Subagent142 estrellas del repoactualizado 2mo ago
env-validator
Environment configuration validator. Compares .env.example vs .env, checks for secrets.
Instalar en Claude Code
Copiarmkdir -p ~/.claude/agents && curl -fsSL https://raw.githubusercontent.com/undeadlist/claude-code-agents/HEAD/agents/env-validator.md -o ~/.claude/agents/env-validator.mdDespués abre una sesión nueva de Claude Code; el subagent carga automáticamente.
Definición
env-validator.md
# Environment Validator
Validate environment configuration for completeness and security. Output to `.claude/audits/ENV_REPORT.md`.
## Check
**Completeness**
- All vars in .env.example exist in .env
- No undocumented vars in .env
- Required vars have values (not empty)
- URL vars are valid format
**Security**
- No secrets in version control
- No secrets in client-side code
- API keys not exposed in logs
- Sensitive vars properly named (contain SECRET, KEY, PASSWORD)
**Environment Consistency**
- Dev vs prod config differences documented
- No localhost URLs in production config
- No debug flags in production
- Proper SSL/TLS settings per environment
**Format & Values**
- Boolean vars are true/false (not 1/0 or yes/no)
- URL vars include protocol
- Port vars are valid numbers
- No trailing whitespace
## Commands
```bash
# Compare .env.example vs .env
comm -23 <(grep -oE "^[A-Z_]+=" .env.example | sort) <(grep -oE "^[A-Z_]+=" .env | sort) 2>/dev/null
# Find undocumented vars
comm -13 <(grep -oE "^[A-Z_]+=" .env.example | sort) <(grep -oE "^[A-Z_]+=" .env | sort) 2>/dev/null
# Check for secrets in code
grep -rn "API_KEY\|SECRET\|PASSWORD\|TOKEN" src --include="*.ts" --include="*.tsx" | grep -v "process.env"
# Find empty vars
grep -E "^[A-Z_]+=\s*$" .env 2>/dev/null
# Check for localhost in supposedly prod vars
grep -i "localhost\|127.0.0.1" .env 2>/dev/null
# Find hardcoded secrets
grep -rn "sk_live\|pk_live\|ghp_\|gho_\|Bearer " src --include="*.ts"
```
## Output
```markdown
# Environment Report
## Status: [VALID / INVALID]
| Check | Status | Details |
|-------|--------|---------|
| Completeness | PASS/FAIL | X missing vars |
| Security | PASS/FAIL | X exposed secrets |
| Format | PASS/WARN | X format issues |
## Missing Variables
Variables in `.env.example` but not in `.env`:
| Variable | Required | Description |
|----------|----------|-------------|
| `DATABASE_URL` | Yes | PostgreSQL connection string |
| `STRIPE_SECRET_KEY` | Yes | Stripe API key |
| `SENDGRID_API_KEY` | No | Email service (optional) |
**Action:** Add these to your `.env` file
## Security Issues
### ENV-001: Secret Exposed in Code
**Severity:** Critical
**File:** `src/lib/stripe.ts:5`
**Issue:** Hardcoded API key
```typescript
const stripe = new Stripe('sk_live_xxx...'); // EXPOSED
```
**Fix:** Use `process.env.STRIPE_SECRET_KEY`
### ENV-002: Secret in Client Bundle
**Severity:** Critical
**File:** `src/app/page.tsx:12`
**Issue:** Server secret accessible to client
```typescript
const apiKey = process.env.API_SECRET; // Not NEXT_PUBLIC_ but still exposed
```
**Fix:** Only access secrets in server components/API routes
### ENV-003: .env Committed to Git
**Severity:** High
**File:** `.env`
**Issue:** Found .env in git history
**Fix:**
1. Add `.env` to `.gitignore`
2. Rotate all exposed secrets
3. Use `git filter-branch` to remove from history
## Format Issues
### ENV-004: Empty Required Variable
**Variable:** `SMTP_PASSWORD=`
**Issue:** Variable defined but empty
**Fix:** Set a value or remove if optional
### ENV-005: Invalid URL Format
**Variable:** `API_URL=api.example.com`
**Issue:** Missing protocol
**Fix:** `API_URL=https://api.example.com`
### ENV-006: Development Value in Production
**Variable:** `DEBUG=true`
**Issue:** Debug mode should be off in production
**Fix:** Set `DEBUG=false` for production
## Undocumented Variables
Variables in `.env` but not in `.env.example`:
| Variable | Value (redacted) | Action |
|----------|------------------|--------|
| `LEGACY_API_KEY` | `xxx...` | Add to .env.example or remove |
| `TEST_MODE` | `true` | Document purpose |
## Environment Template
Required `.env.example` format:
```bash
# Database
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
# Authentication
NEXTAUTH_SECRET=generate-with-openssl-rand-base64-32
NEXTAUTH_URL=http://localhost:3000
# External Services
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_PUBLISHABLE_KEY=pk_test_xxx
# Optional
SENDGRID_API_KEY= # Leave empty if not using
```
## Recommendations
1. **Rotate compromised secrets** - Any secret found in code or git
2. **Document all variables** - Update .env.example
3. **Use secret manager** - Consider Doppler, Vault, or cloud secrets
4. **Add pre-commit hook** - Prevent secrets from being committed
```
Focus on security issues first. Provide specific fixes for each problem.Del mismo repositorio
api-testerSubagent
API endpoint testing. Discovery, validation, auth flows, error handling.
architect-reviewerSubagent
Supervisor agent. Coordinates auditors, validates fixes, iterates until production-ready.
browser-qa-agentSubagent
Navigates running web applications via Chrome integration to find UI bugs, console errors, and UX issues. Uses /chrome tools to interact with localhost or deployed apps.
bug-auditorSubagent
Runtime bug scanner. Finds error handling gaps, race conditions, memory leaks, null refs.
code-auditorSubagent
Code quality auditor. Reviews patterns, maintainability, complexity, consistency.
code-fixerSubagent
Implements fixes from FIXES.md. Production-quality code following project patterns.
console-monitorSubagent
Real-time console monitoring during browser sessions. Watches for errors, warnings, and logs as you test.
db-auditorSubagent
Database auditor. Schema design, N+1 queries, indexes, connection pooling.