Harden runtime service env sanitization

Co-Authored-By: Paperclip <noreply@paperclip.ing>

server/src/__tests__/workspace-runtime.test.ts

@@ -22,6 +22,7 @@ import {
   realizeExecutionWorkspace,
   releaseRuntimeServicesForRun,
   resetRuntimeServicesForTests,
+  sanitizeRuntimeServiceBaseEnv,
   stopRuntimeServicesForExecutionWorkspace,
   type RealizedExecutionWorkspace,
 } from "../services/workspace-runtime.ts";
@@ -154,6 +155,27 @@ afterEach(async () => {
   await resetRuntimeServicesForTests();
 });
 
+describe("sanitizeRuntimeServiceBaseEnv", () => {
+  it("removes inherited Paperclip and pnpm auth flags before spawning runtime services", () => {
+    const sanitized = sanitizeRuntimeServiceBaseEnv({
+      PATH: process.env.PATH,
+      DATABASE_URL: "postgres://example.test/paperclip",
+      PAPERCLIP_HOME: "/tmp/paperclip-home",
+      PAPERCLIP_INSTANCE_ID: "runtime-instance",
+      npm_config_tailscale_auth: "true",
+      npm_config_authenticated_private: "true",
+      HOST: "0.0.0.0",
+    });
+
+    expect(sanitized.PAPERCLIP_HOME).toBeUndefined();
+    expect(sanitized.PAPERCLIP_INSTANCE_ID).toBeUndefined();
+    expect(sanitized.DATABASE_URL).toBeUndefined();
+    expect(sanitized.npm_config_tailscale_auth).toBeUndefined();
+    expect(sanitized.npm_config_authenticated_private).toBeUndefined();
+    expect(sanitized.HOST).toBe("0.0.0.0");
+  });
+});
+
 describe("realizeExecutionWorkspace", () => {
   it("creates and reuses a git worktree for an issue-scoped branch", async () => {
     const repoRoot = await createTempRepo();

server/src/services/workspace-runtime.ts

@@ -126,6 +126,8 @@ export function sanitizeRuntimeServiceBaseEnv(baseEnv: NodeJS.ProcessEnv): NodeJ
     }
   }
   delete env.DATABASE_URL;
+  delete env.npm_config_tailscale_auth;
+  delete env.npm_config_authenticated_private;
   return env;
 }