Getting Started Β Β β’Β Β Getting Involved Β Β β’Β Β Getting In Touch
Rules Β Β β’Β Β Usage Β Β β’Β Β Custom Policies Β Β β’Β Β Package
A fast, opinionated linter for OpenTelemetry Collector configurations. Catches misconfigurations, security issues, and performance pitfalls before they hit production.
Built with OPA/Rego β every rule is a plain .rego file you can read, override, or extend.
The OpenTelemetry Collector is flexible, but that flexibility makes it easy to ship configs that silently drop data, leak secrets, or OOM under load. augur encodes hard-won operational knowledge into automated checks:
- No memory limiter? You'll OOM in production.
- Hardcoded API key? It'll end up in version control.
- Batch processor in the wrong position? You're leaving performance on the table.
brew install starkross/tap/augurgo install github.com/starkross/augur/cmd/augur@latestdocker run --rm -v "$(pwd):/work" ghcr.io/starkross/augur:latest config.yamlDownload from GitHub Releases β available for Linux, macOS, and Windows (amd64/arm64).
augur otel-collector-config.yamlotel-collector-config.yaml
FAIL OTEL-001: memory_limiter processor is not configured. Required to prevent OOM in production.
FAIL OTEL-003: batch processor is not configured. Required for efficient data export.
WARN OTEL-011: health_check extension is not configured. Recommended for k8s liveness/readiness probes.
β 2 failure(s), 1 warning(s)
Exit code 1 on any failure. Warnings are informational by default.
See docs/RULES.md for the full list of built-in rules.
augur [flags] <config.yaml> [config.yaml...]
| Flag | Description | Default |
|---|---|---|
-o, --output |
Output format: text, json, github |
text |
-s, --strict |
Treat warnings as errors | false |
-q, --quiet |
Suppress warnings, show only failures | false |
-k, --skip |
Comma-separated rule IDs to skip | |
--no-color |
Disable colored output | false |
-p, --policy |
Additional policy directory (merged with built-in rules) |
# Lint multiple files
augur gateway.yaml agent.yaml
# Strict mode β warnings become errors
augur --strict config.yaml
# JSON output for programmatic consumption
augur -o json config.yaml
# Skip specific rules
augur --skip OTEL-015,OTEL-016 config.yaml
# Use custom policies
augur --policy ./my-policies config.yamlAll built-in rules live in policy/ as standard Rego files. To add your own:
- Create a directory with your custom rules:
# my-policies/main/custom.rego
package main
import future.keywords.contains
import future.keywords.if
deny contains msg if {
not input.processors.filter
msg := "CUSTOM-001: filter processor is required by our platform team."
}- Run with
--policy:
augur --policy ./my-policies config.yamlCustom policies are merged with the built-in rules β your rules run alongside all default checks.