Skip to main content

kanoniv_agent_auth/
lib.rs

1//! # kanoniv-agent-auth
2//!
3//! Cryptographic identity and delegation for AI agents.
4//!
5//! This crate provides Ed25519 keypair generation, `did:agent:` decentralized
6//! identifiers, signed message envelopes, provenance entries, and attenuated
7//! delegation with recursive chain verification.
8//!
9//! ## Quick Start
10//!
11//! ```rust
12//! use kanoniv_agent_auth::{AgentKeyPair, SignedMessage};
13//!
14//! // Generate a new agent identity
15//! let keypair = AgentKeyPair::generate();
16//! let identity = keypair.identity();
17//! println!("Agent DID: {}", identity.did);
18//!
19//! // Sign a message
20//! let payload = serde_json::json!({"action": "merge", "entity_id": "abc123"});
21//! let signed = SignedMessage::sign(&keypair, payload).unwrap();
22//!
23//! // Verify the message
24//! signed.verify(&identity).unwrap();
25//! ```
26//!
27//! ## Delegation
28//!
29//! ```rust
30//! use kanoniv_agent_auth::{AgentKeyPair, Delegation, Invocation, Caveat, verify_invocation};
31//!
32//! let root = AgentKeyPair::generate();
33//! let agent = AgentKeyPair::generate();
34//!
35//! // Root delegates to agent: resolve only, max cost $5
36//! let delegation = Delegation::create_root(
37//!     &root,
38//!     &agent.identity().did,
39//!     vec![
40//!         Caveat::ActionScope(vec!["resolve".into()]),
41//!         Caveat::MaxCost(5.0),
42//!     ],
43//! ).unwrap();
44//!
45//! // Agent invokes the delegated power
46//! let invocation = Invocation::create(
47//!     &agent,
48//!     "resolve",
49//!     serde_json::json!({"entity_id": "123", "cost": 2.0}),
50//!     delegation,
51//! ).unwrap();
52//!
53//! // Verify the full chain (no server calls)
54//! let result = verify_invocation(&invocation, &agent.identity(), &root.identity()).unwrap();
55//! assert_eq!(result.root_did, root.identity().did);
56//! ```
57
58pub mod delegation;
59pub mod error;
60pub mod identity;
61pub mod mcp;
62pub mod provenance;
63pub mod signing;
64
65pub use delegation::{
66    verify_delegation_chain, verify_delegation_chain_with_revocation, verify_invocation,
67    verify_invocation_with_revocation, Caveat, Delegation, Invocation, VerificationResult,
68    MAX_CHAIN_DEPTH,
69};
70pub use error::CryptoError;
71pub use identity::{AgentIdentity, AgentKeyPair, ServiceEndpoint};
72pub use mcp::{McpAuthMode, McpAuthOutcome, McpProof};
73pub use provenance::{ActionType, ProvenanceEntry};
74pub use signing::SignedMessage;