Show HN: Envgrd – Detect environment variable drift using AST analysis

1 points by jenia_n 4 hours ago

I built a small CLI to solve a problem that repeatedly caused production issues on my teams: environment variable drift.

Things like:

Code starts using a new env var but configs aren’t updated

Old variables sit in .env or docker-compose long after they’ve been removed

Onboarding fails because required env vars aren’t documented anywhere

CI/CD passes locally but fails remotely because variables were exported only on one machine

Regex-based scanners always produced tons of false positives and couldn’t handle dynamic patterns. So I built envgrd, a fast, AST-based scanner that uses Tree-Sitter to parse code (JS/TS, Go, Python, Rust, Java) and compare it against env sources: .env files, direnv, docker-compose, Kubernetes ConfigMaps/Secrets, systemd units, and shell exports.

It reports:

Missing env vars (used in code but not in configs)

Unused env vars (in configs but never referenced in code)

Dynamic patterns like process.env["prefix_" + var] or os.Getenv(key + "_suffix")

It runs in parallel, supports JSON output, and can be hooked into post-merge or CI jobs.

Repo: https://github.com/njenia/envgrd

Would love feedback, ideas, or any edge cases you think it should handle!