TUI Commands

Overview

The Envark TUI (Terminal User Interface) provides a rich interactive shell for environment variable analysis. Access it by running envark or envark -i. Keyboard shortcuts:

Type / — Open command dropdown menu
Arrow ↓↑ — Navigate dropdown suggestions
Tab — Autocomplete selected command
Enter — Execute command
Ctrl+C — Clear output or exit

Command history:

Up/Down arrows navigate previous commands
History persists for 100 entries per session

scan

Scan project for environment variables.

scan [filter]

Aliases: s, map

filter

enum

default:"all"

Filter results by variable status.Options:

all - Show all variables (default)
missing - Variables used but not defined
unused - Variables defined but never used
risky - Variables with high or critical risk
undocumented - Variables not in .env.example

Output includes:

Total environment variable count
Defined vs undefined breakdown
Missing variables that will cause crashes
Risk level distribution
Complete variable list with locations

Examples:

All Variables

❯ scan
# or
❯ s
# or
❯ map

Missing Only

❯ scan missing

Risky Variables

❯ scan risky

Performance:

Displays animated spinner during scan
Caches results for faster subsequent runs
Typical scan time: < 2s for 500-file projects

risk

Analyze environment variable security risks.

risk [min-level]

Aliases: r, risks

min-level

enum

default:"info"

Minimum risk level to display.Options:

info - Show all findings (default)
low - Show low and above
medium - Show medium and above
high - Show high and critical only
critical - Show critical only

Risk levels explained:

Level	Criteria	Examples
Critical	Used but not defined, no default	`JWT_SECRET`, `DATABASE_URL`
High	Secret-like name in committed file	`API_KEY=xxx` in `.env`
Medium	Multiple usages, no default	`SERVICE_URL` used 5+ times
Low	Undocumented or unused	Defined but not in `.env.example`
Info	Fully configured	Has definition, usage, and docs

Examples:

All Risks

❯ risk
# or
❯ r

Production-Critical Only

❯ risk critical

Medium and Above

❯ risk medium

Output format:

┌─ RISK ANALYSIS ─────────────────────────────

  SUMMARY
  Critical: 2    High: 1    Medium: 5

  CRITICAL ISSUES
  • JWT_SECRET
    └─ Used but not defined (5 usages)
    └─ Files: src/auth/jwt.ts:12, ...

  • DATABASE_URL
    └─ Used but not defined (3 usages)
    └─ Files: src/db/client.ts:8, ...

missing

Find variables that are used in code but not defined.

missing

Aliases: m, undefined Identifies:

Variables accessed without definition
No default value provided in code
Will cause runtime crashes if not set

Danger levels:

Critical - Used 5+ times, no fallback
High - Used 2-4 times
Medium - Single usage, no default

Example:

❯ missing
# or
❯ m

Output:

{
  "missing": [
    {
      "name": "STRIPE_SECRET_KEY",
      "usageCount": 8,
      "dangerLevel": "critical",
      "locations": [
        "src/payments/stripe.ts:15",
        "src/webhooks/stripe.ts:42",
        ...
      ]
    }
  ],
  "willCauseRuntimeCrash": 3
}

duplicates

Find duplicate or conflicting variable definitions.

duplicates

Aliases: d, dups Detects:

Same variable defined in multiple .env files
Conflicting values across environments
Shadowed definitions

Example:

❯ duplicates
# or
❯ d

Output:

{
  "duplicates": [
    {
      "name": "API_URL",
      "definitions": [
        { "file": ".env", "value": "http://localhost:3000" },
        { "file": ".env.local", "value": "http://localhost:8080" },
        { "file": ".env.development", "value": "http://dev.api.com" }
      ],
      "conflict": true
    }
  ]
}

undocumented

Find variables not documented in .env.example.

undocumented

Aliases: u, undoc Checks for:

Variables used in code
Not present in .env.example
Makes onboarding difficult

Example:

❯ undocumented
# or
❯ u

Output:

{
  "undocumented": [
    {
      "name": "REDIS_URL",
      "usedIn": ["src/cache/redis.ts"],
      "definedIn": [".env"],
      "missingFrom": ".env.example"
    }
  ],
  "count": 7
}

usage

Show detailed usage information for a specific variable.

usage <variable-name>

Aliases: env

variable-name

string

required

Name of the environment variable to analyze.

Shows:

All code locations where variable is accessed
Definition locations (.env files)
Default values in code
Documentation status
Risk assessment

Examples:

❯ usage DATABASE_URL
# or
❯ env DATABASE_URL

Output:

{
  "variable": "DATABASE_URL",
  "defined": true,
  "used": true,
  "usages": [
    {
      "file": "src/db/client.ts",
      "line": 12,
      "context": "const db = new Client(process.env.DATABASE_URL)"
    },
    {
      "file": "src/migrations/run.ts",
      "line": 8,
      "context": "migrate(process.env.DATABASE_URL)"
    }
  ],
  "definitions": [
    {
      "file": ".env",
      "value": "postgresql://localhost:5432/mydb"
    }
  ],
  "riskLevel": "medium",
  "hasDefault": false
}

Error handling:

❯ usage
Error: Variable name required. Usage: usage <variable-name>

graph

Show variable dependency graph.

graph

Aliases: g, deps Generates:

Relationships between variables
Clustering patterns (which vars are used together)
File-to-variable mappings

Example:

❯ graph
# or
❯ g

Output:

{
  "nodes": [
    { "id": "DATABASE_URL", "type": "env" },
    { "id": "src/db/client.ts", "type": "file" }
  ],
  "edges": [
    { "from": "src/db/client.ts", "to": "DATABASE_URL", "type": "uses" }
  ],
  "clusters": [
    {
      "name": "Database",
      "variables": ["DATABASE_URL", "DB_POOL_SIZE", "DB_TIMEOUT"]
    },
    {
      "name": "Auth",
      "variables": ["JWT_SECRET", "SESSION_SECRET", "COOKIE_KEY"]
    }
  ]
}

validate

Validate a .env file against code requirements.

validate [path]

Aliases: v, check

path

string

default:".env"

Path to the .env file to validate.Relative to current working directory.

Validation checks:

All required variables present
No syntax errors
Value format validation (URLs, numbers, etc.)
Security checks (no secrets in wrong files)

Examples:

Default .env

❯ validate
# or
❯ v

Production Environment

❯ validate .env.production

Custom Path

❯ validate ../config/.env

Output:

┌─ VALIDATION: .env ──────────────────────────

  ✅ PASSED (18)
  • PORT
  • NODE_ENV
  • DATABASE_URL
  ...

  ❌ FAILED (3)
  • JWT_SECRET (Missing)
  • API_URL (Invalid format)
  • DB_POOL_SIZE (Should be number)

  Valid: false
  Required but missing: 1
  Format issues: 2

generate

Generate .env.example template from codebase.

generate [output-path]

Aliases: gen, template

output-path

string

Where to write the generated template.If omitted, prints to console.

Generation includes:

All variables used in code
Placeholder values (secrets masked)
Inline comments explaining purpose
Grouped by category (DB, Auth, API, etc.)

Examples:

Print to Console

❯ generate
# or
❯ gen

Write to File

❯ generate .env.example

Custom Path

❯ generate docs/ENV_TEMPLATE.md

Generated output:

# Database Configuration
DATABASE_URL=postgresql://user:pass@localhost:5432/db
DB_POOL_SIZE=10

# Authentication
JWT_SECRET=your-secret-here
JWT_EXPIRY=1h
SESSION_SECRET=your-session-secret

# External APIs
STRIPE_SECRET_KEY=sk_test_...
SENDGRID_API_KEY=SG...

# Application
PORT=3000
NODE_ENV=development

Success message (when writing to file):

✅ Template written to .env.example
   Variables: 24
   Required: 8
   Optional: 16

help

Show command help information.

help [command]

Aliases: h, ?

command

string

Specific command to get help for.If omitted, shows all commands.

Examples:

All Commands

❯ help
# or
❯ h
# or
❯ ?

Specific Command

❯ help scan

Output (all commands):

┌─ AVAILABLE COMMANDS ────────────────────────

  scan            Scan project for environment variables
  risk            Analyze environment variable risks
  missing         Find undefined but used variables
  duplicates      Find duplicate or conflicting definitions
  undocumented    Find variables not in .env.example
  usage           Show detailed usage of a variable
  graph           Show variable dependency graph
  validate        Validate a .env file
  generate        Generate .env.example template
  clear           Clear the screen
  help            Show this menu
  exit            Exit Aegis

  Type "help <command>" for detailed information.

Output (specific command):

┌─ HELP: SCAN ────────────────────────────────

  Description: Scan project for environment variables
  Usage:       scan [filter]
  Aliases:     s, map

clear

Clear the terminal screen.

clear

Aliases: cls, c Behavior:

Clears all output from screen
Preserves command history
Does not reset session state

Example:

❯ clear
# or
❯ cls
# or
❯ c

cd

Change the project directory.

cd <path>

Aliases: project

path

string

required

Path to new project directory.Can be absolute or relative.

Examples:

Relative Path

❯ cd ../other-project

Absolute Path

❯ cd /home/user/projects/app

Show Current Path

❯ cd
Current path: /home/user/projects/app

Note: All subsequent commands operate on the new directory.

exit

Exit the Envark TUI.

exit

Aliases: quit, q Behavior:

Displays goodbye message
Exits with code 0
Clears any active spinners

Example:

❯ exit
# or
❯ quit
# or
❯ q

  Goodbye! Stay secure. 🛡️

Command Execution Flow

Input parsing - Command and arguments extracted
Command lookup - Matches name or alias
Spinner display - Animated indicator during execution
Tool execution - Underlying analysis runs
Result rendering - Formatted output displayed
Error handling - User-friendly error messages

Execution times:

Command	Small Project	Large Project
scan	< 500ms	2-5s
risk	< 200ms	1-3s
missing	< 100ms	< 1s
validate	< 100ms	< 500ms
generate	< 200ms	< 1s
usage	< 50ms	< 200ms
graph	< 300ms	1-2s

Error Messages

Unknown command:

❌ Error: Unknown command: scna. Type "/" to see available commands.

Missing argument:

❌ Error: Variable name required. Usage: usage <variable-name>

File not found:

❌ Error: .env.production not found

Invalid directory:

❌ Error: Directory does not exist: /invalid/path

Tips & Tricks

Quick command access:

# Type just the first letter + tab
❯ s<TAB>     # Autocompletes to "scan"
❯ r<TAB>     # Autocompletes to "risk"

Command history:

# Use arrow keys to cycle through previous commands
❯ scan missing
❯ <UP>       # Recalls "scan missing"

Dropdown menu:

# Type / to see all commands with descriptions
❯ /
# Use arrows to navigate, Enter to select

Chain analysis:

❯ scan
❯ risk critical
❯ missing
❯ validate .env
# Run all checks in sequence

Get Started

Core Features

CLI Reference

MCP Integration

Guides

Overview

Navigation

scan

risk

missing

duplicates

undocumented

usage

graph

validate

generate

help

clear

cd

exit

Command Execution Flow

Error Messages

Tips & Tricks

Build docs developers (and LLMs) love

Get Started

Core Features

CLI Reference

MCP Integration

Guides

​Overview

​Navigation

​scan

​risk

​missing

​duplicates

​undocumented

​usage

​graph

​validate

​generate

​help

​clear

​cd

​exit

​Command Execution Flow

​Error Messages

​Tips & Tricks

Build docs developers (and LLMs) love

Overview

Navigation

scan

risk

missing

duplicates

undocumented

usage

graph

validate

generate

help

clear

cd

exit

Command Execution Flow

Error Messages

Tips & Tricks