Skip to content

fix(desktop): backfill SSH_AUTH_SOCK from login shell on macOS#972

Merged
juliusmarminge merged 6 commits intopingdotgg:mainfrom
stickerdaniel:fix/desktop-ssh-auth-sock
Mar 16, 2026
Merged

fix(desktop): backfill SSH_AUTH_SOCK from login shell on macOS#972
juliusmarminge merged 6 commits intopingdotgg:mainfrom
stickerdaniel:fix/desktop-ssh-auth-sock

Conversation

@stickerdaniel
Copy link
Contributor

@stickerdaniel stickerdaniel commented Mar 12, 2026
edited by macroscopeapp bot
Loading

Closes #971.

What Changed

  • replace the desktop-only fixPath() startup hook with syncShellEnvironment()
  • extend the shared login-shell probe so desktop startup can read multiple environment variables instead of only PATH
  • continue refreshing PATH on macOS startup, but only backfill SSH_AUTH_SOCK when it is missing
  • add desktop tests covering macOS hydration, non-macOS no-op behavior, and the regression case where an inherited SSH_AUTH_SOCK must be preserved

Why

The macOS desktop app currently repairs PATH from the login shell, but Finder and Dock launches can still miss SSH_AUTH_SOCK. That breaks Git-over-SSH flows in the desktop app even when the same repo works correctly from Terminal.

This keeps the fix small and reliability-focused:

  • Finder/Dock launches get the missing SSH agent socket they need
  • Terminal-launched sessions keep their inherited SSH_AUTH_SOCK instead of being overwritten by a different login-shell value
  • the server-side startup path is left unchanged so this PR stays desktop-scoped

UI Changes

None.

Checklist

  • This PR is small and focused
  • I explained what changed and why
  • I included before/after screenshots for any UI changes
  • I included a video for animation/interaction changes

Note

Backfill SSH_AUTH_SOCK from login shell on macOS desktop startup

  • Replaces fixPath with a new syncShellEnvironment module that reads both PATH and SSH_AUTH_SOCK from the user's login shell on macOS at startup.
  • SSH_AUTH_SOCK is only written if it is not already set in the inherited environment; PATH is always updated from the shell.
  • Extends readEnvironmentFromLoginShell in packages/shared/src/shell.ts to capture multiple named variables in a single shell invocation using bracketed markers and printenv <NAME> || true.
  • Errors from the shell invocation are swallowed so a failure leaves the inherited environment intact.

Macroscope summarized 90d9c4f.

Copilot AI review requested due to automatic review settings March 12, 2026 10:42
@coderabbitai
Copy link

coderabbitai bot commented Mar 12, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 7b2148d1-de5f-46c6-b7ce-b4f50b78f692

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot added the vouch:unvouched PR author is not yet trusted in the VOUCHED list. label Mar 12, 2026
Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the shared “read env from login shell” utility so the macOS desktop app can hydrate more than just PATH at startup, specifically backfilling SSH_AUTH_SOCK when it’s missing (e.g., Finder/Dock launches) while preserving inherited values when present.

Changes:

  • Replaced the desktop-only fixPath() hook with syncShellEnvironment() and wired it into desktop startup.
  • Generalized the shared login-shell probe to support reading multiple environment variables (used for PATH + SSH_AUTH_SOCK).
  • Added unit tests for the shared shell helper and for desktop macOS/no-op/regression behavior.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
packages/shared/src/shell.ts Adds multi-variable login-shell environment capture/extraction and reimplements readPathFromLoginShell on top of it.
packages/shared/src/shell.test.ts Updates PATH probe test markers and adds tests for multi-variable extraction behavior.
apps/desktop/src/syncShellEnvironment.ts New macOS-only startup hook to sync PATH and backfill missing SSH_AUTH_SOCK.
apps/desktop/src/syncShellEnvironment.test.ts Adds tests for macOS hydration, preservation of inherited SSH_AUTH_SOCK, omission behavior, and non-macOS no-op.
apps/desktop/src/main.ts Switches startup hook from fixPath() to syncShellEnvironment().
apps/desktop/src/fixPath.ts Removes the previous desktop-only PATH fix implementation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@markflorkowski
Copy link

markflorkowski commented Mar 14, 2026

Can confirm this fixed git over ssh for me cc @juliusmarminge

@github-actions github-actions bot added the size:L 100-499 changed lines (additions + deletions). label Mar 14, 2026
juliusmarminge
juliusmarminge reviewed Mar 15, 2026
View reviewed changes
apps/desktop/src/fixPath.ts Outdated
Copy link
Member

@juliusmarminge juliusmarminge Mar 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how bout this one? https://github.com/stickerdaniel/t3code/blob/2be451fd586270e42d90bf610fa3e389ae508504/apps/server/src/os-jank.ts#L5-L17

Copy link
Contributor Author

@stickerdaniel stickerdaniel Mar 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Electron app fixes its env first and the bundled backend inherits that via ...process.env when spawned so the desktop path is covered

Copy link
Contributor Author

@stickerdaniel stickerdaniel Mar 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

os-jank.ts and the Linux report in #971 might be follow up scope

Noojuno added a commit to Noojuno/t3code that referenced this pull request Mar 15, 2026
@Noojuno @claude
Merge PR pingdotgg#972 (SSH_AUTH_SOCK) and add NODE_EXTRA_CA_CERTS pr…
48d02ab 
…opagation

Merges fix/desktop-ssh-auth-sock for SSH agent socket backfill on macOS.
Extends server fixPath() to also read NODE_EXTRA_CA_CERTS and SSL_CERT_FILE
from the login shell, with a fallback to /etc/ssl/cert.pem on macOS, so that
the Claude Agent SDK can verify TLS certificate chains when launched from
Finder/Dock where the process environment is minimal.

Also enables Claude Code in the provider model picker by removing the
explicit filter that excluded it from available providers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@juliusmarminge juliusmarminge merged commit 765c1dc into pingdotgg:main Mar 16, 2026
9 checks passed
@stickerdaniel stickerdaniel deleted the fix/desktop-ssh-auth-sock branch March 16, 2026 16:38
gabrielMalonso pushed a commit to gabrielMalonso/t3code that referenced this pull request Mar 16, 2026
@stickerdaniel @juliusmarminge @gabrielMalonso
fix(desktop): backfill SSH_AUTH_SOCK from login shell on macOS (pingd…
464e5f4 
…otgg#972)

Co-authored-by: Julius Marminge <julius0216@outlook.com>
@arthurbm arthurbm mentioned this pull request Mar 17, 2026
Open
aaditagrawal pushed a commit to aaditagrawal/t3code that referenced this pull request Mar 18, 2026
@stickerdaniel @juliusmarminge @aaditagrawal
fix(desktop): backfill SSH_AUTH_SOCK from login shell on macOS (pingd…
93dcc7a 
…otgg#972)

Co-authored-by: Julius Marminge <julius0216@outlook.com>
@aaditagrawal aaditagrawal mentioned this pull request Mar 18, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliusmarminge juliusmarminge juliusmarminge left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

size:L 100-499 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] macOS desktop app does not inherit SSH_AUTH_SOCK from login shell when launched outside Terminal

4 participants

@stickerdaniel @markflorkowski @juliusmarminge