## Description api-key module exists with files. Complete implementation: scoped API key generation, rotation, revocation, and usage tracking. **Module**: src/api-key/ ## Acceptance Criteria - [ ] ApiKey entity: id, userId, name, keyHash, keyPrefix (vlt_...), scopes, isActive, lastUsedAt, expiresAt - [ ] POST /api-keys — generate key with name, scopes, optional expiration - [ ] Return full key only once at creation - [ ] Scopes: read:escrows, write:escrows, read:analytics, admin - [ ] GET /api-keys (list with prefix only) - [ ] PATCH /api-keys/:id (update name/scopes/status) - [ ] DELETE /api-keys/:id (revoke) - [ ] POST /api-keys/:id/rotate (new key, deactivate old) - [ ] ApiKeyGuard middleware for X-API-Key header - [ ] Coexists with JWT auth - [ ] Bcrypt hashed storage - [ ] Async lastUsedAt tracking - [ ] Separate rate limiting (200 req/min) - [ ] Max 5 active keys per user - [ ] Auto-deactivate expired keys - [ ] Unit and E2E tests **Points**: 150
Description
api-key module exists with files. Complete implementation: scoped API key generation, rotation, revocation, and usage tracking.
Module: src/api-key/
Acceptance Criteria
Points: 150