Bug: 'openfang stop' returns 401 Unauthorized when api_key is configured

[ntamero]

Bug Description

When api_key is set in config.toml, the openfang stop CLI command fails with 401 Unauthorized. The CLI does not pass the API key when communicating with the local daemon.

Steps to Reproduce

1. Set api_key = "..." in config.toml
2. Start daemon: openfang start
3. Try to stop: openfang stop

Expected Behavior

openfang stop should work — the CLI should read the api_key from config.toml and authenticate with the local daemon automatically.

Actual Behavior

✘ Shutdown request failed (401 Unauthorized)

This also causes openfang stop in update scripts to fail, leaving the binary locked ("Text file busy" error when trying to replace it).

Workaround

Use systemctl stop openfang or pkill -9 openfang instead.

Environment

• OpenFang v0.3.2 / v0.3.3
• Ubuntu 24.04
• api_key configured in config.toml for remote dashboard access

[jaberjaber23]

Fixed in v0.3.4. The cmd_stop() function was creating a bare HTTP client with no auth headers. Added read_api_key() that reads the api_key from ~/.openfang/config.toml and passes it as a Bearer header to the /api/shutdown endpoint. Tested live, openfang stop now works correctly when api_key is configured.