fix(standalone): resolve image LD_LIBRARY_PATH instead of literal shell var

[doringeman]

Fixes #547.

[gemini-code-assist]

Code Review

The pull request correctly identifies that Docker does not perform shell expansion for environment variables and fixes it by manually resolving the LD_LIBRARY_PATH from the image. However, the implementation has a flaw that could introduce a security vulnerability by unintentionally adding the current working directory to the library search path. I've added a comment with a suggested fix for this issue.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• Consider handling the ImageInspect error explicitly (e.g., logging at debug level) so that unexpected failures to read the image’s LD_LIBRARY_PATH are easier to diagnose rather than silently falling back to the default path.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider handling the `ImageInspect` error explicitly (e.g., logging at debug level) so that unexpected failures to read the image’s `LD_LIBRARY_PATH` are easier to diagnose rather than silently falling back to the default path.

## Individual Comments

### Comment 1
<location path="cmd/cli/pkg/standalone/containers.go" line_range="573-581" />
<code_context>
+		ldLibPath := "/usr/lib/wsl/lib:/usr/local/cuda/lib64"
+		if imgInfo, err := dockerClient.ImageInspect(ctx, imageName); err == nil {
+			for _, e := range imgInfo.Config.Env {
+				if strings.HasPrefix(e, "LD_LIBRARY_PATH=") {
+					ldLibPath += ":" + strings.TrimPrefix(e, "LD_LIBRARY_PATH=")
+					break
+				}
</code_context>
<issue_to_address>
**suggestion:** Guard against appending a trailing colon when the image LD_LIBRARY_PATH is empty.

If the image config has `LD_LIBRARY_PATH=` with an empty value, `strings.TrimPrefix` returns an empty string and this code adds a trailing `:`. While often harmless, it can change behavior in some environments. Consider storing the trimmed value in a variable and only appending `":" + value` when it’s non-empty.

```suggestion
		ldLibPath := "/usr/lib/wsl/lib:/usr/local/cuda/lib64"
		if imgInfo, err := dockerClient.ImageInspect(ctx, imageName); err == nil {
			for _, e := range imgInfo.Config.Env {
				if strings.HasPrefix(e, "LD_LIBRARY_PATH=") {
					imageLdLibPath := strings.TrimPrefix(e, "LD_LIBRARY_PATH=")
					if imageLdLibPath != "" {
						ldLibPath += ":" + imageLdLibPath
					}
					break
				}
			}
		}
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[ilopezluna]

thanks!