Demo mode: keys are stored in server memory per browser session (cookie). They work for /api/reasoning and /api/robot while Supabase is off. Production uses Postgres + service role.
Demo session. Keys live in server memory (scoped to your shynvo_dev_tid cookie) and authenticate /api/reasoning/* and /api/robot/* while Supabase auth is off. They disappear on deploy/restart; connect Supabase for real persistence.
Use Authorization: Bearer <key> or header X-Shynvo-Api-Key on same-origin requests to /api/reasoning/… and /api/robot/….
No active keys yet.