Expand description
V0.8.0 env-var override mechanism.
Grammar: ZEROCLAW_<dotted_path_with_double_underscores>=<value>.
Each __ (double underscore) is a path separator (. in the TOML); each
single _ is either a snake-case joiner inside a field name (which the
walker converts to kebab - for set_prop) or a literal char inside an
alias key.
Schema-derived: map_key_sections gives HashMap positions (one alias
token consumed; alias chars are [a-z0-9_]); prop_fields gives every
other leaf path. No string-literal pattern matching, no hardcoded family
names.
Bootstrap exception: ZEROCLAW_WORKSPACE and ZEROCLAW_CONFIG_DIR keep
their UPPERCASE form. The case rule (lowercase tail = config-tree,
uppercase tail = bootstrap) does the disambiguation work without an
exemption list.
Persistence boundary: each overridden path’s pre-override raw value is
snapshotted (post-decrypt_secrets, so secrets are plaintext) and used
by mask_env_overrides_for_save to restore disk-or-default values
before encrypt_secrets() runs. Env-injected values never reach disk.
Structs§
- Applied
Overrides - Outcome of
apply_env_overrides: the set of overridden paths plus the per-path snapshot of pre-override raw values. The snapshot drivesmask_env_overrides_for_saveso secret fields recover their original plaintext (whichencrypt_secrets()then re-encrypts), and non-secret fields recover their disk-or-default value.
Functions§
- apply_
env_ overrides - Apply every
ZEROCLAW_<lowercase>env var toconfig. Returns the set of dotted prop-paths that were overridden plus the pre-override raw values for each. Hard-errors on any env var that doesn’t resolve to a known schema path or whose alias fails validation. - mask_
env_ overrides_ for_ save - Restore env-overridden paths in a save-bound clone to their pre-override
snapshots, so env-injected values never reach
encrypt_secrets()or the on-disk TOML.