Struct CursorIssuer 

pub struct CursorIssuer { /* private fields */ }

HMAC-SHA256 cursor issuer + verifier. One per server process; constructed at startup with SharedServerConfig.cursor_signing_key. Multi-instance deployments behind a load balancer can share a key via env (ATD_CURSOR_SIGNING_KEY=base64...); single-instance deployments use a fresh random key per startup (default).

Implementations

impl CursorIssuer

pub fn new(key: [u8; 32]) -> Self

Build with an explicit signing key + a fresh-random session nonce. The nonce changes on each construction so server restart invalidates outstanding cursors even if the key is reused across restarts.

pub fn session_nonce(&self) -> [u8; 8]

The per-process random session nonce. Cursors carry this in their payload; if the verifier sees a non-matching nonce, the cursor is from a prior server process (or a different process entirely) — treated as expired.

pub fn issue(&self, payload: CursorPayload) -> Result<String, CursorError>

Sign + encode a CursorPayload. The encoded result is suitable for stuffing into Response::ToolResultResponse.next_cursor.

pub fn verify( &self, cursor: &str, ttl_seconds: u64, ) -> Result<CursorPayload, CursorError>

Verify HMAC, decode CBOR, check TTL + session nonce. Returns the decoded payload on success; the dispatch layer then checks tool_id / caller_id / args_fingerprint against the continuation request.