Excited to hopefully make my first contribution!

Video

Summary

• Route SSH Source Control AI commit/PR generation through the user's login shell when requested, so agents installed by shell startup files (like OpenCode via nvm/Homebrew PATH setup) can be found.
• Pass the shell-launch request from the SSH git provider for commit message and PR field generation, while preserving the existing Windows-safe spawn path.

Closes #4720.

Screenshots

No visual change.

Testing

• pnpm exec vitest run --config config/vitest.config.ts src/relay/agent-exec-handler.test.ts src/main/providers/ssh-git-provider.test.ts
• pnpm run build:relay
• Manual SSH repro: configured an SSH target where plain non-interactive PATH did not find opencode, while $SHELL -ilc "command -v opencode" did; verified OpenCode Source Control generation filled the commit message instead of showing the remote PATH error.
• pnpm run typecheck - currently fails on current origin/main in src/renderer/src/components/sidebar/folder-workspace-composer-submit.ts, which is outside this PR's diff.
• pnpm run lint - currently fails on current origin/main max-lines findings in existing renderer files outside this PR's diff.
• pnpm test - focused SSH tests pass, but the full suite currently has unrelated failures in sidebar and PTY tests outside this PR's diff.
• pnpm build - not run; this change only touches relay/provider behavior, and pnpm run build:relay was run for the changed relay path.

AI Review Report

Reviewed the code paths for SSH commit-message and PR-field generation, relay subprocess spawning, cancellation lanes, argument passing, and regression coverage. The main risk checked was introducing shell injection while switching to shell-based launch. The implementation uses exec "$@" with the binary and args passed as positional shell parameters instead of string-concatenating user input.

Cross-platform compatibility was checked explicitly:

• macOS/Linux: only bash/zsh shell launch uses -ilc to inherit login/interactive PATH setup for SSH relay commands.
• Windows: shell launch keeps the existing Windows-safe spawn path, including .cmd/.bat handling through cmd.exe.
• SSH relay cancellation and operation-lane behavior remains covered by existing and updated tests.

Security Audit

Reviewed command execution and IPC payload handling. The new shell flag is only honored as a strict boolean, and the shell command does not interpolate the agent binary, model, cwd, or prompt into shell source. The prompt still travels through stdin for OpenCode/Codex-style agents, and existing timeout/cancellation limits remain in place.

No secrets, auth flows, or dependency changes are introduced.

Notes

The fix is intentionally scoped to non-interactive SSH Source Control AI generation. Normal non-shell execution remains the default unless the caller asks for shell PATH resolution.