Fix: AUTH0_EXCLUDED_ options not respected during export

[ankita10119]

🔧 Changes

Before this fix, AUTH0_EXCLUDED_* options were silently ignored during export - excluded resources still appeared in the output.

Root Cause

The export pipeline calls getType() (fetch) → dump() (write). The AUTH0_EXCLUDED_CLIENTS filtering only existed inside processChanges(), which is called during deploy and is never called during export. As a result, context.assets.exclude.clients was populated from config but never read anywhere in the export path - all clients and their grants were written to the output regardless of the exclusion config.

Fix

Added exclusion filtering inside the dump() function of all four export context handlers:

Handler	What it filters
src/context/yaml/handlers/clients.ts	Filters out clients by name before writing to YAML
src/context/yaml/handlers/clientGrants.ts	Resolves excluded client names → IDs, filters out their grants before writing to YAML
src/context/directory/handlers/clients.ts	Excluded clients have no JSON file written
src/context/directory/handlers/clientGrants.ts	Excluded clients' grants have no JSON file written

For clients, filtering is a direct name match:

const excludedClients = (context.assets.exclude && context.assets.exclude.clients) || [];
if (excludedClients.length) {
  clients = clients.filter((client) => !excludedClients.includes(client.name ?? ''));
}

For clientGrants, an extra resolution step is needed because grants store a UUID (client_id), not a name. Excluded client names are resolved to IDs using the already-loaded clients list:

const excludedClientsByNames = (context.assets.exclude && context.assets.exclude.clients) || [];
if (excludedClientsByNames.length) {
  const excludedClientIds = new Set(
    (clients || [])
      .filter((c) => c.name !== undefined && excludedClientsByNames.includes(c.name))
      .map((c) => c.client_id)
  );
  clientGrants = clientGrants.filter((grant) => !excludedClientIds.has(grant.client_id));
}

Extended Fix (same root cause, all excluded handlers)

After further research, the same export-side bug exists for AUTH0_EXCLUDED_RULES, AUTH0_EXCLUDED_DATABASES, AUTH0_EXCLUDED_CONNECTIONSand AUTH0_EXCLUDED_RESOURCE_SERVERS. This is confirmed by docs/excluding-from-management.md which explicitly states exclusion works bi-directionally (both export and import).

📚 References

Closes #1339

Backward compatibility

No breaking changes for the deploy path. On the export path, if you had AUTH0_EXCLUDED_* set and were relying on export writing everything anyway, the output will now correctly omit excluded resources - matching the documented bi-directional behavior.

🔬 Testing

Added unit tests across all four dump handlers verifying that:

• Excluded clients do not appear in the export output
• Grants belonging to excluded clients do not appear in the export output

Also verified manually against a real Auth0 tenant for both --format yaml and --format directory.

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[codecov-commenter]

Codecov Report

❌ Patch coverage is 67.14286% with 23 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.02%. Comparing base (39acc9d) to head (2a52d09).

Files with missing lines	Patch %	Lines
src/context/directory/handlers/resourceServers.ts	0.00%	5 Missing ⚠️
src/context/yaml/handlers/resourceServers.ts	68.75%	1 Missing and 4 partials ⚠️
src/context/directory/handlers/clients.ts	50.00%	0 Missing and 2 partials ⚠️
src/context/yaml/handlers/clientGrants.ts	75.00%	0 Missing and 2 partials ⚠️
src/context/yaml/handlers/clients.ts	33.33%	0 Missing and 2 partials ⚠️
src/context/directory/handlers/clientGrants.ts	87.50%	0 Missing and 1 partial ⚠️
src/context/directory/handlers/connections.ts	80.00%	0 Missing and 1 partial ⚠️
src/context/directory/handlers/databases.ts	75.00%	0 Missing and 1 partial ⚠️
src/context/directory/handlers/rules.ts	75.00%	0 Missing and 1 partial ⚠️
src/context/yaml/handlers/connections.ts	80.00%	0 Missing and 1 partial ⚠️
... and 2 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1342      +/-   ##
==========================================
- Coverage   80.23%   80.02%   -0.22%     
==========================================
  Files         152      152              
  Lines        6102     6163      +61     
  Branches     1247     1276      +29     
==========================================
+ Hits         4896     4932      +36     
- Misses        692      699       +7     
- Partials      514      532      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.