Redis Revocation Store
Redis connectors provide shared revocation state for resource servers. They let multiple service instances reject mandates after sessions, roots, agents, or delegation edges are revoked.
Install
Section titled “Install”| Ecosystem | Package |
|---|---|
| TypeScript | npm install @caracalai/revocation-redis |
| Python | pip install caracalai-revocation-redis |
| Go | go get github.com/garudex-labs/caracal/packages/connectors/redis/go |
Defaults
Section titled “Defaults”| Setting | Default |
|---|---|
| Revocation stream | caracal.sessions.revoke |
| Consumer group | resource-revocation |
| Revocation TTL | 24 hours |
| Signature support | Optional HMAC verification for stream messages. |
TypeScript store
Section titled “TypeScript store”import { RedisRevocationStore } from "@caracalai/revocation-redis";
const revocations = new RedisRevocationStore(redis, { defaultTtlMs: 24 * 60 * 60 * 1000,});
await revocations.markRevoked("sess_123");const blocked = await revocations.isRevoked("sess_123");Stream consumer
Section titled “Stream consumer”Use the stream consumer when your resource server should learn revocations from the audit/control plane instead of marking them locally.
import { RedisRevocationConsumer } from "@caracalai/revocation-redis";
const consumer = new RedisRevocationConsumer(redis, revocations, { consumerName: "api-1", hmacSecret: process.env.CARACAL_REVOCATION_HMAC_SECRET,});
await consumer.start();Stream events can revoke multiple anchors. Resource servers should treat Redis or signature failures according to their risk posture; high-risk resources should fail closed.

