fix(core): whitelist TERM and COLORTERM in environment sanitization

[deadsmash07]

Summary

• Added TERM and COLORTERM to ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES in the environment sanitization service
• These variables describe terminal capabilities and are safe to pass through — they're needed by terminal editors (vim, emacs) and interactive commands (top)
• The sandbox path already preserves these variables (see sandbox.ts), so this aligns the sanitization behavior

Details

Terminal-based editors fail to initialize ("Terminal type not defined") and interactive commands default to no-color mode because TERM and COLORTERM are stripped during environment sanitization. This change simply whitelists them so they pass through to spawned processes unchanged — no fallback values are introduced.

Related Issues

Fixes #20444

How to Validate

1. Set EDITOR=vim or EDITOR=emacs
2. Run Gemini CLI with environment variable redaction enabled
3. Trigger an editor operation (e.g., edit a plan)
4. Verify the editor starts correctly without "Terminal type not defined" errors
5. Run top via shell command and verify color support works

Pre-Merge Checklist

• Updated relevant documentation and README (if needed) — N/A
• Added/updated tests (if needed) — Two new tests covering normal and strict sanitization modes
• Noted breaking changes (if any) — None
• Validated on required platforms/methods:
  • Linux npm run

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a compatibility issue where terminal-based applications and commands were not functioning as expected within the Gemini CLI environment. By explicitly allowing TERM and COLORTERM environment variables to pass through the environment sanitization process, it ensures that terminal capabilities are correctly communicated to spawned processes, thereby restoring full functionality and expected behavior for interactive tools.

Highlights

• Environment Variable Whitelisting: The TERM and COLORTERM environment variables have been added to the ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES list, ensuring they are not stripped during environment sanitization.
• Terminal Compatibility Fix: This change resolves issues where terminal-based editors (like vim/emacs) and interactive commands (like top) failed to initialize or display colors correctly due to these variables being removed.
• Enhanced Test Coverage: New tests were introduced to cover both normal and strict sanitization modes, verifying that TERM and COLORTERM are correctly preserved.

Changelog

• packages/core/src/services/environmentSanitization.test.ts
  • Added two new test cases to verify that TERM and COLORTERM environment variables are correctly allowed by the sanitizeEnvironment function.
  • Ensured that TERM and COLORTERM are preserved even in strict sanitization mode, while other non-whitelisted variables are removed.
• packages/core/src/services/environmentSanitization.ts
  • Included TERM and COLORTERM in the ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES set.
  • Added a comment explaining the purpose of whitelisting these terminal capability variables.

Activity

• The author has added two new tests covering normal and strict sanitization modes for the newly whitelisted variables.
• The author has confirmed that no documentation or README updates were needed.
• The author has validated the changes on Linux npm run.
• The author has confirmed there are no breaking changes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request addresses an issue with terminal-based tools by whitelisting the TERM and COLORTERM environment variables. These variables are now included in ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES to prevent them from being stripped during environment sanitization, which is necessary for the correct operation of terminal editors and other interactive commands. The change includes new unit tests that verify this behavior in both standard and strict sanitization modes. The implementation is straightforward and correctly resolves the reported issue.

[M-DEV-1]

Also, would it be possible for you to include screenshots/demo videos of how the tool handles before and after the environment sanitization fixes?

[deadsmash07]

Good point — since this is a sanitization-layer change, the impact is mostly visible when environment variable redaction is enabled.

Before (without this fix):
When enableEnvironmentVariableRedaction is enabled, TERM and COLORTERM get stripped from the environment passed to spawned processes. This causes:

• emacs to fail with "Terminal type not defined"
• vim to fall back to dumb terminal mode
• top and other ncurses tools to either fail or lose color output

After (with this fix):
TERM and COLORTERM pass through sanitization unchanged, so editors and interactive commands get the correct terminal type from the host environment — same behavior as when redaction is disabled.

I can put together a quick terminal recording if that would help the review, but the two new tests in the PR (normal mode + strict/GitHub Actions mode) cover both scenarios programmatically.

[deadsmash07]

@M-DEV-1 Here's a side-by-side comparison showing the sanitization behavior before and after the fix.

Left: main (before): In strict mode (GitHub Actions), TERM and COLORTERM are redacted, breaking terminal editors.
Right: fix/env-term-colorterm (after): Both variables pass through, while secrets remain redacted.

The important section is Strict mode (GitHub Actions): that's where the bug manifests. In normal redaction mode, these vars happened to pass through because they don't match any sensitive patterns, but strict mode redacts everything not explicitly whitelisted.

[M-DEV-1]

@M-DEV-1 Here's a side-by-side comparison showing the sanitization behavior before and after the fix.

Left: main (before): In strict mode (GitHub Actions), TERM and COLORTERM are redacted, breaking terminal editors. Right: fix/env-term-colorterm (after): Both variables pass through, while secrets remain redacted.

The important section is **Strict mode (GitHub Actions)**: that's where the bug manifests. In normal redaction mode, these vars happened to pass through because they don't match any sensitive patterns, but strict mode redacts everything not explicitly whitelisted.

Looks good!

[deadsmash07]

Thanks for flagging this @sripasg. I think there might be a misunderstanding though, this PR takes a different approach from #20440.

We're not setting any fallback values like COLORTERM: process.env['COLORTERM'] || 'truecolor'. We only add TERM and COLORTERM to the ALWAYS_ALLOWED_ENVIRONMENT_VARIABLES whitelist so the user's actual env values pass through sanitization untouched.

If the user's terminal has COLORTERM=truecolor, it passes through. If they don't have it set at all, nothing gets injected, which is exactly what jacob314 asked for: "just pass exactly what was in the process rather than lying about it."

Happy to make changes if I'm missing something though.

[sripasg]

This looks good ! Thanks @deadsmash07