package/dist/commands/check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":";;AAEA,oCAGC;AALD,iCAAqC;AAE9B,KAAK,UAAU,YAAY;IAChC,uDAAuD;IACvD,OAAO,IAAA,kBAAW,EAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;AACnC,CAAC"}

package/dist/commands/fix.d.ts

@@ -0,0 +1,4 @@
+export declare function fixCommand(): Promise<{
+    success: boolean;
+}>;
+//# sourceMappingURL=fix.d.ts.map

package/dist/commands/fix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix.d.ts","sourceRoot":"","sources":["../../src/commands/fix.ts"],"names":[],"mappings":"AAOA,wBAAsB,UAAU;;GAgE/B"}