pub fn api_revoke_sessions(
actor: Actor,
owner: String,
pool: &State<DbPool>,
) -> Result<Json<RevokeAckDto>, Status>Expand description
Revokes all of an identity’s sessions (agent twin of the screen’s revoke). Token-gated
(the Actor guard) and audited — for automated security response (kick out a compromised
account everywhere). Referenced by the non-secret owner name, never a session id. Idempotent: an
identity with no sessions revokes 0. Sessions are ephemeral auth state, not historical record,
so this mutation is exposed to agents (unlike the immutable history tables).