fix: add explicit environment variables to gemini wrapper in Dockerfile to prevent sandbox and trust prompt failures

Dockerfile

@@ -61,7 +61,7 @@ RUN npm install -g @google/gemini-cli @anthropic-ai/claude-code @openai/codex
 # 1. Drop cloudflare-proxy.js NODE_OPTIONS (would conflict with their HTTP)
 # 2. Pre-set --max-old-space-size=4096 so gemini doesn't trigger heap-size
 #    self-relaunch (the spawn fails in HF Spaces containers)
-RUN for cmd in claude gemini codex; do \
+RUN for cmd in claude codex; do \
         if [ -e /usr/local/bin/$cmd ]; then \
             mv /usr/local/bin/$cmd /usr/local/bin/${cmd}-real && \
             printf '#!/bin/sh\nunset NODE_OPTIONS\nexport NODE_OPTIONS="--max-old-space-size=4096 --no-deprecation --no-warnings"\nexec /usr/local/bin/%s-real "$@"\n' "$cmd" > /usr/local/bin/$cmd && \
@@ -69,6 +69,16 @@ RUN for cmd in claude gemini codex; do \
         fi; \
     done
 
+# Gemini wrapper: also hard-code headless env vars so they survive even when
+# Paperclip spawns gemini with a custom env object (no env inheritance fallback).
+# GEMINI_SANDBOX=false  — skip Docker sandbox attempt in containers
+# GEMINI_CLI_TRUST_WORKSPACE=true — skip interactive trust prompt (causes relaunch)
+RUN if [ -e /usr/local/bin/gemini ]; then \
+        mv /usr/local/bin/gemini /usr/local/bin/gemini-real && \
+        printf '#!/bin/sh\nunset NODE_OPTIONS\nexport NODE_OPTIONS="--max-old-space-size=4096 --no-deprecation --no-warnings"\nexport GEMINI_SANDBOX=false\nexport GEMINI_CLI_TRUST_WORKSPACE=true\nexec /usr/local/bin/gemini-real "$@"\n' > /usr/local/bin/gemini && \
+        chmod +x /usr/local/bin/gemini; \
+    fi
+
 # Install Python dependencies for sync
 RUN pip install --no-cache-dir --break-system-packages huggingface_hub PyYAML
 

start.sh

@@ -325,29 +325,6 @@ if [ "$PAPERCLIP_READY" = true ]; then
         echo "Admin account already configured"
     fi
 
-    # ── Agent CLI diagnostic (helps debug adapter failures) ──────────────────
-    echo ""
-    echo "=== Agent CLI Diagnostic ==="
-    echo "[wrapper script content]"
-    cat /usr/local/bin/gemini 2>&1 || true
-    echo ""
-    echo "[node sees these flags via NODE_OPTIONS]"
-    HOME=/home/paperclip runuser -u paperclip -- /usr/local/bin/gemini-real -e "console.log('execArgv:', process.execArgv); console.log('NODE_OPTIONS:', process.env.NODE_OPTIONS);" 2>&1 || echo "FAILED: node flags check"
-    echo ""
-    echo "[gemini --version]"
-    HOME=/home/paperclip runuser -u paperclip -- /usr/local/bin/gemini --version 2>&1
-    echo "exit=$?"
-    echo ""
-    echo "[gemini hello probe — full output]"
-    HOME=/home/paperclip runuser -u paperclip -- /usr/local/bin/gemini --output-format json "Respond with hello." > /tmp/gemini-probe.out 2> /tmp/gemini-probe.err
-    PROBE_EXIT=$?
-    echo "exit=$PROBE_EXIT"
-    echo "--- stdout ---"
-    cat /tmp/gemini-probe.out 2>/dev/null | head -40 || true
-    echo "--- stderr ---"
-    cat /tmp/gemini-probe.err 2>/dev/null | head -40 || true
-    echo "=== End diagnostic ==="
-    echo ""
 else
     echo "Warning: Paperclip did not become ready in 90s"
 fi