@elvatis_com/openclaw-cli-bridge-elvatis 0.2.3 → 0.2.5

package/README.md

@@ -1,8 +1,8 @@
 # openclaw-cli-bridge-elvatis
 
-> OpenClaw plugin that bridges locally installed AI CLIs (Codex, Gemini, Claude Code) as model providers — with slash commands for instant model switching.
+> OpenClaw plugin that bridges locally installed AI CLIs (Codex, Gemini, Claude Code) as model providers — with slash commands for instant model switching, restore, and health testing.
 
-**Current version:** `0.2.2`
+**Current version:** `0.2.5`
 
 ---
 
@@ -14,30 +14,59 @@ Registers the `openai-codex` provider by reading OAuth tokens already stored by
 ### Phase 2 — Request bridge (local proxy)
 Starts a local OpenAI-compatible HTTP proxy on `127.0.0.1:31337` and configures OpenClaw's `vllm` provider to route calls through `gemini` and `claude` CLI subprocesses.
 
-Prompt delivery: always via **stdin** (not CLI args) — avoids `E2BIG` for long sessions. Each message batch is truncated to the last 20 messages + system message (configurable in `src/cli-runner.ts`).
+**Prompt delivery:** always via **stdin** (never CLI args or `@file`) — avoids `E2BIG` for long sessions and Gemini agentic mode. Each message batch is truncated to the last 20 messages + system message (`MAX_MESSAGES`/`MAX_MSG_CHARS` in `src/cli-runner.ts`).
 
-| Model reference | CLI invoked |
-|---|---|
-| `vllm/cli-gemini/gemini-2.5-pro` | `gemini -m gemini-2.5-pro @<tmpfile>` |
-| `vllm/cli-gemini/gemini-2.5-flash` | `gemini -m gemini-2.5-flash @<tmpfile>` |
-| `vllm/cli-gemini/gemini-3-pro` | `gemini -m gemini-3-pro @<tmpfile>` |
-| `vllm/cli-claude/claude-sonnet-4-6` | `claude -p --output-format text --model claude-sonnet-4-6` (stdin) |
-| `vllm/cli-claude/claude-opus-4-6` | `claude -p --output-format text --model claude-opus-4-6` (stdin) |
-| `vllm/cli-claude/claude-haiku-4-5` | `claude -p --output-format text --model claude-haiku-4-5` (stdin) |
+| Model reference | CLI invoked | Latency |
+|---|---|---|
+| `vllm/cli-gemini/gemini-2.5-pro` | `gemini -m gemini-2.5-pro -p ""` (stdin, cwd=/tmp) | ~8–10s |
+| `vllm/cli-gemini/gemini-2.5-flash` | `gemini -m gemini-2.5-flash -p ""` (stdin, cwd=/tmp) | ~4–6s |
+| `vllm/cli-gemini/gemini-3-pro` | `gemini -m gemini-3-pro -p ""` (stdin, cwd=/tmp) | ~8–10s |
+| `vllm/cli-claude/claude-sonnet-4-6` | `claude -p --output-format text --model claude-sonnet-4-6` (stdin) | ~2–4s |
+| `vllm/cli-claude/claude-opus-4-6` | `claude -p --output-format text --model claude-opus-4-6` (stdin) | ~3–5s |
+| `vllm/cli-claude/claude-haiku-4-5` | `claude -p --output-format text --model claude-haiku-4-5` (stdin) | ~1–3s |
 
 ### Phase 3 — Slash commands
-Six plugin-registered commands for instant model switching (no agent invocation needed):
+Ten plugin-registered commands (all `requireAuth: true`):
+
+**Claude Code CLI** (routed via local proxy on `:31337`):
 
-| Command | Switches to |
+| Command | Model |
 |---|---|
 | `/cli-sonnet` | `vllm/cli-claude/claude-sonnet-4-6` |
 | `/cli-opus` | `vllm/cli-claude/claude-opus-4-6` |
 | `/cli-haiku` | `vllm/cli-claude/claude-haiku-4-5` |
+
+**Gemini CLI** (routed via local proxy on `:31337`, stdin + `cwd=/tmp`):
+
+| Command | Model |
+|---|---|
 | `/cli-gemini` | `vllm/cli-gemini/gemini-2.5-pro` |
 | `/cli-gemini-flash` | `vllm/cli-gemini/gemini-2.5-flash` |
 | `/cli-gemini3` | `vllm/cli-gemini/gemini-3-pro` |
 
-All commands require `requireAuth: true` — only authorized/owner senders can execute them. Each command calls `openclaw models set <model>` via `api.runtime.system.runCommandWithTimeout` and replies with a confirmation.
+**Codex CLI** (via `openai-codex` provider — Codex CLI OAuth auth, calls OpenAI API directly, **not** through the local proxy):
+
+| Command | Model |
+|---|---|
+| `/cli-codex` | `openai-codex/gpt-5.3-codex` |
+| `/cli-codex-mini` | `openai-codex/gpt-5.1-codex-mini` |
+
+**Utility:**
+
+| Command | What it does |
+|---|---|
+| `/cli-back` | Restore the model active **before** the last `/cli-*` switch |
+| `/cli-test [model]` | One-shot proxy health check — **does NOT switch your active model** |
+
+**`/cli-back` details:**
+- Before every `/cli-*` switch the current model is saved to `~/.openclaw/cli-bridge-state.json`
+- `/cli-back` reads it, calls `openclaw models set <previous>`, then clears the file
+- State survives gateway restarts — safe to use any time
+
+**`/cli-test` details:**
+- Accepts short form (`cli-sonnet`) or full path (`vllm/cli-claude/claude-sonnet-4-6`)
+- Default when no arg given: `cli-claude/claude-sonnet-4-6`
+- Reports response content, latency, and confirms your active model is unchanged
 
 ---
 
@@ -57,7 +86,7 @@ All commands require `requireAuth: true` — only authorized/owner senders can e
 # From ClawHub
 clawhub install openclaw-cli-bridge-elvatis
 
-# Or from workspace (development / local path)
+# Or from workspace (development)
 # Add to ~/.openclaw/openclaw.json:
 # plugins.load.paths: ["~/.openclaw/workspace/openclaw-cli-bridge-elvatis"]
 # plugins.entries.openclaw-cli-bridge-elvatis: { "enabled": true }
@@ -69,37 +98,61 @@ clawhub install openclaw-cli-bridge-elvatis
 
 ### 1. Enable + restart
 
-```bash
-# In ~/.openclaw/openclaw.json → plugins.entries:
+```json
+// ~/.openclaw/openclaw.json → plugins.entries
 "openclaw-cli-bridge-elvatis": { "enabled": true }
+```
 
+```bash
 openclaw gateway restart
 ```
 
-### 2. Register Codex auth (Phase 1, optional)
+### 2. Verify (check gateway logs)
+
+```
+[cli-bridge] proxy ready on :31337
+[cli-bridge] registered 8 commands: /cli-sonnet, /cli-opus, /cli-haiku,
+             /cli-gemini, /cli-gemini-flash, /cli-gemini3, /cli-back, /cli-test
+```
+
+### 3. Register Codex auth (optional — Phase 1 only)
 
 ```bash
 openclaw models auth login --provider openai-codex
 # Select: "Codex CLI (existing login)"
 ```
 
-### 3. Verify proxy (Phase 2)
-
-On startup the plugin auto-patches `openclaw.json` with the `vllm` provider config (port `31337`) and logs:
+### 4. Test without switching your model
 
 ```
-[cli-bridge] proxy ready — vllm/cli-gemini/* and vllm/cli-claude/* available
-[cli-bridge] registered 6 slash commands: /cli-sonnet, /cli-opus, /cli-haiku, /cli-gemini, /cli-gemini-flash, /cli-gemini3
+/cli-test
+→ 🧪 CLI Bridge Test
+  Model: vllm/cli-claude/claude-sonnet-4-6
+  Response: CLI bridge OK
+  Latency: 2531ms
+  Active model unchanged: anthropic/claude-sonnet-4-6
+
+/cli-test cli-gemini
+→ 🧪 CLI Bridge Test
+  Model: vllm/cli-gemini/gemini-2.5-pro
+  Response: CLI bridge OK
+  Latency: 8586ms
+  Active model unchanged: anthropic/claude-sonnet-4-6
 ```
 
-### 4. Switch models (Phase 3)
-
-Use any `/cli-*` command from any connected channel:
+### 5. Switch and restore
 
 ```
 /cli-sonnet
 → ✅ Switched to Claude Sonnet 4.6 (CLI)
    `vllm/cli-claude/claude-sonnet-4-6`
+   Use /cli-back to restore previous model.
+
+... test things ...
+
+/cli-back
+→ ✅ Restored previous model
+   `anthropic/claude-sonnet-4-6`
 ```
 
 ---
@@ -125,17 +178,33 @@ In `~/.openclaw/openclaw.json` → `plugins.entries.openclaw-cli-bridge-elvatis.
 ```
 OpenClaw agent
   │
-  ├─ openai-codex/*  ──► OpenAI API  (auth via ~/.codex/auth.json OAuth tokens)
+  ├─ openai-codex/*  ──────────────────────────► OpenAI API (direct)
+  │    auth: ~/.codex/auth.json OAuth tokens        ▲
+  │                                                 │
+  │    /cli-codex, /cli-codex-mini ─────────────────┘  (switch to this provider)
   │
   └─ vllm/cli-gemini/*  ─┐
      vllm/cli-claude/*   ─┤─► localhost:31337  (openclaw-cli-bridge proxy)
-                          │       ├─ cli-gemini/* → gemini -m <model> @<tmpfile>
-                          │       └─ cli-claude/* → claude -p --model <model>  ← prompt via stdin
+                          │       ├─ cli-gemini/* → gemini -m <model> -p ""
+                          │       │                 stdin=prompt, cwd=/tmp
+                          │       │                 (neutral cwd prevents agentic mode)
+                          │       └─ cli-claude/* → claude -p --model <model>
+                          │                         stdin=prompt
                           └───────────────────────────────────────────────────
 
-Slash commands (bypass agent):
-  /cli-sonnet|opus|haiku|gemini|gemini-flash|gemini3
-     └─► openclaw models set <model>  (atomic, ~1s)
+Slash commands (bypass agent, requireAuth=true):
+  /cli-sonnet|opus|haiku|gemini|gemini-flash|gemini3|codex|codex-mini
+     └─► saves current model → ~/.openclaw/cli-bridge-state.json
+     └─► openclaw models set <model>  (~1s, atomic)
+
+  /cli-back
+     └─► reads ~/.openclaw/cli-bridge-state.json
+     └─► openclaw models set <previous>
+
+  /cli-test [model]
+     └─► HTTP POST → localhost:31337  (no global model change)
+     └─► reports response + latency
+     └─► NOTE: only tests the proxy — Codex models bypass the proxy
 ```
 
 ---
@@ -143,12 +212,14 @@ Slash commands (bypass agent):
 ## Known Issues & Fixes
 
 ### `spawn E2BIG` (fixed in v0.2.1)
+**Symptom:** `CLI error for cli-claude/…: spawn E2BIG` after ~500+ messages.
+**Cause:** Gateway injects large values into `process.env` at runtime. Spreading it into `spawn()` exceeds Linux's `ARG_MAX` (~2MB).
+**Fix:** `buildMinimalEnv()` — only passes `HOME`, `PATH`, `USER`, and auth keys.
 
-**Symptom:** `CLI error for cli-claude/…: spawn E2BIG` after ~500+ messages in a session.
-
-**Root cause:** The OpenClaw gateway modifies `process.env` at runtime (OPENCLAW_* vars, session context, etc.). Spreading the full `process.env` into `spawn()` pushes `argv + envp` over Linux's `ARG_MAX` (~2MB).
-
-**Fix:** `buildMinimalEnv()` in `src/cli-runner.ts` — only passes `HOME`, `PATH`, `USER`, and auth keys to the subprocess. Immune to gateway runtime env size.
+### Gemini agentic mode / hangs (fixed in v0.2.4)
+**Symptom:** Gemini hangs, returns wrong answers, or says "directory does not exist".
+**Cause:** `@file` syntax (`gemini -p @/tmp/xxx.txt`) triggers agentic mode — Gemini scans the working directory for project context and treats prompts as task instructions. Running from the workspace root makes this worse.
+**Fix:** Stdin delivery (`gemini -p ""` with prompt via stdin) + `cwd=/tmp`. Same pattern as Claude.
 
 ---
 
@@ -156,30 +227,39 @@ Slash commands (bypass agent):
 
 ```bash
 npm run typecheck   # tsc --noEmit
-npm test            # vitest run
+npm test            # vitest run (5 unit tests for formatPrompt)
 ```
 
-Test coverage: `test/cli-runner.test.ts` — unit tests for `formatPrompt` (truncation, system message handling, MAX_MSG_CHARS).
-
 ---
 
 ## Changelog
 
+### v0.2.5
+- **feat:** `/cli-codex` → `openai-codex/gpt-5.3-codex`
+- **feat:** `/cli-codex-mini` → `openai-codex/gpt-5.1-codex-mini`
+- Codex commands use the `openai-codex` provider (Codex CLI OAuth auth, direct OpenAI API — not the local proxy)
+
+### v0.2.4
+- **fix:** Gemini agentic mode — replaced `@file` with stdin delivery (`-p ""`) + `cwd=/tmp`
+- **fix:** Filter `[WARN]` and `Loaded cached credentials` noise from Gemini stderr
+- Added `RunCliOptions` interface with optional `cwd` field
+
+### v0.2.3
+- **feat:** `/cli-back` — restore previous model (state persisted in `~/.openclaw/cli-bridge-state.json`)
+- **feat:** `/cli-test [model]` — one-shot proxy health check without changing active model
+
 ### v0.2.2
 - **feat:** Phase 3 — `/cli-*` slash commands for instant model switching
-- All 6 commands registered via `api.registerCommand` with `requireAuth: true`
-- Calls `openclaw models set <model>` via `api.runtime.system.runCommandWithTimeout`
+- All 6 model commands via `api.registerCommand` with `requireAuth: true`
 
 ### v0.2.1
-- **fix:** `spawn E2BIG` — use `buildMinimalEnv()` instead of spreading full `process.env`
-- **feat:** Added `test/cli-runner.test.ts` (5 unit tests)
-- Added Gemini 3 Pro model (`vllm/cli-gemini/gemini-3-pro`)
+- **fix:** `spawn E2BIG` — `buildMinimalEnv()` instead of spreading full `process.env`
+- **feat:** Unit tests (`test/cli-runner.test.ts`)
 
 ### v0.2.0
 - **feat:** Phase 2 — local OpenAI-compatible proxy server
-- Prompt via stdin/tmpfile (never as CLI arg) to prevent arg-size issues
-- `MAX_MESSAGES=20` + `MAX_MSG_CHARS=4000` truncation in `formatPrompt`
-- Auto-patch of `openclaw.json` vllm provider config on first start
+- Stdin prompt delivery, `MAX_MESSAGES=20` + `MAX_MSG_CHARS=4000` truncation
+- Auto-patch of `openclaw.json` vllm provider config
 
 ### v0.1.x
 - Phase 1: Codex CLI OAuth auth bridge

package/index.ts

@@ -9,12 +9,14 @@
  *   are handled by the Gemini CLI and Claude Code CLI subprocesses.
  *
  * Phase 3 (slash commands): registers /cli-* commands for instant model switching.
- *   /cli-sonnet       → vllm/cli-claude/claude-sonnet-4-6
- *   /cli-opus         → vllm/cli-claude/claude-opus-4-6
- *   /cli-haiku        → vllm/cli-claude/claude-haiku-4-5
- *   /cli-gemini       → vllm/cli-gemini/gemini-2.5-pro
- *   /cli-gemini-flash → vllm/cli-gemini/gemini-2.5-flash
- *   /cli-gemini3      → vllm/cli-gemini/gemini-3-pro
+ *   /cli-sonnet       → vllm/cli-claude/claude-sonnet-4-6      (Claude Code CLI proxy)
+ *   /cli-opus         → vllm/cli-claude/claude-opus-4-6        (Claude Code CLI proxy)
+ *   /cli-haiku        → vllm/cli-claude/claude-haiku-4-5       (Claude Code CLI proxy)
+ *   /cli-gemini       → vllm/cli-gemini/gemini-2.5-pro         (Gemini CLI proxy)
+ *   /cli-gemini-flash → vllm/cli-gemini/gemini-2.5-flash       (Gemini CLI proxy)
+ *   /cli-gemini3      → vllm/cli-gemini/gemini-3-pro           (Gemini CLI proxy)
+ *   /cli-codex        → openai-codex/gpt-5.3-codex             (Codex CLI OAuth, direct API)
+ *   /cli-codex-mini   → openai-codex/gpt-5.1-codex-mini        (Codex CLI OAuth, direct API)
  *   /cli-back         → restore model that was active before last /cli-* switch
  *   /cli-test [model] → one-shot proxy health check (does NOT switch global model)
  *
@@ -116,42 +118,57 @@ function readCurrentModel(): string | null {
 // Phase 3: model command table
 // ──────────────────────────────────────────────────────────────────────────────
 const CLI_MODEL_COMMANDS = [
+  // ── Claude (via local proxy → Claude Code CLI) ──────────────────────────────
   {
     name: "cli-sonnet",
     model: "vllm/cli-claude/claude-sonnet-4-6",
-    description: "Switch to Claude Sonnet 4.6 (CLI bridge)",
+    description: "Switch to Claude Sonnet 4.6 (Claude Code CLI via local proxy)",
     label: "Claude Sonnet 4.6 (CLI)",
   },
   {
     name: "cli-opus",
     model: "vllm/cli-claude/claude-opus-4-6",
-    description: "Switch to Claude Opus 4.6 (CLI bridge)",
+    description: "Switch to Claude Opus 4.6 (Claude Code CLI via local proxy)",
     label: "Claude Opus 4.6 (CLI)",
   },
   {
     name: "cli-haiku",
     model: "vllm/cli-claude/claude-haiku-4-5",
-    description: "Switch to Claude Haiku 4.5 (CLI bridge)",
+    description: "Switch to Claude Haiku 4.5 (Claude Code CLI via local proxy)",
     label: "Claude Haiku 4.5 (CLI)",
   },
+  // ── Gemini (via local proxy → Gemini CLI) ───────────────────────────────────
   {
     name: "cli-gemini",
     model: "vllm/cli-gemini/gemini-2.5-pro",
-    description: "Switch to Gemini 2.5 Pro (CLI bridge)",
+    description: "Switch to Gemini 2.5 Pro (Gemini CLI via local proxy)",
     label: "Gemini 2.5 Pro (CLI)",
   },
   {
     name: "cli-gemini-flash",
     model: "vllm/cli-gemini/gemini-2.5-flash",
-    description: "Switch to Gemini 2.5 Flash (CLI bridge)",
+    description: "Switch to Gemini 2.5 Flash (Gemini CLI via local proxy)",
     label: "Gemini 2.5 Flash (CLI)",
   },
   {
     name: "cli-gemini3",
     model: "vllm/cli-gemini/gemini-3-pro",
-    description: "Switch to Gemini 3 Pro (CLI bridge)",
+    description: "Switch to Gemini 3 Pro (Gemini CLI via local proxy)",
     label: "Gemini 3 Pro (CLI)",
   },
+  // ── Codex (via openai-codex provider — Codex CLI OAuth auth, direct API) ────
+  {
+    name: "cli-codex",
+    model: "openai-codex/gpt-5.3-codex",
+    description: "Switch to GPT-5.3 Codex (openai-codex provider, Codex CLI auth)",
+    label: "GPT-5.3 Codex",
+  },
+  {
+    name: "cli-codex-mini",
+    model: "openai-codex/gpt-5.1-codex-mini",
+    description: "Switch to GPT-5.1 Codex Mini (openai-codex provider, Codex CLI auth)",
+    label: "GPT-5.1 Codex Mini",
+  },
 ] as const;
 
 /** Default model used by /cli-test when no arg is given */
@@ -260,7 +277,7 @@ function proxyTestRequest(
 const plugin = {
   id: "openclaw-cli-bridge-elvatis",
   name: "OpenClaw CLI Bridge",
-  version: "0.2.3",
+  version: "0.2.5",
   description:
     "Phase 1: openai-codex auth bridge. " +
     "Phase 2: HTTP proxy for gemini/claude CLIs. " +

package/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
   "id": "openclaw-cli-bridge-elvatis",
   "name": "OpenClaw CLI Bridge",
-  "version": "0.2.3",
+  "version": "0.2.5",
   "description": "Phase 1: openai-codex auth bridge. Phase 2: local HTTP proxy routing model calls through gemini/claude CLIs (vllm provider).",
   "providers": [
     "openai-codex"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elvatis_com/openclaw-cli-bridge-elvatis",
-  "version": "0.2.3",
+  "version": "0.2.5",
   "description": "Bridges gemini, claude, and codex CLI tools as OpenClaw model providers. Reads existing CLI auth without re-login.",
   "type": "module",
   "scripts": {

package/src/cli-runner.ts

@@ -4,15 +4,16 @@
  * Spawns CLI subprocesses (gemini, claude) and captures their output.
  * Input: OpenAI-format messages → formatted prompt string → CLI stdin.
  *
- * IMPORTANT: Prompt is always passed via stdin (not as a CLI argument) to
- * avoid E2BIG ("Argument list too long") when conversation history is large.
+ * Both Gemini and Claude receive the prompt via stdin to avoid:
+ *   - E2BIG (arg list too long) for large conversation histories
+ *   - Gemini agentic mode (triggered by @file syntax + workspace cwd)
+ *
+ * Gemini is always spawned with cwd = tmpdir() so it doesn't scan the
+ * workspace and enter agentic mode.
  */
 
 import { spawn } from "node:child_process";
-import { writeFileSync, unlinkSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
-import { randomBytes } from "node:crypto";
+import { tmpdir, homedir } from "node:os";
 
 /** Max messages to include in the prompt sent to the CLI. */
 const MAX_MESSAGES = 20;
@@ -31,7 +32,7 @@ export interface ChatMessage {
 /**
  * Convert OpenAI messages to a single flat prompt string.
  * Truncates to MAX_MESSAGES (keeping the most recent) and MAX_MSG_CHARS per
- * message to avoid E2BIG when conversation history is very large.
+ * message to avoid oversized payloads.
  */
 export function formatPrompt(messages: ChatMessage[]): string {
   if (messages.length === 0) return "";
@@ -42,7 +43,7 @@ export function formatPrompt(messages: ChatMessage[]): string {
   const recent = nonSystem.slice(-MAX_MESSAGES);
   const truncated = system ? [system, ...recent] : recent;
 
-  // If single user message with short content, send directly — no wrapping.
+  // Single short user message — send bare (no wrapping needed)
   if (truncated.length === 1 && truncated[0].role === "user") {
     return truncateContent(truncated[0].content);
   }
@@ -51,13 +52,10 @@ export function formatPrompt(messages: ChatMessage[]): string {
     .map((m) => {
       const content = truncateContent(m.content);
       switch (m.role) {
-        case "system":
-          return `[System]\n${content}`;
-        case "assistant":
-          return `[Assistant]\n${content}`;
+        case "system":    return `[System]\n${content}`;
+        case "assistant": return `[Assistant]\n${content}`;
         case "user":
-        default:
-          return `[User]\n${content}`;
+        default:          return `[User]\n${content}`;
       }
     })
     .join("\n\n");
@@ -69,40 +67,26 @@ function truncateContent(s: string): string {
 }
 
 // ──────────────────────────────────────────────────────────────────────────────
-// Core subprocess runner
+// Minimal environment for spawned subprocesses
 // ──────────────────────────────────────────────────────────────────────────────
 
-export interface CliRunResult {
-  stdout: string;
-  stderr: string;
-  exitCode: number;
-}
-
 /**
  * Build a minimal, safe environment for spawning CLI subprocesses.
  *
- * WHY: The OpenClaw gateway may inject large values into process.env at
- * runtime (system prompts, session data, OPENCLAW_* vars, etc.). Spreading
- * the full process.env into spawn() can push the combined argv+envp over
- * ARG_MAX (~2 MB on Linux), causing "spawn E2BIG". Using only the vars that
+ * WHY: The OpenClaw gateway modifies process.env at runtime (OPENCLAW_* vars,
+ * session context, etc.). Spreading the full process.env into spawn() can push
+ * argv+envp over ARG_MAX (~2 MB on Linux) → "spawn E2BIG". Only passing what
  * the CLI tools actually need keeps us well under the limit regardless of
- * what the parent process environment contains.
+ * gateway runtime state.
  */
 function buildMinimalEnv(): Record<string, string> {
-  const pick = (key: string): string | undefined => process.env[key];
-
-  const env: Record<string, string> = {
-    NO_COLOR: "1",
-    TERM: "dumb",
-  };
+  const pick = (key: string) => process.env[key];
+  const env: Record<string, string> = { NO_COLOR: "1", TERM: "dumb" };
 
-  // Essential path/identity vars — always include when present.
   for (const key of ["HOME", "PATH", "USER", "LOGNAME", "SHELL", "TMPDIR", "TMP", "TEMP"]) {
     const v = pick(key);
     if (v) env[key] = v;
   }
-
-  // Allow google-auth / claude auth paths to be inherited.
   for (const key of [
     "GOOGLE_APPLICATION_CREDENTIALS",
     "ANTHROPIC_API_KEY",
@@ -120,37 +104,56 @@ function buildMinimalEnv(): Record<string, string> {
   return env;
 }
 
+// ──────────────────────────────────────────────────────────────────────────────
+// Core subprocess runner
+// ──────────────────────────────────────────────────────────────────────────────
+
+export interface CliRunResult {
+  stdout: string;
+  stderr: string;
+  exitCode: number;
+}
+
+export interface RunCliOptions {
+  /**
+   * Working directory for the subprocess.
+   * Defaults to homedir() — a neutral dir that won't trigger agentic context scanning.
+   */
+  cwd?: string;
+  timeoutMs?: number;
+}
+
 /**
- * Spawn a CLI and deliver the prompt via stdin (not as an argument).
- * This avoids E2BIG ("Argument list too long") for large conversation histories
- * or when the parent process has a large runtime environment.
+ * Spawn a CLI and deliver the prompt via stdin.
+ *
+ * cwd defaults to homedir() so CLIs that scan the working directory for
+ * project context (like Gemini) don't accidentally enter agentic mode.
  */
 export function runCli(
   cmd: string,
   args: string[],
   prompt: string,
-  timeoutMs = 120_000
+  timeoutMs = 120_000,
+  opts: RunCliOptions = {}
 ): Promise<CliRunResult> {
+  const cwd = opts.cwd ?? homedir();
+
   return new Promise((resolve, reject) => {
     const proc = spawn(cmd, args, {
       timeout: timeoutMs,
       env: buildMinimalEnv(),
+      cwd,
     });
 
     let stdout = "";
     let stderr = "";
 
-    // Write prompt to stdin then close — prevents the CLI from waiting for more input.
     proc.stdin.write(prompt, "utf8", () => {
       proc.stdin.end();
     });
 
-    proc.stdout.on("data", (d: Buffer) => {
-      stdout += d.toString();
-    });
-    proc.stderr.on("data", (d: Buffer) => {
-      stderr += d.toString();
-    });
+    proc.stdout.on("data", (d: Buffer) => { stdout += d.toString(); });
+    proc.stderr.on("data", (d: Buffer) => { stderr += d.toString(); });
 
     proc.on("close", (code) => {
       resolve({ stdout: stdout.trim(), stderr: stderr.trim(), exitCode: code ?? 0 });
@@ -167,8 +170,19 @@ export function runCli(
 // ──────────────────────────────────────────────────────────────────────────────
 
 /**
- * Run: gemini -m <modelId> -p "<prompt>"
- * Strips the model prefix ("cli-gemini/gemini-2.5-pro" → "gemini-2.5-pro").
+ * Run Gemini CLI in headless mode with prompt delivered via stdin.
+ *
+ * WHY stdin (not @file):
+ *   The @file syntax (`gemini -p @/tmp/xxx.txt`) triggers Gemini's agentic
+ *   mode — it scans the current working directory for project context and
+ *   interprets the prompt as a task instruction, not a Q&A. This causes hangs,
+ *   wrong answers, and "directory does not exist" errors when run from a
+ *   project workspace.
+ *
+ * Gemini CLI: -p "" triggers headless mode; stdin content is the actual prompt
+ * (per Gemini docs: "prompt is appended to input on stdin (if any)").
+ *
+ * cwd = tmpdir() — neutral empty-ish dir, prevents workspace context scanning.
  */
 export async function runGemini(
   prompt: string,
@@ -176,24 +190,22 @@ export async function runGemini(
   timeoutMs: number
 ): Promise<string> {
   const model = stripPrefix(modelId);
-  // Gemini CLI doesn't support stdin — write prompt to a temp file and read it via @file syntax
-  const tmpFile = join(tmpdir(), `cli-bridge-${randomBytes(6).toString("hex")}.txt`);
-  writeFileSync(tmpFile, prompt, "utf8");
-  try {
-    // Use @<file> to pass prompt from file (avoids ARG_MAX limit)
-    const args = ["-m", model, "-p", `@${tmpFile}`];
-    const result = await runCli("gemini", args, "", timeoutMs);
-
-    if (result.exitCode !== 0 && result.stdout.length === 0) {
-      throw new Error(
-        `gemini exited ${result.exitCode}: ${result.stderr || "(no output)"}`
-      );
-    }
-
-    return result.stdout || result.stderr;
-  } finally {
-    try { unlinkSync(tmpFile); } catch { /* ignore */ }
+  // -p "" = headless mode trigger; actual prompt arrives via stdin
+  const args = ["-m", model, "-p", ""];
+  const result = await runCli("gemini", args, prompt, timeoutMs, { cwd: tmpdir() });
+
+  // Filter out [WARN] lines from stderr (Gemini emits noisy permission warnings)
+  const cleanStderr = result.stderr
+    .split("\n")
+    .filter((l) => !l.startsWith("[WARN]") && !l.startsWith("Loaded cached"))
+    .join("\n")
+    .trim();
+
+  if (result.exitCode !== 0 && result.stdout.length === 0) {
+    throw new Error(`gemini exited ${result.exitCode}: ${cleanStderr || "(no output)"}`);
   }
+
+  return result.stdout || cleanStderr;
 }
 
 // ──────────────────────────────────────────────────────────────────────────────
@@ -201,7 +213,7 @@ export async function runGemini(
 // ──────────────────────────────────────────────────────────────────────────────
 
 /**
- * Run: claude -p --output-format text -m <modelId> "<prompt>"
+ * Run Claude Code CLI in headless mode with prompt delivered via stdin.
  * Strips the model prefix ("cli-claude/claude-opus-4-6" → "claude-opus-4-6").
  */
 export async function runClaude(
@@ -210,24 +222,17 @@ export async function runClaude(
   timeoutMs: number
 ): Promise<string> {
   const model = stripPrefix(modelId);
-  // No prompt argument — deliver via stdin to avoid E2BIG
   const args = [
     "-p",
-    "--output-format",
-    "text",
-    "--permission-mode",
-    "plan",
-    "--tools",
-    "",
-    "--model",
-    model,
+    "--output-format", "text",
+    "--permission-mode", "plan",
+    "--tools", "",
+    "--model", model,
   ];
   const result = await runCli("claude", args, prompt, timeoutMs);
 
   if (result.exitCode !== 0 && result.stdout.length === 0) {
-    throw new Error(
-      `claude exited ${result.exitCode}: ${result.stderr || "(no output)"}`
-    );
+    throw new Error(`claude exited ${result.exitCode}: ${result.stderr || "(no output)"}`);
   }
 
   return result.stdout;
@@ -238,8 +243,7 @@ export async function runClaude(
 // ──────────────────────────────────────────────────────────────────────────────
 
 /**
- * Route a chat completion request to the right CLI based on the model name.
- * Model naming convention:
+ * Route a chat completion to the correct CLI based on model prefix.
  *   cli-gemini/<id>  → gemini CLI
  *   cli-claude/<id>  → claude CLI
  */
@@ -250,17 +254,11 @@ export async function routeToCliRunner(
 ): Promise<string> {
   const prompt = formatPrompt(messages);
 
-  if (model.startsWith("cli-gemini/")) {
-    return runGemini(prompt, model, timeoutMs);
-  }
-
-  if (model.startsWith("cli-claude/")) {
-    return runClaude(prompt, model, timeoutMs);
-  }
+  if (model.startsWith("cli-gemini/")) return runGemini(prompt, model, timeoutMs);
+  if (model.startsWith("cli-claude/")) return runClaude(prompt, model, timeoutMs);
 
   throw new Error(
-    `Unknown CLI bridge model: "${model}". ` +
-      `Use "cli-gemini/<model>" or "cli-claude/<model>".`
+    `Unknown CLI bridge model: "${model}". Use "cli-gemini/<model>" or "cli-claude/<model>".`
   );
 }
 
@@ -268,7 +266,6 @@ export async function routeToCliRunner(
 // Helpers
 // ──────────────────────────────────────────────────────────────────────────────
 
-/** Strip the "cli-gemini/" or "cli-claude/" prefix from a model ID. */
 function stripPrefix(modelId: string): string {
   const slash = modelId.indexOf("/");
   return slash === -1 ? modelId : modelId.slice(slash + 1);