Unify launch env resolution on the server + introduce project/worktree/thread env vars

[tarik02]

What Changed

Server now owns T3CODE_* launch env for terminal and provider child processes.

• Added LaunchEnv to resolve home, project, thread, and worktree context from server state.
• Terminals resolve launch env on open/restart/attach, including draft-thread opens with a supplied projectId.
• Provider sessions use the same env path, with managed T3CODE_* keys stripped from inherited and client-supplied env.
• Web/mobile stop synthesizing T3CODE_*; they send cwd/worktree context plus projectId when needed.

Closes #3003

Why

Make t3code provide T3CODE_PROJECT_ROOT / T3CODE_WORKTREE_PATH (and related launch context) from one authoritative server path. Unified environment resolution between terminal and provider child processes, with managed-key filtering so parent/custom/client env cannot override or leak extra T3CODE_* values.

UI Changes

No UI changes.

Checklist

• This PR is small and focused
• I explained what changed and why
• I included before/after screenshots for any UI changes (N/A)
• I included a video for animation/interaction changes (N/A)

Note

Unify launch environment resolution on the server and introduce T3CODE_* project/worktree/thread env vars

• Introduces a new LaunchEnv service (LaunchEnv.ts) that resolves T3CODE_HOME, T3CODE_PROJECT_ROOT, T3CODE_PROJECT_ID, and T3CODE_THREAD_ID env vars server-side from thread/project context, replacing client-computed envs.
• All terminal open/attach/restart inputs now optionally accept projectId; the terminal manager uses it with LaunchEnv to resolve worktree path and env at open/attach/restart time.
• Provider adapters (Claude, Codex, Cursor, Grok, OpenCode) now receive a merged per-session env via mergeProviderSessionEnvironment, combining adapter-level and session-level env while stripping managed T3CODE_* keys.
• Client-side projectScriptRuntimeEnv is removed from web, mobile, and server setup runner; clients pass projectId instead and the server resolves env internally.
• Shared isManagedRuntimeEnvKey and stripManagedRuntimeEnvKeys utilities (launchEnv.ts) canonicalize managed-key detection across the codebase.
• Behavioral Change: managed T3CODE_* keys sent by clients are now stripped before use; provider and terminal environments are built server-side and will differ from previously client-supplied values.

^{Macroscope summarized 4d5d682.}

---

Note

Medium Risk
Contract-breaking projectId on terminal open/restart and changed env injection paths affect all terminal/provider spawns; managed-key stripping is intentional but any external caller relying on client-set T3CODE_* will break.

Overview
Centralizes T3CODE_* launch environment on the server so terminals and provider child processes get the same authoritative context instead of clients building it locally.

A new LaunchEnv service merges T3CODE_HOME, project/thread/worktree fields (including T3CODE_PROJECT_ID and T3CODE_THREAD_ID), strips client-supplied T3CODE_* keys via @t3tools/shared/launchEnv, and is wired into the server runtime and integration tests.

Terminals: TerminalOpenInput / TerminalRestartInput now require projectId; open, restart, and attach resolve env through resolveTerminalLaunchEnv before spawn. Web/mobile stop sending synthesized T3CODE_* (only cwd/worktree and optional non-managed custom env).

Providers: ProviderCommandReactor resolves launch env for startSession; adapters merge per-session env with mergeProviderSessionEnvironment. projectScriptRuntimeEnv is removed from shared and clients.

^{Reviewed by Cursor Bugbot for commit 767954b. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b18412e6-a56f-4842-81d7-8a7ae34c4d96

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 767954b. Configure here.}

[cursor]

Open ignores thread project binding

Medium Severity

resolveTerminalOpenInput and resolveTerminalRestartInput build authoritative T3CODE_* env from client-supplied projectId only. They never load the thread and check that projectId matches the thread’s project. A caller can pass a different projectId while keeping another cwd/worktree, so spawned terminals get wrong project metadata even though managed keys in env are stripped.

Additional Locations (1)

• apps/server/src/terminal/resolveTerminalLaunchEnv.ts#L95-L110

 

^{Reviewed by Cursor Bugbot for commit 767954b. Configure here.}

[macroscopeapp]

Approvability

Verdict: Needs human review

This PR introduces a new server-side environment resolution service (LaunchEnv) that changes how T3CODE_* environment variables are computed and propagated to terminals and providers. The architectural scope and runtime behavior changes warrant human review, as does an unresolved comment about missing project binding validation.

^{You can customize Macroscope's approvability policy. Learn more.}