From 0d876c9835666714730cc0ae4eddda54dfd8e81a Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Wed, 13 May 2026 17:07:26 +0000
Subject: [PATCH] fix: gate permission skip flags to debug builds

Co-authored-by: cooper <czxtm@users.noreply.github.com>
---
 .../src-tauri/src/system/permissions.rs       | 66 ++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/apps/native/src-tauri/src/system/permissions.rs b/apps/native/src-tauri/src/system/permissions.rs
index ff56b8832..751fd45d4 100644
--- a/apps/native/src-tauri/src/system/permissions.rs
+++ b/apps/native/src-tauri/src/system/permissions.rs
@@ -73,10 +73,26 @@ fn get_default_permissions() -> Vec<Permission> {
     ]
 }
 
+#[cfg(debug_assertions)]
 fn e2e_skip_permissions_enabled() -> bool {
     crate::e2e_runtime::enabled("NIXMAC_SKIP_PERMISSIONS")
 }
 
+#[cfg(not(debug_assertions))]
+fn e2e_skip_permissions_enabled() -> bool {
+    false
+}
+
+#[cfg(debug_assertions)]
+fn vite_skip_permissions_enabled() -> bool {
+    std::env::var("VITE_NIXMAC_SKIP_PERMISSIONS").is_ok()
+}
+
+#[cfg(not(debug_assertions))]
+fn vite_skip_permissions_enabled() -> bool {
+    false
+}
+
 fn granted_folder_permission(id: &str, name: &str, description: &str) -> Permission {
     Permission {
         id: id.to_string(),
@@ -147,7 +163,7 @@ fn check_folder_access(path: &PathBuf) -> PermissionStatus {
 /// PermissionDenied. Only if every probe path is missing (NotFound) do we
 /// fall back to Pending.
 fn check_full_disk_access() -> PermissionStatus {
-    if std::env::var("VITE_NIXMAC_SKIP_PERMISSIONS").is_ok() {
+    if vite_skip_permissions_enabled() {
         debug!("VITE_NIXMAC_SKIP_PERMISSIONS is set, assuming Full Disk Access granted");
         return PermissionStatus::Granted;
     }
@@ -425,6 +441,54 @@ pub fn all_required_permissions_granted() -> bool {
 mod tests {
     use super::*;
 
+    #[cfg(debug_assertions)]
+    #[test]
+    fn e2e_permission_skip_env_is_honored_in_debug_builds() {
+        let _env_lock = crate::test_support::e2e_env_lock();
+        let _env_restore =
+            crate::test_support::EnvVarRestore::capture(&["NIXMAC_SKIP_PERMISSIONS"]);
+
+        std::env::set_var("NIXMAC_SKIP_PERMISSIONS", "true");
+
+        assert!(e2e_skip_permissions_enabled());
+    }
+
+    #[cfg(not(debug_assertions))]
+    #[test]
+    fn e2e_permission_skip_env_is_ignored_in_release_builds() {
+        let _env_lock = crate::test_support::e2e_env_lock();
+        let _env_restore =
+            crate::test_support::EnvVarRestore::capture(&["NIXMAC_SKIP_PERMISSIONS"]);
+
+        std::env::set_var("NIXMAC_SKIP_PERMISSIONS", "true");
+
+        assert!(!e2e_skip_permissions_enabled());
+    }
+
+    #[cfg(debug_assertions)]
+    #[test]
+    fn vite_permission_skip_env_is_honored_in_debug_builds() {
+        let _env_lock = crate::test_support::e2e_env_lock();
+        let _env_restore =
+            crate::test_support::EnvVarRestore::capture(&["VITE_NIXMAC_SKIP_PERMISSIONS"]);
+
+        std::env::set_var("VITE_NIXMAC_SKIP_PERMISSIONS", "true");
+
+        assert!(vite_skip_permissions_enabled());
+    }
+
+    #[cfg(not(debug_assertions))]
+    #[test]
+    fn vite_permission_skip_env_is_ignored_in_release_builds() {
+        let _env_lock = crate::test_support::e2e_env_lock();
+        let _env_restore =
+            crate::test_support::EnvVarRestore::capture(&["VITE_NIXMAC_SKIP_PERMISSIONS"]);
+
+        std::env::set_var("VITE_NIXMAC_SKIP_PERMISSIONS", "true");
+
+        assert!(!vite_skip_permissions_enabled());
+    }
+
     #[test]
     fn test_check_desktop_access() {
         let status = check_desktop_access();