feat: support cookie/session-based auth in generated CLI clients

[NandishNaik01]

Feature

Generated CLI clients currently only support token-based auth (Authorization: Bearer or X-API-Key headers). APIs that use cookie-based session auth (like genalphacli itself) require sending Cookie: session_id={value} instead.

Current behavior

The generated client.py always sends:

headers["Authorization"] = f"Bearer {token}"

For cookie-based APIs, this results in 401 even with a valid session token.

Expected behavior

When the API uses session/cookie auth:

• login command should store the session cookie from the Set-Cookie response header
• client.py should send Cookie: session_id={value} instead of Authorization: Bearer
• Auth type detection should identify cookie-based auth (look for Set-Cookie in login response, HTTPBearer vs session middleware in source)

Workaround

Currently users can use curl -b "session_id={token}" directly. The auth.json stores the token but the client sends it in the wrong header.

Implementation notes

• Add AUTH_TYPE = "cookie" support in client.py.j2
• _build_headers() should send Cookie header when auth type is cookie
• The config detector could detect session-based auth from patterns like SessionMiddleware, session_cookie_name, httponly in source
• The login command should capture Set-Cookie from the response headers, not just JSON body

Related

• Auth lifecycle PR: feat: CLI & MCP auth lifecycle — automatic token management #19