Data Cleanup (Reaper)

A background goroutine that runs periodic cleanup tasks.

Reaper Goroutine

// Reaper runs every reaper.interval (default: 60s)
func (r *Reaper) Run(ctx context.Context) {
    ticker := time.NewTicker(r.interval)
    defer ticker.Stop()
    for {
        select {
        case <-ctx.Done():
            return
        case <-ticker.C:
            r.cleanExpiredLeases()
            r.cleanOldAuditEntries()
            r.cleanExpiredSessions()
        }
    }
}

Cleanup Tasks

Task	Condition	Action
Expired leases	`expires_at + grace_period < now()`	Call plugin `Revoke()`, mark lease expired
Old audit entries	`created_at < now() - retention_days`	Hard delete (SQLite only; PG has configurable retention)
Expired sessions	`expires_at < now()`	Hard delete
Expired tokens	`expires_at < now()`	Hard delete

Rules

Reaper uses its own database connection (not the request pool).
Reaper logs what it cleans: slog.Info("reaper", "expired_leases", 3, "old_audit", 150).
Reaper errors are logged but don't crash the server.
Reaper is disabled in tests (controlled via config).
Lease revocation during cleanup uses context.Background() with a 30s timeout per lease.

Reaper Goroutine​

Cleanup Tasks​

Rules​

Reaper Goroutine

Cleanup Tasks

Rules