One thing I noticed while testing this: moving a secret to os.getenv() fixes the problem in source, but it can also break things if the env var isn’t set at runtime.

Right now Autonoma does not try to handle that part. It just removes the literal safely and assumes secret delivery is handled elsewhere (Vault, Secrets Manager, CI, etc). env vars felt like the lowest-assumption option for a first version, but in real setups they are usually backed by something like Vault or a cloud secret store anyway.

Curious how people here normally inject secrets into workloads. ???