DevOps & Security
Environment Parity Auditor
Compares development, staging, and production environment configurations and flags discrepancies in env vars, service versions, feature flags, and secrets. Useful for preventing 'works in staging, breaks in prod' incidents. SREs and platform teams responsible for deploy reliability, DevOps teams debugging environment-specific bugs, engineers wondering "why does this work on staging but not prod?", teams preparing for SOC 2 change-management evidence. The root cause is almost always a quiet environment drift — a new env var added to production but not staging, a dependency version mismatched, a feature flag flipped in one environment and not another. These drifts accumulate invisibly until a deploy surfaces them. A parity auditor compares the three environments and shows exactly what's different, letting teams catch drift before it causes an incident.
One-Time Purchase
$19.99
# Environment Parity Audit — `harbor-logistics`
**Environments audited:** dev, staging, production
**Depth:** Full (config + deps + flags + secrets metadata only — no values)
**Intentional differences pre-declared:** 4 env vars (public URLs, analytics IDs)
<div data-callout="info" data-label="Summary">
Compared dev, staging, and production across **47 env vars**, **3 service versions** (Postgres, Redis, Node), **22 LaunchDarkly flags**, and the secret manifests of each environment. **9 unintentional drift items** found — 2 high, 4 medium, 3 low. Staging and production agree on infrastructure versions; the major drift is in feature flags (4 of 9) and one missing env var in staging that already shipped to production last sprint.
</div>
<div data-compare>
<div data-col="info">
<div data-col-label>Staging</div>
<div data-col-title>Cluster: `staging-us-east`</div>
<div data-col-sub>Last deploy: 6 days ago</div>
<div data-row data-value="Node 20.12.2">App runtime</div>
<div data-row data-value="postgres:15.6">Database image</div>
<div data-row data-value="redis:7.2.4">Cache image</div>
<div data-row data-value="44 / 47">Env vars present (3 missing)</div>
<div data-row data-value="18 / 22">Flags matching prod</div>
</div>
<div data-col="positive">
<div data-col-label>Production</div>
<div data-col-title>Cluster: `prod-us-east`</div>
<div data-col-sub>Last deploy: 2 days ago</div>
<div data-row data-value="Node 20.12.2">App runtime</div>
<div data-row data-value="postgres:15.6">Database image</div>
<div data-row data-value="redis:7.2.4">Cache image</div>
<div data-row data-value="47 / 47">Env vars present</div>
<div data-row data-value="22 / 22">Flags (reference)</div>
</div>
</div>
---
## Drift findings
| ID | Surface | Detail | Severity |
|---|---|---|---|
| D-01 | Env var (staging) | `RATE_LIMIT_REDIS_URL` set in prod, **missing** in staging — `/api/checkout` 500s under load only in staging | <span data-pill="critical">high</span> |
| D-02 | Flag `new-checkout-flow` | <span data-pill="info">on</span> in prod, <span data-pill="info">off</span> in staging — explains "works in prod, fails in staging" QA reports | <span data-pill="critical">high</span> |
| D-03 | Env var (dev) | `STRIPE_WEBHOOK_SECRET` rotated in prod 11 days ago, dev still on the previous value | <span data-pill="caution">medium</span> |
| D-04 | Flag `legacy-reports-api` | <span data-pill="info">on</span> in staging, <span data-pill="info">off</span> in prod | <span data-pill="caution">medium</span> |
| D-05 | Flag `new-pricing-tier` | <span data-pill="info">50% rollout</span> in prod, <span data-pill="info">100%</span> in staging | <span data-pill="caution">medium</span> |
| D-06 | Flag `enable-search-v2` | <span data-pill="info">off</span> in staging, <span data-pill="info">on</span> in prod | <span data-pill="caution">medium</span> |
| D-07 | Env var (staging) | `SENTRY_TRACES_SAMPLE_RATE` set to `1.0` (full sampling) — was meant for an experiment 3 weeks ago | <span data-pill="info">low</span> |
| D-08 | Dependency | dev uses `@faker-js/faker@9.0.1`, staging/prod on `9.1.0` | <span data-pill="info">low</span> |
| D-09 | Env var (dev) | `NEXT_PUBLIC_APP_URL` set to `http://localhost:3001` in one engineer's `.env.local` — flagged because the team `.env.example` says `3000` | <span data-pill="info">low</span> |
---
<div data-callout="critical" data-label="Action items — block next staging deploy until resolved">
**D-01** and **D-02** together explain the cluster of "works in prod, fails in staging" reports from QA in the past sprint. Add `RATE_LIMIT_REDIS_URL` to staging via the platform repo (`infra/staging/secrets.tf` line 47) and toggle `new-checkout-flow` on in staging via LaunchDarkly. Re-run the audit afterward to confirm.
</div>
<div data-callout="caution" data-label="Action items — schedule this week">
**D-03** is overdue rotation hygiene — the dev env should not lag rotated secrets by more than a week. **D-04 through D-06** are flag-state drift that's accumulated since the last audit; sweep them in a single PR to LaunchDarkly with the eng leads of each owning team.
</div>
<div data-callout="info" data-label="Action items — backlog">
**D-07** (sampling rate left enabled) is currently inflating staging APM cost. **D-08** is a minor version dep difference. **D-09** is one engineer's local — add a check to `scripts/preflight.sh` that warns when `.env.local` deviates from `.env.example` in known-canonical keys.
</div>
*Audit was generated by the ClearPoint Nexus Environment Parity Auditor. Compare against the previous audit (in `audits/`) to see drift introduced since.*
This sample illustrates the skill's output format. Names, metrics, and operational details are illustrative unless the artifact explicitly analyzes public information.
View full sample →
All sales final. No refunds on digital products.
Includes support for Claude Code, Codex, OpenClaw, and Google Antigravity in the same license.
Also in Infrastructure & Reliability
Bundle price: $55. Compare this skill with the full workflow bundle or Pro access.
Best for
SRE and platform teams investigating ‘works in staging, breaks in prod’ bugs, DevOps teams preparing SOC 2 change-management evidence, and engineering leads who suspect quiet drift across environments has been accumulating. Most useful when the comparison surface — env vars, package versions, feature flags — can actually be enumerated from each environment.
Not ideal for
Single-environment setups (a hobby project, a pre-production prototype) where there is nothing to compare against. Also a poor fit when environments are intentionally divergent (region-specific feature flags, tenant-tier limits, sandboxed compliance environments) and the auditor would flood the report with expected differences.
Included in this purchase
- Claude Code, Codex, OpenClaw, and Google Antigravity skill files.
- Setup guidance for the right adapter in your workspace.
- One-time license for the purchased skill version.
Setup
Plan for a short setup in the repository or workspace where the skill will run. Some coding familiarity helps for implementation-heavy outputs.
Related Skills
$19.99
One-time license
$19.99
One-time license
$19.99
One-time license
Future Updates
This purchase includes the current version of the skill. If you want future adapter updates — meaning compatibility and packaging updates as supported platforms evolve — plus new catalog additions included automatically, upgrade to Pro.