fix: write both CLIENT_ID and CLIENT_SECRET env vars for managed OAuth credentials

The createManagedOAuthCredential method was only writing the client secret
with an incorrect env var name. Now correctly writes both _CLIENT_ID and
_CLIENT_SECRET suffixed env vars, matching the pattern used by CredentialPrimitive.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: jesseturner21

src/cli/primitives/GatewayPrimitive.ts

@@ -397,9 +397,10 @@ export class GatewayPrimitive extends BasePrimitive<AddGatewayOptions, Removable
     });
     await this.writeProjectSpec(project);
 
-    // Write client secret to .env
-    const envVarName = computeDefaultCredentialEnvVarName(credentialName);
-    await setEnvVar(envVarName, jwtConfig.agentClientSecret!);
+    // Write client ID and client secret to .env
+    const envVarPrefix = computeDefaultCredentialEnvVarName(credentialName);
+    await setEnvVar(`${envVarPrefix}_CLIENT_ID`, jwtConfig.agentClientId!);
+    await setEnvVar(`${envVarPrefix}_CLIENT_SECRET`, jwtConfig.agentClientSecret!);
   }
 
   /**