identity: subject-wide session management — sessions + logout_all (+8 tests)

api.sx gains sessions(Subject) (enumerate a subject's live sessions) and logout_all(Subject) ("log out everywhere") — revokes and deregisters every session the subject holds, auditing a logout per session, leaving other subjects' sessions untouched. Builds on registry.sessions_for. New tests/session_mgmt.sx. 193/193. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 03:16:21 +00:00
parent db885e15bc
commit b1f9c6bef0
6 changed files with 107 additions and 12 deletions
--- a/plans/identity-on-sx.md
+++ b/plans/identity-on-sx.md
@@ -19,7 +19,7 @@ through the event log, all authorization questions delegated to `acl-on-sx`.

 ## Status (rolling)

-`bash lib/identity/conformance.sh` → **185/185** (4 phases + 8 ext; backlog clear)
+`bash lib/identity/conformance.sh` → **193/193** (4 phases + 9 ext)

 ## Ground rules

@@ -86,8 +86,14 @@ lib/identity/api.sx ── (identity/login) (identity/grant?) (identity/revoke)
 - [x] acl-on-sx delegation: identity-gates-before-acl boundary (401 vs 403), stub decider (live Datalog bridge is cross-substrate)
 - [ ] OAuth `state` (CSRF) + OIDC `nonce` threaded through authorize→exchange
 - [x] unify `api.sx` over membership + audit (one facade, audited login/logout)
+- [x] subject-wide session management: `sessions(Subject)` + `logout_all` (log out everywhere)

 ## Progress log
+- 2026-06-07 — subject-wide session management (ext): `api.sx` gains
+  `sessions(Subject)` (enumerate) and `logout_all(Subject)` ("log out
+  everywhere") — revokes + deregisters every session a subject holds,
+  auditing a logout per session, leaving other subjects untouched. Builds on
+  registry.sessions_for. New tests/session_mgmt.sx (8). 185→193.
 - 2026-06-07 — `delegation.sx` (ext): the identity→acl boundary made concrete.
  `check` introspects the token first: inactive → `{error, unauthenticated}`
  (401, acl never consulted); active → constructs {Subject, Scope, Action,