kanoniv-agent-auth 0.3.0

Sudo for AI agents - cryptographic delegation, Ed25519 identity, and signed audit trails
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

//! # kanoniv-agent-auth
//!
//! Cryptographic identity and delegation for AI agents.
//!
//! This crate provides Ed25519 keypair generation, `did:agent:` decentralized
//! identifiers, signed message envelopes, provenance entries, and attenuated
//! delegation with recursive chain verification.
//!
//! ## Quick Start
//!
//! ```rust
//! use kanoniv_agent_auth::{AgentKeyPair, SignedMessage};
//!
//! // Generate a new agent identity
//! let keypair = AgentKeyPair::generate();
//! let identity = keypair.identity();
//! println!("Agent DID: {}", identity.did);
//!
//! // Sign a message
//! let payload = serde_json::json!({"action": "merge", "entity_id": "abc123"});
//! let signed = SignedMessage::sign(&keypair, payload).unwrap();
//!
//! // Verify the message
//! signed.verify(&identity).unwrap();
//! ```
//!
//! ## Delegation
//!
//! ```rust
//! use kanoniv_agent_auth::{AgentKeyPair, Delegation, Invocation, Caveat, verify_invocation};
//!
//! let root = AgentKeyPair::generate();
//! let agent = AgentKeyPair::generate();
//!
//! // Root delegates to agent: resolve only, max cost $5
//! let delegation = Delegation::create_root(
//!     &root,
//!     &agent.identity().did,
//!     vec![
//!         Caveat::ActionScope(vec!["resolve".into()]),
//!         Caveat::MaxCost(5.0),
//!     ],
//! ).unwrap();
//!
//! // Agent invokes the delegated power
//! let invocation = Invocation::create(
//!     &agent,
//!     "resolve",
//!     serde_json::json!({"entity_id": "123", "cost": 2.0}),
//!     delegation,
//! ).unwrap();
//!
//! // Verify the full chain (no server calls)
//! let result = verify_invocation(&invocation, &agent.identity(), &root.identity()).unwrap();
//! assert_eq!(result.root_did, root.identity().did);
//! ```

pub mod delegation;
pub mod error;
pub mod identity;
pub mod mcp;
pub mod provenance;
pub mod signing;

pub use delegation::{
    verify_delegation_chain, verify_delegation_chain_with_revocation, verify_invocation,
    verify_invocation_with_revocation, Caveat, Delegation, Invocation, VerificationResult,
    MAX_CHAIN_DEPTH,
};
pub use error::CryptoError;
pub use identity::{AgentIdentity, AgentKeyPair, ServiceEndpoint};
pub use mcp::{McpAuthMode, McpAuthOutcome, McpProof};
pub use provenance::{ActionType, ProvenanceEntry};
pub use signing::SignedMessage;