identity: delegated grant-verification cache with generation invalidation (Phase 3 complete, +9)
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 55s
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 55s
cache.sx — a process wrapping the token registry, memoising introspect. Revocation stays real via generation invalidation: any revoke/refresh bumps a generation counter, so every cached positive instantly becomes a miss and re-validates against the live registry. A revoked token never reads valid out of cache, not for a millisecond. stats() exposes hits/misses. New tests/cache.sx. 101/101. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -19,7 +19,7 @@ through the event log, all authorization questions delegated to `acl-on-sx`.
|
||||
|
||||
## Status (rolling)
|
||||
|
||||
`bash lib/identity/conformance.sh` → **92/92** (Phases 1–2 + SSO + membership)
|
||||
`bash lib/identity/conformance.sh` → **101/101** (Phases 1–3 complete)
|
||||
|
||||
## Ground rules
|
||||
|
||||
@@ -70,7 +70,7 @@ lib/identity/api.sx ── (identity/login) (identity/grant?) (identity/revoke)
|
||||
## Phase 3 — Silent SSO + membership
|
||||
- [x] `prompt=none` cross-app login (one session, many clients)
|
||||
- [x] membership state + per-app grant projection
|
||||
- [ ] grant verification delegated cache (mirror Redis-cache pattern)
|
||||
- [x] grant verification delegated cache (mirror Redis-cache pattern)
|
||||
|
||||
## Phase 4 — Audit + federation
|
||||
- [ ] every issue/refresh/revoke is a `persist` event; `(identity/audit subject)`
|
||||
@@ -78,6 +78,13 @@ lib/identity/api.sx ── (identity/login) (identity/grant?) (identity/revoke)
|
||||
- [ ] tests: audit completeness, cross-instance subject mapping
|
||||
|
||||
## Progress log
|
||||
- 2026-06-07 — `cache.sx`: delegated grant-verification cache (Redis-cache
|
||||
pattern) wrapping the token registry. introspect memoised; generation
|
||||
invalidation keeps revocation real — any revoke/refresh bumps a generation
|
||||
counter so every cached positive instantly becomes a miss and re-validates
|
||||
against the live registry. A revoked token never reads valid from cache.
|
||||
stats() exposes hits/misses. New tests/cache.sx (9). **Phase 3 complete.**
|
||||
+9 → 101/101.
|
||||
- 2026-06-07 — `membership.sx`: coop membership as a guarded state machine
|
||||
(none→pending→active→lapsed⇄active, any→revoked terminal); invalid
|
||||
transitions are explicit `{error, CurrentStatus}`. `project(Subject, App)`
|
||||
|
||||
Reference in New Issue
Block a user