fix(installer): strip ANTHROPIC_API_KEY on legacy fallback path

Addresses Greptile P1: the legacy fallback path (no refresh token or
INSTALLER_DISABLE_PROXY=1) still leaked the user's personal
ANTHROPIC_API_KEY to the WorkOS gateway as an x-api-key header
alongside the WorkOS access token. Every other non-direct path already
deletes it; this brings the legacy branch in line.

Also clarifies the skip-auth/local log messages to reflect that a
placeholder bearer is now forwarded to the gateway (the SDK's local
auth-source check would otherwise fail with 'Not logged in').

Co-Authored-By: nick.nisi@workos.com <nick.nisi@workos.com>

Author: devin-ai-integration[bot]

src/lib/agent-interface.spec.ts

@@ -471,6 +471,23 @@ describe('initializeAgent sdkEnv auth', () => {
     expect(result.sdkEnv.ANTHROPIC_API_KEY).toBeUndefined();
   });
 
+  it('strips ANTHROPIC_API_KEY on legacy fallback path (no refresh token)', async () => {
+    vi.mocked(hasCredentials).mockReturnValue(true);
+    vi.mocked(getCredentials).mockReturnValue({
+      accessToken: 'real-workos-token',
+      refreshToken: null,
+      expiresAt: Date.now() + 60_000,
+    });
+
+    const result = await initializeAgent(makeAgentConfigForInit(), makeOptions({ skipAuth: false, local: false }));
+
+    // Legacy path sends the real WorkOS access token as the bearer; the
+    // user's personal Anthropic key must not tag along as an x-api-key
+    // header to the WorkOS gateway.
+    expect(result.sdkEnv.ANTHROPIC_AUTH_TOKEN).toBe('real-workos-token');
+    expect(result.sdkEnv.ANTHROPIC_API_KEY).toBeUndefined();
+  });
+
   it('preserves ANTHROPIC_API_KEY in direct mode', async () => {
     const result = await initializeAgent(
       makeAgentConfigForInit(),

src/lib/agent-interface.ts

@@ -455,26 +455,31 @@ export async function initializeAgent(config: AgentConfig, options: InstallerOpt
           }
 
           sdkEnv.ANTHROPIC_BASE_URL = gatewayUrl;
+          // Prevent the user's personal Anthropic key (if any) from being
+          // forwarded to the WorkOS gateway as an x-api-key header alongside
+          // the WorkOS access token we set below.
+          delete sdkEnv.ANTHROPIC_API_KEY;
           sdkEnv.ANTHROPIC_AUTH_TOKEN = creds.accessToken;
           authMode = options.local ? `local-gateway:${gatewayUrl}` : `workos-gateway:${gatewayUrl}`;
           logInfo('Sending access token to gateway (legacy mode)');
         }
       } else if (options.skipAuth) {
-        // Skip auth mode - direct to gateway without auth. Still seed a
-        // placeholder token so the SDK's local auth-source check passes; the
-        // gateway itself is expected to accept unauthenticated requests here.
+        // Skip auth mode - direct to gateway without a real token. The SDK's
+        // local auth-source check would otherwise fail with "Not logged in",
+        // so seed a placeholder bearer; the gateway is expected to accept
+        // unauthenticated requests here and ignore the placeholder value.
         sdkEnv.ANTHROPIC_BASE_URL = gatewayUrl;
         delete sdkEnv.ANTHROPIC_API_KEY;
         sdkEnv.ANTHROPIC_AUTH_TOKEN = PROXY_PLACEHOLDER_TOKEN;
         authMode = `skip-auth:${gatewayUrl}`;
-        logInfo('Skipping auth - no token sent to gateway');
+        logInfo('Skipping auth - placeholder bearer sent to gateway');
       } else {
         // Local mode without auth - same rationale as skip-auth above.
         sdkEnv.ANTHROPIC_BASE_URL = gatewayUrl;
         delete sdkEnv.ANTHROPIC_API_KEY;
         sdkEnv.ANTHROPIC_AUTH_TOKEN = PROXY_PLACEHOLDER_TOKEN;
         authMode = `local-gateway:${gatewayUrl}`;
-        logInfo('Local mode - no token sent to gateway');
+        logInfo('Local mode - placeholder bearer sent to gateway');
       }
 
       logInfo('Configured LLM gateway:', sdkEnv.ANTHROPIC_BASE_URL);