fix: tighten env var surface

[thymikee]

Summary

Tightens the public env-var surface for agent-device and closes the env visibility/security cleanup from #559.

Closes #559

• Removes hidden/legacy env controls for simulator/device scoping aliases, private source URLs, timeout tuning, retry logs, strict flags, Android bundletool mode, apps filtering, and AGENT_DEVICE_PROXY_TOKEN.
• Defaults Metro proxy auth to AGENT_DEVICE_DAEMON_AUTH_TOKEN when proxy mode is enabled and no explicit Metro bearer token is provided.
• Keeps the documented public env surface focused on supported user/operator inputs, with stale docs and tests updated accordingly.
• Preserves prior CI timeout budgets as fixed defaults and removes the now-unused shared timeout profile wrapper.
• Refactors Metro prepare/proxy setup into smaller helpers and removes dead compatibility branches; the final pass also simplified reload helper shape and aligned missing-base-url errors with proxy-only prepare.
• Updates the provider-backed Android scenario contract to distinguish apkInstallCalls from bundleInstallCalls, matching the fixed universal AAB install path explicitly.

Touched-file count: 47. Scope expanded beyond docs into CLI/runtime cleanup because the audit found removed envs wired through source and tests.

Validation

Ran formatting, lint/typecheck, dead-code/complexity audit, focused unit tests for Metro/proxy/runtime cleanup, install-source/source safety, Android devices/install, iOS runner config, retry helpers, args/docs coverage, plus pnpm build:xcuitest for the Swift runner env cleanup. Final focused Vitest pass covered 12 files / 330 tests. CI fix validation: pnpm exec vitest run --project provider-integration test/integration/provider-scenarios/android-lifecycle.test.ts, pnpm format, and pnpm check:quick. The focused Vitest suite requires loopback server binding, so it was run outside the sandbox after earlier sandboxed runs hit listen EPERM.

[github-actions]

PR Preview Action v1.8.1
🚀 View preview at https://callstackincubator.github.io/agent-device/pr-preview/pr-560/
Built to branch gh-pages at 2026-05-19 13:35 UTC. Preview will be ready when the GitHub Pages deployment is complete.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 55364b90d6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Respect the Metro bearer-token env fallback

When prepareMetroRuntime/prepareRemoteMetro are used directly with proxyBaseUrl and an env containing AGENT_DEVICE_METRO_BEARER_TOKEN, this still treats proxy auth as missing because the new fallback only reads AGENT_DEVICE_DAEMON_AUTH_TOKEN. CLI flag resolution masks this for normal CLI invocations, but the exported runtime API accepts an env map and the error/docs now tell users to set AGENT_DEVICE_METRO_BEARER_TOKEN, so direct API callers following that guidance will get the incomplete-proxy-config error instead of using the token.

Useful? React with 👍 / 👎.

[thymikee]

Fixed in efa649b40: direct prepareMetroRuntime / prepareRemoteMetro proxy auth now resolves in this order: explicit proxyBearerToken, env.AGENT_DEVICE_METRO_BEARER_TOKEN, then env.AGENT_DEVICE_DAEMON_AUTH_TOKEN. Added a focused regression test for the Metro bearer env path.

Validation: focused Metro tests passed with loopback permissions, and pnpm check:quick passed.