feat(pi): support egress injected api keys

docs/prds/0058-pi-agent-provider.md

@@ -13,8 +13,9 @@ provider settings file that targets an unauthenticated Ollama-compatible server.
 
 The default settings assume an Ollama server at `http://ollama:11434/v1`, using
 the `openai-completions` API with a dummy API key because Ollama ignores it.
-Users can override the base URL, model list, API key, API type, and compatibility
-flags through a new `agent_provider.settings` object.
+Users can override the provider id, base URL, model list, API key, API-key env
+reference, API type, and compatibility flags through a new
+`agent_provider.settings` object.
 
 ## Problem
 
@@ -60,8 +61,10 @@ supported for built-in `pi`.
 Supported keys:
 
 - `base_url`: string, defaults to `http://ollama:11434/v1`
+- `provider`: string, defaults to `ollama`
 - `api`: string, defaults to `openai-completions`
 - `api_key`: string, defaults to `ollama`
+- `api_key_env`: string, optional host env var name for egress auth injection
 - `models`: non-empty array of strings, defaults to `["qwen2.5-coder:7b"]`
 - `supports_developer_role`: boolean, defaults to `false`
 - `supports_reasoning_effort`: boolean, defaults to `false`
@@ -70,6 +73,15 @@ The snake-case manifest keys are converted into Pi's JSON field names:
 `baseUrl`, `apiKey`, `supportsDeveloperRole`, and
 `supportsReasoningEffort`.
 
+`api_key` and `api_key_env` are mutually exclusive. When targeting a hosted
+provider through bot-bottle's egress sidecar, omit `api_key` and set
+`api_key_env` to the host env var that holds the API key. The generated
+`models.json` receives only an `egress-placeholder` API key, and the egress
+route injects the real `Authorization` header from the sidecar env. For example,
+OpenRouter can use provider id `openrouter` with
+`api_key_env: OPENROUTER_API_KEY`, keeping the key out of the agent env and
+`models.json`.
+
 ### Provider
 
 `PiAgentProvider.provision_plan` writes `models.json` into the per-launch state