- client.py: set apikey explicitly in _create_base_client headers (Kong needs it
on every request; for per-user clients apikey stays anon while Authorization
carries the user JWT). Fixes the 2 stale header unit tests that asserted apikey
in options.headers, and is robust against supabase-py default-header changes.
- test_dev_stack: exact == seed counts → >= baselines. The greenfield seed sets a
floor; additive exam-marker fixtures (S4-4 cohort) legitimately push live .94
counts above the old snapshot. >= still catches a broken/missing seed.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Pre-existing bug (E7): the whole file had doubled braces, so every dict literal
was a set containing a dict -> 'unhashable type: dict' at runtime, and log
f-strings printed literal {braces}. This broke StorageManager.upload_file /
list_bucket_contents / create_bucket / bucket-init for ALL callers (incl.
files.py uploads), not just exam scans. Mechanical de-double; no logic change.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
supabase-py injects apikey internally via create_client(url, key). Manually
setting headers['apikey'] caused PostgREST to log "Duplicate API key found /
JSON could not be generated" on every bootstrap request.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
