Queue-based CRL invalidation — close the 5-minute revocation window #167
Description
Problem
When an agent is revoked, proxies don't know until their next CRL poll (every 5 minutes, configured via CRL_REFRESH_INTERVAL_MS). During that window, the revoked agent can still send messages.
Current Flow
- Registry revokes agent → adds to CRL in D1
- Proxies poll
/v1/crlevery 5 minutes - Proxy refreshes local CRL cache
- Next request from revoked agent gets rejected
Gap: Up to 5 minutes of continued access after revocation.
Proposed Flow
- Registry revokes agent → writes to D1 + publishes
agent.auth.revokedto Queue (already does this) - New Queue consumer on the proxy Worker receives the event
- Proxy invalidates CRL cache immediately → fetches fresh CRL or directly marks the agent ID as revoked
- Next request from revoked agent gets rejected within seconds
Architecture
- Registry already publishes
agent.auth.revokedevents toclawdentity-eventsQueue - Add a Queue consumer binding on the proxy Worker
- Consumer receives revocation event → calls
crlCache.invalidate()or directly adds the agent JTI to a revoked set - Keep polling as fallback (in case Queue delivery fails)
- Connector is NOT involved — this is entirely proxy-side
Implementation
- Add Queue consumer binding to proxy
wrangler.jsonc(production env) - Implement
queue()handler in proxy worker - On
agent.auth.revokedevent: invalidate CRL cache for that agent - Keep existing CRL polling as safety net (increase interval to 15-30 min since Queue handles the fast path)
Impact
- Revocation window: ~5 minutes → ~seconds
- Free plan: 10K Queue ops/day (more than enough for revocations)
- No changes to connector or CLI