Expand description
Machine tokens for scoped, ephemeral access.
A machine token packages the minimum credentials needed for a CI job, coding agent, or automation to fork a repo, work on it, and PR back.
Contains:
- A fresh Ed25519 signing identity (for the machine’s own commits)
- A content key (scoped read access to one commit in the source repo)
- The source commit CID (what to fork from)
- An expiry timestamp (TTL)
The machine CANNOT commit to the source repo — it forks, works in its
own repo, and submits changes via void pull-request. No root key
exposure at any level.
Structs§
- Machine
Token - A machine token — packaged credentials for scoped repo access.