Engram eval binary reintroduces /proc/cmdline token exposure that production hardened against

A security review has identified a critical flaw in the Engram eval binary: the `--api-key` CLI flag allows bearer tokens to appear in `/proc/cmdline`, exposing them to any process on the host with read access to `/proc`. The production binary (`cmd/engram`) explicitly avoids this attack surface by reading `ENGRAM_API_KEY` from the environment only—a design decision documented in comments at lines 58–60 of `cmd/engram/main.go`. The eval binary, however, reverts this protection at line 44 of `cmd/eval/main.go`, creating a direct path for token theft.

The vulnerability manifests whenever `eval` runs with a real API key supplied via the flag. Any co-located process—including containers, system services, or other user sessions—can read the exposed token by querying `/proc/<pid>/cmdline` for the eval process ID. This is particularly dangerous in CI/CD pipelines, where build agents often run with broad filesystem access, and on shared hosting environments where multiple tenants share a host. The eval binary's flag-based approach directly contradicts the security rationale established in the production codebase, suggesting the hardening was not propagated to the companion binary.

Security reviewers recommend removing the `--api-key` flag entirely from `cmd/eval` and enforcing exclusive use of the `ENGRAM_API_KEY` environment variable. This would align the eval binary with the production binary's architecture and eliminate the `/proc/cmdline` exposure vector. Organizations running eval in CI or on shared infrastructure should treat any historical use of the flag with real credentials as potentially compromised and rotate affected tokens accordingly.