Skip to content

feat(core): zsh exec bridge#12052

Merged
owenlin0 merged 4 commits intomainfrom
owen/core_zsh_exec_bridge_runtime
Feb 18, 2026
Merged

feat(core): zsh exec bridge#12052
owenlin0 merged 4 commits intomainfrom
owen/core_zsh_exec_bridge_runtime

Conversation

@owenlin0
Copy link
Collaborator

@owenlin0 owenlin0 commented Feb 17, 2026
edited
Loading

zsh fork PR stack:

Summary

This PR introduces a feature-gated native shell runtime path that routes shell execution through a patched zsh exec bridge, removing MCP-specific behavior from the shell hot path while preserving existing CommandExecution lifecycle semantics.

When shell_zsh_fork is enabled, shell commands run via patched zsh with per-execve interception through EXEC_WRAPPER. Core receives wrapper IPC requests over a Unix socket, applies existing approval policy, and returns allow/deny before the subcommand executes.

What’s included

1) New zsh exec bridge runtime in core

  • Wrapper-mode entrypoint (maybe_run_zsh_exec_wrapper_mode) for EXEC_WRAPPER invocations.
  • Per-execution Unix-socket IPC handling for wrapper requests/responses.
  • Approval callback integration using existing core approval orchestration.
  • Streaming stdout/stderr deltas to existing command output event pipeline.
  • Error handling for malformed IPC, denial/abort, and execution failures.

2) Session lifecycle integration
SessionServices now owns a ZshExecBridge.
Session startup initializes bridge state; shutdown tears it down cleanly.

3) Shell runtime routing (feature-gated)
When shell_zsh_fork is enabled:

  • Build execution env/spec as usual.
  • Add wrapper socket env wiring.
  • Execute via zsh_exec_bridge.execute_shell_request(...) instead of the regular shell path.
  • Non-zsh-fork behavior remains unchanged.

4) Config + feature wiring

  • Added Feature::ShellZshFork (under development).
  • Added config support for zsh_path (optional absolute path to patched zsh):
  • Config, ConfigToml, ConfigProfile, overrides, and schema.
  • Session startup validates that zsh_path exists/usable when zsh-fork is enabled.
  • Added startup test for missing zsh_path failure mode.

5) Seatbelt/sandbox updates for wrapper IPC

  • Extended seatbelt policy generation to optionally allow outbound connection to explicitly permitted Unix sockets.
  • Wired sandboxing path to pass wrapper socket path through to seatbelt policy generation.
  • Added/updated seatbelt tests for explicit socket allow rule and argument emission.

6) Runtime entrypoint hooks

  • This allows the same binary to act as the zsh wrapper subprocess when invoked via EXEC_WRAPPER.

7) Tool selection behavior

  • ToolsConfig now prefers ShellCommand type when shell_zsh_fork is enabled.
  • Added test coverage for precedence with unified-exec enabled.

@owenlin0 owenlin0 changed the title Owen/core zsh exec bridge runtime feat(core): zsh exec bridge Feb 17, 2026
This was referenced Feb 17, 2026
Merged
Closed
@owenlin0 owenlin0 force-pushed the owen/core_zsh_exec_bridge_runtime branch from f611aa7 to 92b057f Compare February 17, 2026 23:45
@owenlin0
Copy link
Collaborator Author

owenlin0 commented Feb 17, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 17, 2026
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 92b057f8c1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@owenlin0 owenlin0 force-pushed the owen/core_zsh_exec_bridge_runtime branch 3 times, most recently from c264067 to 136bbb0 Compare February 18, 2026 01:50
owenlin0 added a commit that referenced this pull request Feb 18, 2026
@owenlin0
feat(core): plumb distinct approval ids for command approvals (#12051)
db4d259 
zsh fork PR stack:
- #12051 👈 
- #12052

With upcoming support for a fork of zsh that allows us to intercept
`execve` and run execpolicy checks for each subcommand as part of a
`CommandExecution`, it will be possible for there to be multiple
approval requests for a shell command like `/path/to/zsh -lc 'git status
&& rg \"TODO\" src && make test'`.

To support that, this PR introduces a new `approval_id` field across
core, protocol, and app-server so that we can associate approvals
properly for subcommands.
@owenlin0 owenlin0 force-pushed the owen/core_zsh_exec_bridge_runtime branch from 136bbb0 to 8fcd498 Compare February 18, 2026 02:03
@owenlin0 owenlin0 marked this pull request as ready for review February 18, 2026 02:54
@owenlin0 owenlin0 requested a review from bolinfest February 18, 2026 02:55
@bolinfest
Copy link
Collaborator

bolinfest commented Feb 18, 2026

Onward!

@owenlin0 owenlin0 enabled auto-merge (squash) February 18, 2026 04:04
@owenlin0 owenlin0 disabled auto-merge February 18, 2026 04:11
@owenlin0 owenlin0 merged commit edacbf7 into main Feb 18, 2026
54 of 61 checks passed
@owenlin0 owenlin0 deleted the owen/core_zsh_exec_bridge_runtime branch February 18, 2026 04:19
@github-actions github-actions bot locked and limited conversation to collaborators Feb 18, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@bolinfest bolinfest bolinfest approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@owenlin0 @bolinfest