token_revoke
Permanently revoke a security token by its ID to end agent sessions, enforce permission expiry, or respond to compromise. Revocation is immediate and irreversible, with optional audit logging.
Instructions
Permanently revoke a security token by its tokenId. Returns {ok:true, revoked:true, tokenId} on success. Returns {ok:false, error:"..."} if the token manager is unavailable. Revocation is immediate and irreversible — the token will fail token_validate on all future attempts. token_id is the tokenId field from the token object returned by token_create; reason is optional but written to the audit log and aids security review. Use when an agent session ends, a permission grant expires by policy, or a token may have been compromised.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| reason | No | Optional reason for revocation (for audit) | |
| token_id | Yes | The tokenId to revoke |