Regenerate Caller Tokens (F1)
regenerate_caller_tokensRotate F1 identity gate secrets to secure agent communication. Use for initial deployment, token leaks, or periodic rotation. Redistribute new tokens to all hosts to prevent rejection.
Instructions
v2.18.0 / F1 (caller capability tokens). Rotate the per-host secret tokens used by the F1 identity gate. OVERWRITES the existing host-tokens.json file (default location: /host-tokens.json; override via CROSS_REVIEW_TOKENS_FILE env var) with freshly generated 256-bit hex secrets — one per agent (codex, claude, gemini, deepseek, grok, perplexity). The MCP response returns only token fingerprints, never plaintext secrets; read the local host-tokens.json file directly when redistributing CROSS_REVIEW_CALLER_TOKEN values. AFTER calling this tool, every MCP host carrying a stale token will start being rejected with identity_forgery_blocked: token does not match any known agent. The operator MUST redistribute the secrets and reload the affected hosts. Use cases: (a) initial deployment after first-boot generation; (b) suspected token leak; (c) periodic rotation.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| caller | No | operator | |
| response_format | No | json |