fix: remove committed binary and stop leaking API key in prompt

Remove cmd/supervisor/supervisor binary from git (was accidentally
committed) and add it to .gitignore. Move LITELLM_API_KEY from the
prompt string into the subprocess env, preventing it from appearing
in error log output when JSON parsing fails.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitignore

@@ -4,6 +4,7 @@
 # Binaries
 bin/
 *.exe
+cmd/supervisor/supervisor
 
 # Go
 vendor/

internal/exec/executor.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"os"
 	"os/exec"
 	"strings"
 	"time"
@@ -51,11 +52,10 @@ func (e *Executor) Run(ctx context.Context, req Request) (Result, error) {
 		tools = "Bash,Read,Write"
 	}
 
-	// Build the full prompt: system rules + skill rules + infra context + task
+	// Build the full prompt: system rules + skill rules + infra context + task.
-	litellmCtx := fmt.Sprintf(
+	// LITELLM_API_KEY is injected as a subprocess env var, not in the prompt,
-		"LITELLM_BASE_URL: %s\nLITELLM_API_KEY: %s",
+	// to prevent it appearing in error log output.
-		e.cfg.LiteLLMBaseURL, e.cfg.LiteLLMAPIKey,
+	litellmCtx := fmt.Sprintf("LITELLM_BASE_URL: %s", e.cfg.LiteLLMBaseURL)
-	)
 	prompt := strings.Join([]string{
 		e.cfg.SystemPrompt,
 		"---",
@@ -77,6 +77,7 @@ func (e *Executor) Run(ctx context.Context, req Request) (Result, error) {
 	}
 
 	cmd := exec.CommandContext(ctx, e.cfg.ClaudeBinary, args...)
+	cmd.Env = append(os.Environ(), "LITELLM_API_KEY="+e.cfg.LiteLLMAPIKey)
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr