Skip to main content

Module cursor

Module cursor 

Source
Expand description

Concrete HMAC signer for the stateless scroll/PIT affinity envelope (docs/03 §6). The cluster a cursor is pinned to travels with the cursor in a signed token, so any fleet instance can recover it with no shared store; the signature stops a client redirecting a cursor to another cluster.

The MAC is computed through the build’s validated crypto module (ring under non-fips, aws-lc-rs under fips, cfg-selected exactly like the directive verifier and the TLS cert fingerprint, ADR-009), so a FIPS artifact never signs with a non-validated primitive. The mutual-exclusion compile guards live in crate::directive.

Structs§

HmacCursorSigner
Signs cursor-affinity envelopes with a shared HMAC-SHA256 key. The same key must be configured on every proxy instance so a token wrapped on one verifies on another (the whole point of the stateless design).