pcli/openspec/changes/archive/2026-02-11-replace-auth-with-api-key/tasks.md

1. Client Authentication

• 1.1 Rename Token and HttpOnlyToken fields to single APIKey field in Client struct in client/client.go
• 1.2 Update NewClient constructor to accept (baseURL, apiKey string, logger *slog.Logger) — remove httpOnlyToken parameter
• 1.3 Replace Authorization: Bearer header with x-api-key header in Do() method
• 1.4 Remove OIDC cookie logic (httpOnlyToken cookie attachment) from Do() method

2. CLI Flags and Environment Variables

• 2.1 Rename flagToken to flagAPIKey and flagHttpToken removal in cmd/root.go
• 2.2 Replace --token flag with --api-key flag and remove --http-token flag in cmd/root.go
• 2.3 Replace PLANKA_TOKEN env var lookup with PLANKA_API_KEY in PersistentPreRunE
• 2.4 Remove PLANKA_HTTP_TOKEN env var lookup from PersistentPreRunE
• 2.5 Update error message to reference PLANKA_API_KEY and --api-key
• 2.6 Update NewClient call site in PersistentPreRunE to match new constructor signature
• 2.7 Remove OIDC-related debug log line (oidc_mode slog field)

3. Documentation

• 3.1 Update README.md authentication section to reference PLANKA_API_KEY and --api-key