You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
#783(minor) - Add per-item leak-detection opt-out via @sensitive={preventLeaks=false}. Secrets that legitimately leave the system (e.g. an API endpoint that returns a secret to another service) can be excluded from runtime leak detection while still being redacted in logs. The options form also accepts enabled to toggle sensitivity (including dynamically, e.g. @sensitive={enabled=forEnv(production)}).
Adds standalone object ({key=value}) and array ([a, b, c]) literals to the env-spec grammar, usable as decorator values and function-call arguments (including nested). () remains reserved for function calls.
#786(minor) - @setValuesBulk and @import support pick/omit key filters.
Filter which keys are brought in with pick (allowlist) or omit (denylist) array args — e.g. @setValuesBulk(opLoadEnvironment(env-id), pick=[API_KEY, DB_*]) or @import(./.env.shared, omit=[LEGACY_TOKEN]). By default every key is included; pick and omit can't be combined, and both accept simple globs (*, ?).
For @import, listing keys as positional args (@import(./.env.shared, KEY1, KEY2)) is now deprecated in favor of pick=[...] — it still works but warns.
