Context
PR #13 (implementing CodexCliRuntime, closing #12) introduced ANTHROPIC_API_KEY stripping in CodexCliRuntime.buildEnv(). This was specified in the issue but on reflection is scope creep for a single runtime:
- Only Codex strips
ANTHROPIC_API_KEY — Claude and Gemini don't strip anything
- If cross-provider isolation is worth doing, it should be symmetric across all runtimes
- If it's not worth doing (low risk — APIs reject wrong keys), it shouldn't be in any runtime
Options
- Remove it entirely from
CodexCliRuntime.buildEnv() — simplest, matches Claude/Gemini behavior (return {})
- Implement symmetrically — each runtime strips all other provider keys (Codex strips
ANTHROPIC_API_KEY + GEMINI_API_KEY, Claude strips OPENAI_API_KEY + GEMINI_API_KEY, etc.)
- Move to
CLIRuntimeBase — base class handles stripping based on a provider-key mapping, subclasses declare which keys are theirs
Recommendation
Option 1 (remove). The risk is negligible and the complexity isn't justified.
References
Context
PR #13 (implementing
CodexCliRuntime, closing #12) introducedANTHROPIC_API_KEYstripping inCodexCliRuntime.buildEnv(). This was specified in the issue but on reflection is scope creep for a single runtime:ANTHROPIC_API_KEY— Claude and Gemini don't strip anythingOptions
CodexCliRuntime.buildEnv()— simplest, matches Claude/Gemini behavior (return{})ANTHROPIC_API_KEY+GEMINI_API_KEY, Claude stripsOPENAI_API_KEY+GEMINI_API_KEY, etc.)CLIRuntimeBase— base class handles stripping based on a provider-key mapping, subclasses declare which keys are theirsRecommendation
Option 1 (remove). The risk is negligible and the complexity isn't justified.
References
src/middleware/runtimes/codex.ts—buildEnv()at issuesrc/middleware/runtimes/claude.ts— returns{}src/middleware/runtimes/gemini.ts— returns{}