fix(exec): prevent shell startup files from overriding daemon env

[openclaw-clownfish]

Repair contributor PR #40200 against current main bb6a15d. Keep the patch narrow to src/agents/shell-utils.ts and src/agents/shell-utils.test.ts. Preserve existing shell selection and PATH fallback behavior, keep or add regression coverage for zsh -f -c, bash --noprofile --norc -c, fish --no-config -c, sh fallback, invalid/non-interactive shell handling, and Windows PowerShell default behavior. Address the prior Greptile fish fallback note and Codex review notes about the non-interactive shell helper and PATH-based fallback. Run /review on the repaired latest head and run pnpm check:changed before any merge recommendation. Credit NewdlDewdl and link source PR #40200.

ProjectClownfish replacement details:

• Cluster: ghcrawl-157006-autonomous-smoke
• Source PRs: fix(exec): prevent shell startup files from overriding daemon env #40200
• Credit: Preserve credit for NewdlDewdl as the contributor of fix(exec): prevent shell startup files from overriding daemon env #40200.; Mention that the repair carries forward fix(exec): prevent shell startup files from overriding daemon env #40200's zsh/bash/fish startup-file suppression approach.; Do not claim credit from feat(exec): Support custom shell path for executing commands #39413 or shell: support custom shells on Windows #65271; those are related custom-shell configuration efforts with different scope.
• Validation: pnpm check:changed
• Repair fallback: To https://github.com/NewdlDewdl/openclaw.git
  ! [remote rejected] HEAD -> fix/issue-40179-exec-launchd-env (refusing to allow a GitHub App to create or update workflow .github/workflows/auto-response.yml without workflows permission)
  error: failed to push some refs to 'https://github.com/NewdlDewdl/openclaw.git'

[openclaw-barnacle]

Closing this PR because the author has more than 10 active PRs in this repo. Please reduce the active PR queue and reopen or resubmit once it is back under the limit. You can close your own PRs to get back under the limit.

[greptile-apps]

Greptile Summary

This PR adds a getPosixShellArgs helper that maps known shell names (bash, zsh, fish) to their respective startup-file-suppressing flags, then threads it through all call sites in getShellConfig so that daemon-launched subprocesses are no longer affected by user startup files. The logic is straightforward, the fallback chain is preserved correctly, and test coverage is expanded to verify the new args for all affected paths.

Confidence Score: 5/5

This PR is safe to merge; the change is narrow, well-tested, and correctly preserves all existing fallback paths.

All changed logic is covered by new or updated tests, the shell detection and fallback ordering are unchanged, and getPosixShellArgs handles every reachable shell name correctly — including the bare 'sh' fallback string and full resolved paths.

No files require special attention.

_{Reviews (2): Last reviewed commit: "fix(exec): prevent shell startup files f..." | Re-trigger Greptile}

[clawsweeper]

Codex review: needs maintainer review before merge.

Keep this PR open. Current main still launches POSIX exec shells with plain -c args, while the latest PR head narrowly adds startup-file suppression for bash, zsh, and fish plus regression coverage. Source PR #40200 was closed unmerged and redirected into this replacement, so this PR is the active implementation candidate rather than obsolete cleanup.

Maintainer follow-up before merge:

Keep this PR open for maintainer review and landing if the shell-startup suppression behavior is accepted and the changed gate passes. The implementation should remain narrow to src/agents/shell-utils.ts, src/agents/shell-utils.test.ts, and the changelog credit for #40200/NewdlDewdl; broader custom-shell work in #39413 and #65271 should stay separate.

Best possible solution:

Keep this PR open for maintainer review and landing if the shell-startup suppression behavior is accepted and the changed gate passes. The implementation should remain narrow to src/agents/shell-utils.ts, src/agents/shell-utils.test.ts, and the changelog credit for #40200/NewdlDewdl; broader custom-shell work in #39413 and #65271 should stay separate.

Acceptance criteria:

• pnpm test src/agents/shell-utils.test.ts
• pnpm check:changed

What I checked:

• Current main still uses plain POSIX -c args: getShellConfig() returns args: ["-c"] for fish fallback shells, env-provided POSIX shells, and the sh/bash fallback. There is no current-main helper equivalent to the PR's getPosixShellArgs. (src/agents/shell-utils.ts:71, 8c8f3969856f)
• Host exec consumes getShellConfig() directly: Non-sandbox host exec constructs childArgv from getShellConfig(), so the shell args in src/agents/shell-utils.ts are used for host command execution. (src/agents/bash-tools.exec-runtime.ts:715, 8c8f3969856f)
• PTY fallback path also consumes getShellConfig(): The process supervisor PTY adapter calls getShellConfig() and appends the command to those shell args, so PTY host execution has the same startup-file behavior. (src/process/supervisor/supervisor.ts:134, 8c8f3969856f)
• Current tests do not assert startup suppression: Current shell-utils tests assert shell selection and only a few ['-c'] args cases; they do not cover zsh -f -c, bash --noprofile --norc -c, or fish --no-config -c. (src/agents/shell-utils.test.ts:56, 8c8f3969856f)
• Latest PR head is narrow and still open: GitHub API reports the latest head as ce0273b1793f317d6867221bfa522e8466fcd1c5, open, not merged, with three changed files: CHANGELOG.md, src/agents/shell-utils.ts, and src/agents/shell-utils.test.ts. (ce0273b1793f)
• PR diff implements the requested behavior: The PR adds getPosixShellArgs() mapping bash, zsh, and fish to startup-suppressing flags and updates tests for those args while preserving sh and Windows PowerShell behavior. (src/agents/shell-utils.ts:51, ce0273b1793f)

Likely related people:

• steipete: GitHub path history shows multiple recent src/agents/shell-utils.ts maintenance commits by this maintainer, including PowerShell fallback and fish fallback polish, plus release/changelog consolidation around the same area. (role: recent maintainer and adjacent exec shell owner; confidence: high; commits: fa525bf21280, c9e3c14f9c5f, 6b9915a1064d; files: src/agents/shell-utils.ts, src/agents/shell-utils.test.ts, CHANGELOG.md)
• ysqander: Path history points to the original fish default shell fallback work, which this PR preserves while changing the selected shell args for bash/fish paths. (role: introduced fish fallback behavior being preserved; confidence: medium; commits: 8ddedc3fc571, 9ec1fb4a80cc; files: src/agents/shell-utils.ts, src/agents/shell-utils.test.ts)
• sk7n4k3d: GitHub path history shows recent work adding /usr/bin/false and nologin handling in shell-utils; this PR explicitly preserves and extends tests around that path. (role: recent maintainer of non-interactive shell fallback behavior; confidence: medium; commits: 7b414d8c0b9f; files: src/agents/shell-utils.ts, src/agents/shell-utils.test.ts)
• vincentkoc: The live PR is assigned to this maintainer, and recent path history includes exec telemetry work in bash-tools.exec-runtime.ts, the call site that consumes getShellConfig(). (role: recent adjacent exec maintainer and current PR routing candidate; confidence: medium; commits: 3e3bba4f305e; files: src/agents/bash-tools.exec-runtime.ts, src/agents/shell-utils.ts)

Remaining risk / open question:

• This changes host command execution semantics for bash, zsh, and fish by suppressing user startup files; maintainers should confirm that deterministic daemon env behavior is the intended product/security tradeoff for all host exec commands, not only launchd reproductions.
• This read-only review did not run pnpm check:changed; merge readiness still depends on normal CI or Testbox validation for the latest head SHA.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 8c8f3969856f.