Skip to content

[Workflows] Add sensitive step output option#6758

Draft
pombosilva wants to merge 1 commit into
mainfrom
osilva/workflows-add-sensitive-step-option
Draft

[Workflows] Add sensitive step output option#6758
pombosilva wants to merge 1 commit into
mainfrom
osilva/workflows-add-sensitive-step-option

Conversation

@pombosilva
Copy link
Copy Markdown
Contributor

@pombosilva pombosilva commented May 12, 2026

Adds an optional sensitive field to WorkflowStepConfig and WorkflowStepEvent.

This lets workflow users mark a step's output (or an incoming step event payload) as sensitive so the Workflows runtime can redact it from logs and observability surfaces.

 const token = await step.do('get-api-token',
      { sensitive: 'output', timeout: '30 seconds' },
      async () => {
        return await getToken(event.payload.userId);
      }
);

@ask-bonk
Copy link
Copy Markdown
Contributor

ask-bonk Bot commented May 12, 2026

The files in generated-snapshot/ are generated files. The AGENTS.md for types/ explicitly says: "Do not edit files in generated-snapshot/ directly — they are overwritten by just generate-types." However, for pure defines/ additions like this, the generated snapshots are produced by concatenating the defines files, so the changes are consistent and correct as long as they pass CI's diff check.

The PR is a straightforward, additive type change:

  1. New WorkflowStepSensitivity = 'output' type alias
  2. Optional sensitive field added to WorkflowStepConfig and WorkflowStepEvent
  3. All fields are optional, so this is backward compatible
  4. No behavioral changes, no compat flag needed (it's just types)
  5. The changes in generated-snapshot/ mirror the defines/rpc.d.ts changes correctly

This is clean and correct. No actionable issues.

LGTM

github run

@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented May 12, 2026

Merging this PR will improve performance by 14.53%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 1 improved benchmark
✅ 71 untouched benchmarks
⏩ 129 skipped benchmarks1

Performance Changes

Benchmark BASE HEAD Efficiency
Encode_ASCII_256[TextEncoder][0/0/256] 3.1 ms 2.7 ms +14.53%

Comparing osilva/workflows-add-sensitive-step-option (400c378) with main (ac31559)

Open in CodSpeed

Footnotes

  1. 129 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pombosilva