Filter app runtime env vars from terminal spawn environment

[juliusmarminge]

Summary

• Filter terminal spawn environment variables to exclude app/runtime keys that can interfere with shell sessions.
• Add explicit exclusion logic for PORT, ELECTRON_RENDERER_PORT, ELECTRON_RUN_AS_NODE, and any keys prefixed with T3CODE_ or VITE_.
• Keep unrelated environment variables intact when launching terminal sessions.
• Add a regression test verifying blocked keys are removed and non-blocked keys are preserved.

Testing

• Not run (not executed in this PR context).
• Added unit test: apps/server/src/terminalManager.test.ts (filters app runtime env variables from terminal sessions) to verify:
  • PORT, T3CODE_PORT, and VITE_DEV_SERVER_URL are excluded from terminal spawn env.
  • Non-app variable TEST_TERMINAL_KEEP is preserved.

---

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Improved terminal environment isolation by filtering out framework and application-specific environment variables from terminal sessions. This prevents potential conflicts and enhances security when spawning new terminal instances.

[coderabbitai]

Walkthrough

Implements environment variable filtering for spawned terminal sessions. A blocklist of sensitive variables (PORT, ELECTRON_RENDERER_PORT, ELECTRON_RUN_AS_NODE) and framework-specific prefixes (T3CODE_, VITE_) are excluded from the shell environment. New helper functions sanitize the environment before terminal spawn, with comprehensive test coverage validating the filtering behavior.

Changes

Cohort / File(s)	Summary
Terminal Environment Filtering apps/server/src/terminalManager.ts	Added shouldExcludeTerminalEnvKey and createTerminalSpawnEnv helper functions to filter environment variables. Implemented blocklist for PORT, ELECTRON_RENDERER_PORT, ELECTRON_RUN_AS_NODE and exclusion of variables with T3CODE_ or VITE_ prefixes. Integrated filtered environment into shell spawn within startSession.
Terminal Environment Filtering Tests apps/server/src/terminalManager.test.ts	New test case verifies that blocked environment variables (PORT, T3CODE_PORT, VITE_DEV_SERVER_URL) are excluded from spawned terminal sessions while permitted variables (TEST_TERMINAL_KEEP) are preserved. Includes environment snapshot/restore helpers.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (5 files): ⚔️ TODO.md (content) ⚔️ apps/server/src/terminalManager.test.ts (content) ⚔️ apps/server/src/terminalManager.ts (content) ⚔️ apps/web/src/components/ChatView.tsx (content) ⚔️ apps/web/src/components/Sidebar.tsx (content) These conflicts must be resolved before merging into main.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Filter app runtime env vars from terminal spawn environment' directly and clearly summarizes the main change: filtering environment variables from terminal spawn environments.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codething/2e2908ea

⚔️ Resolve merge conflicts (beta)

• Auto-commit resolved conflicts to branch codething/2e2908ea
• Create stacked PR with resolved conflicts
• Post resolved changes as copyable diffs in a comment

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

apps/server/src/terminalManager.test.ts (1)

462-465: Consider extending test coverage for remaining blocklist items.

The test validates the filtering pattern well. For completeness, you could optionally add assertions for the other blocklist entries (ELECTRON_RENDERER_PORT, ELECTRON_RUN_AS_NODE) to ensure full coverage of the explicit blocklist.

💡 Optional: Extended assertions

     setEnv("PORT", "5173");
+    setEnv("ELECTRON_RENDERER_PORT", "9000");
+    setEnv("ELECTRON_RUN_AS_NODE", "1");
     setEnv("T3CODE_PORT", "3773");
     setEnv("VITE_DEV_SERVER_URL", "http://localhost:5173");
     setEnv("TEST_TERMINAL_KEEP", "keep-me");

     try {
       const { manager, ptyAdapter } = makeManager();
       await manager.open(openInput());
       const spawnInput = ptyAdapter.spawnInputs[0];
       expect(spawnInput).toBeDefined();
       if (!spawnInput) return;

       expect(spawnInput.env.PORT).toBeUndefined();
+      expect(spawnInput.env.ELECTRON_RENDERER_PORT).toBeUndefined();
+      expect(spawnInput.env.ELECTRON_RUN_AS_NODE).toBeUndefined();
       expect(spawnInput.env.T3CODE_PORT).toBeUndefined();

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Filter terminal spawn environment in TerminalManager.open to exclude PORT, ELECTRON_RENDERER_PORT, ELECTRON_RUN_AS_NODE, and variables starting with T3CODE_ or VITE_ per the PR motivation in terminalManager.ts

Add terminal env filtering via TERMINAL_ENV_BLOCKLIST, shouldExcludeTerminalEnvKey, and createTerminalSpawnEnv, and update TerminalManager.open to pass the sanitized env to ptyAdapter.spawn. A new test verifies exclusion and retention behavior in terminalManager.test.ts.

📍Where to Start

Start with TerminalManager.open in terminalManager.ts and trace into createTerminalSpawnEnv and shouldExcludeTerminalEnvKey.

---

Macroscope summarized ecea657.

[greptile-apps]

Greptile Overview

Greptile Summary

Adds environment variable filtering to terminal spawn operations to prevent app runtime configuration from interfering with shell sessions.

• Introduces shouldExcludeTerminalEnvKey function that filters out PORT, ELECTRON_RENDERER_PORT, ELECTRON_RUN_AS_NODE, and variables prefixed with T3CODE_ or VITE_
• Adds createTerminalSpawnEnv helper that creates a clean environment by excluding filtered keys
• Modified startSession in apps/server/src/terminalManager.ts:496 to use filtered environment instead of process.env directly
• Includes regression test with proper environment restoration to verify filtering behavior

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• Clean implementation with focused scope, comprehensive test coverage, and no breaking changes. The filtering logic is straightforward and addresses a specific issue without affecting existing functionality.
• No files require special attention

Important Files Changed

Filename	Overview
apps/server/src/terminalManager.ts	Added environment variable filtering logic to prevent app runtime variables from leaking into terminal sessions. Implementation is clean and well-tested.
apps/server/src/terminalManager.test.ts	Added comprehensive test verifying that blocked environment variables are excluded while non-app variables are preserved during terminal spawn.

Flowchart

flowchart TD
    A[startSession called] --> B[createTerminalSpawnEnv called with process.env]
    B --> C{For each env key/value}
    C --> D{value === undefined?}
    D -->|Yes| E[Skip]
    D -->|No| F{shouldExcludeTerminalEnvKey}
    F --> G{Starts with T3CODE_?}
    G -->|Yes| E
    G -->|No| H{Starts with VITE_?}
    H -->|Yes| E
    H -->|No| I{In TERMINAL_ENV_BLOCKLIST?}
    I -->|Yes - PORT, ELECTRON_RENDERER_PORT, ELECTRON_RUN_AS_NODE| E
    I -->|No| J[Include in spawnEnv]
    E --> K{More keys?}
    J --> K
    K -->|Yes| C
    K -->|No| L[Return filtered spawnEnv]
    L --> M[ptyAdapter.spawn with filtered env]

Loading

_{Last reviewed commit: ecea657}