Skip to content

Redis Revocation Store

Redis connectors provide shared revocation state for resource servers. They let multiple service instances reject mandates after sessions, roots, agents, or delegation edges are revoked.

EcosystemPackage
TypeScriptnpm install @caracalai/revocation-redis
Pythonpip install caracalai-revocation-redis
Gogo get github.com/garudex-labs/caracal/packages/connectors/redis/go
SettingDefault
Revocation streamcaracal.sessions.revoke
Consumer groupresource-revocation
Revocation TTL24 hours
Signature supportOptional HMAC verification for stream messages.
import { RedisRevocationStore } from "@caracalai/revocation-redis";
const revocations = new RedisRevocationStore(redis, {
defaultTtlMs: 24 * 60 * 60 * 1000,
});
await revocations.markRevoked("sess_123");
const blocked = await revocations.isRevoked("sess_123");

Use the stream consumer when your resource server should learn revocations from the audit/control plane instead of marking them locally.

import { RedisRevocationConsumer } from "@caracalai/revocation-redis";
const consumer = new RedisRevocationConsumer(redis, revocations, {
consumerName: "api-1",
hmacSecret: process.env.CARACAL_REVOCATION_HMAC_SECRET,
});
await consumer.start();

Stream events can revoke multiple anchors. Resource servers should treat Redis or signature failures according to their risk posture; high-risk resources should fail closed.