login: API key not validated (health endpoint used instead of authenticated route)

[polldo]

Hey folks!
While checking the project I noticed something about the health endpoint:

• The CLI currently uses client.health() to “validate” the API key, but /health seems public and doesn’t actually check the token — so login prints “Key accepted” even if the key is invalid.
• Minor note:/health also returns DB status (database_connected), which might be better kept out of public endpoints (not critical though).

It might be worth it to validate the API key via an authenticated endpoint (e.g. /me, /auth/validate, etc.), and optionally keep /health minimal.