feat: zero-config aux + plain non-secret env values for reverse-proxied use

[kingsleydon]

Summary

Two narrow additive changes that make Hermes usable end-to-end on a
reverse-proxied deployment (one with a static api_key in config but no
local OAuth state). Both are gated so single-user CLI workflows are
byte-identical to before.

Why

Clawdi runs Hermes inside per-user containers behind a controller that
talks to a sub2api-compatible Codex Responses endpoint via the
model.api_key Direct config path PR #2 added. Two gaps surfaced:

1. Auxiliary tasks all break for direct-config users

_try_codex() only ever reads from the Codex auth store / credential
pool. When the operator pinned an explicit api_key in config.yaml
(the PR #2 path), every auxiliary task — vision, web_extract,
compression, session_search, skills_hub, approval, mcp,
flush_memories — falls into the OAuth chain and returns
None, None, surfacing as the loud startup banner

⚠ No auxiliary LLM provider configured — context compression will
drop middle turns without a summary.

…even though the operator's main-inference api_key would work fine
for these tasks.

2. Non-secret env vars are unreadable

GET /api/env always redacts redacted_value, even for fields
marked password: False in OPTIONAL_ENV_VARS (allow-lists, mode
flags, account IDs). Reverse-proxied dashboards can't round-trip
those fields in form inputs without forcing the user to retype on
every edit.

What this PR changes

agent/auxiliary_client.py: codex aux direct-config path

_try_codex() learned a new entry point —
_try_codex_from_config() — that mirrors the Direct config path
runtime_provider.py added for main inference. When
model.provider == \"openai-codex\" AND model.api_key is set,
build a Codex auxiliary client straight from those values instead of
going through the device-code OAuth flow.

The existing pool / _read_codex_access_token chain is untouched
and runs unchanged whenever api_key is empty, so single-user CLI
workflows see no behavior change.

The auxiliary model defaults to model.default (the operator's
main model) rather than _CODEX_AUX_MODEL. In direct-config mode
the only models guaranteed to exist are the ones the operator's
reverse proxy actually serves — which is what model.default
describes. _CODEX_AUX_MODEL is hardcoded for ChatGPT-backed
Codex compatibility and may not exist on a custom endpoint.
Per-task auxiliary.{task}.model overrides still win because the
caller composes them via model or default.

Net result: operators only have to set
model.default + model.base_url + model.api_key once. All eight
auxiliary tasks pick the same model automatically — same zero-config
UX an OAuth user gets, just sourced from explicit config instead of
OAuth tokens.

hermes_cli/web_server.py: plain value for non-secret env vars

GET /api/env now returns a value field alongside
redacted_value. For env vars marked password: False, value
is the plain on-disk string; for password: True fields it stays
None.

Backward compatible — redacted_value is unchanged so existing
clients keep working. Password-flagged fields still require the
rate-limited /api/env/reveal endpoint with audit logging.

Compatibility matrix

User class	Behavior change
Single-user OAuth (model.api_key == \"\")	None — _try_codex_from_config short-circuits on empty api_key, falls through to the unchanged OAuth path
Explicit api_key (PR #2 path)	Auxiliary tasks now work instead of warning at startup
Reverse-proxied / sub2api deployments	Both gaps closed
Old API clients reading redacted_value	None — new value field is purely additive

Test plan

• hermes web with no env override → _try_codex reaches OAuth path, _CODEX_AUX_MODEL returned (single-user CLI baseline)
• config.yaml with model.provider=openai-codex, model.api_key=sk-xxx, model.base_url=https://... → _try_codex_from_config returns (CodexAuxiliaryClient, model.default)
• config.yaml with model.provider=openai-codex, model.api_key=\"\" → _try_codex_from_config returns (None, None), OAuth path runs unchanged
• Per-task override auxiliary.compression.model=gpt-5.1-codex-mini → caller's final_model wins over model.default
• GET /api/env for TELEGRAM_BOT_TOKEN (password: True) → value is None
• GET /api/env for TELEGRAM_ALLOWED_USERS (password: False) → value is the plain on-disk string

[kingsleydon]

Superseded — switching Clawdi to upstream-native provider: custom + api_mode: codex_responses instead of patching the codex provider path. The auxiliary plumbing fix turns out to be unnecessary because vanilla Hermes already routes custom provider with explicit api_mode through CodexAuxiliaryClient via _wrap_if_needed. Closing this PR; only PR #3 (HERMES_SESSION_TOKEN env override) remains as a fork-level patch and will be proposed upstream separately.