docs: sync runtime env and security documentation

README.md

@@ -70,7 +70,6 @@ npm run dev -- claude "List potential improvements."
 `AgentManifest` (schema `"1"`) validates:
 
 - supported topologies (`sequential`, `parallel`, `hierarchical`, `retry-unrolled`)
-- persona definitions and tool-clearance metadata
 - persona definitions and tool-clearance policy (validated by shared Zod schema)
 - relationship DAG and unknown persona references
 - strict pipeline DAG
@@ -130,8 +129,8 @@ Actors can emit events in `ActorExecutionResult.events`. Pipeline status also em
 - `OPENAI_API_KEY`
 - `OPENAI_BASE_URL`
 - `CODEX_SKIP_GIT_CHECK`
-- `CLAUDE_CODE_OAUTH_TOKEN` (preferred for Claude auth)
-- `ANTHROPIC_API_KEY`
+- `CLAUDE_CODE_OAUTH_TOKEN` (preferred for Claude auth; takes precedence over `ANTHROPIC_API_KEY`)
+- `ANTHROPIC_API_KEY` (used when `CLAUDE_CODE_OAUTH_TOKEN` is unset)
 - `CLAUDE_MODEL`
 - `CLAUDE_CODE_PATH`
 - `MCP_CONFIG_PATH`
@@ -163,7 +162,7 @@ Actors can emit events in `ActorExecutionResult.events`. Pipeline status also em
 
 ### Security Middleware
 
-- `AGENT_SECURITY_VIOLATION_MODE`
+- `AGENT_SECURITY_VIOLATION_MODE` (`hard_abort` or `validation_fail`)
 - `AGENT_SECURITY_ALLOWED_BINARIES`
 - `AGENT_SECURITY_COMMAND_TIMEOUT_MS`
 - `AGENT_SECURITY_AUDIT_LOG_PATH`
@@ -172,6 +171,16 @@ Actors can emit events in `ActorExecutionResult.events`. Pipeline status also em
 - `AGENT_SECURITY_DROP_UID`
 - `AGENT_SECURITY_DROP_GID`
 
+### Runtime-Injected (Do Not Configure In `.env`)
+
+- `AGENT_REPO_ROOT`
+- `AGENT_WORKTREE_PATH`
+- `AGENT_WORKTREE_BASE_REF`
+- `AGENT_PORT_RANGE_START`
+- `AGENT_PORT_RANGE_END`
+- `AGENT_PORT_PRIMARY`
+- `AGENT_DISCOVERY_FILE`
+
 Defaults are documented in `.env.example`.
 
 ## Quality Gate