fix(desktop): prevent env var leak in persistent terminal subprocess

[Kitenite]

Summary

Fixes environment variable leak in persistent terminal sessions that was causing bun dev to fail with NODE_ENV=production.

Change

The subprocess (pty-subprocess.js) was spawned with raw process.env, which includes NODE_ENV and other vars that should be filtered. Now uses the same filtered processEnv for both the subprocess and PTY shell.

-env: { ...process.env, ELECTRON_RUN_AS_NODE: "1" }
+env: { ...processEnv, ELECTRON_RUN_AS_NODE: "1" }

Test Plan

• Rebuild desktop app
• Kill existing daemon or restart app
• Open persistent terminal
• Verify echo $NODE_ENV returns empty
• Run bun dev - should work without env validation errors

[coderabbitai]

Warning

Rate limit exceeded

@Kitenite has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 6 minutes and 49 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between c42368c and 3e7ea8f.

📒 Files selected for processing (1)

• apps/desktop/src/main/terminal-host/session.ts

📝 Walkthrough

Walkthrough

Modified PTY spawn environment construction to use only the provided environment (plus TERM) instead of merging with host process.env. Creates sanitized subprocess environment from host process.env. Forces TERM to 'xterm-256color'. Prevents NODE_ENV leakage from parent process.

Changes

Cohort / File(s)	Summary
PTY/Session Environment Handling apps/desktop/src/main/terminal-host/session.ts	Modified environment construction for spawned PTY processes. Changed from merging host process.env with provided env to using only provided env. Introduces sanitized subprocess environment from host process.env. Forces TERM override to 'xterm-256color'. Comments added explaining daemon-managed environment filtering and NODE_ENV leak prevention.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• fix(desktop): use consistent env for persistent terminal sessions #783: Modifies environment construction in the same file (session.ts) and touches env merging logic for Session.spawn.
• fix(desktop): use allowlist for terminal env filtering to prevent secret leakage #582: Modifies environment sanitization for spawned terminals using allowlist-based filtering, aligning with this PR's sanitized subprocess environment approach.

Poem

🐰 A bunny hops through variables with care,
No NODE_ENV shall leak into the air!
Sanitized paths and xterm so bright,
Environment chaos? Not on my watch tonight! 🌟

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: preventing environment variable leakage in terminal subprocess, which is the primary objective of this PR.
Description check	✅ Passed	The description provides comprehensive coverage of required sections including clear summary, detailed changes, root cause analysis, and test plan. However, it does not include related issues links or formal type of change selection from the template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🧹 Preview Cleanup Complete

The following preview resources have been cleaned up:

• ⚠️ Neon database branch
• ⚠️ Electric Fly.io app

Thank you for your contribution! 🎉