#![forbid(unsafe_code)]
#![warn(missing_docs)]
pub use agent_mesh_protocol::{Caveats, CountBound, Scope};
mod config;
mod context;
mod envelope;
mod error;
mod gate;
pub mod policy;
mod registry;
mod report;
#[cfg(target_os = "linux")]
mod rootfs;
mod sandbox;
mod spawn;
mod step_up;
mod tool;
mod unbridle;
pub use config::{
default_exec_path, BackendToggles, BridleConfig, BridleMode, GatePolicy, HostMatch,
LimitsPolicy, NetDefault, NetPolicy, NetRule, NormalizationPolicy, PathList, RootfsPolicy,
SandboxPolicy, VmPolicy, WebPolicy,
};
pub use context::ToolContext;
pub use envelope::{Denial, DenialKind, Disclosure, ToolEnvelope};
pub use error::{ToolError, ToolResult};
pub use gate::Gate;
pub use registry::{Registry, RegistryBuilder};
pub use report::{enforcement_report, fence_strength, AxisEnforcement, EnforcementReport};
#[cfg(target_os = "linux")]
pub use rootfs::{build_rootfs_plan, materialize_copy, RootfsCache, RootfsEntry, RootfsPlan};
pub use sandbox::{
best_available_sandbox, effective_sandbox_kind, loopback_fenced_caveats,
net_egress_proxy_hosts, NoopSandbox, Sandbox, SandboxKind,
};
#[cfg(all(target_os = "linux", feature = "linux-landlock"))]
pub use sandbox::{landlock_is_supported, landlock_net_is_supported, LandlockSandbox};
#[cfg(all(target_os = "macos", feature = "macos-seatbelt"))]
pub use sandbox::{seatbelt_is_supported, SeatbeltSandbox};
pub use spawn::{
confinement_unenforceable, spawn_confined_subprocess, ConfinedChild, ConfinedCommand,
};
#[cfg(feature = "verifier-ed25519")]
pub use step_up::Ed25519Verifier;
#[cfg(feature = "verifier-webauthn")]
pub use step_up::WebAuthnVerifier;
pub use step_up::{
AttestRequirement, Attestation, CallRequest, Challenge, ContentId, Decision, Discharge,
DischargeAttempt, DischargeProvider, DischargeVerifier, Presence, Rule, StepUpPolicy,
};
pub use tool::Tool;
pub use unbridle::{human_gate, is_unbridled, set_human_gate, set_unbridled, HumanGate};
#[cfg(test)]
mod tests {
use super::*;
struct T;
#[async_trait::async_trait]
impl Tool for T {
fn name(&self) -> &str {
"t"
}
fn schema(&self) -> serde_json::Value {
serde_json::json!({})
}
async fn invoke(
&self,
_args: serde_json::Value,
_cx: &ToolContext,
) -> ToolResult<serde_json::Value> {
Ok(serde_json::Value::Null)
}
}
#[test]
fn context_minted_only_by_gate_and_carries_meet() {
let granted = Caveats {
exec: Scope::only(["echo".to_string()]),
max_calls: CountBound::AtMost(3),
..Caveats::top()
};
let gate = Gate::new(0);
let cx = gate.authorize(&T, &granted).expect("authorize");
assert!(cx.caveats().leq(&granted));
assert_eq!(*cx.caveats(), granted);
}
fn _mint_token_is_unconstructible_doctests() {}
}