Skip to main content

Module session

joy_core::auth

Module session 

Source
Expand description

Session management for authenticated Joy operations.

Sessions are time-limited tokens stored locally in ~/.config/joy/sessions/. They prove that the user has entered their passphrase and derived the correct identity key within the configured time window.

Structs§

SessionClaims
Claims encoded in a session token.
SessionToken
A session token: claims + Ed25519 signature.

Constants§

SESSION_ENV_PREFIX
Prefix for the JOY_SESSION env var value (ADR-033).

Functions§

create_session
Create a session token signed by the identity keypair.
create_session_for_ai
Create a session for an AI member with an ephemeral keypair (ADR-033).
current_tty
Detect the current terminal device for session binding.
encode_session_env
Encode a JOY_SESSION env var value. Backward-compatible with sessions that carry only the ephemeral session key; pass delegation_private = None for that case.
encode_session_env_full
Encode a JOY_SESSION env var value with an optional embedded delegation private key (ADR-041 §5).
load_session
Load a session token from disk for a specific member, if it exists.
load_session_by_id
Load a session by its opaque ID (the JOY_SESSION value).
parse_session_env
Parse a JOY_SESSION env var value produced by encode_session_env. Returns (sid_hex, ephemeral_private_bytes) or None on malformed input. Sessions with an embedded delegation private key (Crypt scope) parse successfully here too; use parse_session_env_full to access the delegation key.
parse_session_env_full
Parse a JOY_SESSION env var value, returning the session id, the ephemeral session private key, and (if the originating token was Crypt-scoped) the delegation private key embedded for zone-key unwrap (ADR-041 §5).
project_id
Derive a stable project ID from project name and acronym.
project_id_of
Same as project_id but operates on an in-memory Project. Useful when the caller needs both the pre- and post-mutation id (e.g. acronym rename migrations) without re-reading the yaml.
remove_session
Remove a session token from disk for a specific member.
save_session
Save a session token to disk.
session_id
The session ID: a short, deterministic, opaque identifier for a session. Used as the filename stub for the session file and as part of the JOY_SESSION env var payload.
validate_session
Validate a session token against a public key and project ID.