auth/daemon_token.ts view source
"X-Daemon-Token" The X-Daemon-Token header name.
auth/daemon_token.ts
Daemon token primitives — schema, generation, and validation.
Pure auth operations with no I/O or state management.
The middleware, rotation, and persistence logic lives in
daemon_token_middleware.ts.
Declarations #
5 declarations
DAEMON_TOKEN_HEADER #
DAEMON_TOKEN_HEADER
DaemonToken #
DaemonToken
auth/daemon_token.ts view source
ZodString Daemon token format: 43 base64url characters (256 bits).
DaemonTokenState #
DaemonTokenState
auth/daemon_token.ts view source
DaemonTokenState Mutable runtime state for daemon token rotation.
This is runtime state (not AppDeps or *Options) — it changes during
operation. Created at server startup, passed to the middleware factory.
current_token
Current valid token.
type
stringprevious_token
Previous token, still valid during the race window. null before first rotation.
type
string | nullrotated_at
When the last rotation occurred.
type
Datekeeper_account_id
The account ID of the keeper (resolved at startup, set by on_bootstrap).
type
string | nullgenerate_daemon_token #
generate_daemon_token
auth/daemon_token.ts view source
(): string Generate a new daemon token (256-bit random, base64url).
returns
string a 43-character base64url string
validate_daemon_token #
validate_daemon_token
auth/daemon_token.ts view source
(provided: string, state: DaemonTokenState): boolean Validate a daemon token against the current state.
Accepts both the current and previous token (2-token race window). Uses timing-safe comparison.
provided
the token from the X-Daemon-Token header
type
stringstate
the daemon token state
type DaemonTokenState
returns
boolean true if the token is valid