UI Fix

[soderlind]

This pull request introduces a significant UI/UX update for MCP (Model Context Protocol) token management in the WP Loupe plugin, along with improvements to access control and security. The changes focus on making token management more intuitive, adding features for hybrid anonymous/authenticated access, and enhancing security for API pagination. The admin interface is also standardized for consistency.

Key changes include:

MCP Token Management UI Enhancements

• Redesigned the MCP token management interface: added scope selection with "all/none" buttons, TTL presets (including indefinite/never expires), last-used tracking, copy-once display, and a "revoke all" action. Token scopes are now shown as badges, and token expiration is clearly indicated. [1] [2] [3] [4] [5] [6] [7] [8] [9]
• Removed the token filter UI—now all tokens are displayed together, sorted by last-used and issued date. [1] [2]

Access Model and Security Improvements

• Implemented a hybrid anonymous vs authenticated (scoped token) access model, with separate rate limits and clearer descriptions in the admin UI.
• Added secure HMAC-signed pagination cursors for searchPosts API.

Admin UI/UX Standardization

• Wrapped MCP token tables and forms in a unified panel container with a consistent max-width (840px), reordered admin headings, and standardized Save button placement. [1] [2] [3] [4] [5]
• Added inline help and improved descriptions for rate limits, scopes, and TTL. [1] [2]

Miscellaneous and Documentation

• Updated CHANGELOG.md for version 0.5.1, documenting all major UI, access model, and security changes.
• Updated composer.json and README.md to reflect version 0.5.1 and PHP 8.3 requirement. [1] [2]