Expand description
Env whitelist for LLM subprocess spawners (v1.0.83, ADR-0041).
Unifies the duplicated env_clear() + re-injection logic that previously
lived in src/commands/{claude_runner,codex_spawn,ingest_claude}.rs.
§OAuth-only mandate preserved
ANTHROPIC_API_KEY and OPENAI_API_KEY are INTENTIONALLY ABSENT —
rejected by upstream guards in claude_runner.rs, codex_spawn.rs,
ingest_claude.rs and extract/llm_embedding.rs per ADR-0011, ADR-0025
and ADR-0041. The guards reject these vars regardless of whether they
reach the subprocess; the env whitelist is the SECOND line of defence.
§Custom provider support (v1.0.83)
ANTHROPIC_AUTH_TOKEN and ANTHROPIC_BASE_URL are preserved so that
Claude Code can authenticate against a custom Anthropic-compatible
endpoint (MiniMax/api.minimax.io, OpenRouter, corporate gateways). The
--bare flag remains PROHIBITED — these vars only flow to the
subprocess when the user opts into a custom provider via env vars.
§Strict mode (compliance)
When SQLITE_GRAPHRAG_STRICT_ENV_CLEAR=1 (or --strict-env-clear flag)
is active, only PATH is preserved. This covers environments that
forbid credential forwarding via env vars entirely.
Constants§
- PRESERVED_
ENV_ VARS - Environment variables preserved when spawning Claude/Codex subprocesses.
Functions§
- apply_
env_ whitelist - Apply the v1.0.83 env whitelist to a
Command. - is_
strict_ env_ clear - Detect whether strict env-clear mode is requested.