Fix environment variable leak and flag propagation for extensions (#7314)

* Test aks

* Fix environment variable leak and flag propagation for extensions

Extension commands use DisableFlagParsing, so cobra never parses global
flags like -e/--environment, --debug, or --cwd. This caused two problems:

1. The DI-resolved environment always loaded the default instead of the
   one specified with -e, leaking wrong env vars into extension processes
   and never setting AZD_ENVIRONMENT (#7034).

2. --debug and --cwd were also not propagated to extensions because
   extensions.go read them from cmd.Flags() which returns defaults.

Fix by:
- Adding -e/--environment to ParseGlobalFlags() with lenient validation:
  valid env names are accepted, non-env values (like URLs that extensions
  pass via -e) are silently skipped so extensions still work.
- Adding EnvironmentName to GlobalCommandOptions so the pre-parsed value
  is available to the DI container and extension runner.
- Updating container.go EnvFlag resolver to fall back to globalOptions
  when cmd.Flags() returns empty (extension commands).
- Updating extensions.go to use globalOptions for all InvokeOptions
  fields (debug, cwd, environment, no-prompt) instead of cmd.Flags().

Closes #7034

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: add AZD_DISABLE_AGENT_DETECT for functional tests

Agent detection (agentdetect package) walks the parent process tree and
auto-enables --no-prompt when it finds an AI coding agent. In CI and
local dev under Copilot CLI, this causes functional tests to fail
because piped stdin is ignored when no-prompt is active.

Changes:
- detect.go: Early return from detectAgent() when AZD_DISABLE_AGENT_DETECT
  is set, suppressing both env var and parent process detection
- cli.go: Set AZD_DISABLE_AGENT_DETECT=1 on all child azd processes in
  RunCommandWithStdIn(), with nil-Env safety (nil means inherit-all in Go)
- detect_test.go: Test that AZD_DISABLE_AGENT_DETECT suppresses detection
- env_test.go: Fix require.Fail -> require.Failf format string bug

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: remove tainted env var value from log to satisfy gosec G706

The gosec linter flags os.LookupEnv values as tainted input for log
injection (G706). Remove the env var value from the log message since
only the presence of the env var matters, not its value.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ci: retrigger pipeline

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: exclude --environment from workflow step global args

Workflow steps that specify their own -e/--environment flag (e.g.
'azd: env set KEY VALUE -e env1') were getting the parent command's
--environment appended via extractGlobalArgs(), causing the parent's
value to override the step's explicit value.

The environment flag is now excluded from extractGlobalArgs() since
environment propagation to workflow steps is already handled by the
globalOptions DI fallback in the EnvFlag resolver.

Fixes Test_CLI_Up_EnvironmentFlags.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: add missing color import in detect_confirm_apphost.go

* Use lenient validation for -e/--environment in global flag parsing

Change ParseGlobalFlags to silently ignore invalid environment names
instead of returning an error. Valid environment names match the regex
[a-zA-Z0-9-()_.]{1,64} which can never match URLs containing ://, so
there is natural disambiguation between azd env names and extension
flags that reuse -e for other purposes (e.g., --project-endpoint).

This fixes the environment variable leak (azd env name not propagating
to workflow steps) while preserving backward compatibility with all
extensions — including third-party ones that use -e for their own flags.

PR 7313 (migrating first-party extensions off -e) is no longer a hard
prerequisite since invalid values are silently skipped, not rejected.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update TestFigSpec snapshot to match current extension output

Remove stale --host option from ai agents init that was incorrectly
kept during rebase conflict resolution. The current azure.ai.agents
extension no longer exposes this option.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add extension compatibility regression test for -e flag

Add TestParseGlobalFlags_ExtensionCompatibility that verifies real extension
scenarios (azure.ai.models, azure.ai.finetune) using -e for --project-endpoint
URLs are not broken by global -e/--environment flag parsing.

Covers: URL endpoints, --project-endpoint passthrough, valid env before
extension args, mixed global flags, and pflag last-value-wins behavior.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix line-length lint violations in extension compatibility tests

Break long args slices across multiple lines to comply with the 125-char
lll linter rule enforced by golangci-lint.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ci: retrigger CI after flaky test failures

* fix: use EnvironmentNameFlagName constant and add debug logging

- Replace string literal 'environment' with internal.EnvironmentNameFlagName
  constant in CreateGlobalFlagSet and ParseGlobalFlags to prevent drift
- Add debug-level log when an invalid environment name is silently ignored,
  making the lenient skip observable when --debug is enabled

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: remove accidental dev/null file

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jongio

cli/azd/cmd/auto_install.go

@@ -17,6 +17,7 @@ import (
 	"github.com/azure/azure-dev/cli/azd/internal"
 	"github.com/azure/azure-dev/cli/azd/internal/runcontext/agentdetect"
 	"github.com/azure/azure-dev/cli/azd/internal/tracing/resource"
+	"github.com/azure/azure-dev/cli/azd/pkg/environment"
 	"github.com/azure/azure-dev/cli/azd/pkg/extensions"
 	"github.com/azure/azure-dev/cli/azd/pkg/input"
 	"github.com/azure/azure-dev/cli/azd/pkg/ioc"
@@ -623,6 +624,7 @@ func CreateGlobalFlagSet() *pflag.FlagSet {
 		false,
 		"Alias for --no-prompt.")
 	_ = globalFlags.MarkHidden("non-interactive")
+	globalFlags.StringP(internal.EnvironmentNameFlagName, "e", "", "The name of the environment to use.")
 
 	// The telemetry system is responsible for reading these flags value and using it to configure the telemetry
 	// system, but we still need to add it to our flag set so that when we parse the command line with Cobra we
@@ -705,6 +707,24 @@ func ParseGlobalFlags(args []string, opts *internal.GlobalCommandOptions) error
 		}
 	}
 
+	// Parse -e/--environment with lenient validation.
+	// Only accept values that look like valid environment names (alphanumeric, hyphens, dots,
+	// underscores). Values that don't match (e.g., URLs from extensions reusing -e for
+	// --project-endpoint) are silently ignored — the extension still receives the raw args
+	// and can parse -e itself. This avoids breaking third-party extensions that use -e
+	// for their own flags while still fixing the environment leak for valid env names.
+	if strVal, err := globalFlagSet.GetString(internal.EnvironmentNameFlagName); err == nil && strVal != "" {
+		if environment.IsValidEnvironmentName(strVal) {
+			opts.EnvironmentName = strVal
+		} else if opts.EnableDebugLogging {
+			log.Printf(
+				"debug: ignoring invalid environment name %q from -e/--environment flag"+
+					" (does not match %s pattern)",
+				strVal, environment.EnvironmentNameRegexp,
+			)
+		}
+	}
+
 	// Agent Detection: If no explicit flag or env var was set and we detect an AI coding
 	// agent as the caller, automatically enable no-prompt mode for non-interactive execution.
 	if !flagExplicitlySet && !envVarPresent && agentdetect.IsRunningInAgent() {

cli/azd/cmd/auto_install_test.go

@@ -568,3 +568,189 @@ func TestParseGlobalFlags_NonInteractiveAliasAndEnvVar(t *testing.T) {
 		agentdetect.ResetDetection()
 	})
 }
+
+func TestParseGlobalFlags_EnvironmentName(t *testing.T) {
+	tests := []struct {
+		name            string
+		args            []string
+		expectedEnvName string
+	}{
+		{
+			name:            "valid env name with -e",
+			args:            []string{"-e", "dev", "up"},
+			expectedEnvName: "dev",
+		},
+		{
+			name:            "valid env name with --environment",
+			args:            []string{"--environment", "production", "deploy"},
+			expectedEnvName: "production",
+		},
+		{
+			name:            "valid env name with equals syntax",
+			args:            []string{"--environment=staging", "deploy"},
+			expectedEnvName: "staging",
+		},
+		{
+			name:            "env name with dots and hyphens",
+			args:            []string{"-e", "my-env.v2", "up"},
+			expectedEnvName: "my-env.v2",
+		},
+		{
+			name:            "empty value",
+			args:            []string{"up"},
+			expectedEnvName: "",
+		},
+		{
+			name:            "env name alongside other global flags",
+			args:            []string{"--debug", "-e", "myenv", "--no-prompt", "deploy"},
+			expectedEnvName: "myenv",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Clear agent detection to avoid NoPrompt side effects
+			clearAgentEnvVarsForTest(t)
+			agentdetect.ResetDetection()
+
+			opts := &internal.GlobalCommandOptions{}
+			err := ParseGlobalFlags(tt.args, opts)
+			require.NoError(t, err)
+
+			assert.Equal(t, tt.expectedEnvName, opts.EnvironmentName,
+				"EnvironmentName should be %q for test case: %s", tt.expectedEnvName, tt.name)
+
+			agentdetect.ResetDetection()
+		})
+	}
+}
+
+func TestParseGlobalFlags_InvalidEnvironmentName(t *testing.T) {
+	// Invalid environment names are silently ignored (not errors) so that
+	// third-party extensions reusing -e for their own flags (e.g., URLs)
+	// are not broken by azd's global flag parsing.
+	tests := []struct {
+		name string
+		args []string
+	}{
+		{
+			name: "URL value",
+			args: []string{"-e", "https://foo.services.ai.azure.com/api/projects/bar", "model", "custom", "create"},
+		},
+		{
+			name: "value with colons",
+			args: []string{"-e", "host:port", "model", "custom", "create"},
+		},
+		{
+			name: "value with slashes",
+			args: []string{"-e", "path/to/thing", "model", "custom", "create"},
+		},
+		{
+			name: "value with spaces",
+			args: []string{"-e", "env name with spaces"},
+		},
+		{
+			name: "special characters",
+			args: []string{"-e", "env@#$%"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			clearAgentEnvVarsForTest(t)
+			agentdetect.ResetDetection()
+
+			opts := &internal.GlobalCommandOptions{}
+			err := ParseGlobalFlags(tt.args, opts)
+			require.NoError(t, err, "invalid env names should be silently ignored, not rejected")
+			assert.Empty(t, opts.EnvironmentName,
+				"EnvironmentName should be empty when -e value is not a valid env name")
+
+			agentdetect.ResetDetection()
+		})
+	}
+}
+
+// TestParseGlobalFlags_ExtensionCompatibility verifies that extensions reusing -e for their
+// own flags (e.g., azure.ai.models uses -e/--project-endpoint) work correctly alongside
+// azd's global -e/--environment flag. This is a regression test for the bug that caused
+// PR #7035 to be reverted (PR #7274): strict validation of -e values rejected URLs passed
+// by extensions, breaking commands like `azd ai models custom create -e https://...`.
+func TestParseGlobalFlags_ExtensionCompatibility(t *testing.T) {
+	tests := []struct {
+		name            string
+		args            []string
+		expectedEnvName string
+		description     string
+	}{
+		{
+			name: "azure.ai.models: -e with project endpoint URL",
+			args: []string{
+				"ai", "models", "custom", "create",
+				"-e", "https://myaccount.services.ai.azure.com/api/projects/myproject",
+			},
+			expectedEnvName: "",
+			description:     "URL must not be captured as env name; extension receives raw args",
+		},
+		{
+			name: "azure.ai.models: --project-endpoint with URL",
+			args: []string{
+				"ai", "models", "custom", "create",
+				"--project-endpoint", "https://myaccount.services.ai.azure.com/api/projects/myproject",
+			},
+			expectedEnvName: "",
+			description:     "--project-endpoint is not a global flag, should be ignored",
+		},
+		{
+			name: "valid env name before extension args",
+			args: []string{
+				"-e", "dev", "ai", "models", "custom", "create",
+				"--project-endpoint", "https://endpoint.com",
+			},
+			expectedEnvName: "dev",
+			description:     "valid -e before extension subcommand should be captured",
+		},
+		{
+			name: "extension -e URL with other global flags",
+			args: []string{
+				"--debug", "ai", "models", "custom", "create",
+				"-e", "https://endpoint.com", "--no-prompt",
+			},
+			expectedEnvName: "",
+			description:     "URL via -e among global flags must not error or capture",
+		},
+		{
+			name: "azure.ai.finetune: -e with endpoint URL",
+			args: []string{
+				"ai", "fine-tuning", "init",
+				"-e", "https://ai-endpoint.azure.com/v1",
+			},
+			expectedEnvName: "",
+			description:     "fine-tuning extension's -e must not be captured",
+		},
+		{
+			name: "both --environment and -e URL: last value wins per pflag",
+			args: []string{
+				"--environment", "staging", "ai", "models", "custom", "create",
+				"-e", "https://endpoint.com",
+			},
+			expectedEnvName: "",
+			description: "pflag takes last -e value (the URL), " +
+				"which is invalid so env name stays empty",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			clearAgentEnvVarsForTest(t)
+			agentdetect.ResetDetection()
+
+			opts := &internal.GlobalCommandOptions{}
+			err := ParseGlobalFlags(tt.args, opts)
+			require.NoError(t, err, "ParseGlobalFlags must not error for extension args: %s", tt.description)
+			assert.Equal(t, tt.expectedEnvName, opts.EnvironmentName, tt.description)
+
+			agentdetect.ResetDetection()
+		})
+	}
+}

cli/azd/cmd/container.go

@@ -189,8 +189,12 @@ func registerCommonDependencies(container *ioc.NestedContainer) {
 		return writer
 	})
 
-	container.MustRegisterScoped(func(ctx context.Context, cmd *cobra.Command) internal.EnvFlag {
-		// The env flag `-e, --environment` is available on most azd commands but not all
+	container.MustRegisterScoped(func(
+		ctx context.Context,
+		cmd *cobra.Command,
+		globalOptions *internal.GlobalCommandOptions,
+	) internal.EnvFlag {
+		// The env flag `-e, --environment` is available on most azd commands but not all.
 		// This is typically used to override the default environment and is used for bootstrapping other components
 		// such as the azd environment.
 		// If the flag is not available, don't panic, just return an empty string which will then allow for our default
@@ -201,6 +205,13 @@ func registerCommonDependencies(container *ioc.NestedContainer) {
 			envValue = ""
 		}
 
+		// For extension commands (DisableFlagParsing=true), cobra never parses -e so
+		// cmd.Flags().GetString always returns "". Fall back to the value that was
+		// pre-parsed in ParseGlobalFlags before the command tree was built.
+		if envValue == "" && globalOptions.EnvironmentName != "" {
+			envValue = globalOptions.EnvironmentName
+		}
+
 		if envValue == "" {
 			// If no explicit environment flag was set, but one was provided
 			// in the context, use that instead.
@@ -981,6 +992,11 @@ func (w *workflowCmdAdapter) ExecuteContext(ctx context.Context, args []string)
 // extractGlobalArgs extracts global flag arguments from the process command line.
 // It parses os.Args against the global flag set and returns only the flags that were
 // explicitly set by the user, formatted as command-line arguments.
+//
+// The "environment" flag is intentionally excluded: workflow steps may define their own
+// -e/--environment (e.g. `azd: env set KEY VALUE -e env1`), and appending the parent's
+// --environment would override the step-level value. Environment propagation to workflow
+// steps is handled by the globalOptions DI fallback in the EnvFlag resolver instead.
 func extractGlobalArgs() []string {
 	globalFlagSet := CreateGlobalFlagSet()
 	globalFlagSet.SetOutput(io.Discard)
@@ -989,7 +1005,7 @@ func extractGlobalArgs() []string {
 
 	var result []string
 	globalFlagSet.VisitAll(func(f *pflag.Flag) {
-		if f.Changed {
+		if f.Changed && f.Name != internal.EnvironmentNameFlagName {
 			// Use --flag=value syntax to avoid ambiguity. The two-arg form (--flag value)
 			// doesn't work for boolean flags, where the value is treated as a positional arg.
 			result = append(result, fmt.Sprintf("--%s=%s", f.Name, f.Value.String()))

cli/azd/cmd/extensions.go

@@ -259,22 +259,22 @@ func (a *extensionAction) Run(ctx context.Context) (*actions.ActionResult, error
 		allEnv = append(allEnv, traceEnv...)
 	}
 
-	// Read global flags for propagation via InvokeOptions
-	debugEnabled, _ := a.cmd.Flags().GetBool("debug")
-	cwd, _ := a.cmd.Flags().GetString("cwd")
-	envName, _ := a.cmd.Flags().GetString("environment")
-
+	// Use globalOptions for flag propagation instead of cmd.Flags().
+	// Extension commands use DisableFlagParsing=true, so cobra never parses
+	// global flags like --debug, --cwd, or -e. The globalOptions were populated
+	// by ParseGlobalFlags() before command tree construction and are the only
+	// reliable source for these values.
 	options := &extensions.InvokeOptions{
 		Args: a.args,
 		Env:  allEnv,
 		// cmd extensions are always interactive (connected to terminal)
 		Interactive: true,
-		Debug:       debugEnabled,
+		Debug:       a.globalOptions.EnableDebugLogging,
 		// Use globalOptions.NoPrompt which includes agent detection,
 		// not just the --no-prompt CLI flag
 		NoPrompt:    a.globalOptions.NoPrompt,
-		Cwd:         cwd,
-		Environment: envName,
+		Cwd:         a.globalOptions.Cwd,
+		Environment: a.globalOptions.EnvironmentName,
 	}
 
 	_, invokeErr := a.extensionRunner.Invoke(ctx, extension, options)

cli/azd/cmd/testdata/TestFigSpec.ts

@@ -226,15 +226,6 @@ const completionSpec: Fig.Spec = {
 							name: ['init'],
 							description: 'Initialize a new AI agent project. (Preview)',
 							options: [
-								{
-									name: ['--environment', '-e'],
-									description: 'The name of the azd environment to use.',
-									args: [
-										{
-											name: 'environment',
-										},
-									],
-								},
 								{
 									name: ['--manifest', '-m'],
 									description: 'Path or URI to an agent manifest to add to your azd project',
@@ -426,15 +417,6 @@ const completionSpec: Fig.Spec = {
 							name: ['init'],
 							description: 'Initialize a new AI Fine-tuning project. (Preview)',
 							options: [
-								{
-									name: ['--environment', '-n'],
-									description: 'The name of the azd environment to use.',
-									args: [
-										{
-											name: 'environment',
-										},
-									],
-								},
 								{
 									name: ['--from-job', '-j'],
 									description: 'Clone configuration from an existing job ID',
@@ -1149,15 +1131,6 @@ const completionSpec: Fig.Spec = {
 							name: ['init'],
 							description: 'Initialize a new AI models project. (Preview)',
 							options: [
-								{
-									name: ['--environment', '-n'],
-									description: 'The name of the azd environment to use',
-									args: [
-										{
-											name: 'environment',
-										},
-									],
-								},
 								{
 									name: ['--project-endpoint', '-e'],
 									description: 'Azure AI Foundry project endpoint URL (e.g., https://account.services.ai.azure.com/api/projects/project-name)',
@@ -3689,6 +3662,16 @@ const completionSpec: Fig.Spec = {
 			description: 'Enables debugging and diagnostics logging.',
 			isPersistent: true,
 		},
+		{
+			name: ['--environment', '-e'],
+			description: 'The name of the environment to use.',
+			isPersistent: true,
+			args: [
+				{
+					name: 'environment',
+				},
+			],
+		},
 		{
 			name: ['--no-prompt'],
 			description: 'Accepts the default value instead of prompting, or it fails if there is no default.',

cli/azd/cmd/testdata/TestUsage-azd-add.snap

@@ -5,11 +5,12 @@ Usage
   azd add [flags]
 
 Global Flags
-    -C, --cwd string 	: Sets the current working directory.
-        --debug      	: Enables debugging and diagnostics logging.
-        --docs       	: Opens the documentation for azd add in your web browser.
-    -h, --help       	: Gets help for add.
-        --no-prompt  	: Accepts the default value instead of prompting, or it fails if there is no default.
+    -C, --cwd string         	: Sets the current working directory.
+        --debug              	: Enables debugging and diagnostics logging.
+        --docs               	: Opens the documentation for azd add in your web browser.
+    -e, --environment string 	: The name of the environment to use.
+    -h, --help               	: Gets help for add.
+        --no-prompt          	: Accepts the default value instead of prompting, or it fails if there is no default.
 
 Find a bug? Want to let us know how we're doing? Fill out this brief survey: https://aka.ms/azure-dev/hats.