[{"data":1,"prerenderedAt":1374},["ShallowReactive",2],{"navigation_docs":3,"-blog-announcing-shelve-3":137,"-blog-announcing-shelve-3-surround":1367},[4,16,51,102,112,126],{"title":5,"path":6,"stem":7,"children":8,"icon":15},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002F1.getting-started\u002F1.index",[9,11],{"title":10,"path":6,"stem":7},"Introduction",{"title":12,"path":13,"stem":14},"Quickstart","\u002Fdocs\u002Fgetting-started\u002Fquickstart","docs\u002F1.getting-started\u002F2.quickstart","i-lucide-rocket",{"title":17,"icon":18,"path":19,"stem":20,"children":21,"page":50},"Core Features","i-lucide-tag","\u002Fdocs\u002Fcore-features","docs\u002F2.core-features",[22,26,30,34,38,42,46],{"title":23,"path":24,"stem":25},"Audit Logs","\u002Fdocs\u002Fcore-features\u002Faudit-logs","docs\u002F2.core-features\u002Faudit-logs",{"title":27,"path":28,"stem":29},"Encryption","\u002Fdocs\u002Fcore-features\u002Fencryption","docs\u002F2.core-features\u002Fencryption",{"title":31,"path":32,"stem":33},"Environments","\u002Fdocs\u002Fcore-features\u002Fenvironments","docs\u002F2.core-features\u002Fenvironments",{"title":35,"path":36,"stem":37},"Projects","\u002Fdocs\u002Fcore-features\u002Fprojects","docs\u002F2.core-features\u002Fprojects",{"title":39,"path":40,"stem":41},"Teams","\u002Fdocs\u002Fcore-features\u002Fteams","docs\u002F2.core-features\u002Fteams",{"title":43,"path":44,"stem":45},"API Tokens","\u002Fdocs\u002Fcore-features\u002Ftokens","docs\u002F2.core-features\u002Ftokens",{"title":47,"path":48,"stem":49},"Variables","\u002Fdocs\u002Fcore-features\u002Fvariables","docs\u002F2.core-features\u002Fvariables",false,{"title":52,"icon":53,"path":54,"stem":55,"children":56},"CLI","i-lucide-terminal","\u002Fdocs\u002Fcli","docs\u002F3.cli\u002F2.index",[57,58,62,66,70,74,78,82,86,90,94,98],{"title":10,"path":54,"stem":55},{"title":59,"path":60,"stem":61},"Init","\u002Fdocs\u002Fcli\u002Finit","docs\u002F3.cli\u002F1.init",{"title":63,"path":64,"stem":65},"Agents & automation","\u002Fdocs\u002Fcli\u002Fagents-automation","docs\u002F3.cli\u002F10.agents-automation",{"title":67,"path":68,"stem":69},"Troubleshooting","\u002Fdocs\u002Fcli\u002Ftroubleshooting","docs\u002F3.cli\u002F11.troubleshooting",{"title":71,"path":72,"stem":73},"Sync policies","\u002Fdocs\u002Fcli\u002Fsync-policies","docs\u002F3.cli\u002F12.sync-policies",{"title":75,"path":76,"stem":77},"Run","\u002Fdocs\u002Fcli\u002Frun","docs\u002F3.cli\u002F3.run",{"title":79,"path":80,"stem":81},"Login and Logout","\u002Fdocs\u002Fcli\u002Flogin-logout","docs\u002F3.cli\u002F4.login-logout",{"title":83,"path":84,"stem":85},"Push and Pull","\u002Fdocs\u002Fcli\u002Fpush-pull","docs\u002F3.cli\u002F5.push-pull",{"title":87,"path":88,"stem":89},"Create","\u002Fdocs\u002Fcli\u002Fcreate","docs\u002F3.cli\u002F6.create",{"title":91,"path":92,"stem":93},"Config","\u002Fdocs\u002Fcli\u002Fconfig","docs\u002F3.cli\u002F7.config",{"title":95,"path":96,"stem":97},"Generate","\u002Fdocs\u002Fcli\u002Fgenerate","docs\u002F3.cli\u002F8.generate",{"title":99,"path":100,"stem":101},"Upgrade","\u002Fdocs\u002Fcli\u002Fupgrade","docs\u002F3.cli\u002F9.upgrade",{"title":103,"icon":104,"path":105,"stem":106,"children":107,"page":50},"Integrations","i-lucide-blocks","\u002Fdocs\u002Fintegrations","docs\u002F4.integrations",[108],{"title":109,"path":110,"stem":111},"Github","\u002Fdocs\u002Fintegrations\u002Fgithub","docs\u002F4.integrations\u002F1.github",{"title":113,"icon":114,"path":115,"stem":116,"children":117,"page":50},"Self-hosting","i-lucide-cloud","\u002Fdocs\u002Fself-hosting","docs\u002F5.self-hosting",[118,122],{"title":119,"path":120,"stem":121},"Deploy on Vercel","\u002Fdocs\u002Fself-hosting\u002Fvercel","docs\u002F5.self-hosting\u002F1.vercel",{"title":123,"path":124,"stem":125},"Environment variables","\u002Fdocs\u002Fself-hosting\u002Fenvironment-variables","docs\u002F5.self-hosting\u002F2.environment-variables",{"title":127,"path":128,"stem":129,"children":130,"icon":136},"Contributing","\u002Fdocs\u002Fcontributing","docs\u002F6.contributing\u002F1.index",[131,132],{"title":10,"path":128,"stem":129},{"title":133,"path":134,"stem":135},"Dev Setup","\u002Fdocs\u002Fcontributing\u002Fdev-setup","docs\u002F6.contributing\u002F2.dev-setup","i-lucide-heart-handshake",{"id":138,"title":139,"authors":140,"body":148,"date":1353,"description":1354,"extension":1355,"image":1356,"meta":1357,"minRead":1358,"navigation":1359,"path":1360,"seo":1361,"stem":1362,"tags":1363,"word":1365,"__hash__":1366},"blog\u002Fblog\u002F04.announcing-shelve-3.md","Announcing Shelve 3",[141],{"name":142,"description":143,"to":144,"target":145,"avatar":146},"Hugo Richard","Creator of Shelve","https:\u002F\u002Fx.com\u002Fhugorcd","_blank",{"src":147,"alt":142},"https:\u002F\u002Favatars.githubusercontent.com\u002Fu\u002F71938701?v=4",{"type":149,"value":150,"toc":1327},"minimark",[151,156,179,186,190,195,299,303,310,348,358,362,371,381,406,415,468,485,489,496,563,570,575,582,586,597,605,616,622,626,633,639,652,658,669,673,688,692,702,705,763,770,833,837,840,888,895,899,902,954,958,967,971,974,1042,1052,1056,1061,1139,1145,1149,1152,1171,1191,1195,1256,1263,1267,1304,1308,1311,1314,1320,1323],[152,153,155],"h2",{"id":154},"shelve-3-built-for-teams-agents-and-production","Shelve 3: built for teams, agents, and production",[157,158,159,163,164,169,170,174,175,178],"p",{},[160,161,162],"strong",{},"Shelve 3 is here."," If you have been using Shelve since ",[165,166,168],"a",{"href":167},"\u002Fblog\u002Fannouncing-2.0","2.0",", you already know the pitch. Centralize your environment variables, inject them at runtime with ",[171,172,173],"code",{},"shelve run",", sync to GitHub Secrets, and keep your team aligned from the app or the CLI. Version 2 delivered on that promise with a polished UI, a capable CLI, and a workflow that made ",[171,176,177],{},".env"," files optional on your laptop.",[157,180,181,182,185],{},"Version 3 builds on that solid foundation. The theme is ",[160,183,184],{},"more control, more visibility, and a CLI that matches how we work today",", whether you are in a team, in CI, or working alongside AI coding agents. Same product you already trust, with a deeper toolkit underneath.",[152,187,189],{"id":188},"whats-new-at-a-glance","What's new at a glance",[191,192,194],"callout",{"type":193},"tip","Already on Shelve 2.x? Your secrets, projects, and workflows carry over. Most of 3.0 is additive, with new capabilities on top of what you already use.",[196,197,198,211],"table",{},[199,200,201],"thead",{},[202,203,204,208],"tr",{},[205,206,207],"th",{},"Area",[205,209,210],{},"Highlights",[212,213,214,225,235,244,254,269,289],"tbody",{},[202,215,216,222],{},[217,218,219],"td",{},[160,220,221],{},"CLI login",[217,223,224],{},"Browser device flow, no more copying API tokens by hand",[202,226,227,232],{},[217,228,229],{},[160,230,231],{},"Tokens",[217,233,234],{},"Scoped permissions, expiry, IP allowlists, usage tracking",[202,236,237,241],{},[217,238,239],{},[160,240,27],{},[217,242,243],{},"Per-project envelope encryption on top of existing AES-256",[202,245,246,251],{},[217,247,248],{},[160,249,250],{},"Observability",[217,252,253],{},"Full audit log with a polished team UI",[202,255,256,262],{},[217,257,258],{},[160,259,260],{},[171,261,173],{},[217,263,264,265,268],{},"Offline cache, watch mode, ",[171,266,267],{},"shelve:\u002F\u002F"," templates, OS keychain",[202,270,271,276],{},[217,272,273],{},[160,274,275],{},"Agents & CI",[217,277,278,281,282,281,285,288],{},[171,279,280],{},"shelve init",", ",[171,283,284],{},"--json",[171,286,287],{},"shelve doctor",", sync policies, agent skill",[202,290,291,296],{},[217,292,293],{},[160,294,295],{},"Platform",[217,297,298],{},"Variable groups, OTP auth, Docus docs, E2E test coverage",[152,300,302],{"id":301},"before-you-upgrade","Before you upgrade",[191,304,306,309],{"type":305},"important",[160,307,308],{},"A few breaking changes in 3.0."," Plan a short maintenance window before upgrading production or CI.",[311,312,313,320,338],"ul",{},[314,315,316,319],"li",{},[160,317,318],{},"API tokens need to be re-issued after upgrading."," The token format and storage model changed. Plaintext is now shown only at creation, and tokens are stored as hashes. Create new tokens in the UI and update your CI secrets.",[314,321,322,329,330,333,334,337],{},[160,323,324,325,328],{},"The CLI now sends ",[171,326,327],{},"Authorization: Bearer \u003Ctoken>","."," Cookie-based auth still works for one release window with ",[171,331,332],{},"Deprecation"," and ",[171,335,336],{},"Sunset"," response headers.",[314,339,340,343,344,347],{},[160,341,342],{},"Upgrade the CLI:"," ",[171,345,346],{},"npm i -g @shelve\u002Fcli@latest"," (or your package manager equivalent).",[157,349,350,351,333,354,357],{},"See the ",[165,352,353],{"href":100},"CLI upgrade guide",[165,355,356],{"href":44},"API tokens docs"," for details.",[152,359,361],{"id":360},"sign-in-from-the-browser","Sign in from the browser",[157,363,364,365],{},"The biggest day-to-day CLI change: ",[160,366,367,370],{},[171,368,369],{},"shelve login"," no longer asks you to paste an API token.",[157,372,373,374,380],{},"Instead, Shelve uses the ",[165,375,379],{"href":376,"rel":377},"https:\u002F\u002Fdatatracker.ietf.org\u002Fdoc\u002Fhtml\u002Frfc8628",[378],"nofollow","RFC 8628 device authorization flow",", the same pattern as the GitHub CLI or Vercel.",[382,383,384,390,393,399],"ol",{},[314,385,386,387,389],{},"Run ",[171,388,369],{}," in your terminal.",[314,391,392],{},"Your browser opens to Shelve (or the CLI prints a URL and a short code).",[314,394,395,396,328],{},"Sign in if needed, review the request, and click ",[160,397,398],{},"Authorize CLI",[314,400,401,402,405],{},"Shelve creates a revocable API token named ",[171,403,404],{},"CLI — \u003Chostname>"," (90-day expiry, read\u002Fwrite) and stores it in your OS keychain.",[157,407,408,409,414],{},"No dashboard tab hunting. No copy-paste into the terminal. The token shows up in ",[165,410,413],{"href":411,"rel":412},"https:\u002F\u002Fapp.shelve.cloud\u002Fuser\u002Ftokens",[378],"your tokens list"," like any other. Revoke it anytime.",[416,417,422],"pre",{"className":418,"code":419,"language":420,"meta":421,"style":421},"language-bash shiki shiki-themes github-light github-dark github-dark","shelve login              # opens browser (default)\nshelve login --no-browser # print URL + code only (SSH, remote machines)\nshelve login --with-token # paste a token manually (optional)\n","bash","",[171,423,424,441,455],{"__ignoreMap":421},[425,426,429,433,437],"span",{"class":427,"line":428},"line",1,[425,430,432],{"class":431},"shcOC","shelve",[425,434,436],{"class":435},"sfrk1"," login",[425,438,440],{"class":439},"sCsY4","              # opens browser (default)\n",[425,442,444,446,448,452],{"class":427,"line":443},2,[425,445,432],{"class":431},[425,447,436],{"class":435},[425,449,451],{"class":450},"suiK_"," --no-browser",[425,453,454],{"class":439}," # print URL + code only (SSH, remote machines)\n",[425,456,458,460,462,465],{"class":427,"line":457},3,[425,459,432],{"class":431},[425,461,436],{"class":435},[425,463,464],{"class":450}," --with-token",[425,466,467],{"class":439}," # paste a token manually (optional)\n",[157,469,470,473,474,477,478,481,482,328],{},[160,471,472],{},"CI and agents stay the same."," Set ",[171,475,476],{},"SHELVE_TOKEN"," or pass ",[171,479,480],{},"--token",". No browser required. Scoped, expiring tokens from the dashboard remain the right choice for pipelines. See ",[165,483,484],{"href":80},"login and logout docs",[152,486,488],{"id":487},"more-control-over-api-tokens","More control over API tokens",[157,490,491,492,495],{},"Shelve has always encrypted secrets at rest. With 3.0, ",[160,493,494],{},"API tokens get the same level of care",", plus a set of features teams have been asking for:",[311,497,498,509,531,545],{},[314,499,500,503,504,328],{},[160,501,502],{},"256 bits of entropy",", encoded in ",[165,505,508],{"href":506,"rel":507},"https:\u002F\u002Fwww.crockford.com\u002Fbase32.html",[378],"Crockford base32",[314,510,511,514,515,518,519,522,523,526,527,530],{},[160,512,513],{},"Hashed at rest."," Only ",[171,516,517],{},"sha256(token)"," and a display ",[160,520,521],{},"prefix"," (",[171,524,525],{},"she_…",") are stored. The full value is shown ",[160,528,529],{},"exactly once"," at creation.",[314,532,533,536,537,540,541,544],{},[160,534,535],{},"Granular scopes"," to restrict a token to specific teams, projects, environments, and ",[171,538,539],{},"read"," \u002F ",[171,542,543],{},"write"," permissions, enforced server-side.",[314,546,547,281,550,553,554,562],{},[160,548,549],{},"Optional expiry",[160,551,552],{},"CIDR allowlists",", and ",[160,555,556,540,559],{},[171,557,558],{},"lastUsedAt",[171,560,561],{},"lastUsedIp"," on every request so you always know which token did what.",[157,564,565,566,569],{},"The token UI at ",[171,567,568],{},"\u002Fuser\u002Ftokens"," shows scopes, expiry, and last-used info at a glance. The creation flow uses a roomier modal with cascading multi-select pickers, inline CIDR validation, and a helpful nudge when a token has no restrictions applied.",[571,572,574],"h3",{"id":573},"standard-bearer-authentication","Standard Bearer authentication",[157,576,577,578,581],{},"The CLI sends ",[171,579,580],{},"Authorization: Bearer she_…",", the same pattern used by most APIs and CI systems. Cookie-based auth remains available during the transition, with clear deprecation headers.",[571,583,585],{"id":584},"envelope-encryption-per-project","Envelope encryption, per project",[157,587,588,589,592,593,596],{},"Shelve already sealed every variable with ",[160,590,591],{},"AES-256-GCM"," before it hit the database. Version 3 adds ",[160,594,595],{},"envelope encryption",", an extra layer for finer-grained key management:",[416,598,603],{"className":599,"code":601,"language":602},[600],"language-text","value ──seal──▶ ciphertext     (key = DEK, per-project)\nDEK   ──seal──▶ encryptedDek   (key = KEK, platform-wide)\n","text",[171,604,601],{"__ignoreMap":421},[157,606,607,608,611,612,615],{},"Each project gets its own ",[160,609,610],{},"Data Encryption Key (DEK)",", sealed by the platform ",[160,613,614],{},"Key Encryption Key (KEK)",". You get per-project key rotation without touching application code, and a smaller blast radius if a single project key is ever rotated or replaced.",[157,617,618,619,328],{},"Existing projects upgrade seamlessly. Decryption tries the project DEK first, then transparently falls back to the previous scheme. No data migration required. Read the full scheme in the ",[165,620,621],{"href":28},"encryption docs",[571,623,625],{"id":624},"audit-logs","Audit logs",[157,627,628,629,632],{},"One of the most requested features: a full ",[160,630,631],{},"audit trail"," for your team.",[157,634,635,636,638],{},"Every sensitive action (token create\u002Fdelete, variable read\u002Fwrite, environment and project mutations) is recorded with actor, action, resource, IP, user agent, and metadata. Team admins get an ",[160,637,625],{}," tab in team settings with cursor pagination and action filters.",[157,640,641,642,281,645,648,649,328],{},"The UI includes color-coded action badges, resource icons, parsed user-agent labels (e.g. ",[171,643,644],{},"Shelve CLI 5.0.0",[171,646,647],{},"Chrome · macOS","), and a per-row metadata popover to inspect the full JSON payload. You can query the feed via API too. See ",[165,650,651],{"href":24},"audit logs docs",[152,653,655,657],{"id":654},"shelve-run-grows-up",[171,656,173],{}," grows up",[157,659,660,662,663,665,666,668],{},[171,661,173],{}," was the headline feature of ",[165,664,168],{"href":167},". Run any script with secrets injected at runtime, no ",[171,667,177],{}," on disk. In Shelve 3 it became significantly more capable and reliable.",[571,670,672],{"id":671},"credentials-in-the-os-keychain","Credentials in the OS keychain",[157,674,675,676,679,680,683,684,687],{},"Whether you signed in via the browser flow or set a token for CI, credentials live in the ",[160,677,678],{},"OS keychain"," (macOS Keychain, Windows Credential Manager, libsecret), with a hardened XDG fallback at ",[171,681,682],{},"~\u002F.config\u002F.shelve",". Legacy ",[171,685,686],{},"~\u002F.shelve"," files migrate automatically on first read.",[571,689,691],{"id":690},"offline-cache-watch-mode-and-secret-references","Offline cache, watch mode, and secret references",[157,693,694,695,697,698,701],{},"Working on a plane? API briefly down? After every successful fetch, ",[171,696,173],{}," keeps an ",[160,699,700],{},"encrypted offline cache"," (AES-256-GCM, keyed from your token via HKDF). Revoke the token and the cache becomes unreadable.",[157,703,704],{},"New flags and modes:",[311,706,707,715,723,731,743,751],{},[314,708,709,714],{},[160,710,711],{},[171,712,713],{},"--offline",": use cache only",[314,716,717,722],{},[160,718,719],{},[171,720,721],{},"--no-cache",": always fetch fresh",[314,724,725,730],{},[160,726,727],{},[171,728,729],{},"--cache-ttl 24h",": control freshness",[314,732,733,738,739,742],{},[160,734,735],{},[171,736,737],{},"--watch",": poll for variable changes and forward ",[171,740,741],{},"SIGHUP"," to the child (Vite\u002FNuxt\u002FNext hot-reload)",[314,744,745,750],{},[160,746,747],{},[171,748,749],{},"--restart-on-change",": respawn the process instead",[314,752,753,758,759,762],{},[160,754,755],{},[171,756,757],{},"--template .env.template",": resolve ",[171,760,761],{},"shelve:\u002F\u002F\u003Cteam>\u002F\u003Cproject>\u002F\u003Cenv>\u002F\u003CKEY>"," references and commit the template safely to Git",[157,764,765,766,769],{},"Signal forwarding, watch mode, and cross-platform spawn were hardened across the 3.x CLI releases, including Windows ",[171,767,768],{},".cmd"," shims, parent-death watchdogs, and cleaner exit-code propagation.",[416,771,773],{"className":418,"code":772,"language":420,"meta":421,"style":421},"shelve init\nshelve run -- pnpm dev\nshelve run --watch -- pnpm dev\nshelve run --template .env.template -- pnpm build\n",[171,774,775,782,798,813],{"__ignoreMap":421},[425,776,777,779],{"class":427,"line":428},[425,778,432],{"class":431},[425,780,781],{"class":435}," init\n",[425,783,784,786,789,792,795],{"class":427,"line":443},[425,785,432],{"class":431},[425,787,788],{"class":435}," run",[425,790,791],{"class":450}," --",[425,793,794],{"class":435}," pnpm",[425,796,797],{"class":435}," dev\n",[425,799,800,802,804,807,809,811],{"class":427,"line":457},[425,801,432],{"class":431},[425,803,788],{"class":435},[425,805,806],{"class":450}," --watch",[425,808,791],{"class":450},[425,810,794],{"class":435},[425,812,797],{"class":435},[425,814,816,818,820,823,826,828,830],{"class":427,"line":815},4,[425,817,432],{"class":431},[425,819,788],{"class":435},[425,821,822],{"class":450}," --template",[425,824,825],{"class":435}," .env.template",[425,827,791],{"class":450},[425,829,794],{"class":435},[425,831,832],{"class":435}," build\n",[571,834,836],{"id":835},"built-for-the-ai-agent-era","Built for the AI-agent era",[157,838,839],{},"AI coding agents (Cursor, Claude Code, Codex, Aider, Continue, and more) are part of many workflows now. Shelve 3 meets that with practical guardrails:",[311,841,842,869,881],{},[314,843,844,848,849,281,852,281,855,281,858,861,862,865,866,328],{},[160,845,846],{},[171,847,280],{},": one command to add ",[171,850,851],{},".cursorignore",[171,853,854],{},".aiderignore",[171,856,857],{},".codeiumignore",[171,859,860],{},".continueignore",", and a ",[171,863,864],{},"# shelve-managed-block"," in ",[171,867,868],{},".gitignore",[314,870,871,876,877,880],{},[160,872,873],{},[171,874,875],{},"shelve pull",": detects agent environments and asks before writing plaintext to disk (",[171,878,879],{},"--yes"," to skip).",[314,882,883,887],{},[160,884,885],{},[171,886,173],{},": secrets stay in the child process memory, never on disk.",[157,889,890,891,894],{},"If you use agents, ",[171,892,893],{},"shelve run -- \u003Ccmd>"," is the recommended path.",[152,896,898],{"id":897},"platform-improvements","Platform improvements",[157,900,901],{},"Alongside the security and CLI work, the platform itself got a lot of love:",[311,903,904,921,930,936,942,948],{},[314,905,906,909,910,913,914,917,918,328],{},[160,907,908],{},"Variable groups and descriptions"," to organize variables in the UI. ",[171,911,912],{},"pull"," outputs section headers (",[171,915,916],{},"# ---- Group ----",") and inline description comments, and auto-generates a ",[171,919,920],{},".env.example",[314,922,923,333,926,929],{},[160,924,925],{},"OTP auth",[160,927,928],{},"bot-id protection"," on the login surface.",[314,931,932,935],{},[160,933,934],{},"Documentation migrated to Docus"," for clearer structure, better search, and a full CLI reference on shelve.cloud.",[314,937,938,941],{},[160,939,940],{},"Vercel self-hosting docs"," and updated terms\u002Fprivacy pages.",[314,943,944,947],{},[160,945,946],{},"Test infrastructure"," with unit and E2E coverage across push\u002Fpull, tokens, auth, audit logs, offline cache, and secret references.",[314,949,950,953],{},[160,951,952],{},"Navigation and members table"," refactors, single-team auto-redirect, Nuxt 4 and Nuxt UI upgrades.",[152,955,957],{"id":956},"sync-policies-and-agent-automation","Sync policies and agent automation",[157,959,960,961,333,964,328],{},"Shelve 3 also ships ",[160,962,963],{},"team-grade sync controls",[160,965,966],{},"automation-first CLI flags",[571,968,970],{"id":969},"global-flags-and-structured-output","Global flags and structured output",[157,972,973],{},"Every command supports flags built for CI and agent shells:",[196,975,976,986],{},[199,977,978],{},[202,979,980,983],{},[205,981,982],{},"Flag",[205,984,985],{},"Purpose",[212,987,988,997,1010,1022,1032],{},[202,989,990,994],{},[217,991,992],{},[171,993,284],{},[217,995,996],{},"Machine-readable success on stdout, structured errors on stderr",[202,998,999,1007],{},[217,1000,1001,540,1004],{},[171,1002,1003],{},"--quiet",[171,1005,1006],{},"-q",[217,1008,1009],{},"Suppress spinners and intro\u002Foutro",[202,1011,1012,1019],{},[217,1013,1014,540,1016],{},[171,1015,879],{},[171,1017,1018],{},"-y",[217,1020,1021],{},"Skip confirmation prompts",[202,1023,1024,1029],{},[217,1025,1026],{},[171,1027,1028],{},"--non-interactive",[217,1030,1031],{},"Fail fast instead of prompting (auto-enabled in CI and agent shells)",[202,1033,1034,1039],{},[217,1035,1036],{},[171,1037,1038],{},"--debug",[217,1040,1041],{},"Verbose logs without Authorization headers or secret values",[157,1043,1044,1048,1049,1051],{},[160,1045,1046],{},[171,1047,287],{}," validates your setup and reports health checks. See ",[165,1050,63],{"href":64}," for JSON output shapes per command.",[571,1053,1055],{"id":1054},"sync-policies-diff-and-protected-environments","Sync policies, diff, and protected environments",[157,1057,1058,1060],{},[160,1059,71],{}," define what happens when local and remote diverge:",[311,1062,1063,1077,1095,1116,1131],{},[314,1064,1065,1070,1071,1073,1074,1076],{},[160,1066,1067],{},[171,1068,1069],{},"shelve diff",": compare local ",[171,1072,177],{}," with Shelve (no writes, safe with ",[171,1075,284],{},")",[314,1078,1079,1084,1085,522,1088,1091,1092,1076],{},[160,1080,1081],{},[171,1082,1083],{},"shelve sync",": reconcile according to ",[171,1086,1087],{},"sourceOfTruth",[171,1089,1090],{},"remote"," vs ",[171,1093,1094],{},"local",[314,1096,1097,1102,1103,281,1106,281,1109,1112,1113],{},[160,1098,1099],{},[171,1100,1101],{},"onPushConflict",": ",[171,1104,1105],{},"overwrite",[171,1107,1108],{},"skip",[171,1110,1111],{},"fail",", or ",[171,1114,1115],{},"prompt",[314,1117,1118,1102,1123,1126,1127,1130],{},[160,1119,1120],{},[171,1121,1122],{},"pullMode",[171,1124,1125],{},"replace"," or ",[171,1128,1129],{},"merge"," (local-only keys kept)",[314,1132,1133,1138],{},[160,1134,1135],{},[171,1136,1137],{},"protectedEnvironments",": mark production (or any env) as push-protected on the server",[157,1140,1141,1142,328],{},"Server policies are the source of truth. If production is protected, the CLI respects that. See ",[165,1143,1144],{"href":72},"sync policies docs",[571,1146,1148],{"id":1147},"agent-skill-and-ci-tooling","Agent skill and CI tooling",[157,1150,1151],{},"Install the published agent skill so Cursor, Claude, and other agents know how to use Shelve:",[416,1153,1155],{"className":418,"code":1154,"language":420,"meta":421,"style":421},"npx skills add https:\u002F\u002Fshelve.cloud\n",[171,1156,1157],{"__ignoreMap":421},[425,1158,1159,1162,1165,1168],{"class":427,"line":428},[425,1160,1161],{"class":431},"npx",[425,1163,1164],{"class":435}," skills",[425,1166,1167],{"class":435}," add",[425,1169,1170],{"class":435}," https:\u002F\u002Fshelve.cloud\n",[157,1172,1173,1174,281,1176,1178,1179,540,1181,1183,1184,1187,1188,328],{},"The skill covers ",[171,1175,173],{},[171,1177,280],{},", scoped tokens, sync policies, and the ",[171,1180,284],{},[171,1182,1028],{}," flags. A ",[160,1185,1186],{},"GitHub Action"," is available for CI. Full CLI documentation and troubleshooting guides live on ",[165,1189,1190],{"href":54},"shelve.cloud\u002Fdocs\u002Fcli",[152,1192,1194],{"id":1193},"what-this-means-for-you","What this means for you",[196,1196,1197,1207],{},[199,1198,1199],{},[202,1200,1201,1204],{},[205,1202,1203],{},"Persona",[205,1205,1206],{},"What you get",[212,1208,1209,1225,1235],{},[202,1210,1211,1216],{},[217,1212,1213],{},[160,1214,1215],{},"Solo developer",[217,1217,1218,1220,1221,1224],{},[171,1219,369],{}," once, then ",[171,1222,1223],{},"shelve run -- pnpm dev",". Offline cache when you need it. Agent-safe by default.",[202,1226,1227,1232],{},[217,1228,1229],{},[160,1230,1231],{},"Team admin",[217,1233,1234],{},"Scoped, expiring tokens with IP allowlists. A full audit log. Protected environments. Per-project encryption keys.",[202,1236,1237,1242],{},[217,1238,1239],{},[160,1240,1241],{},"CI \u002F agent automation",[217,1243,1244,1246,1247,1246,1249,1251,1252,1255],{},[171,1245,476],{}," + ",[171,1248,284],{},[171,1250,1028],{},". ",[171,1253,1254],{},"shelve doctor --json"," in your setup step. The agent skill for Cursor and friends.",[157,1257,1258,1259,1262],{},"Shelve 2.x made environment management a pleasure. Shelve 3 adds ",[160,1260,1261],{},"depth",": browser login, observability, fine-grained access control, and a CLI that fits how teams and agents work today.",[152,1264,1266],{"id":1265},"try-shelve-3-today","Try Shelve 3 today",[311,1268,1269,1279,1287,1294],{},[314,1270,1271,343,1274],{},[160,1272,1273],{},"Get started:",[165,1275,1278],{"href":1276,"rel":1277},"https:\u002F\u002Fapp.shelve.cloud",[378],"app.shelve.cloud",[314,1280,1281,343,1284],{},[160,1282,1283],{},"Read the docs:",[165,1285,1286],{"href":6},"shelve.cloud\u002Fdocs\u002Fgetting-started",[314,1288,1289,343,1292],{},[160,1290,1291],{},"Install the CLI:",[171,1293,346],{},[314,1295,1296,343,1299],{},[160,1297,1298],{},"Contribute:",[165,1300,1303],{"href":1301,"rel":1302},"https:\u002F\u002Fgithub.com\u002FHugoRCD\u002Fshelve",[378],"github.com\u002FHugoRCD\u002Fshelve",[152,1305,1307],{"id":1306},"thank-you","Thank you",[157,1309,1310],{},"This release spans dozens of pull requests and months of work. Thank you to everyone in the community who contributed code, opened issues, tried early builds, and shared feedback along the way.",[157,1312,1313],{},"Open-source, built in public, shaped by the people who use it.",[1315,1316,1319],"read-more",{"icon":1317,"target":145,"to":1318},"i-simple-icons-github","https:\u002F\u002Fgithub.com\u002FHugoRCD\u002Fshelve\u002Freleases\u002Ftag\u002Fv3.2.0","Read the full release notes on GitHub.",[157,1321,1322],{},"💚 Hugo",[1324,1325,1326],"style",{},"html pre.shiki code .shcOC, html code.shiki .shcOC{--shiki-light:#6F42C1;--shiki-default:#B392F0;--shiki-dark:#B392F0}html pre.shiki code .sfrk1, html code.shiki .sfrk1{--shiki-light:#032F62;--shiki-default:#9ECBFF;--shiki-dark:#9ECBFF}html pre.shiki code .sCsY4, html code.shiki .sCsY4{--shiki-light:#6A737D;--shiki-default:#6A737D;--shiki-dark:#6A737D}html pre.shiki code .suiK_, html code.shiki .suiK_{--shiki-light:#005CC5;--shiki-default:#79B8FF;--shiki-dark:#79B8FF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":421,"searchDepth":443,"depth":443,"links":1328},[1329,1330,1331,1332,1333,1338,1344,1345,1350,1351,1352],{"id":154,"depth":443,"text":155},{"id":188,"depth":443,"text":189},{"id":301,"depth":443,"text":302},{"id":360,"depth":443,"text":361},{"id":487,"depth":443,"text":488,"children":1334},[1335,1336,1337],{"id":573,"depth":457,"text":574},{"id":584,"depth":457,"text":585},{"id":624,"depth":457,"text":625},{"id":654,"depth":443,"text":1339,"children":1340},"shelve run grows up",[1341,1342,1343],{"id":671,"depth":457,"text":672},{"id":690,"depth":457,"text":691},{"id":835,"depth":457,"text":836},{"id":897,"depth":443,"text":898},{"id":956,"depth":443,"text":957,"children":1346},[1347,1348,1349],{"id":969,"depth":457,"text":970},{"id":1054,"depth":457,"text":1055},{"id":1147,"depth":457,"text":1148},{"id":1193,"depth":443,"text":1194},{"id":1265,"depth":443,"text":1266},{"id":1306,"depth":443,"text":1307},"05\u002F31\u002F2026","Scoped tokens, browser login, envelope encryption, audit logs, a smarter shelve run, and an AI-native CLI. Shelve 3 is here.","md","\u002Fblog\u002F3.0-release.png",{},12,true,"\u002Fblog\u002Fannouncing-shelve-3",{"title":139,"description":1354},"blog\u002F04.announcing-shelve-3",[1364],"release","3.0","VejaWWG36lp0CoPUNWqL75CiHAp5ZSpDWEmYhvxhzjc",[1368,1373],{"title":1369,"path":1370,"stem":1371,"description":1372,"children":-1},"Crafting Clarity: Introducing the New Shelve Landing Page","\u002Fblog\u002Fnew-landing-page","blog\u002F03.new-landing-page","Experience the redesigned shelve.cloud – a reflection of Shelve's commitment to simplicity, security, and exceptional Developer Experience.",null,1780236538280]