fix: preserve terminal env vars through sudo in macOS daemon mode

sudo resets the environment, stripping TERM, COLORTERM, COLUMNS, LINES, and other terminal-related variables that TUI apps need to render. This caused TUI apps like opencode to show a blank screen in daemon mode. Fix by injecting terminal and proxy env vars via `env` after `sudo` in the daemon mode command pipeline. Also move PTY device ioctl/read/write rules into the base sandbox profile so inherited terminals work without requiring AllowPty.
2026-02-26 17:39:33 -06:00
parent 9d5d852860
commit 562f9bb65e
2 changed files with 42 additions and 12 deletions
--- a/internal/sandbox/utils.go
+++ b/internal/sandbox/utils.go
@@ -86,6 +86,31 @@ func GenerateProxyEnvVars(proxyURL string) []string {
 	return envVars
 }

+// getTerminalEnvVars returns KEY=VALUE entries for terminal-related environment
+// variables that are set in the current process. These must be re-injected after
+// sudo (which resets the environment) so that TUI apps can detect terminal
+// capabilities, size, and color support.
+func getTerminalEnvVars() []string {
+	termVars := []string{
+		"TERM",
+		"COLORTERM",
+		"COLUMNS",
+		"LINES",
+		"TERMINFO",
+		"TERMINFO_DIRS",
+		"LANG",
+		"LC_ALL",
+		"LC_CTYPE",
+	}
+	var envs []string
+	for _, key := range termVars {
+		if val := os.Getenv(key); val != "" {
+			envs = append(envs, key+"="+val)
+		}
+	}
+	return envs
+}
+
 // EncodeSandboxedCommand encodes a command for sandbox monitoring.
 func EncodeSandboxedCommand(command string) string {
 	if len(command) > 100 {