Skip to main content

mur_common/muragent/
mod.rs

1//! `.muragent` v2 portable agent package format.
2//!
3//! ## Module map
4//!
5//! - `manifest` — type definitions for `manifest.yaml`
6//! - `jcs_canonical` — manifest → `manifest.signed.json` (RFC 8785 JCS via `mur_common::jcs`)
7//! - `dsse` — DSSE envelope sign/verify
8//! - `statement` — in-toto v1 Statement with subject hashes
9//! - `writer` — build `.muragent` tar.gz
10//! - `reader` — extract and validate `.muragent` tar.gz
11//! - `validator` — 11-step validation pipeline
12//! - `executable_ban` — MCP command deny-list and permit-list
13
14pub mod dsse;
15pub mod executable_ban;
16pub mod installer;
17pub mod jcs_canonical;
18pub mod manifest;
19pub mod reader;
20pub mod statement;
21pub mod validator;
22pub mod writer;
23// pub mod statement; — Task 6
24// pub mod executable_ban; — Task 7
25// pub mod writer; — Task 8
26// pub mod reader; — Task 9
27// pub mod validator; — Task 9
28
29use thiserror::Error;
30
31#[derive(Error, Debug)]
32pub enum MuragentError {
33    #[error("schema version mismatch: expected 'mur-agent/2', got '{0}'")]
34    SchemaMismatch(String),
35
36    #[error("manifest YAML parse error: {0}")]
37    ManifestParse(String),
38
39    #[error("manifest.signed.json mismatch: re-derived canonical JSON does not match embedded")]
40    SignedJsonMismatch,
41
42    #[error("DSSE verification failed: {0}")]
43    DsseError(String),
44
45    #[error("subject hash mismatch for '{path}': expected {expected}, got {actual}")]
46    SubjectHashMismatch {
47        path: String,
48        expected: String,
49        actual: String,
50    },
51
52    #[error("missing subject in tarball: '{0}'")]
53    MissingSubject(String),
54
55    #[error("extra file in tarball not in statement subjects: '{0}'")]
56    ExtraFile(String),
57
58    #[error("executable content detected: {0}")]
59    ExecutableContent(String),
60
61    #[error("forbidden MCP command: {0}")]
62    ForbiddenMcpCommand(String),
63
64    #[error("signature invalid for keyid '{0}'")]
65    InvalidSignature(String),
66
67    #[error("trust refused: {0}")]
68    TrustRefused(String),
69
70    #[error("I/O error: {0}")]
71    Io(#[from] std::io::Error),
72
73    #[error("{0}")]
74    Other(String),
75}