fix(install): drop remote/local detection, always try browser

[lxcong]

Summary

Installer was sniffing SSH env vars, ~/.openclaw, and \$DISPLAY to decide whether to pass --no-browser to @agentkey/cli --auth-login. Inspecting the v1.0 CLI source confirms this was unnecessary:

const { device_code, user_code, verification_uri, expires_in } = await res.json();
const authUrl = \`\${verification_uri}?code=\${user_code}\`;
console.log(\`  Open this URL to authorize:\`);   // ← always prints
console.log(\`  \${authUrl}\`);
// ...
if (!noBrowser) { /* best-effort open() */ }       // ← only this is gated

The CLI always prints the auth URL on stdout. --no-browser only adds a terminal QR and skips the open()/xdg-open()/start() attempt. The CLI's open-browser call is already best-effort — on a headless host it silently no-ops.

So the installer-side heuristic was:

• redundant for the URL (CLI prints it either way)
• harmful when it mis-detected (local users on a headless tmux pane or behind a mis-detected SSH session got the QR flow with no browser attempt at all, even though their machine could have opened one)

This was the root cause of the reported "no browser pops up on `curl … | bash`" symptom.

Fix

Drop the heuristic. Always call `npx -y @agentkey/cli --auth-login` (no `--no-browser`). The CLI tries `open` / `xdg-open` / `start`; if that fails the user has the URL right there in the terminal.

Removed

• `detect_remote()` in `scripts/install.sh` / `Test-RemoteInstall` in `scripts/install.ps1`
• `--remote` / `--local` / `-Remote` / `-Local` flags + their mutually-exclusive guard + `FORCE_REMOTE` / `FORCE_LOCAL` state
• `--no-browser` passthrough to the CLI
• "Installing over SSH, inside Docker, …" details section in README.md / docs/README_zh.md — replaced with a one-line callout under the advanced install options
• Synopsis / help / behavior copy mentioning the old detection logic

Net: +24 / -174 lines.

Test plan

• On macOS / Linux desktop: `curl -fsSL https://agentkey.app/install.sh | bash` — browser pops up; URL also visible in terminal as a fallback
• In an SSH session: same one-liner — `xdg-open` no-ops on the remote host (no harm), URL is right there in terminal; copy it to a local browser to finish
• Windows PowerShell: `irm https://agentkey.app/install.ps1 | iex` — `start` opens the default browser; URL also visible
• `--skip-mcp` still skips the auth step
• `bash -n scripts/install.sh` passes (verified)

🤖 Generated with Claude Code

[lxcong]

@claude review

[github-actions]

🤖 Claude security review requested by @lxcong. Running against HEAD 4bd780b28942675b91ba014e42696f0f77391082...

[claude]

🤖 Claude security review — HEAD: 4bd780b

Scope: Documentation + installer scripts (4 files) — removes --remote/--local flag pair and detect_remote()/Test-RemoteInstall helpers; always calls --auth-login without --no-browser.

✅ No security or convention issues found.

Checklist summary:

• Secrets/credentials: none detected in added lines.
• Shell attack surface (install.sh): no eval/unquoted vars; the AUTH_ARGS array with variable expansion is replaced by a literal --auth-login string — strictly safer. SKILL_REPO="chainbase-labs/agentkey" invariant intact.
• PowerShell attack surface (install.ps1): no Invoke-Expression on user input; $CliPackage is hardcoded; $SkillRepo = 'chainbase-labs/agentkey' invariant intact. Removing -Remote/-Local parameters and the mutual-exclusion guard is consistent with the new simplified model.
• CI/workflow: no workflow files touched.
• PR title: refactor(install): drop remote/local detection, always try browser — valid conventional-commit format.
• Protected files: none of the managed files (version.txt, CHANGELOG.md, plugin.json version, .release-please-manifest.json) were touched.
• Docs sync: README.md and docs/README_zh.md updated in tandem as required.

Review triggered by @lxcong
via @claude review.