Fix auth/runtime issues and add side-aware targeting

[igormf]

Summary

This PR fixes several live-runtime issues in eightctl and adds side-aware household targeting for split and solo setups.

Changes

• fix OAuth login payload/client credential handling
• handle gzip-compressed API responses correctly
• bound retry behavior so bad auth / 4xx responses do not hammer the API into rate limiting
• make token cache key handling safer on Windows
• switch household/user resolution to the working Eight Sleep endpoints
• add side-aware target discovery with left, right, and inferred solo
• make status show discovered household targets by default
• make on, off, and temp target all discovered users by default unless narrowed with --side or --target-user-id
• allow negative temperature values like eightctl temp -40 without --
• document the new targeting behavior
• fix golangci-lint config/CI to use config v2 with the matching v2 binary

Verification

• gofumpt -l .
• golangci-lint run ./...
• go test ./...

Notes

• .vscode debugger config was kept local and not included in this PR.

[igormf]

my bot did all the linting / PR-issuing (thanks god we dont have to do any of that now), but here are some more info:

this binary wasn't working at all as of today (april 13th 2026). oauth was broken, after I fixed it, it had old api syntax, after I fixed it, the test cases had windows throwing errors... all are fixed now

plus, the new eight sleep apps allow you to split your bed in two sides, so I added the feature where you can either turn both sides on/off/set temp, or a specific side.

[igormf]

@steipete just realized there were like 10 other PR issued to fix some of these. maybe you need some help parsing these things? or is this project dead? I was brought here by a std skill issued with openclaw, so maybe it needs to be removed from there (or fixed in here)

[omarshahine]

Thanks for the comprehensive PR, @igormf! The side-aware targeting and enhanced sleep metrics are great features. I'm closing this in favor of #24 for the auth/gzip fixes, but the targeting and metrics work here is valuable — would you consider opening a separate feature PR for the side-aware targeting once #24 is merged? That would make it easier to review and land.

I'm a new maintainer helping out, and we're working on getting the core fixes released first, then we can layer on the feature improvements. Thanks for the contribution! 🙏

[igormf]

@omarshahine thank god someone showed up!

I split the feature work onto a separate branch: igormf:feat/side-aware-targeting-followup.

It’s intentionally stacked on top of #24 so the auth/gzip/runtime fixes stay isolated from the side-aware targeting and trends/presence work. I’ve verified the split branch locally with go test ./... and golangci-lint run ./... on Windows.

Once #24 lands, I can open or retarget a clean feature PR from that branch.

[omarshahine]

Sounds great!

[omarshahine]

Hey @igormf — #24 and #26 (away mode) are both merged now. Main is up to date, so whenever you're ready to open the side-aware targeting PR from feat/side-aware-targeting-followup, go for it!