chore: use lastTokenPart as stable key for personal access tokens list

[ScriptShah]

Proposed changes (including videos or screenshots)

This PR replaces createdAt with lastTokenPart as the React key for rows in the Personal Access Tokens list.

Using createdAt as a key is not guaranteed to be unique or stable, especially if tokens are regenerated or reordered. lastTokenPart provides a stable and unique identifier, making it more appropriate for use as a React key and aligning the implementation with React best practices.

This change does not introduce user-facing behavior changes and is categorized as a small internal improvement (chore).

---

Issue(s)

Closes #38563

---

Steps to test or reproduce

1. Navigate to Account → Personal Access Tokens (/account/tokens).
2. Create multiple personal access tokens.
3. Open the browser DevTools and inspect the rendered AccountTokensRow components.
4. Confirm that each row now uses lastTokenPart as the React key instead of createdAt.

There should be no visible UI changes, but the internal rendering now uses a stable key.

---

Further comments

This is a small, isolated code quality improvement to ensure stable and predictable list rendering in accordance with React best practices. No changeset is included, as this does not introduce a user-facing change or require a version bump.

Summary by CodeRabbit

• Bug Fixes
  • Fixed token list rendering to ensure proper display updates when managing account tokens.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: a501c64

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The React element key for rendering AccountTokensRow in the Personal Access Tokens table was updated from createdAt to lastTokenPart to address React reconciliation stability by using a more appropriate identifier.

Changes

Cohort / File(s)	Summary
React Key Update apps/meteor/client/views/account/tokens/AccountTokensTable/AccountTokensTable.tsx	Changed AccountTokensRow key from filteredToken.createdAt to filteredToken.lastTokenPart for improved list reconciliation stability.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A token key, once bound to time,
Now dances to a better chime,
React's lists now render true,
Each row unique, fresh and new! 🔑✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: replacing the React key from createdAt to lastTokenPart for the personal access tokens list.
Linked Issues check	✅ Passed	The PR successfully addresses issue #38563 by replacing the unstable createdAt key with lastTokenPart, a stable unique identifier for token rows.
Out of Scope Changes check	✅ Passed	The PR contains only the targeted change to the React key in AccountTokensTable.tsx, with no extraneous modifications outside the scope of issue #38563.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

No actionable comments were generated in the recent review. 🎉

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f5d4ecd and a501c64.

📒 Files selected for processing (1)

• apps/meteor/client/views/account/tokens/AccountTokensTable/AccountTokensTable.tsx

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/account/tokens/AccountTokensTable/AccountTokensTable.tsx

🧠 Learnings (1)

📚 Learning: 2026-01-17T01:51:47.764Z

Learnt from: tassoevan
Repo: RocketChat/Rocket.Chat PR: 38219
File: packages/core-typings/src/cloud/Announcement.ts:5-6
Timestamp: 2026-01-17T01:51:47.764Z
Learning: In packages/core-typings/src/cloud/Announcement.ts, the AnnouncementSchema.createdBy field intentionally overrides IBannerSchema.createdBy (object with _id and optional username) with a string enum ['cloud', 'system'] to match existing runtime behavior. This is documented as technical debt with a FIXME comment at apps/meteor/app/cloud/server/functions/syncWorkspace/handleCommsSync.ts:53 and should not be flagged as an error until the runtime behavior is corrected.

Applied to files:

• apps/meteor/client/views/account/tokens/AccountTokensTable/AccountTokensTable.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: 📦 Build Packages

🔇 Additional comments (1)

apps/meteor/client/views/account/tokens/AccountTokensTable/AccountTokensTable.tsx (1)

172-172: The key change to lastTokenPart is correct and appropriate. The token type (IPersonalAccessToken) does not have an _id field—it only contains: type, createdAt, lastTokenPart, name, and bypassTwoFactor. Using lastTokenPart (the last 6 characters of the token) is the designated unique identifier for personal access tokens and is significantly better than the previous createdAt, which could easily collide when multiple tokens are created in the same millisecond.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 1 file

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.43%. Comparing base (f5d4ecd) to head (a501c64).

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #38630      +/-   ##
===========================================
- Coverage    70.45%   70.43%   -0.02%     
===========================================
  Files         3174     3174              
  Lines       111005   111005              
  Branches     20000    20007       +7     
===========================================
- Hits         78207    78187      -20     
- Misses       30758    30775      +17     
- Partials      2040     2043       +3     

Flag	Coverage Δ
unit	71.36% <ø> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.