fix: use schema-based deleteKey and reactive key list refresh

- Add deleteKeySchema for proper FormData validation
- Return { deleted: true } from deleteKey for change tracking
- Use $state for keysPromise to refresh list after create/delete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

web/src/lib/api/api-keys.remote.ts

@@ -1,6 +1,6 @@
 import { form, getRequestEvent, query } from '$app/server';
 import { auth } from '$lib/server/auth';
-import { createKeySchema } from '$lib/schema/api-keys';
+import { createKeySchema, deleteKeySchema } from '$lib/schema/api-keys';
 
 export const listKeys = query(async () => {
 	const { request } = getRequestEvent();
@@ -16,12 +16,11 @@ export const createKey = form(createKeySchema, async ({ name }) => {
 	return result;
 });
 
-export const deleteKey = form(async () => {
+export const deleteKey = form(deleteKeySchema, async ({ keyId }) => {
 	const { request } = getRequestEvent();
-	const formData = await request.clone().formData();
-	const keyId = formData.get('keyId') as string;
 	await auth.api.deleteApiKey({
 		body: { keyId },
 		headers: request.headers
 	});
+	return { deleted: true };
 });

web/src/lib/schema/api-keys.ts

@@ -3,3 +3,7 @@ import { object, string, pipe, minLength } from 'valibot';
 export const createKeySchema = object({
 	name: pipe(string(), minLength(1))
 });
+
+export const deleteKeySchema = object({
+	keyId: pipe(string(), minLength(1))
+});