Class: KairosMcp::Daemon::ElevationToken

Inherits:

Object

• Object
• KairosMcp::Daemon::ElevationToken

Defined in:

lib/kairos_mcp/daemon/elevation_token.rb

Overview

ElevationToken — opaque, unforgeable grant for temporary policy elevation.

Design (P3.2 v0.2 §5.1, MF2 fix):

Identity comparison via equal? (object_id). Even if an attacker
knows the proposal_id, they cannot forge a token that passes matches?.

Instance Attribute Summary

• #granted_at ⇒ Object readonly

  Returns the value of attribute granted_at.

• #granted_by ⇒ Object readonly

  Returns the value of attribute granted_by.

• #proposal_id ⇒ Object readonly

  Returns the value of attribute proposal_id.

• #scope ⇒ Object readonly

  Returns the value of attribute scope.

Instance Method Summary

• #initialize(proposal_id:, scope:, granted_by:) ⇒ ElevationToken constructor

  A new instance of ElevationToken.

• #matches?(other) ⇒ Boolean

  Identity comparison — only the exact token object matches.

• #to_h ⇒ Object

Constructor Details

#initialize(proposal_id:, scope:, granted_by:) ⇒ ElevationToken

Returns a new instance of ElevationToken.

# File 'lib/kairos_mcp/daemon/elevation_token.rb', line 16

def initialize(proposal_id:, scope:, granted_by:)
  @proposal_id = proposal_id.freeze
  @scope       = scope.freeze
  @granted_by  = granted_by.freeze
  @granted_at  = Time.now.utc.iso8601.freeze
end

Instance Attribute Details

#granted_at ⇒ Object (readonly)

Returns the value of attribute granted_at.

# File 'lib/kairos_mcp/daemon/elevation_token.rb', line 14

def granted_at
  @granted_at
end

#granted_by ⇒ Object (readonly)

Returns the value of attribute granted_by.

# File 'lib/kairos_mcp/daemon/elevation_token.rb', line 14

def granted_by
  @granted_by
end

#proposal_id ⇒ Object (readonly)

Returns the value of attribute proposal_id.

# File 'lib/kairos_mcp/daemon/elevation_token.rb', line 14

def proposal_id
  @proposal_id
end

#scope ⇒ Object (readonly)

Returns the value of attribute scope.

# File 'lib/kairos_mcp/daemon/elevation_token.rb', line 14

def scope
  @scope
end

Instance Method Details

#matches?(other) ⇒ Boolean

Identity comparison — only the exact token object matches.

Parameters:

• other (ElevationToken, nil)

Returns:

• (Boolean)

# File 'lib/kairos_mcp/daemon/elevation_token.rb', line 26

def matches?(other)
  other.equal?(self)
end

#to_h ⇒ Object

# File 'lib/kairos_mcp/daemon/elevation_token.rb', line 30

def to_h
  { proposal_id: @proposal_id, scope: @scope,
    granted_by: @granted_by, granted_at: @granted_at }
end