diff --git a/server/src/__tests__/workspace-runtime.test.ts b/server/src/__tests__/workspace-runtime.test.ts index 92be7642..6b55a792 100644 --- a/server/src/__tests__/workspace-runtime.test.ts +++ b/server/src/__tests__/workspace-runtime.test.ts @@ -22,6 +22,7 @@ import { realizeExecutionWorkspace, releaseRuntimeServicesForRun, resetRuntimeServicesForTests, + sanitizeRuntimeServiceBaseEnv, stopRuntimeServicesForExecutionWorkspace, type RealizedExecutionWorkspace, } from "../services/workspace-runtime.ts"; @@ -154,6 +155,27 @@ afterEach(async () => { await resetRuntimeServicesForTests(); }); +describe("sanitizeRuntimeServiceBaseEnv", () => { + it("removes inherited Paperclip and pnpm auth flags before spawning runtime services", () => { + const sanitized = sanitizeRuntimeServiceBaseEnv({ + PATH: process.env.PATH, + DATABASE_URL: "postgres://example.test/paperclip", + PAPERCLIP_HOME: "/tmp/paperclip-home", + PAPERCLIP_INSTANCE_ID: "runtime-instance", + npm_config_tailscale_auth: "true", + npm_config_authenticated_private: "true", + HOST: "0.0.0.0", + }); + + expect(sanitized.PAPERCLIP_HOME).toBeUndefined(); + expect(sanitized.PAPERCLIP_INSTANCE_ID).toBeUndefined(); + expect(sanitized.DATABASE_URL).toBeUndefined(); + expect(sanitized.npm_config_tailscale_auth).toBeUndefined(); + expect(sanitized.npm_config_authenticated_private).toBeUndefined(); + expect(sanitized.HOST).toBe("0.0.0.0"); + }); +}); + describe("realizeExecutionWorkspace", () => { it("creates and reuses a git worktree for an issue-scoped branch", async () => { const repoRoot = await createTempRepo(); diff --git a/server/src/services/workspace-runtime.ts b/server/src/services/workspace-runtime.ts index 49fb6f65..19176acf 100644 --- a/server/src/services/workspace-runtime.ts +++ b/server/src/services/workspace-runtime.ts @@ -126,6 +126,8 @@ export function sanitizeRuntimeServiceBaseEnv(baseEnv: NodeJS.ProcessEnv): NodeJ } } delete env.DATABASE_URL; + delete env.npm_config_tailscale_auth; + delete env.npm_config_authenticated_private; return env; }