Skip to main content

Crate agentmesh

Crate agentmesh 

Source
Expand description

§Agent Governance Rust SDK

Rust SDK for the Agent Governance Toolkit — policy evaluation, trust scoring, hash-chain audit logging, and Ed25519 agent identity.

§Quick Start

use agentmesh::AgentMeshClient;

let client = AgentMeshClient::new("my-agent")
    .expect("failed to create client");

let result = client.execute_with_governance("data.read", None);
assert!(result.allowed);

Re-exports§

pub use audit::AuditLogger;
pub use control_support::CircuitBreaker;
pub use control_support::CircuitState;
pub use control_support::ErrorBudget;
pub use control_support::HealthStatus;
pub use control_support::IncidentRecord;
pub use control_support::KillSwitch;
pub use control_support::KillSwitchDecision;
pub use control_support::KillSwitchEvent;
pub use control_support::KillSwitchReason;
pub use control_support::KillSwitchRegistry;
pub use control_support::KillSwitchScope;
pub use control_support::ObjectiveEvaluation;
pub use control_support::ServiceHealthReport;
pub use control_support::ServiceLevelObjective;
pub use control_support::SloEngine;
pub use governance_support::annex_iv_to_json;
pub use governance_support::annex_iv_to_markdown;
pub use governance_support::load_cedar_into_engine;
pub use governance_support::load_rego_into_engine;
pub use governance_support::ActionRequest;
pub use governance_support::AgentRiskProfile;
pub use governance_support::AnnexIVDocument;
pub use governance_support::AnnexIVSection;
pub use governance_support::AuditChain;
pub use governance_support::AuditSink;
pub use governance_support::AuthorityDecision;
pub use governance_support::AuthorityRequest;
pub use governance_support::CedarDecision;
pub use governance_support::CedarEvaluation;
pub use governance_support::CedarEvaluator;
pub use governance_support::ClassificationResult;
pub use governance_support::ComplianceEngine;
pub use governance_support::ComplianceFramework;
pub use governance_support::ComplianceReport;
pub use governance_support::ComplianceViolation;
pub use governance_support::ConditionOperator;
pub use governance_support::DataClassification;
pub use governance_support::DefaultAuthorityResolver;
pub use governance_support::DelegationInfo;
pub use governance_support::EUAIActRiskClassifier;
pub use governance_support::FederationDecision;
pub use governance_support::FederationEngine;
pub use governance_support::FederationStore;
pub use governance_support::FileAuditSink;
pub use governance_support::FileFederationStore;
pub use governance_support::HashChainVerifier;
pub use governance_support::InMemoryFederationStore;
pub use governance_support::OPADecision;
pub use governance_support::OPAEvaluation;
pub use governance_support::OPAEvaluator;
pub use governance_support::OrgPolicy;
pub use governance_support::OrgPolicyDecision;
pub use governance_support::OrgPolicyRule;
pub use governance_support::OrgTrustAgreement;
pub use governance_support::PolicyBackendDiagnostic;
pub use governance_support::PolicyBackendTrace;
pub use governance_support::PolicyCategory;
pub use governance_support::PolicyDelegation;
pub use governance_support::PolicyDiagnosticSeverity;
pub use governance_support::PolicyEvaluator;
pub use governance_support::PolicyRuleTrace;
pub use governance_support::RiskLevel as GovernanceRiskLevel;
pub use governance_support::ShadowMode;
pub use governance_support::ShadowResult;
pub use governance_support::SignedAuditEntry;
pub use governance_support::TechnicalDocumentationExporter;
pub use governance_support::TrustCondition;
pub use governance_support::TrustDefaults;
pub use governance_support::TrustInfo;
pub use governance_support::TrustPolicy;
pub use governance_support::TrustPolicyDecision;
pub use governance_support::TrustRule;
pub use identity::AgentIdentity;
pub use identity::PublicIdentity;
pub use identity_support::from_jwk;
pub use identity_support::from_jwks;
pub use identity_support::to_jwk;
pub use identity_support::to_jwks;
pub use identity_support::AgentDID;
pub use identity_support::AgentNamespace;
pub use identity_support::Credential;
pub use identity_support::CredentialManager;
pub use identity_support::CredentialStatus;
pub use identity_support::HumanSponsor;
pub use identity_support::KeyRotationManager;
pub use identity_support::KeyStore;
pub use identity_support::MTLSConfig;
pub use identity_support::MTLSIdentityVerifier;
pub use identity_support::NamespaceManager;
pub use identity_support::NamespaceRule;
pub use identity_support::PKCS11KeyStore;
pub use identity_support::RevocationEntry;
pub use identity_support::RevocationList;
pub use identity_support::RiskLevel;
pub use identity_support::RiskScore as IdentityRiskScore;
pub use identity_support::RiskScorer;
pub use identity_support::RiskSeverity;
pub use identity_support::RiskSignal;
pub use identity_support::SPIFFEIdentity;
pub use identity_support::SPIFFERegistry;
pub use identity_support::ScopeChain;
pub use identity_support::SoftwareKeyStore;
pub use identity_support::SvidType;
pub use identity_support::UserContext;
pub use identity_support::SVID;
pub use integration_support::DetectionBasis;
pub use integration_support::DiscoveredAgent;
pub use integration_support::DiscoveryEvidence;
pub use integration_support::DiscoveryInventory;
pub use integration_support::DiscoveryInventorySummary;
pub use integration_support::DiscoveryReconciler;
pub use integration_support::DiscoveryRecord;
pub use integration_support::DiscoveryRiskAssessment;
pub use integration_support::DiscoveryRiskLevel;
pub use integration_support::DiscoveryRiskScorer;
pub use integration_support::DiscoveryScanResult;
pub use integration_support::DiscoveryScanner;
pub use integration_support::DiscoveryStatus;
pub use integration_support::DriftResult;
pub use integration_support::ExecutionRequest;
pub use integration_support::ExecutionResponse;
pub use integration_support::FrameworkAdapter;
pub use integration_support::FrameworkExecutionResult;
pub use integration_support::FrameworkGovernanceAdapter;
pub use integration_support::FrameworkKind;
pub use integration_support::FrameworkResponse;
pub use integration_support::GovernanceEvent;
pub use integration_support::GovernanceEventType;
pub use integration_support::GovernanceHook;
pub use integration_support::GovernanceMiddleware;
pub use integration_support::GovernancePattern;
pub use integration_support::GovernancePolicy;
pub use integration_support::PatternType;
pub use integration_support::ProcessSnapshot;
pub use integration_support::PromptDefenseEvaluator;
pub use integration_support::PromptDefenseFinding;
pub use integration_support::PromptDefenseReport;
pub use integration_support::PromptRiskLevel;
pub use integration_support::RegisteredAgent;
pub use integration_support::ResponseGovernanceAssessment;
pub use integration_support::ShadowAgent;
pub use lifecycle::LifecycleEvent;
pub use lifecycle::LifecycleManager;
pub use lifecycle::LifecycleState;
pub use policy::PolicyEngine;
pub use policy::PolicyError;
pub use protocol_facets::default_registry;
pub use protocol_facets::extract_k8s_facets;
pub use protocol_facets::extract_protocol_facets;
pub use protocol_facets::extract_protocol_facets_with;
pub use protocol_facets::extract_sql_facets;
pub use protocol_facets::FacetRegistry;
pub use prompt_injection::AuditRecord as PromptInjectionAuditRecord;
pub use prompt_injection::DetectionConfig as PromptInjectionDetectionConfig;
pub use prompt_injection::DetectionOptions as PromptInjectionDetectionOptions;
pub use prompt_injection::DetectionResult as PromptInjectionResult;
pub use prompt_injection::InjectionType;
pub use prompt_injection::PromptInjectionConfig;
pub use prompt_injection::PromptInjectionDetector;
pub use prompt_injection::PromptInjectionError;
pub use prompt_injection::Sensitivity as PromptInjectionSensitivity;
pub use prompt_injection::ThreatLevel as PromptInjectionThreatLevel;
pub use reward_support::AgentRewardState;
pub use reward_support::ContributionWeightedStrategy;
pub use reward_support::DimensionType;
pub use reward_support::DistributionResult;
pub use reward_support::EqualSplitStrategy;
pub use reward_support::HierarchicalStrategy;
pub use reward_support::InteractionEdge;
pub use reward_support::NetworkTrustEngine;
pub use reward_support::ParticipantInfo;
pub use reward_support::RewardAllocation;
pub use reward_support::RewardConfig;
pub use reward_support::RewardDimension;
pub use reward_support::RewardDistributor;
pub use reward_support::RewardEngine;
pub use reward_support::RewardPool;
pub use reward_support::RewardSignal;
pub use reward_support::RewardStrategy;
pub use reward_support::RewardTrustScore;
pub use reward_support::TrustEvent;
pub use reward_support::TrustWeightedStrategy;
pub use rings::Ring;
pub use rings::RingEnforcer;
pub use trust::TrustConfig;
pub use trust::TrustManager;
pub use trust_support::CapabilityGrant;
pub use trust_support::CapabilityRegistry;
pub use trust_support::CapabilityScope;
pub use trust_support::CardRegistry;
pub use trust_support::HandshakeChallenge;
pub use trust_support::HandshakeResponse;
pub use trust_support::HandshakeResult;
pub use trust_support::HandshakeTrustLevel;
pub use trust_support::PeerInfo;
pub use trust_support::ProtocolBridge;
pub use trust_support::TrustBridge;
pub use trust_support::TrustHandshake;
pub use trust_support::TrustedAgentCard;
pub use types::AuditEntry;
pub use types::AuditFilter;
pub use types::CandidateDecision;
pub use types::ConflictResolutionStrategy;
pub use types::GovernanceResult;
pub use types::PolicyDecision;
pub use types::PolicyScope;
pub use types::ResolutionResult;
pub use types::TrustScore;
pub use types::TrustTier;

Modules§

audit
Append-only hash-chain audit log with SHA-256 integrity verification.
clock
Clock and nonce seams for deterministic security testing.
control_support
Control-plane and resilience primitives for kill switches, SLOs, and circuit breaking.
credential_vault
Credential vault, scoping, and injection for agent tool calls.
error
Error types for the MCP module.
gateway
Gateway pipeline for governed MCP traffic.
governance_support
Additional governance primitives for compliance, authority, federation, and risk tooling.
identity
Ed25519-based agent identity with DID support.
identity_support
Extended identity primitives for parity with the broader AgentMesh SDK surface.
integration_support
Lightweight integration, discovery, and prompt-defense helpers for embedding governance.
lifecycle
Agent lifecycle management – an eight-state model tracking an agent from provisioning through decommissioning.
mcpDeprecated
Deprecated: use the agentmesh-mcp crate directly.
metrics
Categorical metrics for MCP controls.
policy
YAML-based policy evaluation engine with four-way decisions: allow, deny, requires-approval, and rate-limit.
prompt_injection
Deterministic prompt-injection detection for Rust agents.
protocol_facets
Protocol-aware facet extraction for policy evaluation.
rate_limit
Sliding-window rate limiting for MCP traffic.
redactor
Credential redaction for audit-safe storage and display.
response
Response scanning and sanitization before LLM consumption.
reward_support
Reward and learning primitives layered on top of trust and governance signals.
rings
Execution privilege rings — a four-level access-control model inspired by hardware protection rings.
sandbox
Sandbox provider trait and Docker-based implementation.
security
MCP tool metadata security scanning.
session
Session authentication for MCP traffic.
signing
Message signing and replay protection for MCP traffic.
trust
Trust scoring engine — tracks per-agent trust scores on a 0–1000 scale across five tiers, with optional JSON persistence.
trust_support
Trust-plane interoperability primitives layered on top of the core trust manager.
types
Shared types for the AgentMesh governance framework.

Structs§

AgentMeshClient
Unified governance client combining identity, policy, trust, and audit.
ClientOptions
Builder options for AgentMeshClient.
CredentialRedactor
Redacts credentials from strings and nested JSON structures.
DeterministicNonceGenerator
Deterministic nonce generator for tests.
FixedClock
Deterministic test clock with manual advancement.
InMemoryAuditSink
In-memory audit sink that stores redacted entries.
InMemoryNonceStore
In-memory nonce store.
InMemoryRateLimitStore
In-memory rate-limit store.
InMemorySessionStore
In-memory session storage for defaults and tests.
McpAuditEntry
Auditable MCP event with categorical details.
McpGateway
Enforces deny-list -> allow-list -> sanitization -> rate limiting -> human approval.
McpGatewayConfig
Gateway configuration.
McpGatewayDecision
Gateway decision with sanitized payload details.
McpGatewayRequest
MCP request evaluated by the gateway.
McpIssuedSession
Result of issuing a session.
McpMessageSigner
HMAC-SHA256 signer with timestamp validation and nonce replay protection.
McpMetricsCollector
Thread-safe categorical metrics collector.
McpMetricsSnapshot
Snapshot of collected categorical metrics.
McpResponseFinding
Individual response finding with categorical labels only.
McpResponseScanner
Scans and sanitizes MCP tool output before it reaches an LLM.
McpSanitizedResponse
Sanitized text output.
McpSanitizedValue
Sanitized structured output.
McpSecurityScanResult
Aggregate server scan result.
McpSecurityScanner
Tool metadata scanner for poisoning, rug pulls, schema abuse, and cross-server attacks.
McpSession
Persisted MCP session metadata.
McpSessionAuthenticator
HMAC-signed session authenticator with TTL and concurrency enforcement.
McpSignedMessage
Signed MCP message envelope.
McpSlidingRateLimiter
Per-agent sliding-window limiter for MCP traffic.
McpSlidingWindowDecision
Sliding-window decision for an MCP request.
McpThreat
Categorical MCP threat finding.
McpToolDefinition
MCP tool definition to inspect.
McpToolFingerprint
Tool fingerprint used for rug-pull detection.
RedactionResult
Result of redacting a string.
SystemClock
Production clock backed by the operating system.
SystemNonceGenerator
Production nonce generator backed by random alphanumeric bytes.

Enums§

ClientError
Errors returned by AgentMeshClient construction.
CredentialKind
Categorical credential types that may be redacted.
McpDecisionLabel
Decision labels recorded for mcp_decisions.
McpError
Errors returned by MCP governance and security primitives.
McpGatewayStatus
Gateway terminal status.
McpResponseThreatType
Response-layer threat categories.
McpScanLabel
Scan labels recorded for mcp_scans.
McpSeverity
Severity of an MCP threat.
McpThreatLabel
Threat labels recorded for mcp_threats_detected.
McpThreatType
Threat categories detected in MCP tool metadata.

Traits§

Clock
Time source abstraction used by security-sensitive components.
McpAuditSink
Sink abstraction for storing audit entries.
McpNonceStore
Replay-detection nonce store.
McpRateLimitStore
Rate-limit store seam.
McpSessionStore
Session storage seam.
NonceGenerator
Nonce generation seam for testability.