Expand description
PASETO v4.public attestation for agent-uri.
This crate provides cryptographic attestation of agent URIs using PASETO v4.public tokens (Ed25519 signatures). Attestations bind an agent URI to a set of capabilities, signed by a trust root.
§Overview
Attestation tokens enable:
- Cryptographic binding of agent URIs to capabilities
- Prevention of spoofing and DHT poisoning
- Bearer token verification without callbacks
§Example
use agent_uri_attestation::{Issuer, Verifier, SigningKey};
use agent_uri::AgentUri;
use std::time::Duration;
// Issuer side: create attestation
let signing_key = SigningKey::generate();
let issuer = Issuer::new("acme.com", signing_key.clone(), Duration::from_secs(86400));
let uri = AgentUri::parse(
"agent://acme.com/workflow/approval/rule_01h455vb4pex5vsknk084sn02q"
).unwrap();
let token = issuer.issue(&uri, vec!["workflow.approval.read".into()]).unwrap();
// Verifier side: validate attestation
let mut verifier = Verifier::new();
verifier.add_trusted_root("acme.com", signing_key.verifying_key());
let claims = verifier.verify(&token).unwrap();
assert_eq!(claims.agent_uri, uri.to_string());
assert_eq!(claims.capabilities, vec!["workflow.approval.read"]);§Token Structure
Attestation tokens are PASETO v4.public tokens containing:
agent_uri: The full agent URI being attestedcapabilities: Array of capability strings grantediss: Issuer (trust root) that created the attestationiat: Issued-at timestampexp: Expiration timestampaud: Optional audience restriction
§Security Properties
| Property | How Achieved |
|---|---|
| No algorithm confusion | PASETO v4 is Ed25519-only |
| Replay protection | exp claim validated automatically |
| Trust root binding | iss must match trusted roots |
| URI binding | agent_uri claim verified against expected |
| Tamper detection | Ed25519 signature verification |
§Grammar Specification
This crate includes a formal ABNF grammar specification in grammar.abnf
that defines:
- PASETO v4.public token format (
v4.public.<payload>[.<footer>]) AttestationClaimsJSON structure- Field formats and constraints
The grammar follows RFC 5234 and references the agent-uri ABNF for
the agent_uri field format.
§Length Constraints
| Component | Max Length |
|---|---|
| Total token | 8192 chars |
| agent_uri | 512 chars |
| capabilities | 64 items |
| Each capability | 128 chars |
| issuer | 128 chars |
| audience | 128 chars |
Modules§
- prelude
- A prelude module for convenient imports.
Structs§
- Attestation
Claims - Claims embedded in an attestation token.
- Attestation
Claims Builder - Builder for constructing
AttestationClaims. - Issuer
- Creates attestation tokens for agent URIs.
- Signing
Key - A signing key for creating attestation tokens.
- Verifier
- Verifies attestation tokens for agent URIs.
- Verifying
Key - A verifying key for validating attestation tokens.
Enums§
- Attestation
Error - Errors that can occur during attestation operations.
Functions§
- capability_
covers - Pure function: checks if any attested capability covers the required path.
- check_
capability_ coverage - Pure function: checks capability coverage and returns a structured error if insufficient.
- check_
expiration - Pure function: checks if a token has expired at a given time.
- validate_
issuer - Pure function: validates that the token issuer matches the URI trust root.
- validate_
subject - Pure function: validates that the token subject matches the presented URI.