Summary
src/commands/onboard-provider-auth-flags.ts declares 24 provider API-key CLI flags for the remoteclaw onboard command, but only 3 are actually consumed by the live wizard (anthropicApiKey, openaiApiKey, geminiApiKey). The remaining 21 flags are parsed, forwarded into OnboardOptions, and silently ignored. Additionally, --codex-api-key is missing from the flag list even though src/wizard/onboarding.ts reads opts.codexApiKey — so non-interactive Codex onboarding is currently broken.
Evidence
Live flag consumers (3 of 24)
From src/wizard/onboarding.ts:
- Line 114 —
opts.anthropicApiKey → Claude runtime credential
- Line 219 —
opts.anthropicApiKey → OpenCode runtime Anthropic sub-provider credential
- Line 230 —
opts.openaiApiKey → OpenCode runtime OpenAI sub-provider credential
- Line 153 —
opts.geminiApiKey → Gemini runtime credential
Dead flags (21 of 24)
Parsed in onboard-provider-auth-flags.ts, forwarded to OnboardOptions in register.onboard.ts:145-169, but no downstream consumer:
mistralApiKey, openrouterApiKey, kilocodeApiKey, aiGatewayApiKey,
cloudflareAiGatewayApiKey, moonshotApiKey, kimiCodeApiKey, zaiApiKey,
xiaomiApiKey, qianfanApiKey, minimaxApiKey, syntheticApiKey, veniceApiKey,
togetherApiKey, huggingfaceApiKey, opencodeZenApiKey, xaiApiKey,
litellmApiKey, volcengineApiKey, byteplusApiKey
The non-interactive path that would handle these (src/commands/onboard-non-interactive/local/auth-choice.ts::applyNonInteractiveAuthChoice) is an explicit no-op:
// Gutted in RemoteClaw fork (Middleware Boundary Principle)
export async function applyNonInteractiveAuthChoice(..._args): Promise<void> {}So the flags are parsed, forwarded, and silently dropped.
Missing flag: --codex-api-key
src/wizard/onboarding.ts reads opts.codexApiKey (for the Codex runtime credential flow), but no flag registers this option. Effect: non-interactive Codex onboarding cannot provide an API key via CLI flag. Users running remoteclaw onboard --non-interactive --codex-api-key ... get "unknown option" errors; users trying to pre-configure Codex auth in a scripted environment hit a dead end.
This is a regression — issue #478 ("fix(onboard): wire auxiliary provider auth flags to non-interactive onboarding") was closed, but the Codex flag either was never added or was removed.
Proposed Changes
src/commands/onboard-provider-auth-flags.ts
Reduce the flag list to 4 entries:
export const ONBOARD_PROVIDER_AUTH_FLAGS: ReadonlyArray<OnboardProviderAuthFlag> = [
{ flag: "--anthropic-api-key <key>", ... },
{ flag: "--openai-api-key <key>", ... },
{ flag: "--gemini-api-key <key>", ... },
{ flag: "--codex-api-key <key>", ... }, // NEW
];(Keep file structure; just remove the 20 dead entries and add the codex one.)
src/commands/onboard-types.ts
Remove 20 dead fields from OnboardOptions (all the dead *ApiKey fields listed above). Keep:
anthropicApiKeyopenaiApiKeygeminiApiKeycodexApiKey
src/cli/program/register.onboard.ts:145-169
Drop the forwarders for the 20 dead flags. Keep the 4 live forwarders.
Help output
Verify that remoteclaw onboard --help shows only the 4 live flags (and no orphan ones).
Tests
- Add a test asserting
--codex-api-key is accepted and reaches the wizard
- Update or delete existing tests that reference dead flags (e.g.
onboard-non-interactive.provider-auth.test.ts is primarily testing the dead handler surface — see the sibling onboard-auth cluster gut issue; this PR should not duplicate that cleanup)
Acceptance Criteria
Out of Scope
- The dead
onboard-auth.* cluster (13 files, ~2,500 LoC) — tracked as a separate gut issue. This issue does not depend on that cluster; the flags file is an independent dead-flag problem.
onboard-non-interactive.provider-auth.test.ts deletion — covered by the sibling onboard-auth cluster gut issue.- Flags for providers that are not one of the 4 fork runtimes (Claude/Gemini/Codex/OpenCode) — intentionally out of scope per Middleware Boundary Principle.
References
Summary
src/commands/onboard-provider-auth-flags.tsdeclares 24 provider API-key CLI flags for theremoteclaw onboardcommand, but only 3 are actually consumed by the live wizard (anthropicApiKey,openaiApiKey,geminiApiKey). The remaining 21 flags are parsed, forwarded intoOnboardOptions, and silently ignored. Additionally,--codex-api-keyis missing from the flag list even thoughsrc/wizard/onboarding.tsreadsopts.codexApiKey— so non-interactive Codex onboarding is currently broken.Evidence
Live flag consumers (3 of 24)
From
src/wizard/onboarding.ts:opts.anthropicApiKey→ Claude runtime credentialopts.anthropicApiKey→ OpenCode runtime Anthropic sub-provider credentialopts.openaiApiKey→ OpenCode runtime OpenAI sub-provider credentialopts.geminiApiKey→ Gemini runtime credentialDead flags (21 of 24)
Parsed in
onboard-provider-auth-flags.ts, forwarded toOnboardOptionsinregister.onboard.ts:145-169, but no downstream consumer:The non-interactive path that would handle these (
src/commands/onboard-non-interactive/local/auth-choice.ts::applyNonInteractiveAuthChoice) is an explicit no-op:So the flags are parsed, forwarded, and silently dropped.
Missing flag:
--codex-api-keysrc/wizard/onboarding.tsreadsopts.codexApiKey(for the Codex runtime credential flow), but no flag registers this option. Effect: non-interactive Codex onboarding cannot provide an API key via CLI flag. Users runningremoteclaw onboard --non-interactive --codex-api-key ...get "unknown option" errors; users trying to pre-configure Codex auth in a scripted environment hit a dead end.This is a regression — issue #478 ("fix(onboard): wire auxiliary provider auth flags to non-interactive onboarding") was closed, but the Codex flag either was never added or was removed.
Proposed Changes
src/commands/onboard-provider-auth-flags.tsReduce the flag list to 4 entries:
(Keep file structure; just remove the 20 dead entries and add the codex one.)
src/commands/onboard-types.tsRemove 20 dead fields from
OnboardOptions(all the dead*ApiKeyfields listed above). Keep:anthropicApiKeyopenaiApiKeygeminiApiKeycodexApiKeysrc/cli/program/register.onboard.ts:145-169Drop the forwarders for the 20 dead flags. Keep the 4 live forwarders.
Help output
Verify that
remoteclaw onboard --helpshows only the 4 live flags (and no orphan ones).Tests
--codex-api-keyis accepted and reaches the wizardonboard-non-interactive.provider-auth.test.tsis primarily testing the dead handler surface — see the sibling onboard-auth cluster gut issue; this PR should not duplicate that cleanup)Acceptance Criteria
ONBOARD_PROVIDER_AUTH_FLAGScontains exactly 4 entries:anthropic,openai,gemini,codexOnboardOptionscontains exactly 4*ApiKeyfields matching the aboveregister.onboard.tsforwards exactly 4 flags intoOnboardOptionsremoteclaw onboard --helpshows only the 4 live flags--codex-api-key <key>end-to-end: flag is accepted, value reachesopts.codexApiKey, wizard consumes it for Codex runtime setuppnpm checkpassespnpm testpassesremoteclaw onboard --non-interactive --codex-api-key test-key ...creates a Codex auth profile successfullyOut of Scope
onboard-auth.*cluster (13 files, ~2,500 LoC) — tracked as a separate gut issue. This issue does not depend on that cluster; the flags file is an independent dead-flag problem.onboard-non-interactive.provider-auth.test.tsdeletion — covered by the sibling onboard-auth cluster gut issue.References
44b4f92b12, 2026-04-13