Fix token modal and session token issues

- Fix create token modal z-index so it's not covered by backdrop
- Rename session tokens from "login" to "Web Session" for clarity
- Delete old session tokens when logging in (prevents accumulation)
- Filter out session tokens from dashboard display (users only see
  their manually created API tokens)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/cmdforge/registry/app.py

@@ -1226,13 +1226,19 @@ def create_app() -> Flask:
             [publisher["id"]],
         )
 
+        # Delete any existing session tokens for this user (cleanup)
+        g.db.execute(
+            "DELETE FROM api_tokens WHERE publisher_id = ? AND name = 'Web Session'",
+            [publisher["id"]],
+        )
+
         token, token_hash = generate_token()
         g.db.execute(
             """
             INSERT INTO api_tokens (publisher_id, token_hash, name, created_at)
             VALUES (?, ?, ?, ?)
             """,
-            [publisher["id"], token_hash, "login", datetime.utcnow().isoformat()],
+            [publisher["id"], token_hash, "Web Session", datetime.utcnow().isoformat()],
         )
         g.db.commit()
 

src/cmdforge/web/routes.py

@@ -470,7 +470,9 @@ def dashboard_tokens():
     tools_status, tools_payload = _api_get("/api/v1/me/tools", token=token)
     tools = tools_payload.get("data", []) if tools_status == 200 else []
     token_status, token_payload = _api_get("/api/v1/tokens", token=token)
-    tokens = token_payload.get("data", []) if token_status == 200 else []
+    all_tokens = token_payload.get("data", []) if token_status == 200 else []
+    # Filter out session tokens (auto-created on login) from display
+    tokens = [t for t in all_tokens if t.get("name") not in ("Web Session", "login")]
     for item in tokens:
         token_id = str(item.get("id", ""))
         item["token_suffix"] = token_id[-6:] if token_id else ""

src/cmdforge/web/templates/dashboard/tokens.html

@@ -129,9 +129,9 @@
 
 <!-- Create Token Modal -->
 <div id="create-token-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog">
-    <div class="min-h-screen px-4 text-center">
+    <div class="min-h-screen px-4 text-center flex items-center justify-center">
         <div class="fixed inset-0 bg-black bg-opacity-50" onclick="closeCreateTokenModal()"></div>
-        <div class="inline-block w-full max-w-md my-8 text-left align-middle bg-white shadow-xl rounded-lg">
+        <div class="relative z-10 w-full max-w-md text-left bg-white shadow-xl rounded-lg">
             <form id="create-token-form" onsubmit="createToken(event)">
                 <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
 
@@ -172,9 +172,9 @@
 
 <!-- Token Created Modal (shows the token once) -->
 <div id="token-created-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog">
-    <div class="min-h-screen px-4 text-center">
+    <div class="min-h-screen px-4 text-center flex items-center justify-center">
         <div class="fixed inset-0 bg-black bg-opacity-50"></div>
-        <div class="inline-block w-full max-w-lg my-8 text-left align-middle bg-white shadow-xl rounded-lg">
+        <div class="relative z-10 w-full max-w-lg text-left bg-white shadow-xl rounded-lg">
             <div class="p-6">
                 <div class="flex items-center mb-4">
                     <div class="w-10 h-10 bg-green-100 rounded-full flex items-center justify-center">