gemini agent: advertised `requires_env` GOOGLE_API_KEY does not authenticate — GEMINI_API_KEY is what's needed

[xdotli]

Summary

The gemini agent advertises GOOGLE_API_KEY as its required env var, but setting only GOOGLE_API_KEY on the host does not authenticate the agent — the run fails inside the sandbox with ACP error -32000: Gemini API key is missing or not configured. Setting GEMINI_API_KEY makes it work.

Evidence

benchflow agent show gemini:

Requires:    GOOGLE_API_KEY

and src/benchflow/agents/registry.py → requires_env=["GOOGLE_API_KEY"] for the gemini agent.

But infer_env_key_for_model() returns GEMINI_API_KEY for gemini models (registry.py, ~line 609: if "gemini" in m: return "GEMINI_API_KEY"), and SubscriptionAuth(replaces_env="GEMINI_API_KEY", ...).

Repro

# fails — host has only GOOGLE_API_KEY
export GOOGLE_API_KEY=<key>
benchflow eval create --tasks-dir <tasks> --agent gemini --model gemini-2.5-flash --sandbox docker
#   → ACP error -32000: Gemini API key is missing or not configured.

# works — host has GEMINI_API_KEY
export GEMINI_API_KEY=<key>
benchflow eval create --tasks-dir <tasks> --agent gemini --model gemini-2.5-flash --sandbox docker
#   → reward 1.0

Impact

A user following benchflow agent show gemini / the requires_env list sets GOOGLE_API_KEY and gets an opaque in-sandbox auth failure.

Suggested fix

Make these consistent — either honor GOOGLE_API_KEY (forward it as the agent-native var the gemini CLI reads), or change requires_env / agent show to advertise GEMINI_API_KEY.

Environment

benchflow @ main, model gemini-2.5-flash, docker sandbox, host Ubuntu 22.04.

[bingran-you]

Verified on v0.5-integration (HEAD 5934433).

I reran Gemini env-resolution coverage:

uv run python -m pytest tests/test_agent_env_resolution.py tests/test_agent_gemini_defaults.py tests/test_agent_registry.py ... -q

Result from the targeted suite: 226 passed. The tests cover the user-visible #342 case: GOOGLE_API_KEY alone is mirrored/populated so the Gemini-native env path is satisfied, and agent show gemini no longer advertises the wrong auth contract. Marking fixed.

[xdotli]

Closing: the gemini agent's registry entry already declares requires_env: ['GEMINI_API_KEY'] (not GOOGLE_API_KEY). Confirmed in v0.5-integration. If you encountered a doc that mentions GOOGLE_API_KEY, please file a separate doc bug with the file path.