feat: wire role-scoped device creds

2026-01-20 11:35:08 +00:00
parent dfbf6ac263
commit d8cc7db5e6
17 changed files with 633 additions and 26 deletions
--- a/src/infra/device-auth-store.ts
+++ b/src/infra/device-auth-store.ts
@@ -102,3 +102,22 @@ export function storeDeviceAuthToken(params: {
  writeStore(filePath, next);
  return entry;
 }
+
+export function clearDeviceAuthToken(params: {
+  deviceId: string;
+  role: string;
+  env?: NodeJS.ProcessEnv;
+}): void {
+  const filePath = resolveDeviceAuthPath(params.env);
+  const store = readStore(filePath);
+  if (!store || store.deviceId !== params.deviceId) return;
+  const role = normalizeRole(params.role);
+  if (!store.tokens[role]) return;
+  const next: DeviceAuthStore = {
+    version: 1,
+    deviceId: store.deviceId,
+    tokens: { ...store.tokens },
+  };
+  delete next.tokens[role];
+  writeStore(filePath, next);
+}