New `HookEvent::ShellEnv` fires immediately before each `exec_shell`
invocation. The hook's stdout is parsed as `KEY=VALUE\n` lines and the
resolved env vars are merged on top of the spawned process environment.
Useful for ephemeral credentials (`aws-vault export …`), per-skill
PATH adjustments, short-lived tokens.
* `HookExecutor::collect_shell_env(&context)` runs every matching
`shell_env` hook synchronously, captures stdout, parses it, returns
the merged map. Later hooks override earlier ones.
* `parse_env_lines` tolerates `export KEY=VAL`, quoted values
(`"…"` / `'…'`), comments (`#`), blank lines. Lines without `=` are
silently dropped — easier than failing the whole hook for one stray
human-friendly line. Values are taken verbatim; we don't run the
string through a shell to avoid expansion surprises.
* Resolved KEY names (NEVER values) are written to
`~/.deepseek/audit.log` so a session can be reconciled later
without leaking the secret material.
* Hook failure / timeout contributes no vars — `exec_shell` is never
aborted because of a misbehaving env hook.
Plumbing:
* `RuntimeToolServices` gains an optional
`Arc<HookExecutor>`. Wired in `tui/ui.rs` from the App's existing
`app.hooks` clone. Test contexts default to `None`.
* `ShellManager::execute_with_options_env` and
`execute_interactive_with_policy_env` are new variants that accept
an `extra_env: HashMap<String, String>` and forward it via
`CommandSpec::with_env` so `prepare()` carries it into `ExecEnv.env`.
* The original `execute_with_options` / `execute_interactive_with_policy`
call the new variants with an empty map so existing callers
(including all 5 internal call sites) keep working unchanged.
* `commands/hooks.rs` `event_label` covers the new variant.
Tests cover `parse_env_lines` against realistic hook output (bare
assignments, `export` prefix, quoted values, comments, blanks, malformed
lines). `cargo clippy --workspace --all-targets --all-features --locked --
-D warnings` clean.
`config.example.toml` documents the new event with an `aws-vault`
example and the audit-logging contract.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Hunter Bown
af9e651017