fix: hydrate devcontainer ssh agent socket

[boblangley]

What Changed

Fix terminal PTY environment hydration for devcontainers by resolving a usable SSH_AUTH_SOCK when spawning terminal sessions.

The change:

• Keeps a valid inherited SSH_AUTH_SOCK
• Falls back to the newest same-user VS Code forwarded socket at /tmp/vscode-ssh-auth-*.sock
• Preserves explicit runtime env overrides
• Adds focused tests for resolver behavior and terminal spawn env behavior

Why

Fixes #3067.

When the T3 Code server starts before VS Code attaches to a devcontainer, the server process does not inherit VS Code’s later-injected forwarded SSH agent environment. Terminals spawned by that server therefore miss SSH_AUTH_SOCK, even though the forwarded socket exists and works in normal VS Code terminals.

Resolving the socket at terminal spawn time makes server-started terminals match the attached devcontainer environment without requiring a server restart.

Checklist

• This PR is small and focused
• I explained what changed and why
• I included before/after screenshots for any UI changes
• I included a video for animation/interaction changes

---

Note

Low Risk
Scoped to terminal spawn env on POSIX with uid-checked socket discovery; runtime overrides are preserved and Windows skips scanning.

Overview
Fixes devcontainer terminals missing SSH agent access when the server starts before VS Code injects a forwarded socket.

Adds resolveSshAuthSock in @t3tools/shared/sshAgent: reuse a valid same-user inherited SSH_AUTH_SOCK, otherwise on POSIX scan the process temp dir and /tmp for the newest same-user vscode-ssh-auth-*.sock, with injectable readdir/stat for tests. createTerminalSpawnEnv in the terminal manager now sets SSH_AUTH_SOCK from an optional sshAuthSockResolver (defaulting to that helper) before applying runtime env, so open() env overrides still win. Exports the new module and adds unit/integration tests for resolver and spawn behavior.

^{Reviewed by Cursor Bugbot for commit ac1daf4. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Hydrate SSH_AUTH_SOCK in devcontainer terminal spawn environment

• Adds resolveSshAuthSock in packages/shared/src/sshAgent.ts that returns a suitable SSH agent socket path by preferring a valid inherited SSH_AUTH_SOCK or falling back to the newest same-user VS Code forwarded socket in temp directories.
• Integrates the resolver into createTerminalSpawnEnv in apps/server/src/terminal/Layers/Manager.ts, injecting SSH_AUTH_SOCK before spawning terminal processes, with runtimeEnv values taking precedence.
• Skips socket scanning on Windows.
• Behavioral Change: terminal processes spawned via makeTerminalManagerWithOptions will now have SSH_AUTH_SOCK set by default if one can be resolved from the environment.

^{Macroscope summarized ac1daf4.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 02ef55a6-2298-4fab-b98a-2e2c82d1cf22

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 3a94ea3. Configure here.}

[macroscopeapp]

Approvability

Verdict: Needs human review

This PR introduces new functionality that automatically discovers and injects SSH agent sockets into terminal sessions - changing runtime behavior for how terminals are spawned. While well-tested, this is new capability rather than a simple bug fix and warrants human review.

^{You can customize Macroscope's approvability policy. Learn more.}