Skip to content

[vercel flags] allow creating override cookies#15875

Merged
vincent-derks merged 4 commits into
mainfrom
ief0e
Apr 9, 2026
Merged

[vercel flags] allow creating override cookies#15875
vincent-derks merged 4 commits into
mainfrom
ief0e

Conversation

@dferber90

@dferber90 dferber90 commented Apr 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Adds a new vercel flags override subcommand that encrypts and decrypts flag override tokens for the vercel-flag-overrides cookie.

Encrypt: Takes flag=value pairs, reads the FLAGS_SECRET, and outputs an encrypted JWE token.

vercel flags override my-flag=true other-flag=hello --expiration 30d

Decrypt: Takes an encrypted token and prints the overrides as JSON.

vercel flags override --decrypt <token>

FLAGS_SECRET resolution

The secret is resolved via @next/env's loadEnvConfig, which loads from .env, .env.local, .env.development.local, etc. — the same mechanism used by vercel flags prepare.

Value coercion

Positional values are automatically coerced: true/false → boolean, numeric strings → number, everything else → string.

Test plan

  • Unit tests covering encrypt, decrypt, type coercion, error cases, telemetry (16 tests, all passing)

@changeset-bot

changeset-bot Bot commented Apr 8, 2026
edited
Loading

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 38f70e7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
vercel Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel

vercel Bot commented Apr 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Low Risk — New CLI subcommand for encrypting/decrypting flag override tokens with comprehensive tests.

  • packages/cli/src/commands/flags/override.ts: new subcommand to encrypt/decrypt flag overrides using JWE
  • packages/cli/src/commands/flags/command.ts: added overrideSubcommand definition with options and examples
  • packages/cli/test/unit/commands/flags/override.test.ts: 16 unit tests covering encrypt, decrypt, error cases

Assessed at 38f70e7.

@dferber90 dferber90 marked this pull request as ready for review April 8, 2026 07:50
@dferber90 dferber90 requested review from a team as code owners April 8, 2026 07:50
@github-actions

github-actions Bot commented Apr 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🧪 Unit Test Strategy

Comparing: 6c1dcb538f70e7 (view diff)

Strategy: Affected packages only

✅ Only testing packages that have been modified or depend on modified packages.

Affected packages - 1 (3%)
  1. vercel
Unaffected packages - 39 (98%)
  1. @vercel-internals/get-package-json
  2. @vercel/backends
  3. @vercel/build-utils
  4. @vercel/cervel
  5. @vercel/cli-auth
  6. @vercel/client
  7. @vercel/config
  8. @vercel/detect-agent
  9. @vercel/edge
  10. @vercel/elysia
  11. @vercel/error-utils
  12. @vercel/express
  13. @vercel/fastify
  14. @vercel/firewall
  15. @vercel/frameworks
  16. @vercel/fs-detectors
  17. @vercel/functions
  18. @vercel/gatsby-plugin-vercel-builder
  19. @vercel/go
  20. @vercel/h3
  21. @vercel/hono
  22. @vercel/hydrogen
  23. @vercel/koa
  24. @vercel/nestjs
  25. @vercel/next
  26. @vercel/node
  27. @vercel/oidc
  28. @vercel/oidc-aws-credentials-provider
  29. @vercel/python
  30. @vercel/python-analysis
  31. @vercel/redwood
  32. @vercel/related-projects
  33. @vercel/remix-builder
  34. @vercel/routing-utils
  35. @vercel/ruby
  36. @vercel/rust
  37. @vercel/static-build
  38. @vercel/static-config
  39. examples

Results

  • Unit tests: Only affected packages will run unit tests
  • E2E tests: Running in parallel via E2E Tests workflow
  • Type checks: Only affected packages will run type checks

This comment is automatically generated based on the affected testing strategy

feugy
feugy approved these changes Apr 8, 2026
View reviewed changes
Comment thread packages/cli/test/unit/commands/flags/override.test.ts
Comment thread packages/cli/test/unit/commands/flags/override.test.ts Outdated
Comment thread packages/cli/test/unit/commands/flags/override.test.ts
Comment thread packages/cli/src/commands/flags/override.ts Outdated
@vincent-derks vincent-derks merged commit acfdf2a into main Apr 9, 2026
179 checks passed
@vincent-derks vincent-derks deleted the ief0e branch April 9, 2026 11:41
@vercel-cli-release-bot vercel-cli-release-bot mentioned this pull request Apr 9, 2026
Merged
healeycodes pushed a commit that referenced this pull request Apr 10, 2026
@vercel-cli-release-bot @github-actions
Version Packages (#15880)
57993f5 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## vercel@50.43.0

### Minor Changes

- Add Deployment Checks support to `deploy --prod`. Shows "Running
Checks..." spinner when checks are pending, detects check failures
before alias promotion, and displays failed check run details with links
to logs. ([#15884](#15884))

- Extend marketplace integration CLI parity: add `vercel integration
installations` to list team installations (with optional `--integration`
filter and JSON output), align `vercel integration update` argument
parsing with other subcommands (parse only tokens after `update`, so the
integration slug is the first positional), and ship related
help/telemetry updates.
([#15849](#15849))

- Add `vercel project protection` actions for automation protection
bypass via PATCH `/v1/projects/.../protection-bypass`
(`--protection-bypass`).
([#15862](#15862))

- Add `vercel project protection` actions for customer support code
visibility (`--customer-support-code-visibility`).
([#15860](#15860))

- Add `vercel project protection` actions for Git fork protection
(`--git-fork-protection`).
([#15861](#15861))

- [services] migrate python workers to Queues V3 API
([#15885](#15885))

- [cli] Add `vercel flags override` subcommand to encrypt and decrypt
flag override tokens for the `vercel-flag-overrides` cookie
([#15875](#15875))

### Patch Changes

- Persist CLI telemetry across invocations with bounded-time sessions,
stable installation device IDs, and per-invocation identifiers.
([#15872](#15872))

- Update the `vercel metrics` CLI to use the V2 observability metrics
API with `--metric`-based schema inspection and querying.
([#15876](#15876))

- Improve `vercel integration add` command to support fallback to the
discover API and first-party integrations.
([#15788](#15788))

- refactor(cli): remove FF_AUTO_PROVISION_INSTALL feature flag and dead
code from `integration add`
([#15871](#15871))

- Updated dependencies
\[[`5e02289f927050a6c1025cc0edb7eda607fd5e73`](5e02289),
[`2e15ee828f14de4a849a462429ca03feab161174`](2e15ee8),
[`a31c84d1bda56a60da6d7bc6d611b0b18ba3bf57`](a31c84d)]:
    -   @vercel/detect-agent@1.2.2
    -   @vercel/build-utils@13.14.1
    -   @vercel/backends@0.0.58
    -   @vercel/elysia@0.1.61
    -   @vercel/express@0.1.71
    -   @vercel/fastify@0.1.64
    -   @vercel/go@3.4.7
    -   @vercel/h3@0.1.70
    -   @vercel/hono@0.2.64
    -   @vercel/hydrogen@1.3.6
    -   @vercel/koa@0.1.44
    -   @vercel/nestjs@0.2.65
    -   @vercel/next@4.16.5
    -   @vercel/node@5.7.3
    -   @vercel/python@6.29.0
    -   @vercel/redwood@2.4.12
    -   @vercel/remix-builder@5.7.2
    -   @vercel/ruby@2.3.2
    -   @vercel/rust@1.1.0
    -   @vercel/static-build@2.9.11

## @vercel/client@17.3.0

### Minor Changes

- Add Deployment Checks support to `deploy --prod`. Shows "Running
Checks..." spinner when checks are pending, detects check failures
before alias promotion, and displays failed check run details with links
to logs. ([#15884](#15884))

### Patch Changes

- Updated dependencies
\[[`2e15ee828f14de4a849a462429ca03feab161174`](2e15ee8),
[`a31c84d1bda56a60da6d7bc6d611b0b18ba3bf57`](a31c84d)]:
    -   @vercel/build-utils@13.14.1

## @vercel/backends@0.0.58

### Patch Changes

- Updated dependencies
\[[`2e15ee828f14de4a849a462429ca03feab161174`](2e15ee8),
[`a31c84d1bda56a60da6d7bc6d611b0b18ba3bf57`](a31c84d)]:
    -   @vercel/build-utils@13.14.1

## @vercel/build-utils@13.14.1

### Patch Changes

- Restore `finalizeLambda()` to return `zipPath: null` for the default
in-memory path, preserving the existing caller-facing result contract
while keeping custom ZIP strategies supported.
([#15887](#15887))

- feat(node): filter non-entrypoint Node.js files in `/api` directory
([#15873](#15873))

## @vercel/cervel@0.0.45

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/backends@0.0.58

## @vercel/detect-agent@1.2.2

### Patch Changes

- Detect Cursor agent execution when
`CURSOR_EXTENSION_HOST_ROLE=agent-exec` is set so tools launched from
Cursor still report the `cursor-cli` agent when `CURSOR_AGENT` is not
present. ([#15879](#15879))

## @vercel/elysia@0.1.61

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/node@5.7.3

## @vercel/express@0.1.71

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/node@5.7.3
    -   @vercel/cervel@0.0.45

## @vercel/fastify@0.1.64

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/node@5.7.3

## @vercel/fs-detectors@5.15.1

### Patch Changes

- feat(node): filter non-entrypoint Node.js files in `/api` directory
([#15873](#15873))

- Updated dependencies
\[[`2e15ee828f14de4a849a462429ca03feab161174`](2e15ee8),
[`a31c84d1bda56a60da6d7bc6d611b0b18ba3bf57`](a31c84d)]:
    -   @vercel/build-utils@13.14.1

## @vercel/gatsby-plugin-vercel-builder@2.1.11

### Patch Changes

- Updated dependencies
\[[`2e15ee828f14de4a849a462429ca03feab161174`](2e15ee8),
[`a31c84d1bda56a60da6d7bc6d611b0b18ba3bf57`](a31c84d)]:
    -   @vercel/build-utils@13.14.1

## @vercel/h3@0.1.70

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/node@5.7.3

## @vercel/hono@0.2.64

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/node@5.7.3

## @vercel/koa@0.1.44

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/node@5.7.3

## @vercel/nestjs@0.2.65

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/node@5.7.3

## @vercel/node@5.7.3

### Patch Changes

- Updated dependencies
\[[`2e15ee828f14de4a849a462429ca03feab161174`](2e15ee8),
[`a31c84d1bda56a60da6d7bc6d611b0b18ba3bf57`](a31c84d)]:
    -   @vercel/build-utils@13.14.1

## @vercel/static-build@2.9.11

### Patch Changes

-   Updated dependencies \[]:
    -   @vercel/gatsby-plugin-vercel-builder@2.1.11

## @vercel/python-workers@0.0.14

### Patch Changes

- [services] migrate python workers to Queues V3 API
([#15885](#15885))

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@feugy feugy feugy approved these changes

@vincent-derks vincent-derks vincent-derks approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dferber90 @feugy @vincent-derks