What's Fixed
- Request level variables now correctly take precedence over globals when an RTS pre-request script mutates global state before a JS pre-request script runs. Previously the JS script could pick up a stale or overwritten value instead of the one defined on the request.
- Sensitive values set by scripts (global secrets, auth headers) are now properly redacted in the explain report. Earlier they could leak through unmasked.
- The
explainpreview no longer truncates non-ASCII text mid-character - it now clips on rune boundaries.
What's Improved
- The
explainpreview now shows the authentication stage without performing actual OAuth flows. If a cached token is available it uses that, otherwise it tells you the token fetch was skipped and what would happen on a real run. - Redaction coverage in explain reports has been extended to Final.Details, Final.Steps and auth-sensitive header change entries.