turtini-dev serve — local dev with real Turtini org data

turtini-dev serve runs a local HTTP server that proxies api.turtini.com calls through your API key, with live reload over file changes. It's how you build an AI-coded site (Lovable, Bolt, v0, hand-rolled) against your real Turtini org data without ever putting an API key in the browser bundle.

Install (one-time):
npm install -g @turtini/cli

Run from your AI-coded site directory:
turtini-dev serve --dir ./dist --api-key turtini_<your-key>

…or use the saved CLI login + auto-detect the build dir:
turtini-dev login
turtini-dev serve

What it does:
• Serves your static build directory at http://localhost:3000 (override with --port)
• Proxies any request to /__turtini/* through to https://api.turtini.com/* — your client code calls fetch('/__turtini/v1/contacts') and the server injects the API key. The browser never sees the key.
• Watches the dir and refreshes the open tab on every file change (SSE-based)
• Auto-detects build directory: tries ./dist → ./build → ./public → cwd

Use it from your code:
// In your AI-coded site's app.js — no API key in the bundle:
const res = await fetch('/__turtini/v1/contacts')
const { data } = await res.json()
data.forEach(c => console.log(c.firstName, c.email))

Flags:
• --dir <path> Directory to serve (default: ./dist if present, else ./build, ./public, or .)
• --port <number> Port to listen on (default: 3000)
• --api-prefix <path> URL prefix the proxy listens on (default: /__turtini)
• --api-key <key> Override $TURTINI_API_KEY and the saved CLI login
• --api-url <url> Override the Turtini API base URL (default: https://api.turtini.com)
• --no-reload Disable the SSE live-reload watcher
• --spa Route 404s to /index.html for client-routed apps (React Router, Vue Router, etc.)

When you ship: the production version of your site can either be hosted on Turtini (see "Hosting a static site from GitHub") or anywhere else (Cloudflare Pages, Vercel, Netlify). Either way, change /__turtini/v1/* to https://api.turtini.com/v1/* and add Authorization headers via your hosting platform's secret-injection (Vercel env var, Cloudflare Worker, etc.) — never ship the bare API key in client code.

Companion command: turtini-dev whoami prints which org your saved CLI key is bound to. Use it to verify before connecting an integration.