Expand description
Concrete HMAC verifier for the signed X-Debug-Directive header, the
surgical, single-request diagnostics channel (docs/05 §3). An operator mints
a token off-band with the shared key; a client cannot forge one, so it cannot
self-enable verbose diagnostics (NFR-S3). The token rides the request and is
verified by whichever instance handles it.
Token wire form: {payload_hex}.{sig_hex} where payload is a small JSON
object and sig is HMAC-SHA256(key, payload_bytes). The MAC is computed and
checked through the build’s validated crypto module (ring under non-fips,
aws-lc-rs under fips, cfg-selected exactly like the TLS cert fingerprint) so
a FIPS artifact never authenticates with a non-validated primitive.
Payload fields: level (required, a DiagLevel name), exp (required,
absolute unix-seconds expiry), and optional targeting tenant/index/
principal, sample_per_mille (default 1000), ring_buffer (default false).
Structs§
- Hmac
Directive Verifier - Verifies signed
X-Debug-Directivetokens against a shared HMAC key.