From d2846ac6aea70d6dd2fbed0367f1dc0afcc16ffb Mon Sep 17 00:00:00 2001
From: Grant <grant@ten31.xyz>
Date: Tue, 16 Jun 2026 13:05:26 -0500
Subject: [PATCH] Fix stale scoped-API-key panel note in api_keys.rs doc
 comment

---
 licensing-service/src/api/api_keys.rs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/licensing-service/src/api/api_keys.rs b/licensing-service/src/api/api_keys.rs
index 3694cef..294b3a3 100644
--- a/licensing-service/src/api/api_keys.rs
+++ b/licensing-service/src/api/api_keys.rs
@@ -5,10 +5,9 @@
 //! script a credential that does only what it needs to. Operator-friendly
 //! flow:
 //!
-//!   1. Operator mints a new key via `POST /v1/admin/api-keys`, picking a role
-//!      from a fixed list (Read-only / License issuer / Support / Full admin).
-//!      (A clickable Settings → API keys panel in the admin SPA is planned;
-//!      until then keys are minted through the API.)
+//!   1. Operator mints a new key via the Settings → "Scoped API keys" panel
+//!      in the admin SPA (or directly via `POST /v1/admin/api-keys`), picking a
+//!      role from a fixed list (Read-only / License issuer / Support / Full admin).
 //!   2. The create response returns the raw token ONCE. The token never
 //!      appears in any response afterward — only its sha256 hash is stored.
 //!   3. Agent uses `Authorization: Bearer <token>` like the master key. Each