Skip to content

feat: shipnode env diff + env pull for drift detection #9

Description

@devalade

What to build

Today shipnode env only pushes the local .env to the server. There is no way to detect drift (someone edited the server env during an incident) or to reconcile the remote state with a local file. Add two subcommands:

  • shipnode env diff [--file path] — compare local .env (or file at --file) against the remote .env currently in use. Output: keys added, removed, and modified. Values must be masked by default (show first 2 + last 2 chars); a --show-values flag reveals them.
  • shipnode env pull [--file path] — download the remote .env into a local file (default .env.remote) so the operator can merge it manually. Never overwrites .env directly.

The remote .env location is whatever shipnode env already writes to — reuse that resolution logic, don't hard-code a path.

Acceptance criteria

  • shipnode env diff on an in-sync env exits 0 with an "in sync" message
  • shipnode env diff on drift shows added/removed/modified keys, values masked
  • shipnode env diff --show-values reveals values (respect the same permission gate as env push)
  • shipnode env pull writes .env.remote and refuses to overwrite an existing file without --force
  • shipnode env pull --file path writes to the given path
  • Neither command modifies the remote file

Blocked by

None - can start immediately

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions