fix(sandbox): enrich PATH before Lima detection so packaged macOS app finds limactl#249
Open
craigamcw wants to merge 1 commit into
Open
fix(sandbox): enrich PATH before Lima detection so packaged macOS app finds limactl#249craigamcw wants to merge 1 commit into
craigamcw wants to merge 1 commit into
Conversation
… finds limactl
In the packaged macOS app, GUI processes inherit a stripped launchd PATH
(/usr/bin:/bin:/usr/sbin:/sbin) that excludes /opt/homebrew/bin and
/usr/local/bin, where Homebrew installs `limactl`. The sandbox/Lima detection
(`LimaBridge.checkLimaStatus` -> `which limactl`) runs at startup and from the
`sandbox.checkLima` IPC, but `enrichProcessPathForBuild()` only ran lazily
before the first `createCodingTools()` call. As a result `which limactl` failed
and the sandbox was reported as unavailable ("Lima not installed") even when
Lima was installed via `brew install lima`.
Export `enrichProcessPathForBuild()` and await it once at the top of the
`app.whenReady()` handler, before the sandbox bootstrap and any IPC can run.
The function is idempotent (guarded by `pathEnriched`), so the existing call
before `createCodingTools()` becomes a no-op. Dev mode and the Windows
registry-based PATH restore are unaffected.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
26e6c11 to
c00c88b
Compare
Author
|
Heads-up for reviewers: the failing The This PR itself is just the 3 files in the diff; |
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #248.
On the packaged macOS app the sandbox is reported as unavailable ("Lima not installed") even when Lima is installed, because the Lima detection runs with the stripped launchd PATH that GUI apps inherit (no
/opt/homebrew/bin//usr/local/bin).The app already has an idempotent
enrichProcessPathForBuild()that restores the login-shell PATH, but it only runs lazily before the firstcreateCodingTools()(an agent task). The sandbox detection (checkLimaStatus()→which limactl) runs earlier — at startup viastartSandboxBootstrap()and from thesandbox.checkLimaIPC — so PATH was still stripped at detection time.This PR exports
enrichProcessPathForBuild()andawaits it once at the top of theapp.whenReady()handler, before the sandbox bootstrap and any IPC can run. Because the function is guarded bypathEnriched, the existing call beforecreateCodingTools()becomes a no-op. Dev mode and the Windows registry-based PATH restore are unaffected.Type of change
fix)Checklist
feat:,fix:, etc.)npm run testpasses locally — see Testing (new test + typecheck pass; full suite not run locally)npm run lintpasses locally — see Testing (no new errors from this change; pre-existing findings noted)Testing
Repro and root cause are detailed in #248. Branch is based on
dev.Verified locally:
npx tsc --noEmit— the changed files type-check cleanly. (There is one unrelated pre-existing error ondev,src/main/config/config-store.ts:369 'getConfigKey' is declared but never read, untouched by this change.)tests/startup-path-enrichment.test.ts(4 assertions) — passes vianpx vitest run. It follows the existing source-assertion style intests/agent-runner-pi.test.tsand guards that the enrichment is exported, idempotent, imported by the entrypoint, and awaited withinwhenReady().eslinton the two changed files — no errors on the changed lines. (These large files contain pre-existing@typescript-eslint/no-explicit-anyfindings unrelated to this change; left untouched to keep the diff minimal and focused.)Note: the full
npm run testsuite was not run locally because dependencies were installed with--ignore-scripts(nativebetter-sqlite3not rebuilt). CI will run the complete suite.Manual verification on a real macOS install: before the change, Settings → Sandbox showed "Lima not installed" despite
which limactlsucceeding in Terminal (Homebrewlimactl). Restoring the login-shell PATH at startup makes the detection resolvelimactlcorrectly.