theo review

Author: theoephraim

packages/varlock-website/src/content/docs/getting-started/installation.mdx

@@ -1,6 +1,6 @@
 ---
 title: Installation
-description: How to install and set up varlock in your project
+description: How to install and set up Varlock in your project
 ---
 
 import ExecCommandWidget from "@/components/ExecCommandWidget.astro";

packages/varlock-website/src/content/docs/getting-started/introduction.mdx

@@ -1,28 +1,28 @@
 ---
 title: Introduction
-description: Introduction to varlock - declarative schema for your environment variables
+description: Introduction to Varlock - declarative schema for your environment variables
 ---
 
-Varlock is a framework-agnostic, universal environment variable management tool built on top of the [@env-spec](/env-spec/overview) specification. It provides a comprehensive set of features out of the box that simplify managing, validating, and securing your environment configuration. Whether you need type-safe environment variables, multi-environment management, secure secret handling, or leak prevention, varlock lets you focus on building your application instead of wrestling with configuration.
+Varlock is a universal configuration/secrets/environment variable management tool built on top of the [@env-spec](/env-spec/overview/) specification. It provides a comprehensive set of features out of the box that simplify managing, validating, and securing your environment configuration. Whether you need type-safe environment variables, multi-environment management, secure secret handling, or leak prevention, Varlock lets you focus on building your application instead of wrestling with configuration. While it is written in TypeScript, it is language and framework agnostic, and meant to be used in any project that needs configuration at build or boot time, usually passed in via environment variables.
 
 ## Features
 
 Varlock aims to be the most comprehensive environment variable management tool. It provides a wide range of features out of the box:
 
-- **[Validation & Type Safety](/reference/data-types)** - Powerful validation capabilities with clear error messages, plus automatic type generation for IntelliSense support
-- **[Security](/guides/secrets)** - Automatic log redaction for sensitive values and leak detection in bundled code and server responses
-- **[Multi-Environment Management](/guides/environments)** - Flexible environment handling with support for environment-specific files, local overrides, and value composition
-- **[Secure Secrets](/guides/secrets)** - Load secrets from external providers like [1Password](/plugins/1password) via [plugins](/plugins/overview) or any CLI tool using [function calls](/reference/functions)
-- **[Value Composition](/reference/functions)** - Compose values together using functions, references, and external data sources
-- **[Framework Integrations](/integrations/overview)** - Official integrations for Next.js, Vite, Astro, and more, plus support for any language via `varlock run`
-- **[Replacement for dotenv](/guides/migrate-from-dotenv)** - Can be used as a direct replacement for `dotenv` in most projects with minimal code changes
-- **[AI-Friendly](/guides/ai-tools)** - Built with AI-assisted development in mind, helping prevent accidental secret leaks to AI agents and allowing a schema-driven approach that is easier for AI to understand and remediate.
+- **[Validation & Type Safety](/reference/data-types/)** - Powerful validation capabilities with clear error messages, plus automatic type generation for IntelliSense support
+- **[Security](/guides/secrets/)** - Automatic log redaction for sensitive values and leak detection in bundled code and server responses
+- **[Multi-Environment Management](/guides/environments/)** - Flexible environment handling with support for environment-specific files, local overrides, and value composition
+- **[Secure Secrets](/guides/secrets/)** - Load secrets from external providers like [1Password](/plugins/1password/) via [plugins](/plugins/overview/) or any CLI tool using [exec()](/reference/functions/#exec)
+- **[Value Composition](/reference/functions/)** - Compose values together using functions, references, and external data sources
+- **[Framework Integrations](/integrations/overview/)** - Official integrations for Next.js, Vite, Astro, and more, plus support for any language via `varlock run`
+- **[Replacement for dotenv](/guides/migrate-from-dotenv/)** - Can be used as a direct replacement for `dotenv` in most projects with minimal code changes
+- **[AI-Friendly](/guides/ai-tools/)** - Built with AI-assisted development in mind, helping prevent accidental secret leaks to AI agents and allowing a schema-driven approach that is easier for AI to understand and remediate
 
 ## AI Tooling
 
 ### Docs MCP
 
-Varlock provides a Docs MCP server that allows AI tools to search and understand the Varlock documentation. This makes it easier for AI assistants to help you integrate and use varlock in your projects.
+Varlock provides a Docs MCP server that allows AI tools to search and understand the Varlock documentation. This makes it easier for AI assistants to help you integrate and use Varlock in your projects.
 
 See the [MCP guide](/guides/mcp/#docs-mcp) for setup instructions for Cursor, Claude, Opencode, VS Code, and other MCP-compatible tools.
 
@@ -32,5 +32,5 @@ Varlock also provides an `LLMs.txt` file that helps AI models understand how to
 
 ## Next Steps
 
-Ready to get started? Check out the [Installation](/getting-started/installation) guide to set up varlock in your project.
+Ready to get started? Check out the [Installation](/getting-started/installation/) guide to set up Varlock in your project.
 

packages/varlock-website/src/content/docs/getting-started/migration.mdx

@@ -1,27 +1,36 @@
 ---
 title: Migration
-description: An overview if you have existing .env files and want to migrate to varlock
+description: An overview if you have existing .env files and want to migrate to Varlock
 ---
 
 import ExecCommandWidget from "@/components/ExecCommandWidget.astro";
 
-## From dotenv
+## Loading env vars using Varlock
 
-In most [Node.js](/integrations/javascript) apps, you can replace `dotenv/config` with `varlock/auto-load` after [installing varlock](/getting-started/installation).
+### Migration from dotenv (Node.js)
+
+In a [Node.js](/integrations/javascript/) app if you are already calling `dotenv/config`, you can replace it with `varlock/auto-load`.
 
 ```diff title="index.js" lang="js"
-// Before (dotenv)
 - import 'dotenv/config';
-
-// After (varlock)
 + import 'varlock/auto-load';
 ```
 
-See our [migrate from dotenv](/guides/migrate-from-dotenv) guide for more information.
+In some cases where `dotenv` is being called deep under the hood by another dependency, you may instead want to swap it in as a dependency override. See our [migrate from dotenv](/guides/migrate-from-dotenv/) guide for more information.
+
+### Within a framework
+
+We must replace framework's existing `.env` logic with Varlock. Our [framework integrations](/integrations/overview/) handle most of the work for you. After [installation](/getting-started/installation/), simply follow the instructions in the relevant integration guide to set up Varlock in your project. Usually this involves adding a new plugin to the existing build system or framework's config file.
+
+### Minimal setup
+
+In some cases, a code-level integration may be challenging or impossible. In this case you can use [`varlock run`](/reference/cli-commands/#run) to boot your application with env vars injected from Varlock. For example `varlock run -- your-app`. Sometimes you may need to use this alongside a deeper integration, for example to feed env vars into external tools or additional scripts.
+
+
 
-## From specific integrations
+## Using `varlock/env`
 
-If you're currently using `import.meta.env` or `process.env`, your code will still work after switching to varlock. However, we recommend using varlock's `ENV` object for better type-safety and improved developer experience.
+If you're currently using `import.meta.env` or `process.env`, your code will still work after switching to Varlock. However, we recommend using varlock's `ENV` object for better type-safety and an improved developer experience.
 
 ```diff title="index.js" lang="js"
 // Before (import.meta.env)
@@ -34,4 +43,4 @@ import { ENV } from 'varlock/env';
 
 ![intellisense](../../../assets/demo-images/intellisense.png)
 
-See our [integrations](/integrations/overview) section for more information.
+See our [integrations](/integrations/overview/) section for more information.

packages/varlock-website/src/content/docs/getting-started/usage.mdx

@@ -1,23 +1,22 @@
 ---
 title: Usage
-description: How to use varlock in your project
+description: How to use Varlock in your project
 ---
 
 import ExecCommandWidget from "@/components/ExecCommandWidget.astro";
 
 ## Basics
 
-The basic workflow for using varlock is to:
+The basic workflow for using Varlock is to:
 
-1. Run `varlock init` to set up your `.env.schema` file(s)
-2. Run `varlock load` to validate your environment variables
-3. Run `varlock run` to valid and inject your environment variables into your command
+1. Run [`varlock init`](/reference/cli-commands/#init) to set up your `.env.schema` file
+2. Run [`varlock load`](/reference/cli-commands/#load) to debug and refine your .env file(s)
+3. Use Varlock to load, validate, and inject env vars into your application, either:
+    - Use an [existing framework / tool integration](/integrations/overview/) that automatically calls Varlock under the hood (_recommended_)
+    - Use `import 'varlock/auto-load'` in a backend JavaScript/TypeScript project
+    - Boot your command via [`varlock run`](/reference/cli-commands/#run)<br/>(_necessary for non-JS/TS projects, or feeding env vars to external tools_)
 
 
-:::tip
-In most cases, you'll want to use an integration to handle the loading and validation of environment variables for you. See the [Integrations](/integrations/overview) section for more information.
-:::
-
 ## CLI Commands
 
 ### `varlock load`
@@ -26,14 +25,14 @@ In most cases, you'll want to use an integration to handle the loading and valid
 
 Validates your environment variables according to your `.env.schema` and associated `.env.*` files, and prints the results.
 
-Useful for debugging locally, and in CI to print out a summary of env vars, also when you're authoring your `.env.schema` file and want immediate feedback. 
+Useful for debugging locally, and in CI to print out a summary of env vars, also when you're authoring your `.env.schema` file and want immediate feedback.
 
 :::tip
 Our [integrations](/integrations/overview) all use `varlock load` under the hood, so you'll get the same developer experience, but typically they will only let you know if there are errors, rather than the full summary.
 :::
 
 
-See the [`varlock load` CLI Reference](/reference/cli-commands/#varlock-load) for more information.
+See the [`varlock load` CLI Reference](/reference/cli-commands/#load) for more information.
 
 ### `varlock run`
 
@@ -42,4 +41,4 @@ See the [`varlock load` CLI Reference](/reference/cli-commands/#varlock-load) fo
 Executes a command in a child process, injecting your resolved and validated environment variables. This is useful when a code-level integration is not possible. For example, if you're using a database migration tool, you can use `varlock run` to run the migration tool with the correct environment variables. Or if you're using a non-js/ts language, you can use `varlock run` to run a command and inject validated environment variables.
 
 
-See the [`varlock run` CLI Reference](/reference/cli-commands/#varlock-run) for more information.
+See the [`varlock run` CLI Reference](/reference/cli-commands/#run) for more information.

packages/varlock-website/src/content/docs/getting-started/wrapping-up.mdx

@@ -5,47 +5,65 @@ description: How to get your project ready for production and collaboration
 
 import ExecCommandWidget from "@/components/ExecCommandWidget.astro";
 
-## Repo setup 
+## Next steps with your schema
+
+With a more flexible env var toolkit, after an initial migration, you may be tempted to take advantage
+of Varlock's features to improve your developer experience and security posture.
+
+- Move more configuration constants out of application code and into your `.env` files
+- Reduce the number of of env-style checks in your code, favouring individual flags, with a default value set based on the current env
+- Add deeper validation, more thorough comments, and additional docs links to each env var within your schema
+- Compose values together to keep your configuration DRY
+- Use [imports](/guides/import/) to share common configuration across a monorepo, or to break up a large `.env.schema`
+- Reduce secret sprawl, by loading secrets from a single source of truth, instead of injecting them from your CI/hosting platform
+
+
+## Repo setup
 
 ### `.gitignore`
 
 Depending on your setup you will want to update your `.gitignore` to _not_ ignore your `.env.schema` file and any other `.env.xxx` files that can now be safely committed to your repo if they don't contain secrets (which they shouldn't).
 
-We also recommend that you ignore `env.d.ts` as it is dynamically generated based the hierarchy of env files being loaded on each individual machine. 
+If using [generated types](/reference/root-decorators/#generatetypes), we also recommend that you ignore the generated file (usually `env.d.ts` in TypeScript) as it is dynamically generated based the hierarchy of env files being loaded on each individual machine.
 
 ```diff title=".gitignore"
-# Include .env.schema file
-+!.env.schema
-# Exclude env.d.ts
+
+# Include .env.schema, .env.<dev|preview|prod|...> file
+# exclude local overrides
+-.env.*
++.env.local
++.env.*.local
+
+# Exclude generated env types file
 +env.d.ts
 ```
 
 :::tip
-Depending on the [AI Tools](/guides/ai-tools) you use, you may need to add a similar rule to allow `.env.schema` to be modified. For example, in `.cursorignore`. 
+Depending on the [AI Tools](/guides/ai-tools/) you use, you may need to add a similar rule to allow `.env.schema` to be modified. For example, in `.cursorignore`.
 :::
 
 ### Monorepos
 
-Consider how you can reuse and modularize your schema if you have a monorepo or multi-service setup. See the [Imports](/guides/import) guide for more information.
+Consider how you can reuse and modularize your schema if you have a monorepo or multi-service setup. See the [Imports](/guides/import/) guide for more information.
 
 ## Deployment
 
 ### CI/CD platforms
 
-It may be useful to validate your schema in CI/CD pipelines, especially if you want to validate configurations that you don't have access to locally (e.g. Staging or Production). You can do this manually by running `varlock load` in your pipeline. And if you're using GitHub Actions, you can use the [Varlock GitHub Action](/integrations/github-action) to validate your schema automatically.
+It may be useful to validate your schema in CI/CD pipelines, especially if you want to validate configurations that you don't have access to locally (e.g. Staging or Production). You can do this manually by running `varlock load` in your pipeline. And if you're using GitHub Actions, you can use the [Varlock GitHub Action](/integrations/github-action/) to validate your schema automatically.
 
 :::tip
-Having a well architected multi-environment setup is key to healthy CI/CD workflows. See the [Environments](/guides/environments) guide for more information.
+Having a well architected multi-environment setup is key to healthy CI/CD workflows. See the [Environments](/guides/environments/) guide for more information.
 :::
 
 ### Production deployments
 
-Because varlock supports loading environment variables from the environment itself or via a [function](/reference/functions/) in your `.env.schema`, there are a few different approaches. 
+Because varlock supports loading environment variables from the environment itself or via a [function](/reference/functions/) in your `.env.schema`, there are a few different approaches.
 
 If you're already using your deployment platform's environment variable management, you may not need to do anything to benefit from varlock's validation and security features. If you have a multi-environment setup, you may need to set the `currentEnv` environment flag to the correct environment.
 
 ```bash
 APP_ENV=production varlock run -- your-production-command
 ```
 
-If you're not using your deployment platform's environment variable management, you may consider using one of our [plugins](/plugins/overview) to securely load environment variables from a secret storage system such as [1Password](/plugins/1password/).
+If you're not using your deployment platform's environment variable management, you may consider using one of our [plugins](/plugins/overview/) to securely load environment variables from a secret storage system such as [1Password](/plugins/1password/).

packages/varlock-website/src/content/docs/guides/telemetry.mdx

@@ -68,4 +68,4 @@ The anonymous usage data helps us:
 - Make informed decisions about future development
 - Prioritize bug fixes and new features
 
-If you have any questions about our analytics or privacy practices, please [start a discussion](https://github.com/dmno-dev/varlock/discussions) on GitHub. 
+If you have any questions about our analytics or privacy practices, please [start a discussion](https://github.com/dmno-dev/varlock/discussions) on GitHub.

packages/varlock-website/src/content/docs/integrations/astro.mdx

@@ -96,7 +96,7 @@ If you find you are not getting type completion on `ENV`, you may need to add yo
 
 Even in a static front-end project, you may have other scripts in your project that rely on sensitive config.
 
-You can use [`varlock run`](/reference/cli-commands/#varlock-run) to inject resolved config into other scripts as regular env vars.
+You can use [`varlock run`](/reference/cli-commands/#run) to inject resolved config into other scripts as regular env vars.
 
 <ExecCommandWidget command="varlock run -- node ./script.js" showBinary={false} />
 

packages/varlock-website/src/content/docs/integrations/javascript.mdx

@@ -34,7 +34,7 @@ If you are using [`dotenv`](https://www.npmjs.com/package/dotenv), or a package
 
 ## Boot via `varlock run`
 
-A less invasive way to use varlock with your application is to run your application via [`varlock run`](/reference/cli-commands/#varlock-run).
+A less invasive way to use varlock with your application is to run your application via [`varlock run`](/reference/cli-commands/#run).
 
 ```bash
 varlock run -- <your-command>

packages/varlock-website/src/content/docs/integrations/nextjs.mdx

@@ -299,7 +299,7 @@ _you may need to adjust if you don't want to copy certain .local files_
 
 
 Standalone builds do not copy dependency binaries, and varlock depends on the CLI to load.
-So wherever you are booting your standalone server, you will also need to [install the varlock binary](/getting-started/installation/) and boot your server via [`varlock run`](/reference/cli-commands/#varlock-run)
+So wherever you are booting your standalone server, you will also need to [install the varlock binary](/getting-started/installation/) and boot your server via [`varlock run`](/reference/cli-commands/#run)
 
 ```bash
 varlock run -- node .next/standalone/server.js

packages/varlock-website/src/content/docs/integrations/other-languages.mdx

@@ -7,7 +7,7 @@ import ExecCommandWidget from "@/components/ExecCommandWidget.astro";
 
 To use varlock with other languages, you'll likely want to [install the standalone binary](/getting-started/installation/#as-a-binary), rather than using a JS package manager.
 
-To use it with your application code, you must use [`varlock run`](/reference/cli-commands/#varlock-run) to load and validate your environment variables, then run the command you provided with those environment variables injected into the process.
+To use it with your application code, you must use [`varlock run`](/reference/cli-commands/#run) to load and validate your environment variables, then run the command you provided with those environment variables injected into the process.
 
 ```bash
 varlock run -- <your-command>