feat: switched secrets v3 endpoints to v4

[akhilmhdh]

This PR moves the v3 endpoints to v4 for secrets commands. This also removed the personal override we are doing in CLI as v4 does it in server side. This allows imports to have overrides as well with the new behavior as fallback mechanism.

[linear]

ENG-4599

[infisical-review-police]

💬 Discussion in Slack: #pr-review-cli-283-feat-switched-secrets-v3-endpoints-to-v4

Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel.

[greptile-apps]

Greptile Summary

This PR migrates all secrets fetching from the v3 REST endpoints (/v3/secrets/raw) to v4 (/v4/secrets), and moves the personal-override deduplication logic from the CLI client side to the server side via a new includePersonalOverrides query parameter.

• Renamed CallGetRawSecretsV3 → CallGetSecretsV4 and updated all query param names (workspaceId → projectId, include_imports → includeImports); bool flags are now always sent explicitly so a false value correctly overrides v4's server-side defaults of true.
• Removed the OverrideSecrets helper function and its four call-sites across secrets.go, run.go, export.go, and getSecretsByNames; the flag is propagated end-to-end through GetAllSecretsParameters.IncludePersonalOverrides.
• The agent command correctly hardcodes includePersonalOverrides: false, as machine-identity callers should not receive personal overrides.

Confidence Score: 4/5

The migration is logically sound and the flag is threaded through every call-site consistently; the only issues are a few leftover v3 names in constants, a local variable, and an omitempty tag.

The core logic — always sending bool flags, removing client-side override deduplication, propagating IncludePersonalOverrides — is correct throughout. The remaining findings are naming and tag inconsistencies that do not affect runtime behavior.

packages/api/api.go has two leftover v3 names (the operation constant string and a local variable) that should be cleaned up before the next significant change to that file.

Important Files Changed

Filename	Overview
packages/api/api.go	Renamed CallGetRawSecretsV3 to CallGetSecretsV4 and updated endpoint and query param names. Two naming leftovers: the operationCallGetRawSecretsV3 constant string and the local variable getRawSecretsV3Response were not updated.
packages/api/model.go	Renamed request/response structs to v4; added IncludePersonalOverrides field. ExpandSecretReferences retains omitempty tag inconsistently with the other bool fields.
packages/util/secrets.go	Removed OverrideSecrets function; updated function signatures with the new includePersonalOverrides param. All call sites propagate the flag correctly.
packages/cmd/secrets.go	Removed OverrideSecrets call-sites; IncludePersonalOverrides is now passed via the request struct consistently across all call-sites.
packages/cmd/run.go	Removed OverrideSecrets call in fetchSecrets; IncludePersonalOverrides propagated from secretOverriding into the params struct correctly.
packages/cmd/export.go	Removed OverrideSecrets call; IncludePersonalOverrides now passed via request params.
packages/cmd/agent.go	Updated call to GetPlainTextSecretsV4; hardcodes includePersonalOverrides: false which is appropriate for the agent/machine-identity use case.
packages/models/cli.go	Added IncludePersonalOverrides bool field to GetAllSecretsParameters; minimal and correct change.

Comments Outside Diff (1)

1. packages/api/api.go, line 20 (link)

   Stale operation name used in v4 error reporting

   The constant operationCallGetRawSecretsV3 = "CallGetRawSecretsV3" is still referenced in all three error-return paths inside CallGetSecretsV4. Any error surfaced from the v4 endpoint will appear in logs and error messages as "CallGetRawSecretsV3", making it harder to correlate failures with the correct code path. The constant (and its string value) should be updated to reflect the v4 function name.

_{Reviews (1): Last reviewed commit: "feat: fixed a bug in secret secrets" | Re-trigger Greptile}