fix(codex): stop injecting api key placeholder

bot_bottle/backend/docker/prepare.py

@@ -201,18 +201,18 @@ def resolve_plan(
     # never lands on argv or in env_file) goes into one dict. Nothing
     # mutates the host os.environ.
     forwarded_env: dict[str, str] = dict(resolved.forwarded)
-    # When the bottle declares an egress route with the
-    # `claude_code_oauth` role marker, claude-code's outbound
-    # Authorization gets stripped + re-injected by egress. The
-    # agent's environ still needs *something* claude-code recognises
-    # as a credential or it refuses to start; ship a non-secret
-    # placeholder. The placeholder isn't any real token value, so
-    # leaking it would tell an attacker only that egress is in
-    # front. Manifest validation enforces singleton on this role.
+    # Some provider CLIs refuse to start without *some* credential
+    # env var even when egress will strip + re-inject the real
+    # Authorization header. For those providers, auth_role names the
+    # route marker that enables a non-secret placeholder env. Codex is
+    # intentionally absent here: it should use its device/ChatGPT login
+    # state, and an OPENAI_API_KEY placeholder would force API-key auth.
     has_provider_auth = any(
-        provider_runtime.auth_role in r.roles for r in egress_plan.routes
+        provider_runtime.auth_role
+        and provider_runtime.auth_role in r.roles
+        for r in egress_plan.routes
     )
-    if has_provider_auth:
+    if has_provider_auth and provider_runtime.placeholder_env:
         forwarded_env[provider_runtime.placeholder_env] = "egress-placeholder"
     if provider.template == "claude" and has_provider_auth:
         # Belt-and-braces: turn off telemetry endpoints (statsig,

bot_bottle/backend/print_util.py

@@ -34,12 +34,12 @@ def visible_agent_env_names(
 ) -> list[str]:
     """Env names worth showing in launch summaries.
 
-    Provider auth placeholders (`OPENAI_API_KEY`,
-    `CLAUDE_CODE_OAUTH_TOKEN`) are implementation details: they are
-    non-secret dummy values that satisfy the provider CLI while egress
-    injects the real upstream Authorization header. Showing them in
-    preflight makes the operator think a real key is entering the
-    agent, so hide only that provider-owned placeholder.
+    Provider auth placeholders (currently `CLAUDE_CODE_OAUTH_TOKEN`)
+    are implementation details: they are non-secret dummy values that
+    satisfy the provider CLI while egress injects the real upstream
+    Authorization header. Showing them in preflight makes the operator
+    think a real key is entering the agent, so hide only the active
+    provider-owned placeholder.
     """
     hidden = {runtime_for(agent_provider_template).placeholder_env}
-    return sorted({name for name in env_names if name not in hidden})
+    return sorted({name for name in env_names if name and name not in hidden})

bot_bottle/backend/smolmachines/prepare.py

@@ -112,18 +112,18 @@ def resolve_plan(
     egress_dir.mkdir(parents=True, exist_ok=True)
     egress_plan = Egress().prepare(bottle, slug, egress_dir)
 
-    # Claude-code refuses to start without *something* it
-    # recognises as a credential. When the bottle has an egress
-    # route carrying the `claude_code_oauth` role marker, egress
-    # strips + re-injects the real Authorization header on the
-    # outbound leg using a token held in egress's own environ — so
-    # the agent gets a non-secret placeholder here (matches the
-    # docker backend's forwarded_env logic in
-    # bot_bottle/backend/docker/prepare.py).
+    # Some provider CLIs refuse to start without *some* credential
+    # env var even when egress will strip + re-inject the real
+    # Authorization header. For those providers, auth_role names the
+    # route marker that enables a non-secret placeholder env. Codex is
+    # intentionally absent here: it should use its device/ChatGPT login
+    # state, and an OPENAI_API_KEY placeholder would force API-key auth.
     has_provider_auth = any(
-        provider_runtime.auth_role in r.roles for r in egress_plan.routes
+        provider_runtime.auth_role
+        and provider_runtime.auth_role in r.roles
+        for r in egress_plan.routes
     )
-    if has_provider_auth:
+    if has_provider_auth and provider_runtime.placeholder_env:
         guest_env[provider_runtime.placeholder_env] = "egress-placeholder"
     if provider.template == "claude" and has_provider_auth:
         guest_env.setdefault("CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC", "1")