fix(codex): keep env fallback local to stdio app-server

docs/plugins/codex-harness.md

@@ -185,9 +185,9 @@ Codex after changing config.
 The plugin blocks older or unversioned app-server handshakes. That keeps
 OpenClaw on the protocol surface it has been tested against.
 
-For live and Docker smoke tests, auth usually comes from the Codex CLI account,
-an OpenClaw `openai-codex` auth profile, or `CODEX_API_KEY` /
-`OPENAI_API_KEY` as a fallback when no account is present.
+For live and Docker smoke tests, auth usually comes from the Codex CLI account
+or an OpenClaw `openai-codex` auth profile. Local stdio app-server launches can
+also fall back to `CODEX_API_KEY` / `OPENAI_API_KEY` when no account is present.
 
 ## Minimal config
 
@@ -514,15 +514,18 @@ order:
 
 1. An explicit OpenClaw Codex auth profile for the agent.
 2. The app-server's existing account, such as a local Codex CLI ChatGPT sign-in.
-3. `CODEX_API_KEY`, then `OPENAI_API_KEY`, only when no app-server account is
-   present and OpenAI auth is still required.
+3. For local stdio app-server launches only, `CODEX_API_KEY`, then
+   `OPENAI_API_KEY`, when no app-server account is present and OpenAI auth is
+   still required.
 
 When OpenClaw sees a ChatGPT subscription-style Codex auth profile, it removes
 `CODEX_API_KEY` and `OPENAI_API_KEY` from the spawned Codex child process. That
 keeps Gateway-level API keys available for embeddings or direct OpenAI models
 without making native Codex app-server turns bill through the API by accident.
-Explicit Codex API-key profiles and env-key fallback use app-server login
-instead of inherited child-process env.
+Explicit Codex API-key profiles and local stdio env-key fallback use app-server
+login instead of inherited child-process env. WebSocket app-server connections
+do not receive Gateway env API-key fallback; use an explicit auth profile or the
+remote app-server's own account.
 
 If a deployment needs additional environment isolation, add those variables to
 `appServer.clearEnv`:

docs/providers/openai.md

@@ -293,15 +293,17 @@ selects auth in this order:
 
 1. An explicit OpenClaw `openai-codex` auth profile bound to the agent.
 2. The app-server's existing account, such as a local Codex CLI ChatGPT sign-in.
-3. `CODEX_API_KEY`, then `OPENAI_API_KEY`, only when the app-server reports no
-   account and still requires OpenAI auth.
+3. For local stdio app-server launches only, `CODEX_API_KEY`, then
+   `OPENAI_API_KEY`, when the app-server reports no account and still requires
+   OpenAI auth.
 
 That means a local ChatGPT/Codex subscription sign-in is not replaced just
 because the gateway process also has `OPENAI_API_KEY` for direct OpenAI models
-or embeddings. API-key fallback is only the no-account path. When a
-subscription-style Codex profile is selected, OpenClaw also keeps
-`CODEX_API_KEY` and `OPENAI_API_KEY` out of the spawned stdio app-server child
-and sends the selected credentials through the app-server login RPC.
+or embeddings. Env API-key fallback is only the local stdio no-account path; it
+is not sent to WebSocket app-server connections. When a subscription-style Codex
+profile is selected, OpenClaw also keeps `CODEX_API_KEY` and `OPENAI_API_KEY`
+out of the spawned stdio app-server child and sends the selected credentials
+through the app-server login RPC.
 
 ## Image generation