- Secrets are now added to ApiKeyStore on supervisor initialization
- Removed duplicate authentication logic in verify_api_key
- Single source of truth: all authentication goes through ApiKeyStore
- Admin/user/register secrets are treated as API keys with appropriate scopes
- Simplified auth_verify - no special case handling needed
- Updated verify_api_key() to check secrets first (admin, user, register)
- Secrets are now treated as API keys with appropriate scopes
- All OpenRPC methods now work with secrets (register_runner, list_runners, etc.)
- Simplified auth_verify since verify_api_key handles everything
- Admin UI now fully functional with admin secret from .env
- Check secrets (admin_secrets, user_secrets, register_secrets) before API keys
- Allow UI to authenticate with the secrets provided in .env
- Secrets now work as expected for authentication
- API keys still supported as fallback for backward compatibility
- Added RUNNERS env var to .env.example (comma-separated runner names)
- Updated supervisor binary to accept --runners flag
- Runners are automatically registered on startup using first admin secret
- Updated run.sh to pass RUNNERS from env to supervisor binary
- Created scripts/generate_secret.sh to generate supervisor secrets
- Added .env.example with all configuration options
- Created scripts/environment.sh to load env vars from .env
- Updated scripts/run.sh to use env vars and pass as flags
- Simplified supervisor binary:
- Removed bootstrap-admin-key and config file support
- Made admin-secret required
- Minimal output (only URLs)
- Clean startup with no verbose logging
- Updated .gitignore for .env and log files
