fix(tools): preserve env overrides and cwd across macOS sandbox rewrite#3872
Merged
Conversation
rewrite_command_with_sandbox_exec replaces the whole std::process::Command with `Command::new(sandbox_exec)` to prepend sandbox-exec to the program. The replacement carried over only program + args; env overrides set via .env / .env_remove and current_dir set via .current_dir were silently dropped. Concrete impact, post #3869: - Skill secret env injection through CompositeExecutor reached ShellExecutor and was applied via cmd.envs(extra_env) in build_bash_command. Then the sandbox rewrite wiped it. Subprocess spawned with parent env only, so GITHUB_TOKEN (and any other x-requires-secrets value) never reached gh. - Any caller-configured cwd was likewise discarded. Capture program, args, envs, and current_dir BEFORE the in-place replacement, then replay envs and cwd onto the new Command. Adds a regression test that sets env, env_remove, and current_dir, runs the rewrite, and asserts all three survive. Closes #3871.
github-actions
Bot
added
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
rewrite_command_with_sandbox_execon macOS replaced the entirestd::process::CommandwithCommand::new(sandbox_exec)to prepend the sandbox wrapper. Only program + args were carried over;.env/.env_removeoverrides and.current_dirwere dropped on the floor.[tools.sandbox] enabled = true(the default in production configs),cmd.envs(extra_env)set bybuild_bash_commandwas wiped before spawn.GITHUB_TOKENinjected for thegithubskill never reachedgh; tool reportedToken in default: invalidbecause gh fell back tohosts.yml(which has nooauth_tokenfield).current_dirdiscarded: any future / present.current_dir(...)on bash invocations was reset to the parent process cwd.rewrite_preserves_env_overrides_and_cwd) that sets.env,.env_remove, and.current_dirand asserts all three survive the rewrite.Closes #3871. Restores the end-to-end flow originally targeted by #3870 (which fixed the propagation through
CompositeExecutorbut left the sandbox-side defect in place).Test plan
cargo +nightly fmt --checkcargo clippy --workspace --all-targets -- -D warningscargo nextest run -p zeph-tools -E 'test(sandbox)'→ 58 passed (incl. new regression)cargo nextest run --workspace --lib --bins→ 9323 passed[tools.sandbox] enabled = true,ZEPH_SECRET_GITHUB_TOKENin age vault,githubskilltrustedwithx-requires-secrets: github_token, ask agent to rungh auth statusand confirm source is(GH_TOKEN)/(GITHUB_TOKEN)(not(default)).Notes
linux.rs.vault → available_custom_secrets → set_skill_env → ShellExecutor::skill_env → cmd.envs → sandbox-exec → bash.