cue vet: Validate Data Against a CUE Schema
cue vet validates one or more data files (JSON/YAML) against a CUE schema and reports every field that does not conform.
cue vet is the guardrail you run before cue export or kubectl apply: it proves the data matches the schema, listing all violations at once.
What it does
cue vet unifies data files with a CUE schema and reports errors if they conflict. -d selects the schema expression to check against, and -c requires the result to be fully concrete (no open fields left).
Common usage
# validate a YAML file against a schema definition
cue vet schema.cue data.yaml -d '#Config'
# require the result to be concrete
cue vet -c ./config
# validate many data files against one schema
cue vet schema.cue k8s/*.yaml -d '#Deployment'Options
| Flag | What it does |
|---|---|
| -d, --path <expr> | Schema definition/expression to unify data against |
| -c, --concrete | Require the unified value to be fully concrete |
| -t, --inject <k=v> | Inject a value for a @tag() |
| --schema <expr> | Alias to specify the schema location |
In CI
Run cue vet as a required check before rendering, so a bad value fails a fast validation step rather than a slow apply. Because CUE reports all conflicts, you fix everything in one pass instead of one error per run. Pin the cue version; validation semantics can tighten across releases.
Common errors in CI
"conflicting values ..." names the exact field and the two values that cannot unify, e.g. a string where the schema requires an int. "field not allowed: X" means the data has a key the closed schema forbids. With -c, "incomplete value" means the data left a required field unset. A "reference not found" error usually means the -d expression name is misspelled.