From bbbbbca3e1b657c64c904f59b4fe0d1ab45e49b4 Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Tue, 26 May 2026 23:40:46 +0100
Subject: [PATCH] fix: keep legacy agent dir env blocked

---
 .github/workflows/codeql-critical-quality.yml | 1 +
 src/infra/dotenv.test.ts                      | 5 ++++-
 src/infra/dotenv.ts                           | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-critical-quality.yml b/.github/workflows/codeql-critical-quality.yml
index a618da2feae..36121a74282 100644
--- a/.github/workflows/codeql-critical-quality.yml
+++ b/.github/workflows/codeql-critical-quality.yml
@@ -72,6 +72,7 @@ on:
       - "src/agents/cli-runner/**"
       - "src/agents/command/**"
       - "src/agents/embedded-agent-runner/**"
+      - "src/agents/sessions/tools/**"
       - "src/agents/tools/**"
       - "src/agents/*completion*.ts"
       - "src/agents/*transport*.ts"
diff --git a/src/infra/dotenv.test.ts b/src/infra/dotenv.test.ts
index 87e76f12e72..9e2744f0864 100644
--- a/src/infra/dotenv.test.ts
+++ b/src/infra/dotenv.test.ts
@@ -382,7 +382,7 @@ describe("loadDotEnv", () => {
     });
   });
 
-  it("blocks path-override vars (OPENCLAW_AGENT_DIR, OPENCLAW_BUNDLED_PLUGINS_DIR, OPENCLAW_OAUTH_DIR) from workspace .env", async () => {
+  it("blocks path-override vars from workspace .env", async () => {
     await withIsolatedEnvAndCwd(async () => {
       await withDotEnvFixture(async ({ base, cwdDir }) => {
         const bundledPluginsDir = path.join(base, "attacker-bundled");
@@ -392,18 +392,21 @@ describe("loadDotEnv", () => {
             "OPENCLAW_AGENT_DIR=./evil-agent",
             `OPENCLAW_BUNDLED_PLUGINS_DIR=${bundledPluginsDir}`,
             "OPENCLAW_OAUTH_DIR=./evil-oauth",
+            "PI_CODING_AGENT_DIR=./evil-pi-agent",
           ].join("\n"),
         );
 
         delete process.env.OPENCLAW_AGENT_DIR;
         delete process.env.OPENCLAW_BUNDLED_PLUGINS_DIR;
         delete process.env.OPENCLAW_OAUTH_DIR;
+        delete process.env.PI_CODING_AGENT_DIR;
 
         loadWorkspaceDotEnvFile(path.join(cwdDir, ".env"), { quiet: true });
 
         expect(process.env.OPENCLAW_AGENT_DIR).toBeUndefined();
         expect(process.env.OPENCLAW_BUNDLED_PLUGINS_DIR).toBeUndefined();
         expect(process.env.OPENCLAW_OAUTH_DIR).toBeUndefined();
+        expect(process.env.PI_CODING_AGENT_DIR).toBeUndefined();
       });
     });
   });
diff --git a/src/infra/dotenv.ts b/src/infra/dotenv.ts
index c58836af2c8..56f612efc2f 100644
--- a/src/infra/dotenv.ts
+++ b/src/infra/dotenv.ts
@@ -79,6 +79,7 @@ const BLOCKED_WORKSPACE_DOTENV_KEYS = new Set([
   "OPENCLAW_STATE_DIR",
   "OPENCLAW_TEST_TAILSCALE_BINARY",
   "PATH",
+  "PI_CODING_AGENT_DIR",
   "PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH",
   "PROGRAMFILES",
   "PROGRAMFILES(X86)",