refactor: remove legacy kms

[nimish-ks]

🔍 Overview

The Phase Console codebase contains a legacy KMS (Key Management Service) product that pre-dates the current secrets management platform. This legacy product included a KMS REST endpoint for serving wrapped key shares, Cloudflare KV for edge caching those shares, DynamoDB/PynamoDB for KMS access logging, and related frontend UI (KMS logs panel, KMS tokens panel, rotate app keys). None of this is used by the current secrets management product and adds unnecessary complexity, dead code, and unused dependencies.

💡 Proposed Changes

Backend

• Removed legacy KMS REST endpoint (/kms/<app_id>) and the api/views/kms.py view
• Removed Cloudflare KV module (backend/api/kv.py) — write/delete/purge operations for kms.phase.dev edge caching. Note: Cloudflare Workers/Pages syncing integrations (current product feature) are untouched
• Removed KMS GraphQL types and resolvers — KMSLogType, ChartDataPointType, TimeRange, KMSLogsResponseType, kms_logs query, app_activity_chart query, and their resolvers from schema.py and types.py
• Removed RotateAppKeysMutation — only used by the legacy KMS panel
• Removed KV operations from DeleteAppMutation and App.save() override (KV write on save)
• Removed DYNAMODB and CLOUDFLARE config blocks from settings.py
• Kept backend/logs/ as a minimal app with only migrations preserved (including a new 0009_delete_kmsdblog migration) to ensure existing deployments can cleanly drop the kmsdblog table
• Removed 14 unused Python packages: pynamodb, Twisted ecosystem (9 packages), pyOpenSSL, async-timeout, autopep8, pycodestyle
• No changes to App model database fields — app_token, wrapped_key_share, etc. remain in the schema

Frontend

• Deleted KMS UI components: KmsLogs.tsx, getAppKmsLogs.gql, rotateAppKeys.gql, getAppActivityChart.gql
• Simplified logs page — removed KMS tab, now renders only SecretLogs
• Simplified tokens page — removed KmsPanel, RotateAppDialog, and panel switcher sidebar; now renders only SecretTokens
• Updated DeleteAppDialog warning text to reference secrets instead of KMS keys
• Removed 3 unused npm packages: install, jsonwebtoken, @types/jsonwebtoken
• Regenerated GraphQL schema and types

📝 Release Notes

• Removed legacy Phase KMS product code, UI, and dependencies
• Reduced backend Docker image size (~90MB → ~76MB compressed)
• No user-facing functionality changes — the KMS product was not actively used
• Database migration included to cleanly drop the kmsdblog table on existing deployments

❓ Open Questions

• None

🧪 Testing

• Backend: python manage.py check passes
• Backend: Docker staging build succeeds (370MB / ~76MB compressed)
• Frontend: Docker staging build succeeds (305MB / ~69MB compressed)
• Grep verification: zero references to removed KMS code patterns across the codebase (excluding migration files)

🎯 Reviewer Focus

• backend/backend/graphene/mutations/app.py — removal of RotateAppKeysMutation and KV operations from DeleteAppMutation
• backend/backend/schema.py — removal of KMS query fields and resolvers
• frontend/app/[team]/apps/[app]/access/tokens/page.tsx — simplified from dual-panel to single SecretTokens view
• backend/logs/migrations/0009_delete_kmsdblog.py — migration to drop the legacy table

➕ Additional Context

• Legacy service tokens (ServiceToken model, frontend service tokens tab) are kept and will be phased out separately
• All App model fields (app_token, wrapped_key_share, app_seed, app_version) are preserved — no DB schema changes to the App table
• AWS KMS CMK option for AWS Secrets Manager syncing is unrelated to Phase KMS and is untouched
• Cloudflare Workers/Pages syncing integrations (current product) are untouched — only the legacy KV edge caching was removed

✨ How to Test the Changes Locally

1. docker compose -f dev-docker-compose.yml up --build
2. Verify the app starts without errors
3. Navigate to any app's Logs page — should show only secret event logs (no KMS tab)
4. Navigate to any app's Access > Service Tokens page — should show only secret tokens (no KMS panel)
5. Verify app creation and deletion still work

💚 Did You...

• Ensure linting passes (code style checks)?
• Update dependencies and lockfiles (if required)
• Update migrations (if required)
• Regenerate graphql schema and types (if required)
• Verify the app builds locally?
• Manually test the changes on different browsers/devices?