Nightly Build (v0.6.3-nightly.202605270736.c94e9573)
Changes since v0.6.3-nightly.202605250745.b5855692:
e83ac82 Address PR review comments
7e99cdc Restore archived v2 transcript reads
267b823 Remove E2E checkpoint v2 modes
f112e3d Remove attach v2 fallback tests
e74c776 Remove archived v2 full ref reads
156e052 Remove stale custom ref cleanup tests
98ae92c Bump the go-dependencies group across 1 directory with 4 updates
d1f0497 search: add --insecure-http-auth flag for split-host local-dev parity
33daf20 recap: surface token-resolution errors verbatim instead of mislabelling
de4d3bd Bump auth-go v0.3.3 → v0.3.4
13c3094 Remove v2 rotation cleanup and doctor logic
d8d1fde Bump github/codeql-action from 4.35.4 to 4.36.0
d792e11 Open verification_uri_complete on login when the AS supplies one
a2afc47 Match v2 provider paths to OIDC-standard discovery; route API tokens to data host
6f6fcdc Address Copilot review: strip path from TokenForResource resources, clamp secondsUntil
3099bcc Thread --insecure-http-auth through to the tokenmanager
cebf48a Omit Authorization header when bearer token is empty
8e908d7 Accept all opaque tokens in validateReceivedToken, reject only alg:none
eabebe7 Canonicalise AuthBaseURL to match tokenmanager's internal normalisation
a9f5f5b Thread --insecure-http-auth through to deviceflow.Client
2365cde Validate received login token before persisting (alg:none, iss, exp)
5b5f6bd Route data-API callers through TokenForResource
49dca72 Integrate auth-go library: deviceflow shim + tokenstore.Store + RFC 8693 exchange
80f5281 Route auth-token management via configurable path + reject empty bearers
901889f Add provider routing table for v1/v2 device-flow surfaces
500428b Split auth issuer from data API origin