Skip to main content

agent_mesh_protocol/
lib.rs

1//! Cryptographic primitives for the agent-mesh.
2//!
3//! This crate provides the identity layer the rest of the workspace
4//! builds on:
5//!
6//! * [`UserKey`] — root of trust, one ed25519 keypair per user.
7//! * [`AgentKey`] — short-lived per-process sub-key, certified by a
8//!   `UserKey` via a [`CertChain`].
9//! * [`GitHubBinding`] — cross-signature linking a `UserKey` to the
10//!   ed25519 SSH key GitHub already knows about.
11//! * [`SignedEnvelope`] — the wire format every mesh message is
12//!   wrapped in.
13//! * [`Fingerprint`] — short BLAKE3 identifier for keys and content.
14//!
15//! All wall-clock time in this crate is treated as a *claim* (e.g.
16//! `AgentMetadata::issued_at`), never as a coordination primitive.
17//! See the project `CLAUDE.md` for the rationale.
18
19#![doc(html_root_url = "https://docs.rs/agent-mesh-protocol")]
20
21pub mod agent_key;
22pub mod caveats;
23pub mod envelope;
24pub mod error;
25pub mod fingerprint;
26pub mod github_binding;
27pub mod user_key;
28
29#[cfg(feature = "pyo3")]
30pub mod pyo3_module;
31
32pub use agent_key::{AgentKey, AgentMetadata, CertChain, Issuer, SerdeSig};
33pub use caveats::{Caveats, CountBound, Scope};
34pub use envelope::{Recipient, SignedEnvelope};
35pub use error::{MeshError, Result};
36pub use fingerprint::Fingerprint;
37pub use github_binding::{ssh_pubkey_ed25519_bytes, GitHubBinding};
38pub use user_key::{UserKey, UserPublic};