Fix auth token precedence: use resolveAPIKey() in getDefaultRequestOptions

getDefaultRequestOptions checked HYPEMAN_API_KEY and config api_key but
ignored HYPEMAN_BEARER_TOKEN, while resolveAPIKey gave HYPEMAN_BEARER_TOKEN
highest precedence. Commands like cp/exec that use both paths could
authenticate SDK calls and WebSocket calls with different tokens.

Delegate to resolveAPIKey() so both paths share the same precedence:
HYPEMAN_BEARER_TOKEN > HYPEMAN_API_KEY > config api_key.

Author: cursoragent

pkg/cmd/cmdutil.go

@@ -39,12 +39,11 @@ func getDefaultRequestOptions(cmd *cli.Command) []option.RequestOption {
 		opts = append(opts, option.WithBaseURL(cfg.BaseURL))
 	}
 
-	// Precedence for API key: env var > config file
+	// Precedence for API key: HYPEMAN_BEARER_TOKEN > HYPEMAN_API_KEY > config file
 	// (no CLI flag for API key for security reasons)
-	if apiKey := os.Getenv("HYPEMAN_API_KEY"); apiKey != "" {
+	// Uses resolveAPIKey() to keep precedence consistent with WebSocket auth.
+	if apiKey := resolveAPIKey(); apiKey != "" {
 		opts = append(opts, option.WithAPIKey(apiKey))
-	} else if cfg.APIKey != "" {
-		opts = append(opts, option.WithAPIKey(cfg.APIKey))
 	}
 
 	return opts