docs: document secret injection and upstream escaping workaround for MCP env values

[johnturcoo]

Adds a new "Injecting secrets into MCP env values" section that covers:

• The {{SECRET_NAME}} explicit template syntax
• The implicit key-name match fallback
• The unicode escape workaround (\u007b\u007b...\u007d\u007d) for systems like Jira/Atlassian Automation that consume {{...}} before the payload reaches Oz

Follows up on REMOTE-1148.

Co-Authored-By: Oz oz-agent@warp.dev

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	May 22, 2026 3:13pm

[oz-for-oss]

@johnturcoo

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

Overview

This PR adds documentation for injecting Warp-managed secrets into MCP env and headers values, including an upstream templating workaround for systems that consume {{...}} before the payload reaches Oz. I found one copyability issue in the JSON example, but no correctness or security blockers.

Concerns

• The Unicode-escape example should be wrapped in a valid JSON object so readers can copy and validate it directly.

Verdict

Found: 0 critical, 0 important, 1 suggestions

Approve with nits

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

💡 [SUGGESTION] Make this a valid JSON object so readers can copy the example directly into a config file.

Suggested change

	"MY_ENV_VAR": "\u007b\u007bMY_SECRET\u007d\u007d"
	{
	"env": {
	"MY_ENV_VAR": "\u007b\u007bMY_SECRET\u007d\u007d"
	}
	}