fix(acp): strip provider API keys from ACP child process env

rodrigouroz · rodrigouroz · commit ebc3ab87499f · 2026-03-09T23:05:41.000-03:00
Provider API keys (e.g. OPENAI_API_KEY) injected by the auth system were leaking into ACP child processes. This caused Codex CLI to detect the env var and overwrite ~/.codex/auth.json, replacing OAuth credentials with apikey mode. The existing stripKeys mechanism only removed skill-injected env vars (getActiveSkillEnvKeys). This change also strips all known provider API key env vars (listKnownProviderEnvApiKeyNames) so ACP agents use their own configured authentication instead of inheriting leaked credentials. Fixes the same class of issue described in #36280.
diff --git a/src/acp/client.ts b/src/acp/client.ts
@@ -459,9 +459,15 @@ export async function createAcpClient(opts: AcpClientOptions = {}): Promise<AcpC
   const serverCommand = opts.serverCommand ?? (entryPath ? process.execPath : "openclaw");
   const effectiveArgs = opts.serverCommand || !entryPath ? serverArgs : [entryPath, ...serverArgs];
   const { getActiveSkillEnvKeys } = await import("../agents/skills/env-overrides.runtime.js");
-  const spawnEnv = resolveAcpClientSpawnEnv(process.env, {
-    stripKeys: getActiveSkillEnvKeys(),
-  });
+  const { listKnownProviderEnvApiKeyNames } = await import("../agents/model-auth-env-vars.js");
+  const stripKeys = new Set(getActiveSkillEnvKeys());
+  // Strip provider API keys so they don't leak to ACP child processes.
+  // Without this, env vars like OPENAI_API_KEY cause Codex CLI to overwrite
+  // its OAuth credentials in ~/.codex/auth.json with apikey mode.
+  for (const key of listKnownProviderEnvApiKeyNames()) {
+    stripKeys.add(key);
+  }
+  const spawnEnv = resolveAcpClientSpawnEnv(process.env, { stripKeys });
   const spawnInvocation = resolveAcpClientSpawnInvocation(
     { serverCommand, serverArgs: effectiveArgs },
     {
