Support persisting custom env vars in session defaults

[kamal]

As a follow up to #203, this adds support for persisting custom environment variables into session defaults

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/getsentry/XcodeBuildMCP/xcodebuildmcp@207

commit: 40bc529

[coderabbitai]

Walkthrough

This pull request introduces support for environment variables in session defaults. The changes extend the session defaults schema by adding an optional env field to store environment variable mappings as records of strings. The SessionDefaults type is updated to include the new env property, and the sessionDefaultKeys array is extended with the 'env' key. Test coverage is added to verify that environment defaults are stored correctly and persisted to configuration files when required. Additionally, the version is updated from '2.0.0-beta.1' to '2.0.0', marking a stable release.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding support for persisting custom environment variables in session defaults.
Description check	✅ Passed	The description is directly related to the changeset, referencing issue #203 and explaining the purpose of adding environment variable persistence to session defaults.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

src/utils/session-store.ts (1)

30-31: Shallow merge replaces the entire env object on each setDefaults call.

Because setDefaults uses object spread ({ ...this.defaults, ...partial }), calling it with a new env value will replace — not merge — the previous environment variables map. For example, setting { env: { A: '1' } } followed by { env: { B: '2' } } results in only { B: '2' }.

This is consistent with how all other keys behave, but worth confirming it matches the intended UX for environment variables, where users might expect additive/incremental updates.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cameroncooke]

@kamal Thanks for this, would you mind fixing up the typecheck issue. In general it's recommended you install the pre-commit hook into this repo see: https://github.com/cameroncooke/XcodeBuildMCP/blob/main/docs/dev/CONTRIBUTING.md#local-development-setup

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Env validation bypass via deep merge

Medium Severity

The env deep-merge guard treats any object-like value as mergeable, so arrays or other non-record objects in sanitizedArgs.env get spread into merged.env before internalSchema.parse. When session defaults contain env, invalid user input can be silently accepted or transformed instead of failing validation.

 

[cursor]

Empty env cannot override defaults

Medium Severity

When sessionDefaults.env exists, passing env: {} no longer overrides defaults. The deep-merge branch rebuilds merged.env from default values, so explicit empty env input is ignored and tools still receive session-level variables.

 

[cursor]

Mutable env leaks through session store

Medium Severity

Adding env as Record<string, string> introduces shared-reference state in sessionStore. setDefaults/getAll are shallow, so mutating a previously passed or retrieved env object can silently change stored defaults without calling sessionStore.setDefaults, bypassing revision tracking.