- Mount /api/v1/admin routes in app builder
- Instantiate BaserowAdminClient and inject it into the container
- Add BASEROW_USER_AUTH_NOT_CONFIGURED error code
- Fix duplicate /api prefix in token-auth and token-refresh URLs
Service account pattern resolves 401 PERMISSION_DENIED on Baserow metadata
endpoints (/api/database/views/table/:id/, /api/database/tables/:id/) which
reject DB tokens. A dedicated Baserow user account logs in via token-auth,
JWT cached in memory with mutex-protected refresh before expiry.
Fallback graceful: if BASEROW_USER_EMAIL/PASSWORD absent, CRUD rows still work,
metadata endpoints return 500 BASEROW_USER_AUTH_NOT_CONFIGURED.
417 tests pass (was 392, +25). 0 TS errors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
