mise 2026.4.11

The front-end to your dev env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488

use std::collections::BTreeMap;
use std::ffi::OsString;

use clap::ValueHint;
use duct::IntoExecutablePath;
#[cfg(not(any(test, windows)))]
use eyre::{Result, bail};
#[cfg(any(test, windows))]
use eyre::{Result, eyre};

use crate::cli::args::ToolArg;
#[cfg(any(test, windows))]
use crate::cmd;
use crate::config::{Config, Settings};
use crate::env;
use crate::prepare::{PrepareEngine, PrepareOptions};
use crate::sandbox::SandboxConfig;
use crate::toolset::env_cache::CachedEnv;
use crate::toolset::{InstallOptions, ResolveOptions, ToolsetBuilder};

/// Execute a command with tool(s) set
///
/// use this to avoid modifying the shell session or running ad-hoc commands with mise tools set.
///
/// Tools will be loaded from mise.toml, though they can be overridden with <RUNTIME> args
/// Note that only the plugin specified will be overridden, so if a `mise.toml` file
/// includes "node 20" but you run `mise exec python@3.11`; it will still load node@20.
///
/// The "--" separates runtimes from the commands to pass along to the subprocess.
#[derive(Debug, clap::Args)]
#[clap(visible_alias = "x", verbatim_doc_comment, after_long_help = AFTER_LONG_HELP)]
pub struct Exec {
    /// Tool(s) to start
    /// e.g.: node@20 python@3.10
    #[clap(value_name = "TOOL@VERSION")]
    pub tool: Vec<ToolArg>,

    /// Command string to execute (same as --command)
    #[clap(conflicts_with = "c", required_unless_present = "c", last = true)]
    pub command: Option<Vec<String>>,

    /// Command string to execute
    #[clap(short, long = "command", value_hint = ValueHint::CommandString, conflicts_with = "command")]
    pub c: Option<String>,

    /// Number of jobs to run in parallel
    /// [default: 4]
    #[clap(long, short, env = "MISE_JOBS", verbatim_doc_comment)]
    pub jobs: Option<usize>,

    /// [experimental] Allow specific env var through (implies --deny-env for everything else)
    /// Supports wildcards, e.g. --allow-env='MYAPP_*'
    #[clap(long, value_name = "VAR", verbatim_doc_comment)]
    pub allow_env: Vec<String>,

    /// [experimental] Allow network to specific host (implies --deny-net for everything else)
    /// macOS only in v1; on Linux falls back to allowing all network
    #[clap(long, value_name = "HOST", verbatim_doc_comment)]
    pub allow_net: Vec<String>,

    /// [experimental] Allow reads from specific path (implies --deny-read for everything else)
    #[clap(long, value_name = "PATH", verbatim_doc_comment)]
    pub allow_read: Vec<std::path::PathBuf>,

    /// [experimental] Allow writes to specific path (implies --deny-write for everything else)
    #[clap(long, value_name = "PATH", verbatim_doc_comment)]
    pub allow_write: Vec<std::path::PathBuf>,

    /// [experimental] Block reads, writes, network, and env vars
    #[clap(long, verbatim_doc_comment)]
    pub deny_all: bool,

    /// [experimental] Block env var inheritance (only PATH, HOME, USER, SHELL, TERM, LANG pass through)
    #[clap(long, verbatim_doc_comment)]
    pub deny_env: bool,

    /// [experimental] Block all network access
    #[clap(long, verbatim_doc_comment)]
    pub deny_net: bool,

    /// [experimental] Block filesystem reads (system libs and tool dirs still accessible)
    #[clap(long, verbatim_doc_comment)]
    pub deny_read: bool,

    /// [experimental] Block all filesystem writes
    #[clap(long, verbatim_doc_comment)]
    pub deny_write: bool,

    /// Bypass the environment cache and recompute the environment
    #[clap(long)]
    pub fresh_env: bool,

    /// Skip automatic dependency preparation
    #[clap(long)]
    pub no_prepare: bool,

    /// Directly pipe stdin/stdout/stderr from plugin to user
    /// Sets --jobs=1
    #[clap(long, overrides_with = "jobs")]
    pub raw: bool,
}

impl Exec {
    #[async_backtrace::framed]
    pub async fn run(self) -> eyre::Result<()> {
        // Temporarily unset cache key to force fresh env computation
        if self.fresh_env {
            env::reset_env_cache_key();
        }

        let mut config = Config::get().await?;

        // Check if any tool arg explicitly specified @latest
        // If so, resolve to the actual latest version from the registry (not just latest installed)
        let has_explicit_latest = self
            .tool
            .iter()
            .any(|t| t.tvr.as_ref().is_some_and(|tvr| tvr.version() == "latest"));

        let resolve_options = if has_explicit_latest {
            ResolveOptions {
                latest_versions: true,
                use_locked_version: false,
                ..Default::default()
            }
        } else {
            Default::default()
        };

        let mut ts = measure!("toolset", {
            ToolsetBuilder::new()
                .with_args(&self.tool)
                .with_default_to_latest(true)
                .with_resolve_options(resolve_options.clone())
                .build(&config)
                .await?
        });

        let opts = InstallOptions {
            force: false,
            jobs: self.jobs,
            raw: self.raw,
            // prevent installing things in shims by checking for tty
            // also don't autoinstall if at least 1 tool is specified
            // in that case the user probably just wants that one tool
            missing_args_only: !self.tool.is_empty()
                || !Settings::get().exec_auto_install
                || *env::__MISE_SHIM,
            skip_auto_install: !Settings::get().exec_auto_install || !Settings::get().auto_install,
            resolve_options,
            ..Default::default()
        };
        let (_, missing) = measure!("install_arg_versions", {
            ts.install_missing_versions(&mut config, &opts).await?
        });

        // If we installed new versions for explicit @latest, re-resolve to pick up the installed versions
        if has_explicit_latest {
            ts.resolve_with_opts(&config, &opts.resolve_options).await?;
        }

        measure!("notify_if_versions_missing", {
            ts.notify_missing_versions(missing);
        });

        let (program, mut args) = parse_command(&env::SHELL, &self.command, &self.c);

        let mut env = measure!("env_with_path", { ts.env_with_path(&config).await? });

        // Run auto-enabled prepare steps (unless --no-prepare)
        if !self.no_prepare {
            let engine = PrepareEngine::new(&config)?;
            engine
                .run(PrepareOptions {
                    auto_only: true, // Only run providers with auto=true
                    env: env.clone(),
                    ..Default::default()
                })
                .await?;
        }

        // Ensure MISE_ENV is set in the spawned shell if it was specified via -E flag
        if !env::MISE_ENV.is_empty() {
            env.insert("MISE_ENV".to_string(), env::MISE_ENV.join(","));
        }

        // Ensure cache key is propagated to subprocesses for env caching
        if Settings::get().env_cache && !self.fresh_env {
            let key = CachedEnv::ensure_encryption_key();
            env.insert("__MISE_ENV_CACHE_KEY".to_string(), key);
        }

        if program.rsplit('/').next() == Some("fish") {
            let mut cmd = vec![];
            for (k, v) in env.iter().filter(|(k, _)| *k != "PATH") {
                cmd.push(format!(
                    "set -gx {} {}",
                    shell_escape::escape(k.into()),
                    shell_escape::escape(v.into())
                ));
            }
            // TODO: env is being calculated twice with final_env and env_with_path
            let (_, env_results) = ts.final_env(&config).await?;
            for p in ts.list_final_paths(&config, env_results).await? {
                cmd.push(format!(
                    "fish_add_path -gm {}",
                    shell_escape::escape(p.to_string_lossy())
                ));
            }
            args.insert(0, cmd.join("\n"));
            args.insert(0, "-C".into());
        }

        // Build sandbox config from CLI flags (experimental feature)
        let mut sandbox = SandboxConfig {
            deny_read: self.deny_all || self.deny_read,
            deny_write: self.deny_all || self.deny_write,
            deny_net: self.deny_all || self.deny_net,
            deny_env: self.deny_all || self.deny_env,
            allow_read: self.allow_read,
            allow_write: self.allow_write,
            allow_net: self.allow_net,
            allow_env: self.allow_env,
        };
        sandbox.resolve_paths();

        // Check experimental flag if sandbox is being used
        if sandbox.is_active() {
            Settings::get().ensure_experimental("sandbox")?;
            env = sandbox.filter_env(&env);
        }

        time!("exec");
        exec_program(program, args, env, &sandbox).await
    }
}

#[cfg(all(not(test), unix))]
pub async fn exec_program<T, U>(
    program: T,
    args: U,
    env: BTreeMap<String, String>,
    sandbox: &SandboxConfig,
) -> Result<()>
where
    T: IntoExecutablePath,
    U: IntoIterator,
    U::Item: Into<OsString>,
{
    if sandbox.effective_deny_env() {
        // When env is sandboxed, clear all vars and only set the filtered ones
        for (k, _) in std::env::vars() {
            if !env.contains_key(&k) {
                env::remove_var(&k);
            }
        }
    }
    for (k, v) in env.iter() {
        env::set_var(k, v);
    }
    let args = args.into_iter().map(Into::into).collect::<Vec<_>>();
    let program = program.to_executable();
    let program = if program.to_string_lossy().contains('/') {
        // Already a path, no need to resolve
        program
    } else {
        let cwd = crate::dirs::CWD.clone().unwrap_or_default();
        let lookup_path = env.get(&*env::PATH_KEY).map(|path_val| {
            // For program resolution, reorder PATH so that paths added by mise
            // (tool bins, _.path entries) come before paths from the original
            // system PATH. This prevents wrapper scripts in the system PATH
            // (e.g. .devcontainer/bin/tool) from being found before the real
            // tool binary, which would cause infinite recursion and E2BIG.
            //
            // User-configured paths (_.path/venv) maintain their position
            // relative to tool paths since both are "mise-added".
            // The child process still inherits the full unmodified PATH.
            let user_shims = &*crate::dirs::SHIMS;
            let sys_shims = crate::env::MISE_SYSTEM_DATA_DIR.join("shims");
            let is_shims_dir = |p: &std::path::PathBuf| p == user_shims || p == &sys_shims;
            let pristine: std::collections::HashSet<_> = crate::env::PATH.iter().collect();
            let all_paths: Vec<_> = std::env::split_paths(&OsString::from(path_val)).collect();
            // Mise-added paths first (preserving relative order)
            let mise_added: Vec<_> = all_paths
                .iter()
                .filter(|p| !pristine.contains(p))
                .cloned()
                .collect();
            // Then original system paths (minus shims)
            let original: Vec<_> = all_paths
                .iter()
                .filter(|p| pristine.contains(p) && !is_shims_dir(p))
                .cloned()
                .collect();
            std::env::join_paths(mise_added.iter().chain(original.iter())).unwrap()
        });
        match which::which_in(&program, lookup_path, cwd) {
            Ok(resolved) => resolved.into_os_string(),
            Err(_) => program, // Fall back to original if resolution fails
        }
    };
    // Apply sandbox (Landlock/seccomp on Linux, sandbox-exec on macOS)
    let args_str: Vec<String> = args
        .iter()
        .map(|a| a.to_string_lossy().into_owned())
        .collect();
    if let Some(sandboxed) = sandbox.apply(&program.to_string_lossy(), &args_str).await? {
        // macOS: exec through sandbox-exec
        let err = exec::Command::new(&sandboxed.program)
            .args(&sandboxed.args)
            .exec();
        bail!("{} {err}", sandboxed.program);
    }

    let err = exec::Command::new(program.clone()).args(&args).exec();
    bail!("{:?} {err}", program.to_string_lossy())
}

#[cfg(all(windows, not(test)))]
pub async fn exec_program<T, U>(
    program: T,
    args: U,
    env: BTreeMap<String, String>,
    sandbox: &SandboxConfig,
) -> Result<()>
where
    T: IntoExecutablePath,
    U: IntoIterator,
    U::Item: Into<OsString>,
{
    if sandbox.is_active() {
        warn!("sandbox is not supported on Windows, running unsandboxed");
    }
    for (k, v) in env.iter() {
        env::set_var(k, v);
    }
    let cwd = crate::dirs::CWD.clone().unwrap_or_default();
    let program = program.to_executable();
    // Reorder PATH for program resolution: mise-added paths first, then
    // original system paths (minus shims). See Unix version for full rationale.
    let lookup_path = env.get(&*env::PATH_KEY).map(|path_val| {
        let shims_normalized = crate::dirs::SHIMS
            .to_string_lossy()
            .to_lowercase()
            .replace('/', "\\");
        let sys_shims_normalized = crate::env::MISE_SYSTEM_DATA_DIR
            .join("shims")
            .to_string_lossy()
            .to_lowercase()
            .replace('/', "\\");
        let is_shims = |p: &std::path::PathBuf| {
            let expanded = crate::file::replace_path(p);
            let normalized = expanded.to_string_lossy().to_lowercase().replace('/', "\\");
            normalized == shims_normalized || normalized == sys_shims_normalized
        };
        let pristine: std::collections::HashSet<_> = crate::env::PATH
            .iter()
            .map(|p| {
                crate::file::replace_path(p)
                    .to_string_lossy()
                    .to_lowercase()
                    .replace('/', "\\")
            })
            .collect();
        let all_paths: Vec<_> = std::env::split_paths(&OsString::from(path_val)).collect();
        let mise_added: Vec<_> = all_paths
            .iter()
            .filter(|p| {
                let normalized = crate::file::replace_path(p)
                    .to_string_lossy()
                    .to_lowercase()
                    .replace('/', "\\");
                !pristine.contains(&normalized)
            })
            .cloned()
            .collect();
        let original: Vec<_> = all_paths
            .iter()
            .filter(|p| {
                let normalized = crate::file::replace_path(p)
                    .to_string_lossy()
                    .to_lowercase()
                    .replace('/', "\\");
                pristine.contains(&normalized) && !is_shims(p)
            })
            .cloned()
            .collect();
        std::env::join_paths(mise_added.iter().chain(original.iter())).unwrap()
    });
    let program = which::which_in(program, lookup_path, cwd)?;
    let cmd = cmd::cmd(program, args);

    // Windows does not support exec in the same way as Unix,
    // so we emulate it instead by not handling Ctrl-C and letting
    // the child process deal with it instead.
    win_exec::set_ctrlc_handler()?;

    let res = cmd.unchecked().run()?;
    match res.status.code() {
        Some(code) => {
            std::process::exit(code);
        }
        None => Err(eyre!("command failed: terminated by signal")),
    }
}

#[cfg(test)]
pub async fn exec_program<T, U>(
    program: T,
    args: U,
    env: BTreeMap<String, String>,
    _sandbox: &SandboxConfig,
) -> Result<()>
where
    T: IntoExecutablePath,
    U: IntoIterator,
    U::Item: Into<OsString>,
{
    let mut cmd = cmd::cmd(program, args);
    for (k, v) in env.iter() {
        cmd = cmd.env(k, v);
    }
    let res = cmd.unchecked().run()?;
    match res.status.code() {
        Some(0) => Ok(()),
        Some(code) => Err(eyre!("command failed: exit code {}", code)),
        None => Err(eyre!("command failed: terminated by signal")),
    }
}

#[cfg(all(windows, not(test)))]
mod win_exec {
    use eyre::{Result, eyre};
    use winapi::shared::minwindef::{BOOL, DWORD, FALSE, TRUE};
    use winapi::um::consoleapi::SetConsoleCtrlHandler;
    // Windows way of creating a process is to just go ahead and pop a new process
    // with given program and args into existence. But in unix-land, it instead happens
    // in a two-step process where you first fork the process and then exec the new program,
    // essentially replacing the current process with the new one.
    // We use Windows API to set a Ctrl-C handler that does nothing, essentially attempting
    // to emulate the ctrl-c behavior by not handling it ourselves, and propagating it to
    // the child process to handle it instead.
    // This is the same way cargo does it in cargo run.
    unsafe extern "system" fn ctrlc_handler(_: DWORD) -> BOOL {
        // This is a no-op handler to prevent Ctrl-C from terminating the process.
        // It allows the child process to handle Ctrl-C instead.
        TRUE
    }

    pub(super) fn set_ctrlc_handler() -> Result<()> {
        if unsafe { SetConsoleCtrlHandler(Some(ctrlc_handler), TRUE) } == FALSE {
            Err(eyre!("Could not set Ctrl-C handler."))
        } else {
            Ok(())
        }
    }
}

fn parse_command(
    shell: &str,
    command: &Option<Vec<String>>,
    c: &Option<String>,
) -> (String, Vec<String>) {
    match (&command, &c) {
        (Some(command), _) => {
            let (program, args) = command.split_first().unwrap();
            (program.clone(), args.into())
        }
        _ => (
            shell.into(),
            vec![env::SHELL_COMMAND_FLAG.into(), c.clone().unwrap()],
        ),
    }
}

static AFTER_LONG_HELP: &str = color_print::cstr!(
    r#"<bold><underline>Examples:</underline></bold>

    $ <bold>mise exec node@20 -- node ./app.js</bold>  # launch app.js using node-20.x
    $ <bold>mise x node@20 -- node ./app.js</bold>     # shorter alias

    # Specify command as a string:
    $ <bold>mise exec node@20 python@3.11 --command "node -v && python -V"</bold>

    # Run a command in a different directory:
    $ <bold>mise x -C /path/to/project node@20 -- node ./app.js</bold>
"#
);