Environment
Description
After I deleted my compromised API key from the OpenMind portal, the associated machine registration data and credit usage history were permanently deleted instead of being preserved.
Steps to Reproduce
- Register a machine with an API key on https://portal.openmind.org
- Use the machine with the API key (accumulate credit usage)
- Delete the API key from the portal (e.g., due to security compromise)
- Observe that the OM Agent and its credit history disappear on https://fabric.openmind.org
Expected Behavior
- API key should be invalidated/revoked
- Machine registration history should be preserved (marked as inactive)
- Credit usage history should remain visible for accounting purposes
Actual Behavior
- API key is deleted
- Machine completely disappears from the portal
- Credit usage history is lost
- Total credits displayed becomes inaccurate
Evidence
After API key deletion:
| Metric |
Expected |
Actual |
| Active Machines |
0/2 |
0/1 (one machine completely missing) |
| Total Credits Used |
1000+ |
703 (300+ credits lost with deleted machine) |
What's missing:
- Second registered machine - completely gone from portal
- 300+ credits used by that machine - not reflected in total
Proposed Fix
Implement soft-delete: Revoke API key → Mark machines as "Inactive" → Preserve all history
Severity
High - Data loss affecting user accounts and credit tracking
Environment
Description
After I deleted my compromised API key from the OpenMind portal, the associated machine registration data and credit usage history were permanently deleted instead of being preserved.
Steps to Reproduce
Expected Behavior
Actual Behavior
Evidence
After API key deletion:
What's missing:
Proposed Fix
Implement soft-delete: Revoke API key → Mark machines as "Inactive" → Preserve all history
Severity
High - Data loss affecting user accounts and credit tracking