Add `grace_period` option to token regeneration dialog

Miroslav Vadkertirequested to merge
TFT-4543-token-regeneration-grace-period into main

Summary

Add a grace period option to the token regeneration dialog allowing users to keep the previous API key valid for a transition period after regeneration. This enables seamless key rotation without downtime for clients still using the old key.

Changes

  • Add a "Previous Key Grace Period" select dropdown to the regenerate token dialog with preset options: no grace period, 1 hour, 6 hours, 1 day, 1 week, 1 month
  • Pass the selected grace_period value (in seconds) to the POST /v0.1/tokens/{id}/regenerate API endpoint
  • Default is "No grace period" (previous key immediately invalidated, preserving current behavior)
  • Use value="0" as the sentinel for "No grace period" since 0 seconds is semantically equivalent to no grace period and avoids Radix UI's empty string restriction on Select.Item
  • Add previous_api_key_expiration_datetime to the Token model
  • Display active grace period info as a small note in the token listing (e.g. previous 2026-04-16 14:30 UTC), hidden once the previous key has expired
  • Filter out expired grace periods server-side in get_tokens to avoid stale client-side datetime comparisons
  • Add white_space="nowrap" to token table cells to prevent column wrapping
  • Use rx.container size="4" for wider table layout

Depends on API MR: nucleus!302 (merged)

Resolves: TFT-4543

Assisted-by: Claude Code

Edited by Miroslav Vadkerti

Merge request reports