Description: The Auth0 Deploy CLI’s keyword preservation feature currently operates at the field level. When AUTH0_PRESERVE_KEYWORDS is enabled and any keyword marker (e.g., ##ACTION_VERBOSE_LOGGING##, #{AUTH0_MGMT_CLIENT_ID}#) is detected within a field, the entire local field value is preserved during export, overwriting any remote changes to that field [2][8][13]. This becomes especially problematic for large multi-line fields such as action code bodies and secrets objects, where a single keyword marker embedded in a comment or a single secret reference causes the entire code block or secrets array to be retained from the local copy, silently discarding all legitimate remote updates. The documented behavior confirms that local values always win during reconciliation, and only a warning is logged [2][8]. In practice, this means developers who make code changes in the Auth0 Dashboard (or via any remote-first workflow) cannot reliably re-export those changes if the affected field contains any keyword marker — the CLI will overwrite the new remote code with the stale local version. The request is for the Deploy CLI to perform line-level (or token-level) reconciliation within string fields: preserving only the specific lines or substrings that contain keyword markers, while accepting remote changes on all other lines of the same field.
Use-case: Teams using the Deploy CLI in multi-environment workflows frequently embed keyword markers inside action code (for environment-specific flags like verbose logging) and inside secrets definitions (for per-environment credentials and endpoints). Today, making a legitimate code change to an action and re-exporting results in the updated remote code being overwritten by the old local version, with only a warning surfaced in debug logs. This forces teams into one of two unsatisfying workarounds: (1) temporarily disabling AUTH0_PRESERVE_KEYWORDS, running the export, and manually re-inserting every keyword marker afterwards, or (2) treating the local repository as the strict source of truth and forbidding any remote-side edits — which is not always realistic during incident response, rapid iteration, or when multiple contributors edit actions in the Dashboard. Line-level reconciliation would allow the CLI to preserve only the lines containing keyword markers (e.g., the single const isVerboseLoggingEnabled line or the specific secret entries referencing #{AUTH0_MGMT_CLIENT_ID}#) while still pulling down new or modified lines from the remote tenant. This would eliminate silent data loss, reduce the need for manual post-export cleanup, and make bi-directional workflows viable for customers who depend on keyword replacement for environment portability.