Add nativeSpawn option to RunCLIArgs for host process spawning#3481
Open
chubes4 wants to merge 5 commits intoWordPress:trunkfrom
Open
Add nativeSpawn option to RunCLIArgs for host process spawning#3481chubes4 wants to merge 5 commits intoWordPress:trunkfrom
chubes4 wants to merge 5 commits intoWordPress:trunkfrom
Conversation
Add a `nativeSpawn` boolean to `RunCLIArgs` that enables native host process spawning via `child_process.spawn` for PHP's `proc_open()`, `shell_exec()`, and `exec()`. When enabled, the worker thread imports spawn directly instead of using the sandboxed handler that creates new PHP WASM instances. This is needed by consumers like WordPress Studio that run PHP plugins requiring host process communication (e.g., php-mcp-client's StdioTransport for MCP servers). The `nativeSpawn` flag is a boolean rather than a function reference because spawn handlers can't be serialized across the Comlink worker thread boundary. The worker imports `child_process.spawn` directly when the flag is true. Changes: - run-cli.ts: Add `nativeSpawn` to `RunCLIArgs` interface - blueprints-v1-handler.ts: Pass `nativeSpawn` to worker - worker-thread-v1.ts: Use native spawn when `nativeSpawn` is true - php-proc-open.spec.ts: Tests for proc_open, shell_exec, stderr, stdin piping, exit codes, and graceful failure without handler Fixes WordPress#3480 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
chubes4
added a commit
to Automattic/studio
that referenced
this pull request
Apr 11, 2026
Pass nativeSpawn: true to RunCLIArgs in wordpress-server-child.ts so PHP's proc_open(), shell_exec(), and exec() can spawn host processes when the site is running via the daemon. This complements the createNativeSpawnHandler() in run-wp-cli-command.ts (which handles the fallback path when no daemon is running). Depends on WordPress/wordpress-playground#3481 adding nativeSpawn to RunCLIArgs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds an opt-in nativeSpawn flag to the Playground CLI worker boot flow so PHP code running under runCLI() can spawn real host processes (Node.js child_process.spawn) instead of using the sandboxed spawn handler that starts new PHP WASM instances—primarily to unblock proc_open()/shell_exec() use cases in Node environments.
Changes:
- Introduce
nativeSpawn?: booleaninRunCLIArgsand propagate it into the Blueprints V1 worker boot options. - Update the worker spawn handler selection to use native
child_process.spawnwhennativeSpawnis enabled. - Add Node runtime tests verifying
proc_open/shell_execbehavior with and without a spawn handler.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| test-spawn-handler.mjs | Adds a standalone manual test script to validate spawn handler propagation into proc_open/shell_exec. |
| packages/playground/cli/src/run-cli.ts | Extends RunCLIArgs with nativeSpawn and documents the behavior. |
| packages/playground/cli/src/blueprints-v1/blueprints-v1-handler.ts | Passes nativeSpawn through to the worker boot options. |
| packages/playground/cli/src/blueprints-v1/worker-thread-v1.ts | Switches spawn handler factory based on nativeSpawn, using host spawning when enabled. |
| packages/php-wasm/node/src/test/php-proc-open.spec.ts | Adds automated tests for proc_open/shell_exec with a native spawn handler. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add security warning to nativeSpawn docs about arbitrary command execution - Fix test name to match behavior (fails, not throws) - Clean up require usage in worker spawn handler Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add a
nativeSpawnboolean toRunCLIArgsthat enables native host process spawning viachild_process.spawnfor PHP'sproc_open(),shell_exec(), andexec(). When enabled, the worker thread imports spawn directly instead of using the sandboxed handler that creates new PHP WASM instances.Motivation
WordPress Studio uses
runCLI()for its site daemon. PHP plugins that callproc_open()to communicate with external tools (e.g., php-mcp-client'sStdioTransportfor MCP servers) fail silently because the worker thread's sandboxed spawn handler creates new WASM instances instead of spawning host processes.The sandboxed handler is correct for browser environments where host process spawning isn't possible. But in Node.js environments (CLI, Studio), native spawning should be available as an opt-in.
How AI was used in this PR
This PR was developed with Claude Code (AI pair programming). The root cause analysis, fix design, and test suite were developed collaboratively. All code has been reviewed and tested.
Changes
run-cli.tsnativeSpawn?: booleantoRunCLIArgsinterfaceblueprints-v1-handler.tsnativeSpawnfromRunCLIArgsto the worker'sbootRequestHandleroptionsworker-thread-v1.tsnativeSpawn?: booleantoWorkerBootRequestHandlerOptionsnativeSpawnis true, the spawn handler importschild_process.spawndirectly inside the worker thread instead of usingsandboxedSpawnHandlerFactoryphp-proc-open.spec.ts(new test file)proc_openwith native spawn handlershell_execwith native spawn handlerproc_openfailure without spawn handlerDesign decisions
Boolean flag vs function reference:
nativeSpawnis a boolean rather than accepting a customSpawnHandlerfunction because the worker thread runs in a separateWorker()context. Functions can't be serialized across the Comlink message boundary. The worker importschild_process.spawndirectly when the flag is true.Opt-in vs default: Native spawning is opt-in to preserve backward compatibility. The sandboxed handler remains the default, which is correct for browser environments and security-sensitive contexts.
Testing
Verified with comprehensive standalone tests against
@php-wasm/node:proc_openwith stdout captureshell_execoutputproc_openfails gracefully without handlerAlso verified in WordPress Studio CLI that the fallback path (
runWpCliCommandwithsetSpawnHandler(spawn)) enablesproc_openfor WP-CLI commands.Context