Expand description
Auth + protocol middleware for the v1 router.
Structs§
- Authenticated
Cn π - Type-system witness that auth ran; private field prevents forgery in handler code.
Constants§
- NOT_
READY_ πRETRY_ AFTER_ SECS Retry-Afterhint advertised on 503 not-ready responses. Trackschannel_refs_poll::POLL_INTERVAL(60 s) loosely - agents spread their retries across the hint so the next poll cycle has time to complete before they all reconnect.
Functions§
- protocol_
version_ πmiddleware - Forward-compat: missing header accepted; mismatched major -> 426. Strict mode rejects missing.
- require_
cn π - 401 on missing/revoked cert; re-enrolled certs (notBefore > revoked_before) pass.
- require_
cn_ πlayer - require_
ready_ πlayer - 503 with
Retry-After: 30untilAppState::is_ready()returns true. Applied to every/v1/*route so agents see a deterministic βcome back laterβ signal instead of partial behaviour driven by stale or missing trust state. Health/version/metrics are routed outside/v1/*and stay unguarded so operators can scrape them while the daemon is still priming.