feat: add regenerate API key button to dashboard settings

@zen-agentchecks n/achecks…zen/add-regenerate-api-key-cf9135 → main5 files · +351 −22updated 2mo ago

▸Description· 3 comments · 1 noise

Description

Adds a "Regenerate API Key" button for the X-CONSUMER-API-KEY on the Install Composio overview page (Connect > Clients), right next to the existing copy and reveal icons in the MCP card. Also adds regeneration to the Settings > API Keys page for project API keys.

Changes:

Install Composio page (x-consumer-api-key)

Added a RefreshCw (regenerate) icon button next to the copy/reveal buttons for the X-CONSUMER-API-KEY in the MCP card (client-showcase.tsx)
Shows a confirmation dialog: "This will invalidate your existing API key. Any integrations using the current key will stop working."
Uses the existing trpc.consumer.regenerateConsumerKey mutation (same as TokenBanner on individual client install pages)

Settings > API Keys page (project API keys)

New RegenerateApiKeyDialog component with safe create-first-then-revoke flow
Added RefreshCw (regenerate) icon button to each row in the API keys table
If revoke step fails after creating new key, messaging accurately reflects that the old key still needs manual revocation
Added analytics events: DASHBOARD_API_KEY_REGENERATE_CLICKED, DASHBOARD_API_KEY_REGENERATE_CONFIRMED, DASHBOARD_API_KEY_REGENERATED

How did I test this PR

Ran doppler run -- pnpm lint — no new lint errors in changed files
Ran doppler run -- pnpm typecheck — no new type errors in changed files
Codex review: 3 iterations, all P1 issues fixed (non-atomic flow → create-first, key display on partial failure, accurate revocation messaging)
CI: Only workflow (tenant-scope-audit.yml) triggers on src/server/** changes — not applicable to this PR
Browser E2E: Blocked by pre-existing sandbox infrastructure issues (missing @composio/lib and @launchdarkly/* npm packages). Needs manual verification after merge.

Triggered by: Palash Kala palash@composio.dev | Source: slack Session: https://zen-api-production-4c98.up.railway.app/dashboard/#/chat/zen-3f21da1d0e6f

@zen-agent2mo ago

Re: Bugbot comment on non-atomic regeneration — Already addressed in follow-up commits:

ade4dfed — Reordered to create-first-then-revoke, so if create fails the old key is untouched
72f8d44a — setNewKey() called immediately after creation so the user can always copy the new key even if revoke fails
2e764091 — Added oldKeyRevoked state tracking with conditional messaging — shows accurate revocation status

The flow is now safe: create new key → capture it in UI → revoke old key. Worst case on partial failure: user has two working keys (safe, can manually revoke the old one).

@zen-agent2mo ago

Post-PR Status Update

Codex Review: 3 iterations completed, all P1 issues fixed:

Iter 1: Reordered to create-first-then-revoke (prevents key loss)
Iter 2: Show new key immediately after creation (survives revoke failure)
Iter 3: Track revocation status for accurate messaging

CI: Only applicable workflow (tenant-scope-audit.yml) triggers on src/server/** — not relevant to this PR (pure frontend changes in src/app/).

Lint/Typecheck: Pass for all changed files. Pre-existing errors in other files only.

PR Comments: Bugbot comment addressed — the issue it flagged was already fixed in follow-up commits.

Browser E2E: Blocked by pre-existing sandbox infrastructure issues:

@composio/lib@0.1.1 missing from npm registry (404)
@launchdarkly/toolbar, launchdarkly-react-client-sdk not installed
Dashboard dev server returns 500 on all pages due to module resolution failures
Needs manual verification after merge on staging/preview deployment

No remaining blockers besides the E2E video (infrastructure issue, not code issue).

▸ 1 bot/status comment hidden

@vercel[bot]2mo ago

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dashboard	Ready	Preview, Comment	Apr 9, 2026 8:25am

loading diff…

Description

Changes:

Install Composio page (x-consumer-api-key)

Added a RefreshCw (regenerate) icon button next to the copy/reveal buttons for the X-CONSUMER-API-KEY in the MCP card (client-showcase.tsx)

Shows a confirmation dialog: "This will invalidate your existing API key. Any integrations using the current key will stop working."

Uses the existing trpc.consumer.regenerateConsumerKey mutation (same as TokenBanner on individual client install pages)

Settings > API Keys page (project API keys)

New RegenerateApiKeyDialog component with safe create-first-then-revoke flow

Added RefreshCw (regenerate) icon button to each row in the API keys table

If revoke step fails after creating new key, messaging accurately reflects that the old key still needs manual revocation

Added analytics events: DASHBOARD_API_KEY_REGENERATE_CLICKED, DASHBOARD_API_KEY_REGENERATE_CONFIRMED, DASHBOARD_API_KEY_REGENERATED

How did I test this PR

Ran doppler run -- pnpm lint — no new lint errors in changed files

Ran doppler run -- pnpm typecheck — no new type errors in changed files

Codex review: 3 iterations, all P1 issues fixed (non-atomic flow → create-first, key display on partial failure, accurate revocation messaging)

CI: Only workflow (tenant-scope-audit.yml) triggers on src/server/** changes — not applicable to this PR

Browser E2E: Blocked by pre-existing sandbox infrastructure issues (missing @composio/lib and @launchdarkly/* npm packages). Needs manual verification after merge.

Post-PR Status Update

Codex Review: 3 iterations completed, all P1 issues fixed:

Iter 1: Reordered to create-first-then-revoke (prevents key loss)

Iter 2: Show new key immediately after creation (survives revoke failure)

Iter 3: Track revocation status for accurate messaging

CI: Only applicable workflow (tenant-scope-audit.yml) triggers on src/server/** — not relevant to this PR (pure frontend changes in src/app/).

Lint/Typecheck: Pass for all changed files. Pre-existing errors in other files only.

PR Comments: Bugbot comment addressed — the issue it flagged was already fixed in follow-up commits.

Browser E2E: Blocked by pre-existing sandbox infrastructure issues:

@composio/lib@0.1.1 missing from npm registry (404)

@launchdarkly/toolbar, launchdarkly-react-client-sdk not installed

Dashboard dev server returns 500 on all pages due to module resolution failures

Needs manual verification after merge on staging/preview deployment

No remaining blockers besides the E2E video (infrastructure issue, not code issue).

Project

Deployment

Actions

Updated (UTC)

dashboard

Ready

Preview, Comment

Apr 9, 2026 8:25am