Skip to content

feat(hook): clean shell environment for exec commands#67

Merged
z00b merged 2 commits intomainfrom
petr/clean-exec-env
Mar 14, 2026
Merged

feat(hook): clean shell environment for exec commands#67
z00b merged 2 commits intomainfrom
petr/clean-exec-env

Conversation

@petmal
Copy link
Contributor

@petmal petmal commented Mar 10, 2026
edited
Loading

Exec commands (tests, lint) now run in a clean login-shell environment obtained via the shell-env package, preventing environment variables from the agent process (e.g. AGENT_MODE, CLAUDE_*) from leaking into user commands.

Internal CLI operations (git, config) continue inheriting process.env normally — only the user's exec commands get the clean shell.

Changes

  • Add shell-env dependency to packages/hook
  • Add getCleanEnv() to shell-env.ts with Promise-level caching so concurrent callers share a single login-shell spawn
  • Add extendEnv flag to RunOptions in proc.ts (defaults to true for backward compatibility)
  • Wire clean env in exec.ts with extendEnv: false
  • Set env = false in bunfig.toml to disable .env auto-loading during development (bun run dev)
  • Remove --loader .md:text from build scripts (already defined in bunfig.toml)
  • Keep --no-compile-autoload-dotenv in build scripts — this is a compile-time flag for bun build --compile that embeds the behavior into the standalone binary. Unlike env = false in bunfig.toml (which only affects the Bun runtime), compiled binaries do not read bunfig.toml at runtime, so the CLI flag is the only way to prevent them from auto-loading .env files from CWD.
  • Add tests for extendEnv behavior and getCleanEnv

@petmal petmal requested a review from michael-webster March 10, 2026 14:48
@petmal petmal force-pushed the petr/clean-exec-env branch from 944eed0 to a2dcff0 Compare March 10, 2026 15:32
Base automatically changed from petr/sentinel-6-session-seatbelts to main March 11, 2026 10:19
@z00b
Copy link
Contributor

z00b commented Mar 11, 2026

@petmal needs conflicts resolved

@petmal petmal force-pushed the petr/clean-exec-env branch from 320431e to b10ae10 Compare March 11, 2026 16:57
@petmal
Copy link
Contributor Author

petmal commented Mar 11, 2026

@z00b I rebased, the PR now contains changes from TTL commit as well which was merged into this branch.

z00b
z00b reviewed Mar 12, 2026
View reviewed changes
@z00b
Copy link
Contributor

z00b commented Mar 12, 2026

sorry @petmal i just realized my only comment was sitting in a pending review. i'll take a look at the rest now.

@petmal
feat(scope): add TTL-based marker expiry
e2e387a 
Add TTL to scope markers so dead-session markers (where SessionEnd
never fired) can be reclaimed by new sessions.

- Add `isExpired()` helper and `MARKER_TTL_MS` constant (default 5 min)
- Expired markers from different sessions are reclaimed (both paths)
- Non-expired markers preserved (subagent safety unchanged)
- Same-session calls always bypass TTL; pauses of any length are safe
- Refresh marker timestamp on every same-session `activateScope()` call
- Add `getMarkerTtlMs()` to env library, configurable via
  `CHUNK_HOOK_MARKER_TTL_MS` (0 disables session protection)
- Replace "stale" terminology with "valid"/"expired" in log messages
- Add 6 unit tests and 3 integration tests for TTL behavior
- Update AGENTS.md and README.md with TTL documentation
@petmal petmal force-pushed the petr/clean-exec-env branch from b10ae10 to 9b04204 Compare March 12, 2026 15:33
@petmal
feat(hook): clean shell environment for exec commands
e6f6e05 
Exec commands (tests, lint) now run in a clean login-shell environment
obtained via the `shell-env` package, preventing environment variables
from the agent process (e.g. AGENT_MODE, CLAUDE_*) from leaking into
user commands.

Internal CLI operations (git, config) continue inheriting process.env
normally -- only the user's exec commands get the clean shell.

Changes:
- Add `shell-env` dependency to packages/hook
- Add `getCleanEnv()` to shell-env.ts with Promise-level caching
  so concurrent callers share a single login-shell spawn
- Add `extendEnv` flag to `RunOptions` in proc.ts (defaults to
  `true` for backward compatibility)
- Wire clean env in exec.ts with `extendEnv: false`
- Set `env = false` in bunfig.toml to disable .env auto-loading
  during development (bun run dev)
- Remove `--loader .md:text` from build scripts (already defined
  in bunfig.toml)
- Keep `--no-compile-autoload-dotenv` in build scripts -- this is a
  compile-time flag for `bun build --compile` that embeds the
  behavior into the standalone binary. Unlike `env = false` in
  bunfig.toml (which only affects the Bun runtime), compiled
  binaries do not read bunfig.toml at runtime, so the CLI flag
  is the only way to prevent them from auto-loading .env files
  from CWD.
- Add tests for extendEnv behavior and getCleanEnv
@petmal petmal force-pushed the petr/clean-exec-env branch from 9b04204 to e6f6e05 Compare March 12, 2026 15:50
@petmal
Copy link
Contributor Author

petmal commented Mar 12, 2026

@z00b OK, I tried to incorporate these changes. I also updated the PR. Had to keep --no-compile-autoload-dotenv as that is compile-time flag which builds the auto-load behaviour into the binary itself.

@petmal petmal requested a review from z00b March 12, 2026 20:58
@z00b z00b merged commit 1df8fb0 into main Mar 14, 2026
5 checks passed
@z00b z00b deleted the petr/clean-exec-env branch March 14, 2026 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@z00b z00b z00b approved these changes

@michael-webster michael-webster Awaiting requested review from michael-webster

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@petmal @z00b