mur-common 2.18.0

Shared types and traits for the MUR ecosystem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

//! `.muragent` v2 portable agent package format.
//!
//! ## Module map
//!
//! - `manifest` — type definitions for `manifest.yaml`
//! - `jcs_canonical` — manifest → `manifest.signed.json` (RFC 8785 JCS via `mur_common::jcs`)
//! - `dsse` — DSSE envelope sign/verify
//! - `statement` — in-toto v1 Statement with subject hashes
//! - `writer` — build `.muragent` tar.gz
//! - `reader` — extract and validate `.muragent` tar.gz
//! - `validator` — 11-step validation pipeline
//! - `executable_ban` — MCP command deny-list and permit-list

pub mod dsse;
pub mod executable_ban;
pub mod installer;
pub mod jcs_canonical;
pub mod manifest;
pub mod reader;
pub mod statement;
pub mod validator;
pub mod writer;
// pub mod statement; — Task 6
// pub mod executable_ban; — Task 7
// pub mod writer; — Task 8
// pub mod reader; — Task 9
// pub mod validator; — Task 9

use thiserror::Error;

#[derive(Error, Debug)]
pub enum MuragentError {
    #[error("schema version mismatch: expected 'mur-agent/2', got '{0}'")]
    SchemaMismatch(String),

    #[error("manifest YAML parse error: {0}")]
    ManifestParse(String),

    #[error("manifest.signed.json mismatch: re-derived canonical JSON does not match embedded")]
    SignedJsonMismatch,

    #[error("DSSE verification failed: {0}")]
    DsseError(String),

    #[error("subject hash mismatch for '{path}': expected {expected}, got {actual}")]
    SubjectHashMismatch {
        path: String,
        expected: String,
        actual: String,
    },

    #[error("missing subject in tarball: '{0}'")]
    MissingSubject(String),

    #[error("extra file in tarball not in statement subjects: '{0}'")]
    ExtraFile(String),

    #[error("executable content detected: {0}")]
    ExecutableContent(String),

    #[error("forbidden MCP command: {0}")]
    ForbiddenMcpCommand(String),

    #[error("signature invalid for keyid '{0}'")]
    InvalidSignature(String),

    #[error("trust refused: {0}")]
    TrustRefused(String),

    #[error("I/O error: {0}")]
    Io(#[from] std::io::Error),

    #[error("{0}")]
    Other(String),
}