Remove deprecated API-key aliases and complete AgentID rename

[Copilot]

This change removes duplicate deprecated API-key forwarding functions that were kept after the AgentID rename, and migrates remaining usage to the canonical AgentID APIs. It also completes the unfinished rename of random key generation to the AgentID naming convention.

• Problem summary

  • The codebase still exposed four old API-key-style entry points (three pure aliases plus one old-named generator), creating API surface duplication and ongoing cleanup debt.

• Alias/API surface cleanup

  • Removed deprecated wrappers:
    • auth.ValidateAPIKey → use auth.ValidateAgentID
    • (*config.Config).GetAPIKey → use (*config.Config).GetAgentID
    • config.GetGatewayAPIKeyFromEnv → use config.GetGatewayAgentIDFromEnv
  • Updated in-code references/comments to point to AgentID APIs.

• Generator rename completion

  • Renamed auth.GenerateRandomAPIKey to auth.GenerateRandomAgentID.
  • Updated the startup generation call path in internal/cmd/root.go to use the new symbol.

• Test alignment

  • Updated random-agent-ID tests to the new function name.
  • Removed the now-obsolete alias test for ValidateAPIKey.

// before
randomKey, err := auth.GenerateRandomAPIKey()

// after
randomKey, err := auth.GenerateRandomAgentID()

[Copilot]

Pull request overview

This PR continues the AgentID migration by removing deprecated API-key alias entry points, updating remaining call sites to use the canonical AgentID APIs, and completing the random key generator rename to match the AgentID naming convention.

Changes:

• Removed deprecated alias functions for API-key-style accessors/validators in internal/auth and internal/config.
• Renamed the random key generator from GenerateRandomAPIKey to GenerateRandomAgentID and updated the startup call path.
• Aligned tests with the new generator name and removed the obsolete alias test.

Show a summary per file

File	Description
internal/server/middleware.go	Updates internal/auth API reference in the auth middleware comment.
internal/config/config_env.go	Removes deprecated GetGatewayAPIKeyFromEnv wrapper.
internal/config/config_core.go	Removes deprecated (*Config).GetAPIKey wrapper.
internal/cmd/root.go	Switches startup random generation call to GenerateRandomAgentID.
internal/auth/header.go	Removes deprecated ValidateAPIKey wrapper; renames random generator to GenerateRandomAgentID.
internal/auth/header_test.go	Removes the now-obsolete ValidateAPIKey alias test.
internal/auth/apikey_test.go	Renames random-generator tests to use GenerateRandomAgentID.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 7/7 changed files
• Comments generated: 2

[lpcox]

@copilot resolve the merge conflicts in this pull request and address review feedback

[Copilot]

@copilot resolve the merge conflicts in this pull request and address review feedback

Done in d1278af: I merged origin/main, resolved the conflicts, updated the conflicting review-comment text in internal/auth/header.go and internal/server/middleware.go, and fixed a merge-introduced duplicate extractSessionIDFromRequest in internal/server/session.go. Validation passed (go test ./internal/auth ./internal/server, make agent-finished, and parallel validation).