From 3ebc7d7c1ae6e310c8f9ec98de62c9c924af56c5 Mon Sep 17 00:00:00 2001 From: Arnav Raj <121608861+deadsmash07@users.noreply.github.com> Date: Fri, 27 Feb 2026 05:27:19 +0530 Subject: [PATCH 1/3] fix(core): whitelist TERM and COLORTERM in environment sanitization Terminal editors (vim, emacs) and interactive commands (top) fail when these variables are redacted. They are safe to pass through as they only describe terminal capabilities. Fixes #20444 --- .../services/environmentSanitization.test.ts | 22 +++++++++++++++++++ .../src/services/environmentSanitization.ts | 4 ++++ 2 files changed, 26 insertions(+) diff --git a/packages/core/src/services/environmentSanitization.test.ts b/packages/core/src/services/environmentSanitization.test.ts index cc26d7547d8..6d035ac0d3a 100644 --- a/packages/core/src/services/environmentSanitization.test.ts +++ b/packages/core/src/services/environmentSanitization.test.ts @@ -32,6 +32,28 @@ describe('sanitizeEnvironment', () => { expect(sanitized).toEqual(env); }); + it('should allow TERM and COLORTERM environment variables', () => { + const env = { + TERM: 'xterm-256color', + COLORTERM: 'truecolor', + }; + const sanitized = sanitizeEnvironment(env, EMPTY_OPTIONS); + expect(sanitized).toEqual(env); + }); + + it('should preserve TERM and COLORTERM even in strict sanitization mode', () => { + const env = { + GITHUB_SHA: 'abc123', + TERM: 'xterm-256color', + COLORTERM: 'truecolor', + SOME_OTHER_VAR: 'value', + }; + const sanitized = sanitizeEnvironment(env, EMPTY_OPTIONS); + expect(sanitized['TERM']).toBe('xterm-256color'); + expect(sanitized['COLORTERM']).toBe('truecolor'); + expect(sanitized['SOME_OTHER_VAR']).toBeUndefined(); + }); + it('should allow variables prefixed with GEMINI_CLI_', () => { const env = { GEMINI_CLI_FOO: 'bar', diff --git a/packages/core/src/services/environmentSanitization.ts b/packages/core/src/services/environmentSanitization.ts index dc9c92484de..dba36625136 100644 --- a/packages/core/src/services/environmentSanitization.ts +++ b/packages/core/src/services/environmentSanitization.ts @@ -71,6 +71,10 @@ export const ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES: ReadonlySet = 'TMPDIR', 'USER', 'LOGNAME', + // Terminal capability variables (needed by editors like vim/emacs and + // interactive commands like top) + 'TERM', + 'COLORTERM', // GitHub Action-related variables 'ADDITIONAL_CONTEXT', 'AVAILABLE_LABELS', From e81a20abac235a5b5f04ac7cd6f595f1ee733262 Mon Sep 17 00:00:00 2001 From: Sri Pasumarthi Date: Fri, 6 Mar 2026 14:50:45 -0800 Subject: [PATCH 2/3] Make the environmentSanitizationTest more robust check which environment variables are allowed to pass through along with values. --- packages/core/src/services/environmentSanitization.test.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/core/src/services/environmentSanitization.test.ts b/packages/core/src/services/environmentSanitization.test.ts index 6d035ac0d3a..a83cf57e6ca 100644 --- a/packages/core/src/services/environmentSanitization.test.ts +++ b/packages/core/src/services/environmentSanitization.test.ts @@ -49,9 +49,10 @@ describe('sanitizeEnvironment', () => { SOME_OTHER_VAR: 'value', }; const sanitized = sanitizeEnvironment(env, EMPTY_OPTIONS); - expect(sanitized['TERM']).toBe('xterm-256color'); - expect(sanitized['COLORTERM']).toBe('truecolor'); - expect(sanitized['SOME_OTHER_VAR']).toBeUndefined(); + expect(sanitized).toEqual({ + TERM: 'xterm-256color', + COLORTERM: 'truecolor', + }); }); it('should allow variables prefixed with GEMINI_CLI_', () => { From db889d58138367d47ae71974351b8141f88367db Mon Sep 17 00:00:00 2001 From: Sri Pasumarthi Date: Fri, 6 Mar 2026 15:42:32 -0800 Subject: [PATCH 3/3] Fix linter --- CONTRIBUTING.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 28e3c775d37..e7dce96d0b4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -317,11 +317,9 @@ npm run lint - Please adhere to the coding style, patterns, and conventions used throughout the existing codebase. -- Consult - [GEMINI.md](https://github.com/google-gemini/gemini-cli/blob/main/GEMINI.md) - (typically found in the project root) for specific instructions related to - AI-assisted development, including conventions for React, comments, and Git - usage. +- Consult [GEMINI.md](../GEMINI.md) (typically found in the project root) for + specific instructions related to AI-assisted development, including + conventions for React, comments, and Git usage. - **Imports:** Pay special attention to import paths. The project uses ESLint to enforce restrictions on relative imports between packages.