Graphorin API reference / @graphorin/security / / TokenVerifier

Class: TokenVerifier

Defined in: packages/security/src/auth/verify.ts:143

Stateful verifier. One instance is constructed per server runtime; tests use the optional now to drive the sliding windows.

Stable

Constructors

Constructor

new TokenVerifier(options): TokenVerifier;

Defined in: packages/security/src/auth/verify.ts:162

Parameters

Parameter	Type
`options`	`VerifierOptions`

Returns

TokenVerifier

Methods

_simulateOverloadForTesting()

_simulateOverloadForTesting(): never;

Defined in: packages/security/src/auth/verify.ts:315

Throw an overload error if invoked. Test hook for the cap.

Returns

never

clearIpLockout()

clearIpLockout(ip): void;

Defined in: packages/security/src/auth/verify.ts:309

Lift a per-IP lockout. Used by privileged operators.

Parameters

Parameter	Type
`ip`	`string`

Returns

void

clearTokenLockout()

clearTokenLockout(tokenId): void;

Defined in: packages/security/src/auth/verify.ts:303

Lift a per-token lockout. Used by revokeToken / rotateToken.

Parameters

Parameter	Type
`tokenId`	`string`

Returns

void

invalidate()

invalidate(rawTokenOrHashHex): void;

Defined in: packages/security/src/auth/verify.ts:289

Force-evict a single token from the warm cache.

Parameters

Parameter	Type
`rawTokenOrHashHex`	`string`

Returns

void

invalidateAll()

invalidateAll(): void;

Defined in: packages/security/src/auth/verify.ts:298

Drop every cached entry.

Returns

void

status()

status(): TokenVerifierStatus;

Defined in: packages/security/src/auth/verify.ts:279

Snapshot of the verifier's current load. Useful for the /v1/health/secrets endpoint and for in-process metrics.

Returns

TokenVerifierStatus

Stable

verify()

verify(rawToken, ctx?): Promise<VerifyResult>;

Defined in: packages/security/src/auth/verify.ts:184

Run the verify pipeline against a single raw token. The promise always resolves; failures surface as { ok: false, reason } so callers can map them straight to HTTP responses.

Parameters

Parameter	Type
`rawToken`	`string`
`ctx`	`VerifyContext`

Returns

Promise<VerifyResult>

errors

Classes

Type Aliases

evaluator-optimizer

Interfaces

Type Aliases

Functions

factory

Functions

fallback

Interfaces

Type Aliases

Functions

fanout

Interfaces

Type Aliases

Functions

filters

Interfaces

Variables

Functions

preferred-model

Interfaces

Functions

progress

Interfaces

Functions

run-state

Interfaces

Variables

Functions

client

Classes

Interfaces

Type Aliases

errors

Classes

Type Aliases

reconnect

Interfaces

Functions

cli

Interfaces

Type Aliases

Functions

loaders

Functions

errors

Classes

Interfaces

Type Aliases

conflict

Variables

errors

Classes

facade

Interfaces

Functions

tools

Functions

openinference

Type Aliases

Variables

Functions

redaction

imperative-patterns

Interfaces

Type Aliases

Variables

Functions

patterns

Interfaces

Type Aliases

Variables

telemetry

Interfaces

Functions

client-message

Type Aliases

Variables